Some notes about how to set up a Gentoo binhost (see [1]) with the help of Gitlab CI.

An instance of this setup is hosted by the author and can be found at https://gentoo.notset.fr/repo/standard/.

Add gitlab overlay:

$ emerge app-eselect/eselect-repository
$ eselect repository enable gitlab
$ emerge --sync

Emerge gitlab-runner-bin:

$ echo 'dev-util/gitlab-runner-bin ~amd64' > /etc/portage/package.accept_keywords/gitlab-runner
$ emerge dev-util/gitlab-runner-bin

Register runner:

$ /usr/libexec/gitlab-runner/gitlab-runner register
(...)

Allow gitlab-runner user to emerge:

$ echo 'gitlab-runner ALL = NOPASSWD: /usr/bin/emerge' > /etc/sudoers.d/gitlab-runner

Add gitlab-runner to portage group to allow gitlab-runner to copy /var/log/portage:

$ usermod -aG portage gitlab-runner

FIXME: is there a better solution?

Enable and start gitlab-runner:

$ systemctl enable gitlab-runner
$ systemctl start gitlab-runner

Profile and packages list can be adapted. Here we use what is provided for Qubes OS Gentoo templates.

Add to /etc/portage/make.conf:

FEATURES="buildpkg binpkg-logs clean-logs split-log"
PORTAGE_LOGDIR="/var/log/portage"
PORTAGE_LOGDIR_CLEAN="find \"\${PORTAGE_LOGDIR}\" -type f ! -name \"summary.log*\" -mtime +7 -delete"

A remote host is assumed to be configured to allow incoming SSH connections and to serve a web server. Each job will rsync /var/cache/binpkgs to the corresponding remote location per flavor.

From [2], the following command:

$ emerge -uDN @world --quiet-build --buildpkg

is scheduled in order to publish binpkg for every updates.

On a fully operational Gentoo system (physical of virtual), it may be needed to run the first time, a full rebuild of all packages. In order to do that, we recommend pretending the full rebuild to see if something goes wrong:

$ emerge -pe @world --quiet-build --buildpkg

If no error is noticed:

$ emerge -e @world --quiet-build --buildpkg

On the hosted instance by the author, each Qubes OS gentoo template is used to create three independent binhost as virtual machines. They are registered as Gitlab runners. Artifacts and logs of builds can be found at fepitre-bot/gentoo-binhost.

1. https://wiki.gentoo.org/wiki/Project:Binhost
2. https://wiki.gentoo.org/wiki/Binary_package_guide.