What are best practices for downloading documentation media into PPA package builds?
This question is about PPA packaging, and specifically how to work around network restrictions with launchpad-buildd.
I have been working on packaging for a project called 'projectM' that includes Markdown formatted docs (e.g.: README.md, BUILDING.md, etc...) My first goal to build the C++ project worked. The second goal was to get the Markdown docs installed as HTML format. This only worked locally, not after uploading & building on Launchpad (Soyuz / buildd)
After much searching through the Debian New Maintainers' Guide, and other esoteric online Wikis and resources, I figured out how to get this build working locally. It even will install the HTML docs into 'doc-base', and the README displays with locally embedded images under the package's 'dhelp' section! All the documentation files including images install locally, as they get packaged inside the .deb package during the build.
To get this working, I added 'pandoc' to Build-Depends, and added a target in 'debian/rules' to generate HTML docs from Markdown, using 'pandoc --extract-
HTML_DOCS := README.html BUILDING.html LLVM_README.html
%.html: %.md
pandoc --from=
execute_
:
@# target cannot be empty, just no-op ':'
To get them installed into the package, I added this to 'debian/
docs_media/* usr/share/
This target downloads and embeds the referenced URLs for media files (e.g. '.jpg', '.png', '.svg') into a folder 'docs_media'. Then, during install they get copied inside and packaged under '/usr/share/
This feels like a satisfying and elegant way to include fully offline versions of HTML docs generated from upstream Markdown source files. Next was to create a reproducible build via pbuilder & Launchpad.
Everything works fine on my local system using 'debuild'. However, when using 'pbuilder', it needed a couple extra bits. I did find that it required turning on network access for 'pbuilder' (Adding 'USENETWORK=yes' to '/etc/pbuilderrc' config file). To get this working inside the pbuilder chroot, I also had to add build dependencies on: ca-certificates, openssl, netbase
After trying to add this to a PPA, I found that unfortunately the 'launchpad-buildd' farm does not allow outbound network access!
I was able to verify network adapter was available, but connectivity out seems to be disabled by adding some debug commands after the 'pandoc' build target.
The build log shows some network DNS resolver errors during the 'pandoc --extract-media' steps:
https:/
https:/
After researching a bit more on this issue, I found some helpful resources explaining that network is disabled for security reasons, and suggesting some alternatives:
https:/
https:/
https:/
This seems to lead me down the path of choosing one of these options:
1. Package the external resource myself, and either include it in the package itself or as a dependency.
2. Change the build process to fetch the resource locally
3. Delay the actual download/build process to be done after the user installs the package
My question is then: What is the best option here considering that this is for embedding images for the HTML docs? Are there some good packaging examples already out there for this use case?
Ancillary thoughts:
- It seems like #3 would require a hard dependency on pandoc at package install time. So that one I can probably rule out as not ideal.
- Option #2 seems like it assumes they are included in the local source archive already, or are able to be generated locally. I think we can rule that one out given that they are web URL references, and not included in the VCS git repo.
- Option #1 sounds best, but I'm not sure how that plays well with Debian's pristine source '*.orig.tar.xz' requirement, and quilt patches for .jpg, .png, or other image formats seems ugly.
- Is there some way of including these files into the source package using a special build target or hook? (e.g.: 'execute_
- Including them upstream seems more difficult to achieve given the upstream maintainers would have to agree to adding binary image files to their git repo. Probably not ideal either.
- The older versions of this package are actually split out in Debian into 8 separate packages!
- My next steps are to separate the new build into at least 4: projectm-data, libprojectM3, projectm-jack, projectm-pulseaudio
- I have seen some packages that separate out docs too. Maybe I should create: projectm-docs
Question information
- Language:
- English Edit question
- Status:
- Solved
- Assignee:
- No assignee Edit question
- Solved by:
- Manfred Hampl
- Solved:
- Last query:
- Last reply: