Document/Open-source the entire deb.sury.org build and deploy process

[rfay]

Frequently asked questions

• I have read Frequenty Asked Questions

Is your feature request related to a problem? Please describe.

@oerdnj 's work on this project is awesome and appreciated. THANK YOU! Everybody should donate. I do.

However, this absolutely critical infrastructure resource is completely dependent on one person's effort and availability, and nobody else has any visibility into it or ability to help. So despite @oerdnj 's amazing expertise, its sustainability hangs by a thread.

Describe the solution you'd like

This would be a relatively long-term project, but :

1. Document the build and release process.
2. Open-source (preferably in this repo) the tools and scripts used.
3. Train at least one other person to support this project.

Describe alternatives you've considered

There hasn't been anything close to the usefulness of deb.sury.org packages in years. I don't know of alternatives without completely reinventing the wheel.

Related issue: #1092, which just requested specifics about how to build packages sury-style.

[oerdnj]

Everything is already open-source:

• https://salsa.debian.org/php-team for packaging
• http://salsa.debian.org/ondrej/packaging-tools.git for the little helper scripts
• https://github.com/pkg-php/jenkins-job-builder for the jenkins-job-builder templates

The rest is just experience and honestly, I don't have any motivation for neither writing documentation on top of the scripts nor training people on my free time.

[rfay]

I absolutely understand the "no free time" thing. But in the long term, you'll have more time if you figure out how to make this accessible to more people. And if you someday have to or want to have some help, it's essential.

[rfay]

Maybe you could start by just writing a short overview of your process and the tools you use? (as listed above).

[rfay]

I spent a bit of time today experimenting with building https://salsa.debian.org/php-team/php/-/tree/debian/main/8.2 on debian bullseye, and was able to do it, but it's absolutely not building or installing the same thing as your deb.sury.org packages. Are you using a configure script that I'm just not knowing where to find it?

[oerdnj]

No, not at all - dpkg-buildpackage --git-builder=debuild should produce the same set of packages. (Of course, it’s better to use sbuilder for clean chroots, but that would be a next step.)

[rfay]

Thanks for the coaching. I think it must be gbp buildpackage --git-builder=debuild right?

I must have a little ways to go though, missing your key or something, or maybe I have to turn off debsign?

N: 42 hints overridden (7 errors, 35 warnings); 13 unused overrides
Finished running lintian.
Now signing changes and any dsc files...
 signfile dsc php8.1_8.1.13-1.dsc Ondřej Surý <ondrej@debian.org>
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: skipped "Ondřej Surý <ondrej@debian.org>": No secret key
gpg: /tmp/debsign.QGE8Pdih/php8.1_8.1.13-1.dsc: clear-sign failed: No secret key
debsign: gpg error occurred!  Aborting....
debuild: fatal error at line 1112:
running debsign failed
gbp:error: 'debuild' failed: it exited with 29

Sidenote: Is there an easy way to build and then make install into the usual places, like /usr/bin/php8.2, /usr/sbin/php-fpm8.2, etc? I'm quite sure there's a complex ./configure that I can do... but this must already be done by something in some build process.

[oerdnj]

The packages should be built, you don’t need to sign them if you are not uploading them anywhere. But there’s argument to debuild that allows you to pick the signing key. Look into the manual pages. Also I would suggest to properly set DEBEMAIL and DEBFULLNAME environment variables. Again the man pages to debuild, dpkg-buildpackage and debsign should be your closest friends.