1 |
I've prepared a document that tries to consolidate the various bits of |
2 |
information regarding the stabilisation procedure into one document / |
3 |
policy. Please review. |
4 |
|
5 |
The live version currently lives at |
6 |
https://wiki.gentoo.org/wiki/User:Kensington/Stabilisation_procedure and |
7 |
I've included the raw text below for convenience. |
8 |
|
9 |
|
10 |
|
11 |
|
12 |
This article describes the procedure for moving an ebuild from testing |
13 |
to stable. |
14 |
|
15 |
== Responsibility == |
16 |
|
17 |
The primary purpose of the stabilisation process is to integrate a |
18 |
testing ebuild into the stable tree. This can involve maintaining the |
19 |
consistency of the dependency graph, basic compatibility checks with |
20 |
other packages, and smoke testing of the package itself. |
21 |
|
22 |
Stabilisation is not intended to relieve a package maintainer of their |
23 |
responsibility to ship a quality package - the primary responsibility of |
24 |
ensuring that a package is a good stable candidate remains with the |
25 |
person approving the stabilisation request. The stabilisation process |
26 |
does not include more than basic functionality checks unless explicitly |
27 |
requested. |
28 |
|
29 |
== Configuration == |
30 |
|
31 |
It is preferred that testing take place on a real system, inside a |
32 |
chroot, or within another type of non-virtualised container. |
33 |
Virtualisation may be acceptable in situations where it is not possible |
34 |
or practical to test on real hardware. |
35 |
|
36 |
The testing system must only have stable packages installed, with no |
37 |
testing packages keyworded or unmasked. It should be up-to-date, and it |
38 |
is recommended to have as few packages installed as possible. |
39 |
|
40 |
{{path|make.conf}} should have settings similar to the following: |
41 |
{{FileBox|filename=/etc/portage/make.conf|lang=bash|1= |
42 |
# CFLAGS should be reasonable |
43 |
CFLAGS="-march=native -O2 -pipe -frecord-gcc-switches" |
44 |
CXXFLAGS="${CFLAGS}" |
45 |
|
46 |
# Defining all four *FLAGS variables enables a portage QA check |
47 |
reporting when these variables are not respected |
48 |
FFLAGS="${CFLAGS}" |
49 |
FCFLAGS="${CFLAGS}" |
50 |
|
51 |
# Enables a portage QA check to report when LDFLAGS is not respected |
52 |
LDFLAGS="${LDFLAGS} -Wl,--hash-style=gnu" |
53 |
|
54 |
# collision-protect - prevent a package from overwriting files it does |
55 |
not own |
56 |
# ipc-sandbox - prevent host IPC access (requires Linux and namespace |
57 |
support in kernel) |
58 |
# network-sandbox - prevent network access during merge (requires Linux |
59 |
and network namespace support in kernel) |
60 |
# sandbox - ensure package does not write directly to live system |
61 |
# split-log - store logs created by PORTAGE_ELOG_SYSTEM="save" in |
62 |
category subdirectories |
63 |
# split-elog - store build logs in category subdirectories |
64 |
# strict - have portage react strongly to conditions that have the |
65 |
potential to be dangerous |
66 |
# test - run package tests, or alternatively test-fail-continue |
67 |
# userfetch - drop privileges during fetching |
68 |
# userpriv - drop privileges during merge |
69 |
# usersandbox - enable sandbox when userpriv is enabled |
70 |
FEATURES="collision-protect ipc-sandbox network-sandbox sandbox |
71 |
split-log split-elog strict test userfetch userpriv usersandbox" |
72 |
|
73 |
# Display selected types of messages again when emerge exits, and save |
74 |
them to disk |
75 |
PORTAGE_ELOG_CLASSES="log warn error qa" |
76 |
PORTAGE_ELOG_SYSTEM="echo save" |
77 |
}} |
78 |
|
79 |
== Testing == |
80 |
|
81 |
Each package in Gentoo is different and therefore requires a slightly |
82 |
different approach to stabilisation. Consider the following guidelines |
83 |
for each class of package, and use common sense when in doubt. |
84 |
|
85 |
=== General === |
86 |
|
87 |
==== USE flags ==== |
88 |
|
89 |
While it is preferable to test every USE flag combination, this is not |
90 |
always possible or appropriate. The package may have a large number of |
91 |
USE flags, a long compile time, or the stabilisation in question may |
92 |
just not call for it. |
93 |
|
94 |
In cases where all USE flags combinations are not being tested, it is |
95 |
still recommended to test: |
96 |
* with all USE flags enabled |
97 |
* with all USE flags disabled |
98 |
* the default USE flag settings |
99 |
|
100 |
==== Runtime testing ==== |
101 |
|
102 |
Consider the level of runtime testing that is required for the target |
103 |
package. Remember, the focus of stabilisation is to integrate a testing |
104 |
ebuild into the stable tree and not to identify routine bugs or |
105 |
regressions - that is the purpose of the package's waiting time in ~arch. |
106 |
|
107 |
The level of runtime testing required will vary wildly based on a |
108 |
variety of factors. Consider the following examples: |
109 |
|
110 |
* Multiple days of "normal use" testing may be appropriate for a new |
111 |
version of {{package|sys-libs/glibc}} |
112 |
* Basic functionality testing, such as browsing some web pages, may make |
113 |
sense for a new version of {{package|www-client/firefox}} |
114 |
* Passing tests might be enough for {{package|dev-python/yenc}} |
115 |
* A leaf package such as {{package|kde-apps/kcalc}} may not require any |
116 |
runtime testing at all |
117 |
|
118 |
=== Libraries === |
119 |
|
120 |
A new library version may introduce incompatibles with reverse |
121 |
dependencies. Where there's a risk of such breakage, each stable reverse |
122 |
dependency must be rebuilt. Beware of reverse dependencies that only use |
123 |
the library conditionally (eg. <code>USE="png"</code>). |
124 |
|
125 |
=== Kernel === |
126 |
|
127 |
Kernel packages referenced in the handbook have certain exemptions from |
128 |
the usual stabilisation policy, so stabilisation requests are normally |
129 |
only filed for the first version in a long term stable branch |
130 |
(subsequent versions can be stabilised at the discretion of the maintainer). |
131 |
|
132 |
First, test all available kernel options: |
133 |
|
134 |
{{Cmd|cd /usr/src/example-sources-1.2.3 |
135 |
|make allyesconfig |
136 |
|make # add '-j' as appropriate for your hardware}} |
137 |
|
138 |
If that succeeds, build with your normal configuration: |
139 |
|
140 |
{{Cmd|make distclean |
141 |
|make menuconfig |
142 |
|make |
143 |
|make modules_install # if you use modules}} |
144 |
|
145 |
After reboot, check <code>dmesg</code> for anything strange and use the |
146 |
system as normal, trying to get a bit of uptime. |
147 |
|
148 |
If stabilising a special feature variant such as |
149 |
{{package|sys-kernel/hardened-sources}}, try to test those features. |
150 |
|
151 |
=== Toolchain === |
152 |
|
153 |
New versions of toolchain packages can often introduce major changes and |
154 |
widespread breakage into the tree. The purpose of a stabilisation |
155 |
request for a toolchain package is to test the package itself on each |
156 |
architecture - not to detect build failures in miscellaneous packages. |
157 |
It is expected that such failures are managed and resolved by the |
158 |
maintainer (normally through tracker bugs and tinderboxing) prior to |
159 |
filing a stabilisation request. |
160 |
|
161 |
Once the normal testing is successful, rebuild <code>@system</code> (or |
162 |
<code>@world</code> if the hardware permits) and once successful, |
163 |
observe the system in normal operation for abnormalities. |
164 |
|
165 |
== QA violations == |
166 |
|
167 |
Most of these violations will be detected automatically using the |
168 |
testing tool, but are also described here for completeness. |
169 |
|
170 |
* Does not respect CC |
171 |
* Does not respect CFLAGS |
172 |
* Does not respect LDFLAGS |
173 |
* Bundled symbols |
174 |
* Insecure symbols |
175 |
* Installs documentation outside of /usr/share/doc/${PF} |
176 |
* ELF files found in /usr/share |
177 |
* ... |
178 |
* ... |
179 |
|
180 |
== Architecture-specific notes == |
181 |
|
182 |
A number of items described in earlier sections, such as checking of |
183 |
reverse dependencies and miscellaneous QA checks, are |
184 |
architecture-neutral. At a stabilisation level, the primary |
185 |
responsibility for carrying out these checks rests on the first |
186 |
architecture to stabilise an ebuild. Subsequent architectures may assume |
187 |
that these checks have been completed and skip them if they wish. |
188 |
|
189 |
=== amd64 === |
190 |
* Any developer may perform {{keyword|amd64}} stabilisations - it is not |
191 |
necessary to be on the arch team |
192 |
* <code>multilib-strict</code> must be added to <code>FEATURES</code> |
193 |
|
194 |
=== arm === |
195 |
The [[Project:ARM|ARM project]] supports four {{keyword|arm}} variants - |
196 |
armv4, armv5, armv6, and armv7. In addition to regular testing, the |
197 |
package must be build tested on each variant. If access to each physical |
198 |
variant is not possible, <code>CFLAGS="-march=$arch"</code> is acceptable. |
199 |
|
200 |
=== x86 === |
201 |
* Any developer may perform {{keyword|x86}} stabilisations - it is not |
202 |
necessary to be on the arch team |
203 |
* It is acceptable to stabilise in an {{keyword|x86}} |
204 |
[[Project:AMD64/32-bit Chroot Guide|chroot]] on {{keyword|amd64}} |
205 |
* It is generally acceptable to stabilise a package with only a build |
206 |
test on {{keyword|x86}} if it is already stable on {{keyword|amd64}} |
207 |
|
208 |
== Acknowledgements == |
209 |
Most of this guide was shameless stolen from many sources, including but |
210 |
not limited to: |
211 |
* Agostino Sarubbo |
212 |
* Various arch teams |