Building LTS/non-rolling release images for development purposes

I am a developer who has made minor contributions to VyOS in the past (mostly in 2022). In most instances during testing of the relevant bug fix or feature submission there was a requirement to test against existing LTS releases. There are also times where a feature submission/bugfix is only applicable to the LTS release and not “current”.

Given the changes mentioned in the recent blog post as well as the general consensus here it seems like there’s no way to build VyOS images for any reason any more, at least not easily according to the discussion here.

The online docs here seem to still reference the same build steps as what I recall doing back when I contributed which do not seem to work anymore but I don’t see any other instructions with respect to the whole “building each package one at a time and assembling into an image” process.

While I have my own opinions on the decision to deny access to the LTS repository for image building purposes, my main question mainly tackles the “how to contribute” angle:

Is there any readily available method to build a VyOS LTS image for debugging/testing/developing purposes? If not, does this imply that new contributors (or old ones wanting to submit new changes) must figure out how the whole image is constructed before submitting PRs against LTS branches?

I do not have much experience with Jenkins (mainly work with GitLab CI) or the intricacies of debian package management but I was able to successful submit PRs against vyos-1x and vyos-build given the (relatively) straightforward build instructions (especially the container-based approaches). Would this mean any future contributions makes these things prerequisite knowledge?

My best guess is that all new development goes into (currently) 1.5-rolling (branch:current) which you can still compile easily on your own today.

From there fixes are then backported to older releases like from 1,5 to 1.4 and to 1.3 if needed.

That is as a contributor you contribute to the current rolling and then its up to the maintainers to take your fixes and push them into older releases if needed.

You will often see “Mergify” when one of the maintainers triggers a backport (to older releases as in 1.4 and 1.3 series) from the current branch, example:

I understand the workflow appears the same for the current branch. But there are instances where PRs must be submitted against LTS branches.

For example, let’s consider a potential fix against the DHCP server in sagitta. Since ISC DHCP was replaced with Kea (to my knowledge, if this is incorrect, substitute any component-level changes between current and sagitta, or heck even equuleus), there wouldn’t really be a valid way to test with “current”, one would need a valid sagitta image for proper testing.

This isn’t all hypothetical either: I had submitted stuff with respect to the QoS stuff against equuleus (written in Perl) when sagitta had moved to integrate QoS stuff in the vyos-1x repo (in python). If the current build-level restrictions were in place back then there would be no way for me to test any fixes or reproduce any issues.

Yeah you got a point there…

Hopefully some VyOS maintainer will enlighten the rest of us in this thread given the examples you provided.

Note that you don’t need to build an image to test a change. Our own usual procedure is to build vyos-1x, then install it on an existing image. Even faster, you can copy an updated script to a running image. If we waited for an image to build to test any change, we’d never get anything done at all.

We never required contributors to test changes against older releases. If a PR to current works for current, we are happy to merge it — backporting is a separate concern.

I am aware that building the vyos-1x deb package and installing against an existing image is the recommended way to develop, though this doesn’t address how one could obtain an LTS image if one doesn’t yet meet any of the contribution requirements yet and one wants to write a bugfix against the LTS releases (both equuleus and sagitta here).

Additionally, it is possible to make contributions to the vyos-build repo as well, where the image building aspect is what needs testing (I certainly have submitted a few PRs there). It seems like it’s essentially not possible to test changes to the vyos-build repo if not building against the current rolling release.

As an aside: just speaking as a consumer/user, I’ve been running sagitta with a custom build (more recent PDNS recursor for Extended DNS Errors support as well as bundling microcode updates). The plan was to update to the 1.4 LTS/GA by building VyOS myself with my own patches but this doesn’t seem possible anymore. I’m sure I can get by by downloading the LTS image and then manually uploading the relevant deb files once the image is loaded on the system, but this seems more of a hassle (and more error-prone, need to do this once per system as opposed to just baking it into the image). Obviously I’m not asking the team to cater for my unique usecase, but perhaps consider that some LTS users might need the custom build ability for their deployments.

If you need custom LTS builds, then you will need to build packages from the source code and set up Debian repository with those packages, and use It with vyos-build. We use Jenkins for package builds, but It can be Github actions or any other CI/CD.

There is no such list
Everything is provided as is.

I was going to ask a similar question as @dd010101 but going further to ask if there was a step-by-step guide on the process but your response seems to indicate that no further information is to be provided.

In this case should the documentation for Build VyOS for all but the latest rolling release be removed? Seems like quite a few people have attempted the steps laid out and gotten stuck.

Additionally, in absence of any other responses, should we take it that the project’s stance is explicitly not looking for contributions from new contributors towards the LTS releases in that case?

Documentation will be updated eventually, but it’s not the top priority for us.
Those who want to contribute - contributing, those who look for excuses will continue to look for excuses

@initramfs, do you have more questions?

Well, I feel like some of my existing questions have not received explicit answers like:

Additionally, it is possible to make contributions to the vyos-build repo as well, where the image building aspect is what needs testing (I certainly have submitted a few PRs there). It seems like it’s essentially not possible to test changes to the vyos-build repo if not building against the current rolling release.

Let’s say hypothetically I would like to upstream my patches of newer PDNS recursor to sagitta, which will require PRs to both vyos-build and vyos-1x. Given there’s no way to build a sagitta image from scatch, how would I go about creating said PR. Now I am aware that one avenue for this specific case is to simply build against “current” and hope that backports just work, though I’d like a little more confidence in being able to test against the LTS (which I will be using) myself.

Another hypothetical feature I’ve been mulling over involves better coordination of IPv6 prefix handling between DHCP (ISC DHCP) and radvd, which would require the ability to custom build sagitta (given the DHCP server change). Upstreamed or not, this doesn’t seem to be possible right now given the current landscape.

Also for something like:

Additionally, in absence of any other responses, should we take it that the project’s stance is explicitly not looking for contributions from new contributors towards the LTS releases in that case?

If this comes across like an excuse, I sincerely apologize, but just as VyOS the project has no contractual or legal obligations towards me as an individual, contributors have the right to choose what projects are worth their time and effort to work on. Perhaps I may be missing stuff from the responses to prior queries, but I don’t really see clear guidance on what kind of contributions are welcome.

The statement put out by @dmbaturin:

We will keep improving the documentation on building VyOS from source, but it’s not a priority for us. We are also working on ways to provide access to LTS repositories to contributors.

But the rolling release is exactly as easy to build as it ever was, it’s more stable than it was ever before, and that’s all people need to start contributing. And if they are contributing, they are eligible for LTS image access through contributor subscriptions. That’s all.

in the announcements subforum here is a little bit more clear, with implication that contributors are expected to work against “current” until they are eligible for LTS images before considering working on LTS images. This would seem to imply that application for LTS images is now a necessary part of contributing.

Note: I am, at times, purposefully using the hypothetical “first time contributor” identity to solicit some answers that may have wider applicability than just myself.

At present, I am trying to gauge what the project’s official stance on external contributions are in order to better inform myself in terms of whether it’s worth the time working on this project.

If the project’s stance is antagonistic towards good-faith potential contributors, I find it harder to justify putting my time in upstreaming any bug fixes or patches. If on the other hand, the current state of the project is merely transient, where some explicit guidance is made towards defining what type of contributions are welcomed and what types of contributions are of a lower priority, I think people can have an easier time making their mind up about whether one submits merely a bug report versus authoring an entire PR with the relevant bug fix along with the bug report.

Once again I hope nothing above seems too opinionated or seem too much like an “excuse”, the goal is to get clear, official information out in a format that people can read and understand. I don’t claim my existing contributions are significant but hopefully they are not trivial so that you may some faith that I’m not trying to con my way into getting some sort of special treatment or access, but rather to merely get clarity for myself (and anyone else that might read this thread).

If something is not yet in current, the first concern is to make it work for current. As someone who isn’t in the maintainers team, you are free to consider it your only concern — we do not expect anyone who contributes to current to consider compatibility with older releases.

In fact, I wouldn’t recommend trying to contribute feature of package upgrade backports to LTS releases. Bug fix backports are usually uncontroversial, as long as the original (buggy) behavior is provably incorrect and the fix makes formerly non-working setups work correctly, without changing any other behavior.

With features and especially with package upgrades beyond patch versions, there are many considerations that can tip the scales against integrating them, especially later in the LTS release life cycle.

The process we follow is to always integrate new stuff in the rolling release, then weigh carefully if backporting it is safe enough for users and worthwhile in terms of maintenance effort.

If you are already using an LTS release, then you have the image to test vyos-1x builds on, or if there are things in the image build system, we can arrange repository access on a case-by-case basis, until we have a general mechanism to allow access to people with subscriptions. If you are a rolling release user, just don’t worry about LTS.

First-time contributors who want to contribute to LTS branches but don’t have LTS images seem like purely theoretical creatures to me.

What happened to the user @dd010101 - I have read some of their posts, but they seem to have disappeared. Yes I have seen the word “sneaky” used, but that post was later edited to remove it, the user did apologize - and I don’t think it was intentional to insult or defame anyone, everyone (including VyOS maintainers!) sometimes happens to use harsh words, that user’s later posts (which I can’t see now) were worded more carefully and raised some valid concerns. Legal issues aside (they can be complex, I’m not an expert on that) it is kind of natural to expect to be able to build an open source project from source and openly discuss related issues, if not then please state that clearly in the forum rules.

Rolling images can still be built, I’ve just checked that for myself, but the build process works in a similar way than for sagitta - downloads pre-built .deb packages (from a different repo that is not blocked… yet) rather than building them from source. Which is good if no changes to those packages need to be made, but since binaries are available, some licenses require more than just source code. Like the GPL says:

The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable.

Other licenses may have different requirements, but that one specified in the GPL seems to be a reasonable expectation for any open source stuff. So, do we need all that not easy to reverse-engineer Jenkins stuff again, or is there a better way? Note, not asking about LTS here, only about self-built rolling images which are officially still OK without paid subscription.

BTW, I expect (hope to be wrong though) that as soon as self-building rolling images becomes more popular, they may be banned too. Why do I think so? For at least two reasons, which are the same for rolling images as they were for LTS earlier.

1. Such self-built images also contain the trademarked logo and artwork which should only be in the official images, possibly causing confusion and damaging trust to VyOS™ if someone released a broken (or even backdoored) modified self-built rolling image - that issue could have been prevented with LTS too, simply remove the trademarked stuff from public access (replace with something neutral so build still works) and keep it internal, only to be used in the official builds.

2. Build process if done without caching, puts load on your servers that host the rolling .deb packages, without paying for it - you might want to reduce the costs a little by going from https to plain http (as is done with downloads from the official Debian repo) to reduce CPU load caused by encryption, since the files are not confidential (yet…) and signed - additional protection by https is not necessary.

You are hijacking threads, and this is not the first time
Please stop doing that, or you will face consequences
If you need consultation on open-source licenses, please find an attorney.
We are also not looking for your opinions or advice, so keep them for someone who needs them.

No hijacking intended, sorry about that. I think these were still valid concerns though. Licenses was not my main focus here, building rolling images was. Specifically the last two points (again, I really hope to be wrong on them), and asking for easier ways to rebuild the rolling (not LTS) .deb packages from source for development purposes (to be able to contribute more to the project). Please, really no need to get angry over this - it’s just discussion.

I;ve just reported the 2 points via the (hopefully) proper channel - so that perhaps someone who needs my opinions or advice has a chance to look at it (feel free to close/wontfix if that’s what your official position is).

Still not sure about building the rolling .deb packages from source though - just a question, if I can’t find (just one example) vyos-build/packages/accel-ppp does this mean rolling simply uses upstream accel-ppp source to build the .deb without any patches?

https://vyos.dev/T6450

https://vyos.dev/T6451

You can use search in the git by the word accel-ppp here

This topic was automatically closed after 31 hours. New replies are no longer allowed.