| 1 |
I've prepared a document that tries to consolidate the various bits of |
| 2 |
information regarding the stabilisation procedure into one document / |
| 3 |
policy. Please review. |
| 4 |
|
| 5 |
The live version currently lives at |
| 6 |
https://wiki.gentoo.org/wiki/User:Kensington/Stabilisation_procedure and |
| 7 |
I've included the raw text below for convenience. |
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
This article describes the procedure for moving an ebuild from testing |
| 13 |
to stable. |
| 14 |
|
| 15 |
== Responsibility == |
| 16 |
|
| 17 |
The primary purpose of the stabilisation process is to integrate a |
| 18 |
testing ebuild into the stable tree. This can involve maintaining the |
| 19 |
consistency of the dependency graph, basic compatibility checks with |
| 20 |
other packages, and smoke testing of the package itself. |
| 21 |
|
| 22 |
Stabilisation is not intended to relieve a package maintainer of their |
| 23 |
responsibility to ship a quality package - the primary responsibility of |
| 24 |
ensuring that a package is a good stable candidate remains with the |
| 25 |
person approving the stabilisation request. The stabilisation process |
| 26 |
does not include more than basic functionality checks unless explicitly |
| 27 |
requested. |
| 28 |
|
| 29 |
== Configuration == |
| 30 |
|
| 31 |
It is preferred that testing take place on a real system, inside a |
| 32 |
chroot, or within another type of non-virtualised container. |
| 33 |
Virtualisation may be acceptable in situations where it is not possible |
| 34 |
or practical to test on real hardware. |
| 35 |
|
| 36 |
The testing system must only have stable packages installed, with no |
| 37 |
testing packages keyworded or unmasked. It should be up-to-date, and it |
| 38 |
is recommended to have as few packages installed as possible. |
| 39 |
|
| 40 |
{{path|make.conf}} should have settings similar to the following: |
| 41 |
{{FileBox|filename=/etc/portage/make.conf|lang=bash|1= |
| 42 |
# CFLAGS should be reasonable |
| 43 |
CFLAGS="-march=native -O2 -pipe -frecord-gcc-switches" |
| 44 |
CXXFLAGS="${CFLAGS}" |
| 45 |
|
| 46 |
# Defining all four *FLAGS variables enables a portage QA check |
| 47 |
reporting when these variables are not respected |
| 48 |
FFLAGS="${CFLAGS}" |
| 49 |
FCFLAGS="${CFLAGS}" |
| 50 |
|
| 51 |
# Enables a portage QA check to report when LDFLAGS is not respected |
| 52 |
LDFLAGS="${LDFLAGS} -Wl,--hash-style=gnu" |
| 53 |
|
| 54 |
# collision-protect - prevent a package from overwriting files it does |
| 55 |
not own |
| 56 |
# ipc-sandbox - prevent host IPC access (requires Linux and namespace |
| 57 |
support in kernel) |
| 58 |
# network-sandbox - prevent network access during merge (requires Linux |
| 59 |
and network namespace support in kernel) |
| 60 |
# sandbox - ensure package does not write directly to live system |
| 61 |
# split-log - store logs created by PORTAGE_ELOG_SYSTEM="save" in |
| 62 |
category subdirectories |
| 63 |
# split-elog - store build logs in category subdirectories |
| 64 |
# strict - have portage react strongly to conditions that have the |
| 65 |
potential to be dangerous |
| 66 |
# test - run package tests, or alternatively test-fail-continue |
| 67 |
# userfetch - drop privileges during fetching |
| 68 |
# userpriv - drop privileges during merge |
| 69 |
# usersandbox - enable sandbox when userpriv is enabled |
| 70 |
FEATURES="collision-protect ipc-sandbox network-sandbox sandbox |
| 71 |
split-log split-elog strict test userfetch userpriv usersandbox" |
| 72 |
|
| 73 |
# Display selected types of messages again when emerge exits, and save |
| 74 |
them to disk |
| 75 |
PORTAGE_ELOG_CLASSES="log warn error qa" |
| 76 |
PORTAGE_ELOG_SYSTEM="echo save" |
| 77 |
}} |
| 78 |
|
| 79 |
== Testing == |
| 80 |
|
| 81 |
Each package in Gentoo is different and therefore requires a slightly |
| 82 |
different approach to stabilisation. Consider the following guidelines |
| 83 |
for each class of package, and use common sense when in doubt. |
| 84 |
|
| 85 |
=== General === |
| 86 |
|
| 87 |
==== USE flags ==== |
| 88 |
|
| 89 |
While it is preferable to test every USE flag combination, this is not |
| 90 |
always possible or appropriate. The package may have a large number of |
| 91 |
USE flags, a long compile time, or the stabilisation in question may |
| 92 |
just not call for it. |
| 93 |
|
| 94 |
In cases where all USE flags combinations are not being tested, it is |
| 95 |
still recommended to test: |
| 96 |
* with all USE flags enabled |
| 97 |
* with all USE flags disabled |
| 98 |
* the default USE flag settings |
| 99 |
|
| 100 |
==== Runtime testing ==== |
| 101 |
|
| 102 |
Consider the level of runtime testing that is required for the target |
| 103 |
package. Remember, the focus of stabilisation is to integrate a testing |
| 104 |
ebuild into the stable tree and not to identify routine bugs or |
| 105 |
regressions - that is the purpose of the package's waiting time in ~arch. |
| 106 |
|
| 107 |
The level of runtime testing required will vary wildly based on a |
| 108 |
variety of factors. Consider the following examples: |
| 109 |
|
| 110 |
* Multiple days of "normal use" testing may be appropriate for a new |
| 111 |
version of {{package|sys-libs/glibc}} |
| 112 |
* Basic functionality testing, such as browsing some web pages, may make |
| 113 |
sense for a new version of {{package|www-client/firefox}} |
| 114 |
* Passing tests might be enough for {{package|dev-python/yenc}} |
| 115 |
* A leaf package such as {{package|kde-apps/kcalc}} may not require any |
| 116 |
runtime testing at all |
| 117 |
|
| 118 |
=== Libraries === |
| 119 |
|
| 120 |
A new library version may introduce incompatibles with reverse |
| 121 |
dependencies. Where there's a risk of such breakage, each stable reverse |
| 122 |
dependency must be rebuilt. Beware of reverse dependencies that only use |
| 123 |
the library conditionally (eg. <code>USE="png"</code>). |
| 124 |
|
| 125 |
=== Kernel === |
| 126 |
|
| 127 |
Kernel packages referenced in the handbook have certain exemptions from |
| 128 |
the usual stabilisation policy, so stabilisation requests are normally |
| 129 |
only filed for the first version in a long term stable branch |
| 130 |
(subsequent versions can be stabilised at the discretion of the maintainer). |
| 131 |
|
| 132 |
First, test all available kernel options: |
| 133 |
|
| 134 |
{{Cmd|cd /usr/src/example-sources-1.2.3 |
| 135 |
|make allyesconfig |
| 136 |
|make # add '-j' as appropriate for your hardware}} |
| 137 |
|
| 138 |
If that succeeds, build with your normal configuration: |
| 139 |
|
| 140 |
{{Cmd|make distclean |
| 141 |
|make menuconfig |
| 142 |
|make |
| 143 |
|make modules_install # if you use modules}} |
| 144 |
|
| 145 |
After reboot, check <code>dmesg</code> for anything strange and use the |
| 146 |
system as normal, trying to get a bit of uptime. |
| 147 |
|
| 148 |
If stabilising a special feature variant such as |
| 149 |
{{package|sys-kernel/hardened-sources}}, try to test those features. |
| 150 |
|
| 151 |
=== Toolchain === |
| 152 |
|
| 153 |
New versions of toolchain packages can often introduce major changes and |
| 154 |
widespread breakage into the tree. The purpose of a stabilisation |
| 155 |
request for a toolchain package is to test the package itself on each |
| 156 |
architecture - not to detect build failures in miscellaneous packages. |
| 157 |
It is expected that such failures are managed and resolved by the |
| 158 |
maintainer (normally through tracker bugs and tinderboxing) prior to |
| 159 |
filing a stabilisation request. |
| 160 |
|
| 161 |
Once the normal testing is successful, rebuild <code>@system</code> (or |
| 162 |
<code>@world</code> if the hardware permits) and once successful, |
| 163 |
observe the system in normal operation for abnormalities. |
| 164 |
|
| 165 |
== QA violations == |
| 166 |
|
| 167 |
Most of these violations will be detected automatically using the |
| 168 |
testing tool, but are also described here for completeness. |
| 169 |
|
| 170 |
* Does not respect CC |
| 171 |
* Does not respect CFLAGS |
| 172 |
* Does not respect LDFLAGS |
| 173 |
* Bundled symbols |
| 174 |
* Insecure symbols |
| 175 |
* Installs documentation outside of /usr/share/doc/${PF} |
| 176 |
* ELF files found in /usr/share |
| 177 |
* ... |
| 178 |
* ... |
| 179 |
|
| 180 |
== Architecture-specific notes == |
| 181 |
|
| 182 |
A number of items described in earlier sections, such as checking of |
| 183 |
reverse dependencies and miscellaneous QA checks, are |
| 184 |
architecture-neutral. At a stabilisation level, the primary |
| 185 |
responsibility for carrying out these checks rests on the first |
| 186 |
architecture to stabilise an ebuild. Subsequent architectures may assume |
| 187 |
that these checks have been completed and skip them if they wish. |
| 188 |
|
| 189 |
=== amd64 === |
| 190 |
* Any developer may perform {{keyword|amd64}} stabilisations - it is not |
| 191 |
necessary to be on the arch team |
| 192 |
* <code>multilib-strict</code> must be added to <code>FEATURES</code> |
| 193 |
|
| 194 |
=== arm === |
| 195 |
The [[Project:ARM|ARM project]] supports four {{keyword|arm}} variants - |
| 196 |
armv4, armv5, armv6, and armv7. In addition to regular testing, the |
| 197 |
package must be build tested on each variant. If access to each physical |
| 198 |
variant is not possible, <code>CFLAGS="-march=$arch"</code> is acceptable. |
| 199 |
|
| 200 |
=== x86 === |
| 201 |
* Any developer may perform {{keyword|x86}} stabilisations - it is not |
| 202 |
necessary to be on the arch team |
| 203 |
* It is acceptable to stabilise in an {{keyword|x86}} |
| 204 |
[[Project:AMD64/32-bit Chroot Guide|chroot]] on {{keyword|amd64}} |
| 205 |
* It is generally acceptable to stabilise a package with only a build |
| 206 |
test on {{keyword|x86}} if it is already stable on {{keyword|amd64}} |
| 207 |
|
| 208 |
== Acknowledgements == |
| 209 |
Most of this guide was shameless stolen from many sources, including but |
| 210 |
not limited to: |
| 211 |
* Agostino Sarubbo |
| 212 |
* Various arch teams |
Archives