use apt cacher, minor cleanup

.gitignore

@@ -6,3 +6,5 @@ build
 var
 result
 inputs
+base*
+*.qcow2

README.md

@@ -8,18 +8,21 @@ This package can do a deterministic build of a package inside a VM.
 
 This performs a build inside a VM, with deterministic inputs and outputs.  If the build script takes care of all sources of non-determinism (mostly caused by timestamps), the result will always be the same.  This allows multiple independent verifiers to sign a binary with the assurance that it really came from the source they reviewed.
 
-Synopsis:
+## Synopsis:
 
-* Install prereqs:
+Install prereqs:
 
-    sudo apt-get install python-vm-builder qemu-kvm
+    sudo apt-get install python-vm-builder qemu-kvm apt-cacher
+    sudo service apt-cacher start
 
-* This will create the base VM for use in further builds (requires sudo):
+Create the base VM for use in further builds (requires sudo, please review the script):
 
     bin/make-base-vm
 
-* This will build using a YAML description file (can be run as non-root):
+Copy any additional build inputs into a directory named _inputs_.
 
-    bin/gbuild _package_-desc.yml
+Then execute the build using a YAML description file (can be run as non-root):
 
-The resulting report will appear in result/_package_-res.yml
+    bin/gbuild <package>-desc.yml
+
+The resulting report will appear in result/\<package\>-res.yml

bin/gbuild

@@ -84,21 +84,21 @@ info ''
 
 system! "on-target true"
 
-info "Installing additional packages (log in var/install.log)"
-system! "on-target -u root apt-get -y install #{build_desc["packages"].join(" ")} > var/install.log 2>&1"
-
-info "Grabbing package manifest"
-system! "on-target -u root bash < target-bin/grab-packages.sh > var/base.manifest"
-
 info "Preparing build environment"
 system! "on-target bash < target-bin/init-build.sh"
 
 build_desc["files"].each do |filename|
   filename = sanitize(filename, "files section")
-  system! "cd inputs ; copy-to-target #{filename} build/"
-  in_sums << `cd inputs ; sha256sum #{filename}`
+  system! "cd inputs && copy-to-target #{filename} build/"
+  in_sums << `cd inputs && sha256sum #{filename}`
 end
 
+info "Installing additional packages (log in var/install.log)"
+system! "on-target -u root apt-get -y install #{build_desc["packages"].join(" ")} > var/install.log 2>&1"
+
+info "Grabbing package manifest"
+system! "on-target -u root bash < target-bin/grab-packages.sh > var/base.manifest"
+
 info "Creating build script (var/build-script)"
 
 File.open("var/build-script", "w") do |script|
@@ -113,7 +113,7 @@ File.open("var/build-script", "w") do |script|
   script.puts
   build_desc["remotes"].each do |remote|
     script.puts "git clone -q #{remote["url"]} build/#{remote["dir"]}"
-    script.puts "(cd build/#{remote["dir"]} ; git checkout -q #{remote["commit"]})"
+    script.puts "(cd build/#{remote["dir"]} && git checkout -q #{remote["commit"]})"
   end
   script.puts "cd build"
   script.puts build_desc["script"]
@@ -132,7 +132,7 @@ info "Generating report"
 Dir.new(out_dir).each do |file|
   next if file.start_with?(".")
   file = sanitize(file, out_dir)
-  out_sums[file] = `cd #{out_dir} ; sha256sum #{file}`
+  out_sums[file] = `cd #{out_dir} && sha256sum #{file}`
   raise "failed to sum #{file}" unless $? == 0
   puts out_sums[file] unless @options[:quiet]
 end
@@ -155,6 +155,6 @@ File.open(File.join(result_dir, result_file), "w") do |io|
   io.write report.to_yaml
 end
 
-system!("cd #{result_dir} ; sha256sum #{result_file}") unless @options[:quiet]
+system!("cd #{result_dir} && sha256sum #{result_file}") unless @options[:quiet]
 
 info "Done."

bin/make-base-vm

@@ -3,9 +3,12 @@ set -e
 
 SUITE=lucid
 ARCH=amd64
+MIRROR=http://${MIRROR_HOST:-`hostname`}:3142/archive.ubuntu.com/ubuntu
+
+mkdir -p var
 
 if [ ! -e var/id_dsa ]; then
   ssh-keygen -t dsa -f var/id_dsa -N ""
 fi
-sudo vmbuilder kvm ubuntu --arch=$ARCH --suite=$SUITE --addpkg=openssh-server,pciutils,build-essential,git-core,mercurial,subversion --ssh-key=var/id_dsa.pub --ssh-user-key=var/id_dsa.pub --mirror=http://localhost:3142/ubuntu --dest=base --flavour=virtual --overwrite
+sudo vmbuilder kvm ubuntu --arch=$ARCH --suite=$SUITE --addpkg=openssh-server,pciutils,build-essential,git-core,subversion --ssh-key=var/id_dsa.pub --ssh-user-key=var/id_dsa.pub --mirror=$MIRROR --dest=base --flavour=virtual --overwrite
 mv base/*.qcow2 base.qcow2