Setting up a compile vserver

From Alpine Linux
Jump to: navigation, search

This document describes how to set up a new vserver for compilation of the official packages, with a buildozer sudo account for autobuilding a git branch.

There is a different page on Setting up a compile vserver for third party packages.

We will do the following:

  • install the vserver guest
  • install and configure openssh for remote access
  • install the alpine-sdk
  • create a buildozer user and give it sudo access
  • copy the needed files from old buildozer
  • set up autobuilding from git commit hooks


  • A vserver host
  • An IP address
  • The private and public key for signing the packages
  • An Alpine 1.9 vserver template

In this document we will use the following:

Tip: The hostname you use below needs to match the irc nick that you use for sircbot below.
  • Hostname: build-edge
  • IP address:
  • Context: 10012 (The vserver context can be anything, but it must be unique for the vserver host)

Creating the vserver guest

Tip: If using a newer version of Alpine Linux the setup-vs-guest script is available to perform the following section.

Create the guest from the template. Here the template was named template.tar.gz.

sudo vserver build-edge build --hostname build-edge \ --context 10012 --interface eth0: \ -m template -- -t template.tar.gz -d alpine

Configure the DNS resolving.

sudo cp /etc/resolv.conf /vservers/build-edge/etc/

You might want share the /var/cache/distfiles with other vserver hosts. To do so change the /etc/vservers/buildozer/fstab: (whie there set up the /tmp size to 512 MB)

none	/proc		proc	defaults		0 0
none	/tmp		tmpfs	size=64m,mode=1777	0 0
none	/dev/pts	devpts	gid=5,mode=620		0 0
none    /run            tmpfs   size=1m,mode=0755       0 0
/vservers/.shared/distfiles /var/cache/distfiles none bind 0 0

Disable the single_ip feature (it breaks some perl module tests):

echo "~single_ip" >> /etc/vservers/build-edge/nflags

Start the vserver. If your vserver host is 64 bit you need the linux32 prefix.

sudo linux32 vserver build-edge start

Set up SSH for remote logins

Enter the guest (I could not enter on my arch linux host for some reason. I installed ssh from chroot, restarted the vserver guest with sshd, logged in via ssh and continued from there)

sudo linux32 vserver build-edge enter

Set up the repositories so we can install packages

echo > /etc/apk/repositories

Install OpenSSH and the alpine-sdk

apk add -U openssh alpine-sdk

Set ListenAddress to the IP address of the guest

sed -i -e 's/\#ListenAddress' /etc/ssh/sshd_config

Also disable DNS incase you need to log in from a network without reverse DNS.

sed -i -e 's/\#UseDNS.*/UseDNS no/' /etc/ssh/sshd_config

Make sshd start at boot

rc-update add sshd

Exit the vserver and copy the authorized_keys file so you can log in with ssh.


cp -a /vservers/buildozer/root/.ssh/ /vservers/build-edge/root/

Restart the vserver guest and log in

sudo vserver build-edge restart && ssh root@

Create user account with sudo access

Create user buildozer

adduser buildozer

Add the user to the groups wheel and abuild.

addgroup buildozer wheel addgroup buildozer abuild

Enable sudo without password for everyone in wheel group.


Uncomment line for %wheel, save and exit.

# Same thing without a password                                         
%wheel  ALL=(ALL) NOPASSWD: ALL        

Copy the ssh keys and update the permissions

mkdir /home/buildozer/.ssh && cp -a /root/.ssh /home/buildozer/

chown -R buildozer:buildozer /home/buildozer/.ssh

Now you should be able to log out and log in as buildozer


Copy files from old buildozer

We need the following from the old build server to do auto-building.

  • abuild signing keys
  • previously build packages (saves you from rebuilding alot)
  • misc scripts to do the autobuilding

Make sure you are logged out from you vserver guest and copy the needed files. In this case we just create hardlinks to save some time and space.

cp -al /vservers/buildozer/home/buildozer/packages /vservers/build-edge/home/buildozer

cp -a /vserver/buildozer/home/buildozer/.abuild /vservers/build-edge/home/buildozer/

(if you dont have any previous buildozer you might want to log in as buildozer and run abuild-keygen -i -a to generate signing keys)

Sometimes you may wish to perform an archive-wide rebuild, such as when creating a new buildozer for a previously unreleased branch. In that case, instead of performing the above copy, do:

  • Either copy /home/buildozer/.abuild from an existing buildozer (to key signing keys) or create a new one using abuild-keys -i -a
  • mkdir /home/packages/main
  • mkdir -p /home/packages/main/x86_64
  • mkdir -p /home/packages/testing/x86_64

Log in as buildozer and make sure that the ownership is correct for those files.

ssh buildozer@

sudo chown buildozer:buildozer packages .abuild

Set up the auto building

The idea with the autobuilding is that we have a git hook on the public git server that posts a message on IRC. the build server has a user logged on the IRC channel, pick up the commit messages and runs a rebuild of the repositories. We use sircbot for this.

Install sircbot on the build server

sudo apk add sircbot

Edit the /etc/conf.d/sircbot:

sircbot_opts="-n build-edge"
Note: The update repos scripts are available via git.

We also need a hook that picks up the notifications for rebuilds. This is /etc/sircbot.d/#alpine-devel/update-repos that we get from git:

cd ~

git clone git://

cd autobuilder && make && sudo make install

This should create the following scripts (if they aren't present, copy from /home/buildozer/autobuilder/):


Feel free to customize the logurl variable in the update-repos script (line 15) to point to your buildbox. This is the link that sircbot will send on build failure.

Create an /etc/autobuilder.conf with the correct git_branch and upload release dir:


Fix permissions on some dirs:

sudo chown buildozer:buildozer /var/run/autobuilder /var/run/sircbot

Setting up abuild

In /etc/abuild.conf set:

PACKAGER="Buildozer <>"

Also double-check that CARCH is set correctly for your build-server.

Then it should just be to log on to the build-edge clone the repo and start building

git clone git:// git clone git://

Note: You need manually create a alpine-iso/previous file to tag releases.

echo "2.5.0" > alpine-iso/previous

Setting periodic cleanup

It might be an idea to delete the src and pkg subdirs used when building after a week. Create /etc/periodic/daily/clean-aports with the following contents:


find $aports -maxdepth 3 -type d \( -name src -o -name pkg \) -mtime +7 \
  | xargs rm -r

Make it executable

chmod +x /etc/periodic/daily/clean-aports

Make sure cron runs.

rc-update add cron