Scroll to navigation

SBUILD.CONF(5) Debian sbuild SBUILD.CONF(5)

NAME

sbuild.conf - configuration file for sbuild

DESCRIPTION

sbuild.conf is a Perl script which is sourced by sbuild to permit configuration. It is run in a sandbox and restricted to setting a small number of variables, detailed below, which may be set to configure the behaviour of sbuild. Each variable has an internal name, shown in all caps, and a perl variable showing the default setting. Note that the internal name is not accessible within sbuild.conf; only the variable may be assigned. Also note that some of the defaults are set to be unique for each build, and so some of the defaults shown here are unique to the user and system used to build sbuild, and will be different for your system.

While sbuild permits many aspects of its behaviour to be configured, this should not normally be required. The defaults should be adequate for most uses, and should only be changed if you are doing something more advanced, or have specialist requirements.

CONFIGURATION

Build environment

STRING type. PATH to set when running dpkg-buildpackage.
Related sbuild(1) command line options:

--use-snapshot
Default:

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games';
STRING type. Library search path to use inside the chroot.
Related sbuild(1) command line options:

--use-snapshot
Default:

$ld_library_path = undef;

Build options

STRING type. Default distribution. By default, no distribution is defined, and the user must specify it with the -d option. However, a default may be configured here if desired. Users must take care not to upload to the wrong distribution when this option is set, for example experimental packages will be built for upload to unstable when this is not what is required. In unshare mode, this setting controls how the chroot tarball is created as rules like $unshare_mmdebstrap_extra_args and $unshare_mmdebstrap_distro_mangle use the value of the distribution and not the chroot name.
Related sbuild(1) command line options:

-d
--dist
Default:

$distribution = undef;
STRING type. Host architecture (Arch we are building for)
Related sbuild(1) command line options:

--arch
--host

host_arch = ...;
STRING type. Build architecture (Arch we are building on).
Related sbuild(1) command line options:

--arch
--build

build_arch = ...;
BOOL type. Build architecture: all packages by default.
Related sbuild(1) command line options:

--arch-all
--no-arch-all
Default:

$build_arch_all = undef;
BOOL type. Build architecture: any packages by default.
Related sbuild(1) command line options:

--arch-any
--no-arch-any
Default:

$build_arch_any = 1;
STRING type. Build profiles. Separated by spaces. Defaults to the value of the DEB_BUILD_PROFILES environment variable when building natively and to the cross and nocheck profiles when cross-building.
Related sbuild(1) command line options:

--profiles
Default:

$build_profiles = undef;
STRING type. By default network access is blocked during build (only implemented for the unshare mode). This lifts the restriction.
Related sbuild(1) command line options:

--enable-network
Default:

$enable_network = 0;
STRING type. This command is run with the dpkg-buildpackage command line passed to it (in the chroot, if doing a chrooted build). It is used by the sparc buildd (which is sparc64) to call the wrapper script that sets the environment to sparc (32-bit). It could be used for other build environment setup scripts. Note that this is superseded by schroot's 'command-prefix' option
Default:

$build_env_cmnd = '';
ARRAY:STRING type. Additional signing options for dpkg-buildpackage
Default:

$pgp_options = [
'-us',
'-uc'
];
ARRAY:STRING type. Regular expressions identifying toolchain packages. Note that for backward compatibility, this is also settable using the array @toolchain_regex (deprecated), rather than an array reference.
Default:

$toolchain_regex = [
'binutils$',
'dpkg-dev$',
'gcc-[\d.]+$',
'g\+\+-[\d.]+$',
'libstdc\+\+',
'libc[\d.]+-dev$',
'linux-kernel-headers$',
'linux-libc-dev$',
'gnumach-dev$',
'hurd-dev$',
'kfreebsd-kernel-headers$'
];
BOOL type. Run apt-get distclean before the build to clean the apt package cache if the command is available. This makes sure that the build environment is not polluted by extra information but means that you need to run apt update before manually installing packages for debugging. You can disable this to save the extra call but remember to not use the information from the apt cache. Also note that this silently fails when the command is not available to be compatible with older releases.
Default:

$clean_apt_cache = 0;
BOOL type. Check free disk space prior to starting a build. sbuild requires the free space to be at least twice the size of the unpacked sources to allow a build to proceed. Can be disabled to allow building if space is very limited, but the threshold to abort a build has been exceeded despite there being sufficient space for the build to complete.
Default:

$check_space = 1;
STRING type. This option allows one to specify a custom path where the package is built inside the chroot. The sbuild user in the chroot must have permissions to create the path. Common writable locations are subdirectories of /tmp or /build. Using /tmp might be dangerous, because (depending on the chroot backend) the /tmp inside the chroot might be a world writable location that can be accessed by processes outside the chroot. The directory /build can only be accessed by the sbuild user and group and should be a safe location. The buildpath must be an empty directory because the last component of the path will be removed after the build is finished. Notice that depending on the chroot backend (see CHROOT_MODE), some locations inside the chroot might be bind mounts that are shared with other sbuild instances. You must avoid using these shared locations as the build path or otherwise concurrent runs of sbuild will likely fail. With the default schroot chroot backend, the directory /build is shared between multiple schroot sessions. You can change this behaviour in /etc/schroot/sbuild/fstab. The behaviour of other chroot backends will vary. To let sbuild choose a random build location of the format /build/packagename-XXXXXX/packagename-version/ where XXXXXX is a random ascii string, set this variable to the empty string.
Related sbuild(1) command line options:

--build-path
Default:

$build_path = '/build/reproducible-path';
STRING type. By default the package is built in a path of the following format /build/packagename-XXXXXX/packagename-version/ where packagename-version are replaced by the values in debian/changelog. This option allows one to specify a custom packagename-version path where the package is built inside the chroot. This is useful to specify a static path for different versions for example for ccache.
Related sbuild(1) command line options:

--dsc-dir
Default:

$dsc_dir = undef;
BOOL type. By default, the -s option only includes the .orig.tar.gz when needed (i.e. when the Debian revision is 0 or 1). By setting this option to 1, the .orig.tar.gz will always be included when -s is used.
Related sbuild(1) command line options:

--force-orig-source
Default:

$force_orig_source = 0;
BOOL type. By default, do not build a source package (binary only build). Set to 1 to force creation of a source package, but note that this is inappropriate for binary NMUs, where the option will always be disabled.
Related sbuild(1) command line options:

-s
--source
--no-source
Default:

$build_source = 0;
STRING type. Binary NMU changelog entry.
Related sbuild(1) command line options:

--make-binNMU
Default:

$bin_nmu = undef;
STRING type. Binary NMU version number.
Related sbuild(1) command line options:

--binNMU
--make-binNMU
Default:

$bin_nmu_version = undef;
STRING type. Binary NMU timestamp. The timestamp is either given as n integer in Unix time or as a string in the format compatible with Debian changelog entries (i.e. as it is generated by date -R). If set to the default (undef) the date at build time is used.
Related sbuild(1) command line options:

--binNMU-timestamp
Default:

$bin_nmu_timestamp = undef;
STRING type. Suffix to append to version number. May be useful for derivative distributions.
Related sbuild(1) command line options:

--append-to-version
Default:

$append_to_version = undef;
STRING type. The content of a binary-only changelog entry. Leading and trailing newlines will be stripped.
Related sbuild(1) command line options:

--binNMU-changelog
Default:

$bin_nmu_changelog = undef;
BOOL type. Build using current GCC snapshot?
Related sbuild(1) command line options:

--use-snapshot
Default:

$gcc_snapshot = 0;
BOOL type. When running sbuild from within an unpacked source tree, run the 'clean' target before generating the source package. This might require some of the build dependencies necessary for running the 'clean' target to be installed on the host machine. Only disable if you start from a clean checkout and you know what you are doing.
Related sbuild(1) command line options:

--clean-source
--no-clean-source
Default:

$clean_source = 1;
BOOL type. Also produce a changes file suitable for a source-only upload.
Related sbuild(1) command line options:

--source-only-changes
Default:

$source_only_changes = 0;
BOOL type. Build packages as root when Rules-Requires-Root: binary-targets.
Default:

$build_as_root_when_needed = 0;

Build timeouts

NUMERIC type. Time (in minutes) of inactivity after which a build is terminated. Activity is measured by output to the log file.
Default:

$stalled_pkg_timeout = 150;
NUMERIC type. Number of times to try waiting for a lock.
Default:

$max_lock_trys = 120;
NUMERIC type. Lock wait interval (seconds). Maximum wait time is (max_lock_trys x lock_interval).
Default:

$lock_interval = 5;
HASH:NUMERIC type. Some packages may exceed the general timeout (e.g. redirecting output to a file) and need a different timeout. This has is a mapping between source package name and timeout. Note that for backward compatibility, this is also settable using the hash %individual_stalled_pkg_timeout (deprecated) , rather than a hash reference.
Example:

$individual_stalled_pkg_timeout->{'llvm-toolchain-3.8'} = 300;
$individual_stalled_pkg_timeout->{'kicad-packages3d'} = 90;
Default:

$individual_stalled_pkg_timeout = {};

Build validation

STRING type. Path to lintian binary
Default:

$lintian = 'lintian';
BOOL type. Run lintian?
Related sbuild(1) command line options:

--run-lintian
--no-run-lintian
Default:

$run_lintian = 1;
ARRAY:STRING type. Options to pass to lintian. Each option is a separate arrayref element. For example, ['-i', '-v'] to add -i and -v.
Related sbuild(1) command line options:

--lintian-opt
--lintian-opts
Default:

$lintian_opts = [];
BOOL type. Let sbuild fail if lintian fails.
Default:

$lintian_require_success = 0;
STRING type. Path to piuparts binary
Related sbuild(1) command line options:

--piuparts-opt
--piuparts-opts
Default:

$piuparts = 'piuparts';
BOOL type. Run piuparts
Related sbuild(1) command line options:

--run-piuparts
--no-run-piuparts
Default:

$run_piuparts = 0;
ARRAY:STRING type. Options to pass to piuparts. Each option is a separate arrayref element. For example, ['-b', '<chroot_tarball>'] to add -b and <chroot_tarball>.
Default:

$piuparts_opts = undef;
ARRAY:STRING type. Preceding arguments to launch piuparts as root. With the default value (the empty array) "sudo --" will be used as a prefix unless sbuild is run in unshare mode. If the first element in the array is the empty string, no prefixing will be done. If the value is a scalar, it will be prefixed by that string. If the scalar is an empty string, no prefixing will be done.
Related sbuild(1) command line options:

--piuparts-root-arg
--piuparts-root-args
Example:

# prefix with "sudo --":
$piuparts_root_args = [];
$piuparts_root_args = ['sudo', '--'];
# prefix with "env":
$piuparts_root_args = ['env'];
$piuparts_root_args = 'env';
# prefix with nothing:
$piuparts_root_args = '';
$piuparts_root_args = [''];
$piuparts_root_args = ['', 'whatever'];
Default:

$piuparts_root_args = [];
BOOL type. Let sbuild fail if piuparts fails.
Default:

$piuparts_require_success = 0;
STRING type. Path to autopkgtest binary
Related sbuild(1) command line options:

--autopkgtest-opt
--autopkgtest-opts
Default:

$autopkgtest = 'autopkgtest';
BOOL type. Run autopkgtest
Related sbuild(1) command line options:

--run-autopkgtest
--no-run-autopkgtest
Default:

$run_autopkgtest = 0;
ARRAY:STRING type. Options to pass to autopkgtest. Each option is a separate arrayref element. For example, ['-b', '<chroot_tarball>'] to add -b and <chroot_tarball>.
Default:

$autopkgtest_opts = undef;
ARRAY:STRING type. Preceding arguments to launch autopkgtest as root. With the default value (the empty array) "sudo --" will be used as a prefix unless sbuild is run in unshare mode. If the first element in the array is the empty string, no prefixing will be done. If the value is a scalar, it will be prefixed by that string. If the scalar is an empty string, no prefixing will be done.
Related sbuild(1) command line options:

--autopkgtest-root-arg
--autopkgtest-root-args
Example:

# prefix with "sudo --":
$autopkgtest_root_args = [];
$autopkgtest_root_args = ['sudo', '--'];
# prefix with "env":
$autopkgtest_root_args = ['env'];
$autopkgtest_root_args = 'env';
# prefix with nothing:
$autopkgtest_root_args = '';
$autopkgtest_root_args = [''];
$autopkgtest_root_args = ['', 'whatever'];
Default:

$autopkgtest_root_args = [];
BOOL type. Let sbuild fail if autopkgtest fails.
Default:

$autopkgtest_require_success = 0;

Chroot options

STRING type. Default chroot (defaults to distribution[-arch][-sbuild]). In unshare mode, this setting is used to decide the name of the tarball in ~/.cache/sbuild. This setting does not influence what options are used to create the chroot in unshare mode (unless as the very last fallback for $unshare_mmdebstrap_extra_args). Use the distribution name (either in debian/changelog or by using --dist) for that.
Related sbuild(1) command line options:

-c
--chroot
Default:

$chroot = undef;
STRING type. Where to store list currently installed packages inside chroot
Default:

$package_checklist = '/var/lib/sbuild/package-checklist';
STRING type. When to purge the build dependencies after a build; possible values are "never", "successful", and "always"
Related sbuild(1) command line options:

-p
--purge
--purge-deps
Default:

$purge_build_deps = 'always';
STRING type. When to purge the build directory after a build; possible values are "never", "successful", and "always"
Related sbuild(1) command line options:

-p
--purge
--purge-build
Default:

$purge_build_directory = 'always';
STRING type. Purge the schroot session following a build. This is useful in conjunction with the --purge and --purge-deps options when using snapshot chroots, since by default the snapshot will be deleted. Possible values are "always" (default), "never", and "successful"
Related sbuild(1) command line options:

-p
--purge
--purge-session
Default:

$purge_session = 'always';
STRING type. Mechanism to use for chroot virtualisation. Possible value are "schroot", "sudo", "autopkgtest" and "unshare" (default).
Related sbuild(1) command line options:

--chroot-mode
Default:

$chroot_mode = undef;
HASH:STRING type. A mapping of distribution names to their aliases which will be used to look up chroots. This is similar to the "aliases" schroot configuration option. With the unshare backend, this has a similar effect as placing a symlink into ~/.cache/sbuild. Use the $unshare_mmdebstrap_distro_mangle option instead of this option if you want to declare a mapping from an "overlay" distribution (like experimental or backcports) to its base. This option is a hash because the order of its entries does not matter. Note, that if you are using unshare mode, you might still need an entry in $unshare_mmdebstrap_distro_mangle in addition to an entry in this option because this option only influences the chroot lookup. The distribution name passed to mmdebstrap is not influenced by this option.
Default:

$chroot_aliases = {
'UNRELEASED' => 'unstable',
'rc-buggy' => 'experimental'
};
BOOL type. Run in split mode? In split mode, apt-get and dpkg are run on the host system, rather than inside the chroot.
Default:

$chroot_split = 0;
STRING type. Script to run to perform custom setup tasks in the chroot.
Related sbuild(1) command line options:

--setup-hook
Default:

$chroot_setup_script = undef;
BOOL type. APT clean. 1 to enable running "apt-get clean" at the start of each build, or 0 to disable.
Related sbuild(1) command line options:

--apt-clean
--no-apt-clean
Default:

$apt_clean = 0;
BOOL type. Keep downloaded packages in cache by APT. Controls APT::Keep-Downloaded-Packages option used when downloading dependencies. This option only makes sense if /var/cache/apt/archive inside the chroot is made persistent between multiple sbuild invocations. 1 to keep downloaded packages in cache, or 0 to delete them after installation.
Default:

$apt_keep_downloaded_packages = 0;
BOOL type. APT update. 1 to enable running "apt-get update" at the start of each build, or 0 to disable. This option only applies to the default repositories of the chroot: the internal sbuild apt repository, the repository for extra packages (see EXTRA_PACKAGES) and any repositories set via EXTRA_REPOSITORIES are always updated. It is not recommended to set this option to 0 because you should build using the latest available packages in each distribution. If you do disable updates you need to ensure that the chroot contains downloaded package lists or apt will be unable to install any packages. If you are using the unshare chroot mode you can add "--skip=cleanup/apt/lists" to UNSHARE_MMDEBSTRAP_EXTRA_ARGS to retain the package lists inside the chroot taball.
Related sbuild(1) command line options:

--apt-update
--no-apt-update
Default:

$apt_update = 1;
BOOL type. Update local temporary APT archive directly (1, the default) or set to 0 to disable and do a full apt update (not recommended in case the mirror content has changed since the build started).
Default:

$apt_update_archive_only = 1;
BOOL type. APT upgrade. 1 to enable running "apt-get upgrade" at the start of each build, or 0 to disable.
Related sbuild(1) command line options:

--apt-upgrade
--no-apt-upgrade
Default:

$apt_upgrade = 0;
BOOL type. APT distupgrade. 1 to enable running "apt-get dist-upgrade" at the start of each build, or 0 to disable.
Related sbuild(1) command line options:

--apt-distupgrade
--no-apt-distupgrade
Default:

$apt_distupgrade = 1;
BOOL type. Force APT to accept unauthenticated packages. By default, unauthenticated packages are not allowed. This is to keep the build environment secure, using apt-secure(8). By setting this to 1, APT::Get::AllowUnauthenticated is set to "true" when running apt-get. This is disabled by default: only enable it if you know what you are doing.
Default:

$apt_allow_unauthenticated = 0;
HASH:ARRAY:STRING type. External commands to run at various stages of a build. Commands are held in a hash of arrays of arrays data structure. There is no equivalent for the --anything-failed-commands command line option. All percent escapes mentioned in the sbuild man page can be used.
Related sbuild(1) command line options:

--setup-hook
--pre-build-commands
--chroot-setup-commands
--chroot-update-failed-commands
--build-deps-failed-commands
--build-failed-commands
--anything-failed-commands
--starting-build-commands
--finished-build-commands
--chroot-cleanup-commands
--post-build-commands
--post-build-failed-commands
Example:

# general format
$external_commands = {
"pre-build-commands" => [
['foo', 'arg1', 'arg2'],
['bar', 'arg1', 'arg2', 'arg3'],
],
"chroot-setup-commands" => [
['foo', 'arg1', 'arg2'],
['bar', 'arg1', 'arg2', 'arg3'],
],
"chroot-update-failed-commands" => [
['foo', 'arg1', 'arg2'],
['bar', 'arg1', 'arg2', 'arg3'],
],
"build-deps-failed-commands" => [
['foo', 'arg1', 'arg2'],
['bar', 'arg1', 'arg2', 'arg3'],
],
"build-failed-commands" => [
['foo', 'arg1', 'arg2'],
['bar', 'arg1', 'arg2', 'arg3'],
],
"starting-build-commands" => [
['foo', 'arg1', 'arg2'],
['bar', 'arg1', 'arg2', 'arg3'],
],
"finished-build-commands" => [
['foo', 'arg1', 'arg2'],
['bar', 'arg1', 'arg2', 'arg3'],
],
"chroot-cleanup-commands" => [
['foo', 'arg1', 'arg2'],
['bar', 'arg1', 'arg2', 'arg3'],
],
"post-build-commands" => [
['foo', 'arg1', 'arg2'],
['bar', 'arg1', 'arg2', 'arg3'],
],
"post-build-failed-commands" => [
['foo', 'arg1', 'arg2'],
['bar', 'arg1', 'arg2', 'arg3'],
],
};
# the equivalent of specifying --anything-failed-commands=%SBUILD_SHELL on the
# command line
$external_commands = {
"chroot-update-failed-commands" => [ [ '%SBUILD_SHELL' ] ],
"build-deps-failed-commands" => [ [ '%SBUILD_SHELL' ] ],
"build-failed-commands" => [ [ '%SBUILD_SHELL' ] ],
};
Default:

$external_commands = {
'build-deps-failed-commands' => [],
'build-failed-commands' => [],
'chroot-cleanup-commands' => [],
'chroot-setup-commands' => [],
'chroot-update-failed-commands' => [],
'finished-build-commands' => [],
'post-build-commands' => [],
'pre-build-commands' => [],
'starting-build-commands' => []
};
BOOL type. Log standard output of commands run by sbuild?
Related sbuild(1) command line options:

--log-external-command-output
Default:

$log_external_command_output = 1;
BOOL type. Log standard error of commands run by sbuild?
Related sbuild(1) command line options:

--log-external-command-error
Default:

$log_external_command_error = 1;
BOOL type. Try to remove all additional packages that are not strictly required for the build right after build dependencies were installed. This currently works best with the aspcud resolver. The apt resolver will not make as much effort to remove all unneeded packages and will keep all providers of a virtual package and all packages from any dependency alternative that happen to be installed. The aptitude and xapt resolver do not implement this feature yet. The removed packages are not yet added again after the build finished. This can have undesirable side effects like lintian not working (because there is no apt to install its dependencies) or bare chroots becoming totally unusable after apt was removed from them. Thus, this option should only be used with throw-away chroots like schroot provides them where the original state is automatically restored after each build.
Related sbuild(1) command line options:

--purge-extra-packages
Default:

$purge_extra_packages = 0;

Chroot options (unshare)

STRING type. Template used to create the temporary unpack directory for the unshare chroot mode. Uses $TMPDIR if set and /tmp otherwise. In unshare mode, all components of the path need to be accessible by the unshared user (world execute permissions). In unshare mode, the unshared user needs to have write permissions to this directory.
Example:

# Choose /var/tmp if /tmp is too small
$unshare_tmpdir_template = '/var/tmp/tmp.sbuild.XXXXXXXXXX'
Default:

$unshare_tmpdir_template = '/tmp/tmp.sbuild.XXXXXXXXXX';
ARRAY type. Bind mount directories from the outside to a mountpoint inside the chroot in unshare mode.
Example:

$unshare_bind_mounts = [ { directory => "/home/path/outside", mountpoint => "/path/inside" } ];
Default:

$unshare_bind_mounts = [];
BOOL type. This is an experimental feature. In unshare mode, if the desired chroot tarball does not exist or if it is too old (see UNSHARE_MMDEBSTRAP_MAX_AGE), run mmdebstrap to create a new chroot that will be used for the build. Refer to UNSHARE_MMDEBSTRAP_EXTRA_ARGS to learn how to customize the mmdebstrap invocation for your chroots.
Default:

$unshare_mmdebstrap_auto_create = 1;
STRING type. Path to mmdebstrap binary
Default:

$mmdebstrap = 'mmdebstrap';
BOOL type. This is an experimental feature. In unshare mode and only if UNSHARE_MMDEBSTRAP_AUTO_CREATE is true, write the created tarball back to its appropriate location in ~/.cache/sbuild/${release}-${arch}.tar. If a chroot tarball was given explicitly by passing a path with the --chroot option, that chroot will never be updated by sbuild. But if the chroot tarball was outdated (see UNSHARE_MMDEBSTRAP_MAX_AGE), it will still get re-created and used but not saved back to the given path.
Default:

$unshare_mmdebstrap_keep_tarball = 0;
HASH:STRING type. This is an experimental feature. In unshare mode, when mmdebstrap is run because UNSHARE_MMDEBSTRAP_AUTO_CREATE was set to true, pass these extra arguments to the mmdebstrap invocation. The option array is given as key/value pairs. Each key will be matched against strings created from sbuild configuration variables, namely: DISTRIBUTION, DISTRIBUTION-BUILD_ARCH, DISTRIBUTION-BUILD_ARCH-HOST_ARCH as well as against the name of the chroot itself (defined if you use --chroot). If a key matches one of these strings, the value, containing extra mmdebstrap arguments is appended to the mmdebstrap argument list. A key can be a plain string, in which case glob-style expressions can be used. If the key is a plain string, it has to fully match. If the key is a plain string, percentage escapes %a and %r will be replaced by host architecture and distribution of the current build, respectively. A key can also be a precompiled qr// regular expression but match groups cannot be referenced in the extra arguments. The value is an array of extra arguments which are appended to the end of the mmdebstrap exec array.
Example:


$unshare_mmdebstrap_extra_args = [
"*-%a-arm64" => [ ... ] # options for cross-builds with arm64 as the host architecture
"debcargo-unstable-%a" => ["--include=dh-cargo,cargo"], # %a will be replaced by the host architecture
"ubuntu-*" => [ "--components=main,universe,multiverse" ], # add universe and multiverse for ubuntu
"/srv/custom-chroot.tar" => [ "--variant=apt", --arch="i386,ppc64el" ],
qr/(jessie|stretch)-amd64/ => [ ... ] # do something special for jessie and stretch
"{jessie,stretch}-amd64" => [ ... ] # the same as above but with a glob instead of a regex
];
Default:

$unshare_mmdebstrap_extra_args = [
'*-{backports}',
[
'--setup-hook=echo "deb http://deb.debian.org/debian %r main" > "$1"/etc/apt/sources.list.d/%r.list'
],
qr/^(experimental|rc-buggy)$/,
[
'--setup-hook=echo "deb http://deb.debian.org/debian experimental main" > "$1"/etc/apt/sources.list.d/experimental.list'
]
];
ARRAY type. This is an experimental feature. In unshare mode, when mmdebstrap is used to create the chroot environment, prefix that command with this option array.
Example:

$unshare_mmdebstrap_env_cmnd = [ "env", "TMPDIR=/dev/shm/" ];
Default:

$unshare_mmdebstrap_env_cmnd = [];
NUMERIC type. This is an experimental feature. In unshare mode, with UNSHARE_MMDEBSTRAP_AUTO_CREATE=1, consider tarballs as outdated if they are older than the number of seconds given by this option. A negative value completely disables this check.
Default:

$unshare_mmdebstrap_max_age = 604800;
ARRAY:STRING type. The distribution you want to build for might be an "overlay" for another distribution. For example if you build for stable-backports, you want to create a chroot for stable and then add backports or to build for experimental you want to build for unstable and then add experimental on top. This option allows one to perform this name mangling from distribution name to desired base distribution. The option array is given as substitution pairs. The first regex which matches is applied and the remaining regexes are skipped. If instead you want to define an alias of one name to another like the "aliases" schroot configuration option or symlinks in unshare mode, use the $chroot_aliases option instead. This option is an array instead of a hash because the order of entries matters.
Example:

$unshare_mmdebstrap_distro_mangle = [qr/(.*)-armhf$/ => '$1-arm64']
Default:

$unshare_mmdebstrap_distro_mangle = [
qr/^(experimental|rc-buggy|UNRELEASED.*)$/,
'unstable',
qr/^(.*)-backports$/,
'$1',
qr/^(.*)-security$/,
'$1'
];

Core options

STRING type. Username used for running dpkg-buildpackage. By default the user running sbuild and `sbuild` for the unshare mode is used within the chroot as well but that might allow a process from within the chroot to break out of the chroot by attaching to a process running outside the chroot with eg. gdb and then becoming root inside the chroot through schroot and thus be able to leave the chroot.

build_user = ...;
STRING type. Output directory for build artifacts created by dpkg-buildpackage and the log file. Defaults to the current directory if unspecified. It is used as the location of chroot symlinks (obsolete) and for current build log symlinks and some build logs. There is no default; if unset, it defaults to the current working directory. $HOME/build is another common configuration.
Related sbuild(1) command line options:

--build-dir
Example:

$build_dir = '/home/pete/build';

build_dir = ...;
STRING type. sbuild behaviour; possible values are "user" (exit status reports build failures) and "buildd" (exit status does not report build failures) for use in a buildd setup. "buildd" also currently implies enabling of "legacy features" such as chroot symlinks in the build directory and the creation of current symlinks in the build directory.
Related sbuild(1) command line options:

--sbuild-mode
Default:

$sbuild_mode = 'user';
ARRAY:STRING type. Only environment variables matching one of the regular expressions in this arrayref will be passed to dpkg-buildpackage and other programs run by sbuild. The default value for this configuration setting is the list of variable names as returned by Dpkg::BuildInfo::get_build_env_allowed() which is also the list of variable names that is whitelisted to be recorded in .buildinfo files. Caution: the default value listed below was retrieved from the dpkg Perl library version available when this man page was generated. It might be different if your dpkg Perl library version differs.
Example:

# Setting the old environment filter
$environment_filter = ['^PATH$',
'^DEB(IAN|SIGN)?_[A-Z_]+$',
'^(C(PP|XX)?|LD|F)FLAGS(_APPEND)?$',
'^USER(NAME)?$',
'^LOGNAME$',
'^HOME$',
'^TERM$',
'^SHELL$'];
# Appending FOOBAR to the default
use Dpkg::BuildInfo;
$environment_filter = [(sort (map "^$_\$", Dpkg::BuildInfo::get_build_env_allowed())), '^FOOBAR$'];
# Removing FOOBAR from the default
use Dpkg::BuildInfo;
$environment_filter = [ sort (map /^FOOBAR$/ ? () : "^$_\$", Dpkg::BuildInfo::get_build_env_allowed()) ];
Default:

$environment_filter = [
'^AR$',
'^ARFLAGS$',
'^AS$',
'^ASFLAGS$',
'^ASFLAGS_FOR_BUILD$',
'^AWK$',
'^CC$',
'^CFLAGS$',
'^CFLAGS_FOR_BUILD$',
'^CPP$',
'^CPPFLAGS$',
'^CPPFLAGS_FOR_BUILD$',
'^CXX$',
'^CXXFLAGS$',
'^CXXFLAGS_FOR_BUILD$',
'^DEB_BUILD_OPTIONS$',
'^DEB_BUILD_PROFILES$',
'^DEB_VENDOR$',
'^DFLAGS$',
'^DFLAGS_FOR_BUILD$',
'^DPKG_ADMINDIR$',
'^DPKG_DATADIR$',
'^DPKG_GENSYMBOLS_CHECK_LEVEL$',
'^DPKG_ORIGINS_DIR$',
'^DPKG_ROOT$',
'^FC$',
'^FFLAGS$',
'^FFLAGS_FOR_BUILD$',
'^GNUMAKEFLAGS$',
'^LANG$',
'^LC_ADDRESS$',
'^LC_ALL$',
'^LC_COLLATE$',
'^LC_CTYPE$',
'^LC_IDENTIFICATION$',
'^LC_MEASUREMENT$',
'^LC_MESSAGES$',
'^LC_MONETARY$',
'^LC_NAME$',
'^LC_NUMERIC$',
'^LC_PAPER$',
'^LC_TELEPHONE$',
'^LC_TIME$',
'^LD$',
'^LDFLAGS$',
'^LDFLAGS_FOR_BUILD$',
'^LD_LIBRARY_PATH$',
'^LEX$',
'^M2C$',
'^MAKE$',
'^MAKEFLAGS$',
'^OBJC$',
'^OBJCFLAGS$',
'^OBJCFLAGS_FOR_BUILD$',
'^OBJCXX$',
'^OBJCXXFLAGS$',
'^OBJCXXFLAGS_FOR_BUILD$',
'^PC$',
'^RANLIB$',
'^SOURCE_DATE_EPOCH$',
'^YACC$'
];
HASH:STRING type. Environment to set during the build. Defaults to setting PATH and LD_LIBRARY_PATH only. Note that these environment variables are not subject to filtering with ENVIRONMENT_FILTER. Example:
Example:

$build_environment = {
'CCACHE_DIR' => '/build/cache'
};
Default:

$build_environment = {};
BOOL type. Enable batch mode?
Related sbuild(1) command line options:

-b
--batch
Default:

$batch_mode = 0;
ARRAY:STRING type. Packages which must be installed in the chroot for all builds.
Default:

$core_depends = [
'build-essential:native'
];
ARRAY:STRING type. Additional per-build dependencies.
Related sbuild(1) command line options:

--add-depends
Default:

$manual_depends = [];
ARRAY:STRING type. Additional per-build dependencies.
Related sbuild(1) command line options:

--add-conflicts
Default:

$manual_conflicts = [];
ARRAY:STRING type. Additional per-build dependencies.
Related sbuild(1) command line options:

--add-depends-arch
Default:

$manual_depends_arch = [];
ARRAY:STRING type. Additional per-build dependencies.
Related sbuild(1) command line options:

--add-conflicts-arch
Default:

$manual_conflicts_arch = [];
ARRAY:STRING type. Additional per-build dependencies.
Related sbuild(1) command line options:

--add-depends-indep
Default:

$manual_depends_indep = [];
ARRAY:STRING type. Additional per-build dependencies.
Related sbuild(1) command line options:

--add-conflicts-indep
Default:

$manual_conflicts_indep = [];
STRING type. Archive being built. Only set in build log. This might be useful for derivative distributions.
Related sbuild(1) command line options:

--archive
Default:

$archive = undef;
STRING type. Job status file (only used in batch mode)
Default:

$job_file = 'build-progress';

Dependency resolution

STRING type. Build dependency resolver. The 'apt' resolver is currently the default, and recommended for most users. This resolver uses apt-get to resolve dependencies. Alternative resolvers are 'apt', 'aptitude' and 'aspcud'. The 'apt' resolver uses a built-in resolver module while the 'aptitude' resolver uses aptitude to resolve build dependencies. The aptitude resolver is similar to apt, but is useful in more complex situations, such as where multiple distributions are required, for example when building from experimental, where packages are needed from both unstable and experimental, but defaulting to unstable. If the dependency situation is too complex for either apt or aptitude to solve it, you can use the 'aspcud' resolver which (in contrast to apt and aptitude) is a real solver (in the math sense) and will thus always find a solution if a solution exists. Additionally, the 'null' solver is provided. It is a dummy resolver which does not install, upgrade or remove any packages. This allows one to completely control package installation via hooks.
Related sbuild(1) command line options:

--build-dep-resolver
Default:

$build_dep_resolver = 'apt';
STRING type. Optimization criteria in extended MISC 2012 syntax passed to aspcud through apt-cudf. Optimization criteria are separated by commas, sorted by decreasing order of priority and are prefixed with a polarity (+ to maximize and - to minimize). The default criteria is '-removed,-changed,-new' which first minimizes the number of removed packages, then the number of changed packages (up or downgrades) and then the number of new packages. A common task is to minimize the number of packages from experimental. To do this you can add a criteria like '-count(solution,APT-Release:=/a=experimental/)' to the default criteria. This will then minimize the number of packages in the solution which contain the string 'a=experimental' in the 'APT-Release' field of the EDSP output created by apt. See the apt-cudf man page help on the --criteria option for more information.
Related sbuild(1) command line options:

--aspcud-criteria
Default:

$aspcud_criteria = '-removed,-changed,-new';
BOOL type. Should the dependency resolver use alternatives in Build-Depends, Build-Depends-Arch and Build-Depends-Indep? By default, using 'apt' resolver, only the first alternative will be used; all other alternatives will be removed. When using the 'aptitude' resolver, it will default to using all alternatives. Note that this does not include architecture-specific alternatives, which are reduced to the build architecture prior to alternatives removal. This should be left disabled when building for unstable; it may be useful when building for experimental or backports. Set to undef to use the default, 1 to enable, or 0 to disable.
Related sbuild(1) command line options:

--resolve-alternatives
--no-resolve-alternatives
Example:

$resolve_alternatives = 0;
Default:

$resolve_alternatives = undef;
ARRAY:STRING type. Additional per-build packages available as build dependencies.
Related sbuild(1) command line options:

--extra-package
Default:

$extra_packages = [];
ARRAY:STRING type. Additional per-build apt repository keys.
Related sbuild(1) command line options:

--extra-repository-key
Default:

$extra_repository_keys = [];
ARRAY:STRING type. Additional per-build apt repositories.
Related sbuild(1) command line options:

--extra-repository
Default:

$extra_repositories = [];
STRING type. Method to use for explaining build dependency installation failures. Possible value are "dose3" (default), "apt" and "none". Set to "none", the empty string "" or Perl undef to disable running any explainer.
Related sbuild(1) command line options:

--bd-uninstallable-explainer
Default:

$bd_uninstallable_explainer = 'dose3';

Logging options

NUMERIC type. Verbose logging level
Default:

$verbose = 0;
NUMERIC type. Debug logging level
Default:

$debug = 0;
BOOL type. Disable use of log file
Related sbuild(1) command line options:

-n
--nolog
Default:

$nolog = 0;
STRING type. Directory for storing build logs. This defaults to '.' when SBUILD_MODE is set to 'user' (the default), and to '$HOME/logs' when SBUILD_MODE is set to 'buildd'.
Default:

$log_dir = undef;
STRING type. Set the format of the timestamp used in the build log filename
Related sbuild(1) command line options:

--log-filename-ts-format
Default:

$log_filename_timestamp_format = '%FT%TZ';
BOOL type. Add colour highlighting to interactive log messages (informational, warning and error messages). Log files will not be coloured.
Default:

$log_colour = 1;
BOOL type. Filter variable strings from log messages such as the chroot name and build directory
Default:

$log_filter = 0;
ARRAY:STRING type. Log sections to prevent from being printed to standard output. Supported section names that can be hidden are: postbuild, cleanup, changes, buildinfo, contents and summary.
Related sbuild(1) command line options:

--hide-log-sections
Default:

$log_hidden_sections = [];
STRING type. email address to mail build logs to
Related sbuild(1) command line options:

--mail-log-to
Default:

$mailto = '';
HASH:STRING type. Like MAILTO, but per-distribution. This is a hashref mapping distribution name to MAILTO. Note that for backward compatibility, this is also settable using the hash %mailto (deprecated), rather than a hash reference.
Default:

$mailto_hash = {};
STRING type. email address set in the From line of build logs
Related sbuild(1) command line options:

--mailfrom
Default:

$mailfrom = 'Source Builder <sbuild>';
BOOL type. Should build log mails be compressed?
Default:

$compress_build_log_mails = 1;
BOOL type. Should build log mails be MIME encoded?
Default:

$mime_build_log_mails = 1;

Maintainer options

STRING type. Name to use as override in .changes files for the Maintainer field. The Maintainer field will not be overridden unless set here.
Related sbuild(1) command line options:

-m
--maintainer
Default:

$maintainer_name = undef;
STRING type. Name to use as override in .changes file for the Changed-By: field.
Related sbuild(1) command line options:

-e
--uploader
Default:

$uploader_name = undef;
STRING type. Key ID to use in .changes for the current upload. It overrides both $maintainer_name and $uploader_name.
Related sbuild(1) command line options:

-k
--keyid
Default:

$key_id = undef;

Multiarch support (transitional)

HASH:ARRAY:STRING type. Per-architecture dependencies required for cross-building. By default, if a Debian architecture is not found as a key in this hash, the following will be added to the Build-Depends: crossbuild-essential-${hostarch}:native, libc-dev, libstdc++-dev. The latter two are to work around bug #815172.
Example:


$crossbuild_core_depends = {
nios2 => ['crossbuild-essential-nios2:native', 'special-package'],
musl-linux-mips => ['crossbuild-essential-musl-linux-mips:native', 'super-special'],
}
Default:

$crossbuild_core_depends = {};

Programs

STRING type. Program to use to send mail
Default:

$mailprog = '/usr/sbin/sendmail';
STRING type. Path to sudo binary
Default:

$sudo = 'sudo';
STRING type. Path to su binary
Default:

$su = 'su';
STRING type. Path to schroot binary
Default:

$schroot = 'schroot';
ARRAY:STRING type. Additional command-line options for schroot
Default:

$schroot_options = [
'-q'
];
STRING type. Path to autopkgtest-virt-* binary, selecting the virtualization server.
Related sbuild(1) command line options:

--autopkgtest-virt-server
Default:

$autopkgtest_virt_server = 'autopkgtest-virt-schroot';
ARRAY:STRING type. Additional command-line options for autopkgtest-virt-*
Related sbuild(1) command line options:

--autopkgtest-virt-server-opt
--autopkgtest-virt-server-opts
Default:

$autopkgtest_virt_server_options = [];
STRING type. Path to apt-get binary
Default:

$apt_get = 'apt-get';
STRING type. Path to apt-cache binary
Default:

$apt_cache = 'apt-cache';
STRING type. Path to aptitude binary
Default:

$aptitude = 'aptitude';
STRING type.
Default:

$xapt = 'xapt';
ARRAY:STRING type. Additional command-line options for dpkg-buildpackage.
Related sbuild(1) command line options:

--debbuildopt
--debbuildopts
--jobs
Default:

$dpkg_buildpackage_user_options = [];
STRING type. Suffix to add to filename for files generated by dpkg-buildpackage
Related sbuild(1) command line options:

--dpkg-file-suffix
Default:

$dpkg_file_suffix = '';
STRING type. Path to dpkg-source binary
Default:

$dpkg_source = 'dpkg-source';
ARRAY:STRING type. Additional command-line options for dpkg-source
Related sbuild(1) command line options:

--dpkg-source-opt
--dpkg-source-opts
Default:

$dpkg_source_opts = [];
STRING type. Path to md5sum binary
Default:

$md5sum = 'md5sum';

Statistics

STRING type. Directory for writing build statistics to
Related sbuild(1) command line options:

--stats-dir

stats_dir = ...;

FILES

/etc/sbuild/sbuild.conf
Configuration, maintained by the system administrator. This may be used to override the defaults.
~/.sbuildrc
User-specific configuration.

AUTHORS

Roman Hodek <Roman.Hodek@informatik.uni-erlangen.de>.

sbuild is based on debbuild, written by James Troup <james@nocrew.org> and has been modified by

Ben Collins <bcollins@debian.org>,
Ryan Murray <rmurray@debian.org>,
Francesco Paolo Lovergine <frankie@debian.org>,
Michael Banck <mbanck@debian.org>, and
Roger Leigh <rleigh@debian.org>

COPYRIGHT

Copyright © 1998-2000 Roman Hodek <roman@hodek.net>
Copyright © 1998-1999 James Troup <troup@debian.org>
Copyright © 2003-2006 Ryan Murray <rmurray@debian.org>
Copyright © 2001-2003 Rick Younie <younie@debian.org>
Copyright © 2003-2004 Francesco Paolo Lovergine <frankie@debian.org>
Copyright © 2005      Michael Banck <mbanck@debian.org>
Copyright © 2005-2009 Roger Leigh <rleigh@debian.org>

SEE ALSO

sbuild(1).

08 October 2025 Version 0.91.1