为了后面修复一些debci的bug,故把maintainer的一些嘱咐放在这里。后面再来反复看。
---
17:16 < vimer> I know what it's like. Because I also want to know which packages can trigger system's crash.:)
17:19 < vimer> how to implement the code for monitoring purposes? I mean, I can try it but I maybe need some help
17:21 -KGB-2:#debci- autopkgtest pipeline Simon McVittie 555974 * [26 minutes and 48 seconds] failed (quicktests: success; tests-sid:
failed; tests-stable: success; test-docker: success; test-lxc: success; test-podman: success; test-schroot: success;
test-unshare: success)
17:21 < elbrus> vimer: to be honest, I don't know exactly; we use munin and the main node in our infrastructure connects to the workers to
retrieve the data (if I'm correct). The munin code on the main node would need to know how to connect via the proxy somehow
17:22 < elbrus> terceiro: your new test for the global timeout seems flaky; it has failed already three times since you merged the code
17:22 < vimer> elbrus: fair enough. thanks.
17:22 < elbrus> you know where our deploy code lives, right?
17:23 < elbrus> salsa.debian.org/ci-team/debian-ci-config/
17:23 < elbrus> https://salsa.debian.org/ci-team/debian-ci-config/
17:23 < elbrus> I *think* all munin stuff is here: https://salsa.debian.org/ci-team/debian-ci-config/-/tree/master/cookbooks/munin
17:25 < elbrus> *Probably* this needs more intellegence:
https://salsa.debian.org/ci-team/debian-ci-config/-/blob/master/cookbooks/munin/templates/hosts.conf.erb
17:25 < elbrus> to be fair, we currently also can't monitor armhf and armel
17:25 < elbrus> because they are on IP6 and our main node only has IP4
17:26 < elbrus> also there we could proxy, because they are VM's on an host that has IP4
17:29 < vimer> ok, I'll take a closer look at the code you gave me. thanks again
---
需要构建2个repo: 1个amd64 (包含fakeroot), 3个all amd64: 思路: 首先是创建amd64的repo, then创建快照,最后合并快照。
repo amd64:
# 1
aptly repo create -architectures amd64 -comment 'for riscv32 sbuild-creatchroot' -component main -distribution sid amd64-tmp
Local repo [amd64-tmp]: for riscv32 sbuild-creatchroot successfully added. You can run ‘aptly repo add amd64-tmp …’ to add packages to repository.
# 2
aptly repo add amd64-tmp tmp/fakeroot_1.31-1.2_amd64.deb
# 3. 从 repo 创建一个snapshot:
aptly snapshot create yubos-reboostrap-0605-amd64 from repo amd64-tmp
Snapshot yubos-reboostrap-0605-amd64 successfully created.
## You can run 'aptly publish snapshot yubos-reboostrap-0605-amd64' to publish snapshot as Debian repository.
# 4.
aptly snapshot merge yubos-reboostrap-new-20230606 yubos-reboostrap-new-20230605 yubos-reboostrap-0605-amd64
## 必须新建一个 snapshot
# 5.
aptly publish snapshot -distribution="sid" yubos-reboostrap-new-20230606 yubos-reboostrap/20230606
// yubos-reboostrap-new-20230606 必须是已经存在snapshot, 也就是上一步命令中执行的。
## all snapshot
## aptly publish snapshot --architectures="all" -distribution="sid" yubos-base-all yubos-reboostrap/base-all //
# 6.
ln -s /home/a/.aptly/public/yubos-reboostrap/20230606/ /srv/ftp.debian.org/root/yubos-rebootstrap-test
1. aptly repo create -architectures all -comment 'all for riscv32 sbuild-creatchroot' -component main -distribution sid all-tmp
```
Local repo [all-tmp]: all for riscv32 sbuild-creatchroot successfully added.
You can run 'aptly repo add all-tmp ...' to add packages to repository.
```
2. add all packages to all-tmp
3. aptly snapshot create yubos-base-all from repo all-tmp
4. aptly snapshot merge yubos-reboostrap-rv32-all-0608 yubos-reboostrap-new-20230605 yubos-base-all
5. aptly publish snapshot -distribution="sid" yubos-reboostrap-rv32-all-0608 yubos-reboostrap/20230608
6. ln -s /home/a/.aptly/public/yubos-reboostrap/20230608/ /srv/ftp.debian.org/root/yubos-rebootstrap-test
下面是当时的一些印迹,故放在这里以防万一哪天会用到的:
1.
sudo sbuild-createchroot --debootstrap=mmdebstrap --arch=riscv32 \
--include=debian-ports-archive-keyring,ca-certificates,apt \
--make-sbuild-tarball=/srv/sid-riscv32-sbuild.tgz \
sid /tmp/chroots/sid-riscv32-sbuild/ \
http://vimer.f3322.net:63017/yubos-rebootstrap-repo/
// 可以更换 yubos-repo
2.
sudo sbuild-shell sid-riscv32-sbuild
echo "deb [trusted=yes] http://vimer.f3322.net:63017/yubos-rebootstrap-repo/ sid main" >
/etc/apt/sources.list
echo "deb [trusted=yes] http://vimer.f3322.net:63017/yubos-base-all/ sid main" >
/etc/apt/sources.list
// 首先创建 amd64
sudo sbuild-createchroot --debootstrap=mmdebstrap --arch=amd64 \
--include=debian-ports-archive-keyring,ca-certificates \
--make-sbuild-tarball=/srv/sid-amd64-sbuild.tgz \
sid /tmp/chroots/sid-amd64-sbuild/ \
https://mirror.iscas.ac.cn/debian/
//更换 rootfs
sudo mmdebstrap --arch=amd64 --variant=buildd \
--include=fakeroot,build-essential,ca-certificates,apt-transport-https,eatmydata \
sid sid-amd64-yubos-sbuild.tar.xz \
"deb [trusted=yes] http://home.revy.cn:36013/yubos-base/ sid main " \
"deb [trusted=yes] http://vimer.f3322.net:63017/yubos-base-all/ sid main"
//
sudo mv sid-amd64-yubos-sbuild.tar.xz /srv
//
backup:
```bash
# aptly issue:
a@debian:~$ aptly snapshot drop yubos-reboostrap-new-20230606
Snapshot `yubos-reboostrap-new-20230606` is published currently:
* ./sid [amd64, riscv32] publishes {main: [yubos-reboostrap-new-20230606]: Merged from sources: 'yubos-reboostrap-new-20230605', 'yubos-reboostrap-0605-amd64'}
ERROR: unable to drop: snapshot is published
这种情况只能删除 `sid`
a@debian:~$ aptly publish drop sid
Removing /home/a/.aptly/public/dists...
Removing /home/a/.aptly/public/pool...
如果这样的话,可以这样删除:
a@debian:~$ aptly publish list Published repositories:
Published repository has been removed successfully.
aptly 的使用
https://www.cnblogs.com/cookie1026/p/17039327.html
...
sudo sbuild-createchroot --debootstrap=mmdebstrap --arch=riscv32 --include=debian-ports-archive-keyring,ca-certificates,apt --make-sbuild-tarball=/srv/sid-riscv32-sbuild.tgz sid /tmp/chroots/sid-riscv32-sbuild/ http://vimer.f3322.net:63017/yubos-rebootstrap-exp
mkdir /tmp/chroots/sid-riscv32-sbuild/
...
a@debian:~$ aptly publish drop sid yubos-reboostrap/20230614
Removing /home/a/.aptly/public/yubos-reboostrap/20230614/dists...
Removing /home/a/.aptly/public/yubos-reboostrap/20230614/pool...
Published repository has been removed successfully.
a@debian:~$ aptly snapshot list
List of snapshots:
* [yubo-base-part-all-exp]: Snapshot from local repo [all-tmp]: all for riscv32 sbuild-creatchroot
* [yubos-base-all]: Snapshot from local repo [all-tmp]: all for riscv32 sbuild-creatchroot
* [yubos-base-full-all]: Snapshot from mirror [debian-all]: https://mirror.iscas.ac.cn/debian/ sid
* [yubos-reboostrap-0608-amd64]: Snapshot from local repo [amd64-tmp]: amd64 for riscv32 sbuild-creatchroot
* [yubos-reboostrap-20230604]: Snapshot from mirror [yubos-reboostrap]: http://127.0.0.1:8000/ rebootstrap
* [yubos-reboostrap-exp-20230614]: Merged from sources: 'yubo-base-part-all-exp', 'yubos-reboostrap-rv32-0614-exp'
* [yubos-reboostrap-new-20230605]: Snapshot from local repo [yubos-rebootstrap]
* [yubos-reboostrap-rv32-0614-exp]: Snapshot from local repo [yubos-rebootstrap]
* [yubos-reboostrap-rv32-all-0608]: Merged from sources: 'yubos-reboostrap-new-20230605', 'yubos-base-all'
* [yubos-rebootstrap-rv32-all-amd64]: Merged from sources: 'yubos-reboostrap-rv32-all-0608', 'yubos-reboostrap-0608-amd64'
To get more information about snapshot, run `aptly snapshot show <name>`.
a@debian:~$ aptly snapshot drop yubos-reboostrap-exp-20230614
Snapshot `yubos-reboostrap-exp-20230614` has been dropped.
a@debian:~$ aptly snapshot drop yubos-reboostrap-rv32-0614-exp
Snapshot `yubos-reboostrap-rv32-0614-exp` has been dropped.
aptly 的一些常见操作:
a@debian:~/packages/sail$ aptly repo list
List of local repos:
* [all-tmp]: all for riscv32 sbuild-creatchroot (packages: 16)
* [amd64-tmp]: amd64 for riscv32 sbuild-creatchroot (packages: 2)
* [riscv64-tmp-all]: for Debian sid ROS2 on riscv64 all packages (packages: 87)
* [riscv64-tmp]: for Debian sid ROS2 on riscv64 (packages: 1022)
* [sail-tmp]: sail for debian (packages: 36)
* [yubos-rebootstrap] (packages: 618)
a@debian:~/packages/sail$ aptly repo show sail-tmp
Name: sail-tmp
Comment: sail for debian
Default Distribution: sid
Default Component: main
Number of packages: 36
删除 package
a@debian:~/packages/sail$ aptly repo remove sail-tmp libsail-ocaml-dev
Loading packages...
[-] libsail-ocaml-dev_0.17.1-1_amd64 removed
添加 package
aptly repo add sail-tmp package-name
aptly是基于 snapshot 发布东西的:
a@debian:~/packages/sail$ aptly snapshot create sail-for-debian-amd64-0228 from repo sail-tmp
Snapshot sail-for-debian-amd64-0228 successfully created.
You can run 'aptly publish snapshot sail-for-debian-amd64-0228' to publish snapshot as Debian repository.
思路就是基于 repo 进行 package的更新, 通过snapshot进行发布。然后我们看一下 已 public 的snapshot有哪些:
发布 repo
a@debian:~/packages/sail$ aptly publish snapshot -distribution="sid" sail-for-debian-amd64-0303 sail-for-debian/20240303
Loading packages...
Generating metadata files and linking package files...
Finalizing metadata files...
Signing file 'Release' with gpg, please enter your passphrase when prompted:
Clearsigning file 'Release' with gpg, please enter your passphrase when prompted:
Snapshot sail-for-debian-amd64-0303 has been successfully published.
Please setup your webserver to serve directory '/home/a/.aptly/public' with autoindexing.
Now you can add following line to apt sources:
deb http://your-server/sail-for-debian/20240303/ sid main
Don't forget to add your GPG key to apt with apt-key.
You can also use `aptly serve` to publish your repositories over HTTP quickly.
a@debian:~/packages/sail$ aptly publish list
Published repositories:
* revyos-11-06/11-06/sid [riscv64] publishes {main: [revyos-ros2]: Merged from sources: 'revyos-ros2-11-6', 'revyos-ros2-11-6-all'}
* sail-for-debian/20240227/sid [amd64] publishes {main: [sail-for-debian-amd64-0227]: Snapshot from local repo [sail-tmp]: sail for debian}
* yubos-reboostrap/20230604/sid [amd64, riscv32] publishes {main: [yubos-reboostrap-20230604]: Snapshot from mirror [yubos-reboostrap]: http://127.0.0.1:8000/ rebootstrap}
* yubos-reboostrap/20230605/sid [amd64, riscv32] publishes {main: [yubos-reboostrap-new-20230605]: Snapshot from local repo [yubos-rebootstrap]}
* yubos-reboostrap/20230608/sid [amd64, riscv32] publishes {main: [yubos-reboostrap-rv32-all-0608]: Merged from sources: 'yubos-reboostrap-new-20230605', 'yubos-base-all'}
* yubos-reboostrap/2023060801/sid [amd64, riscv32] publishes {main: [yubos-rebootstrap-rv32-all-amd64]: Merged from sources: 'yubos-reboostrap-rv32-all-0608', 'yubos-reboostrap-0608-amd64'}
* yubos-reboostrap/20230617/sid [amd64, riscv32] publishes {main: [yubos-reboostrap-exp-20230617]: Merged from sources: 'yubo-base-part-all-exp', 'yubos-reboostrap-rv32-0617-exp'}
* yubos-reboostrap/base-full-all/sid (origin: Debian) [all] publishes {main: [yubos-base-full-all]: Snapshot from mirror [debian-all]: https://mirror.iscas.ac.cn/debian/ sid}
然后把 publish的 ln
到 server
【转载来自文末】
sudo systemctl status fail2ban
创建两个默认的配置文件/etc/fail2ban/jail.d/defaults-debian.conf和/etc/fail2ban/jail.conf
我们不建议直接修改这些文件,因为更新Fail2ban时它们可能会被覆盖。
Fail2ban将按以下顺序读取配置文件。每个.local文件都会覆盖.conf文件中的设置。 /etc/fail2ban/jail.conf,/etc/fail2ban/jail.d/.conf 。/etc/fail2ban/jail.local,/etc/fail2ban/jail.d/.local
配置Fail2ban的最简单方法是将复制jail.conf为jail.local,然后修改.local文件。你也可以从头开始构建.local配置文件。
bantime,findtime和maxretry选项的值定义了禁止时间和禁止条件。bantime是禁止持续的时间。findtime是设置失败次数之间的持续时间。
https://www.myfreax.com/install-configure-fail2ban-on-debian-10/
一个有用的用法是:
sudo fail2ban-client status sshd
有一个文件是专门控制 sshd
的,忘了找到出处了。
中国电信的这一点非常给力,这对于开源社区的参与者是一个非常好的体验。
由于我是使用的小米路由器AX3600,在设置DDNS时只能从花生壳、公云等几个指定的服务上添加,阿里的目前无法使用。 结合我自己的经验,推荐使用 公云。只不过需要注意一点就是:
要在服务商及主机名那里 填写 从公云那里得到的域名,然后在状态栏那里得到链接成功的消息才可以。
[ 花生壳注册设置ddns] https://longdada.me/dynamic-ip-ddns-use-oray-or-noip/
CNAME指定自己的域名后面的这个方法验证是ok的。 完成上面的操作其实已经可以使用域名访问了,但是花生壳的分配的域名太难记,no-ip 的域名每 30 天就要确认一次才能继续使用,所以用自己的域名最方便。 方法也很简单,就是在域名 DNS 解析中填写一条 CNAME 配置,配置内容填写花生壳分配的域名,这样就能用自己的域名访问了。
CNAME的方式有时候会有问题的,我这里直接使用的3322免费给的域名(不是不想花钱买,是目前能work)。
这里要注意一个问题,在一个局域网内,有可能会出现无法通过域名下载的情况(需要验证外部网络是否可以下载),
这时可以直接编辑/etc/hosts
文件让局域网的node直接访问。这时,最好把内外网的端口修改为一致。
发表日期: 2023/06/04
最近的状态非常不对劲,或者说,自从去年回到徐州(2022年)之后,工作一直处于焦虑的状态。直到最近,我发现有些旧问题依然积压,而新问题依旧不断涌现,所以,我不得已在这里回顾梳理一下,以便更好的找到自己的节奏。
首先很感激老板和公司能够给自己机会,参与到一个非常有价值的盛会之中。其实,从一开始加盟,我就深刻的体会到,我们的riscv开发真的比某些商业公司的商业驱动的产品研发驱动有价值太多了。我们希望,我(们)的一点工作,能够改善国内在计算机底层工具链、cpu设计(riscv)开发的环境。当然,除了这种看似很虚无的理想外,对我而言最现实的问题是解决了我当时在徐州找工作的麻烦,感谢、感激!
怀着谨慎的态度以及成果能够让外部认可,其实自己一开始就很珍视这个机会,结果总是感觉有点用力过猛。注意,这里不是说工作成果,我自己也感觉成果不是特别惊喜,对,带给人惊喜的那种。先说我们实验室,在计算机的底层的大牛非常多,自己也是怀揣着膜拜的心态与各位大牛取经,这一点,我们实验室真的很强。这里我想说的是,自己周围的环境、自身实力的差距我基本还是有个清晰的认识的。
回想我这一路走来,从中国最底层到目前的生活状态,我已经是非常满足和感恩的了。20年前还在山东的一个农村吃土,慢慢的一路走来,并阴差阳错的进入计算机的世界,这真是很奇妙。我记得我当时的理科不是特别好(现在也不好:(),当时有一点就是特别喜欢读书,涉猎广泛。每到比我大几岁的表哥家,都会把他的教科书都翻出来看一遍。大约是小学阶段,然后我把初中历史、语文给看完了,地里天生就喜欢看报纸,到现在脑子里的地理知识还是不错的。后来,开始接触到初中信息技术的教科书,那个时候才对电脑有了一点认识,还是从静态的书本中获取到的知识。
拿到书之后,是借用文科的思维去理解去看的,然后有机会被发小带到网吧才发现,自己的动手能力是如此的差。也是碍于家庭原因,真正能接触电脑,还是到了大学本科。但是,从初中到高中,我对计算机的八卦知识和地理是差不多的,自认为知道的很多,但是连基本的linux命令都不知道。大学时,大一的第一个寒假去和舍友去电子厂打工,买了人生的第一个笔记本,开始真正意义上的编程学习。
现在我对本科的学习的还是颇有微言的,因为在我脑海里,我除了第一次接触c语言外,其他的知识、包括c编程的一些技巧,也全部是从课外的书中得到了入门的训练,然后又是自己鼓捣OJ还是kernel,都是自己想在某个特定领域有所专长的尝试,当然,这一些都默默地与我现在的工作能够挂上钩了。
所以,一切都是从好奇、探索开始的,这一切才是真正让你在未来某个时刻得到回报的关键。以始为终,我现在就是要重新拾起这种好奇、探索的精神,这是至关重要的。
回到现在的环境,工作,尤其是面对陌生的领域,其实也是这样的条件,而且这还是真的能为人类有所贡献的直接机会。慢是慢一点,可以有自己的节奏,但是不能有自己的退怯或者是畏难的情绪。从初中开始,当自己周围的人变的优秀的时候,自己不再是数一数二的时候,至少这么多年一直是这么过来的。这种经历与如今或者今后的工作、生活中是多么的一致。
工作的难点就是一个点,只要我们能包围它,那它就是我们技能树的一个组成部分,也是我们对计算机世界运行的一个参照,正确的思路,是应该按照这个思路进行下去的。
所以,要大胆尝试,要有小学阶段时的好奇心,坚持不懈、持之以恒,总会有所突破,加油!
sudo mmdebstrap --arch=amd64 --variant=buildd \
--include=fakeroot,build-essential,ca-certificates,apt-transport-https \
sid sid-amd64-sbuild.tar.xz \
"deb [trusted=yes] https://mirror.iscas.ac.cn/debian/ sid main"
然后可以使用以下方式:
mkdir buildrootfs && cd buildrootfs
sudo tar -xvf ../sid-amd64-sbuild.tar.xz
sudo systemd-nspawn -D . --bind=../tmp:/tmp --resolv-conf=bind-host
和sbuild的方式是一模一样的,但是这种可以随时替换里面的东西。