From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6434829902915043328
X-Received: by 10.25.115.139 with SMTP id h11mr1357072lfk.11.1498227983796;
        Fri, 23 Jun 2017 07:26:23 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com
Received: by 10.46.6.18 with SMTP id 18ls170645ljg.1.gmail; Fri, 23 Jun 2017
 07:26:22 -0700 (PDT)
X-Received: by 10.25.213.75 with SMTP id m72mr1265247lfg.1.1498227982359;
        Fri, 23 Jun 2017 07:26:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1498227982; cv=none;
        d=google.com; s=arc-20160816;
        b=hZeG1zqZiTGSYAAjgWat5tprx65cR4MNa3f4ufXz99MGgMw9zC+NJ5aiHiCEct8kUb
         NkGlrozQ78wwWAA9t+lswIr8L8ALzRzSrvv8/cCAnDH+UlIi2I9Mtfebe3F1S1ldh3BK
         Fu0KSiG3BnumgoRkws9jMzw/jrljdFMwSMgideXNq50AcQM63OSMniZI2Bdsnln+GFKh
         3PyWr6ivwU53dFkANo8oLUMAd8DAUgmccR1yhNxTZj91Bn2l/sv8rO7WGdyZOhwCRwHM
         sBFj0tf5KrZY6UMNh0ppbOXnEhnqdzFOlOaNtPUi5pgxtaFT6lhPZnR8Rnv8R3xg+73K
         1bJw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:in-reply-to:content-disposition:mime-version:references
         :mail-followup-to:message-id:subject:to:from:date
         :arc-authentication-results;
        bh=GCVuGRntyyJLy2cPejbkND5Zg9Sv0Td4LyrGAalc8Ek=;
        b=eAmEXk0WRK/f7LYq37e7c/JE6RvXeT0m6r16kGWxDYAVuo5cWUvhXY+oJjku3e8CCv
         yRbTBa9vMckJpDWSpdhz3apNwma3X3fQ/6FhUVQww1EN6M+rLE6ratqOQQp6Fg9iQdEX
         +kCr6qmX9cQFsVBKnb9kkKVbs44Qxz2qa6+sR8kI826rlkbjnf8DYzh86y+pgY4a0Rwf
         tT/gce6a1qxtHjv94YscUzSyCAqgFuqY100GfJtAYWmMtlfD0BVqmNYzLzuJGZu1r6aV
         9jRZX50A/0Ku2QMlS7aTYy9HDDObBxUDiBIKpOsEjX4L7KS5MyovhRdPkikpGxtbJJvt
         Bc5Q==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=neutral (google.com: 85.214.62.211 is neither permitted nor denied by best guess record for domain of ibr@radix50.net) smtp.mailfrom=ibr@radix50.net
Return-Path: <ibr@radix50.net>
Received: from aqmola.ilbers.de (aqmola.ilbers.de. [85.214.62.211])
        by gmr-mx.google.com with ESMTPS id 143si1188920wmr.0.2017.06.23.07.26.22
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 23 Jun 2017 07:26:22 -0700 (PDT)
Received-SPF: neutral (google.com: 85.214.62.211 is neither permitted nor denied by best guess record for domain of ibr@radix50.net) client-ip=85.214.62.211;
Authentication-Results: gmr-mx.google.com;
       spf=neutral (google.com: 85.214.62.211 is neither permitted nor denied by best guess record for domain of ibr@radix50.net) smtp.mailfrom=ibr@radix50.net
Received: from yssyq.radix50.net (p549F6B1E.dip0.t-ipconnect.de [84.159.107.30])
	(authenticated bits=0)
	by aqmola.ilbers.de (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id v5NEQJLr013943
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <isar-users@googlegroups.com>; Fri, 23 Jun 2017 16:26:21 +0200
Received: from yssyq.radix50.net (localhost [127.0.0.1])
	by yssyq.radix50.net (8.14.4/8.14.4/Debian-8) with ESMTP id v5NEQJaY013333
	(version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
	for <isar-users@googlegroups.com>; Fri, 23 Jun 2017 16:26:19 +0200
Received: (from ibr@localhost)
	by yssyq.radix50.net (8.14.4/8.14.4/Submit) id v5NEQJPG013332
	for isar-users@googlegroups.com; Fri, 23 Jun 2017 16:26:19 +0200
Date: Fri, 23 Jun 2017 16:26:19 +0200
From: Baurzhan Ismagulov <ibr@radix50.net>
To: isar-users@googlegroups.com
Subject: Re: sudo-less build
Message-ID: <20170623142619.GA5527@yssyq.radix50.net>
Mail-Followup-To: isar-users@googlegroups.com
References: <4a2cb0a0-abd4-f0c1-c6f2-fe63abf5537f@siemens.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4a2cb0a0-abd4-f0c1-c6f2-fe63abf5537f@siemens.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-TUID: ww+INkc1V1gd

On Fri, Jun 23, 2017 at 03:46:27PM +0200, Jan Kiszka wrote:
> Christian pointed out that OE achieves the sudo-less build via libpseudo:
> 
> https://www.yoctoproject.org/tools-resources/projects/pseudo
> http://git.yoctoproject.org/cgit/cgit.cgi/pseudo/
> 
> That seems to be packaged for Debian as well, and its usage sound rather
> straightforward. Would it be hard to exploit that for Isar?

Yes, we are aware of that. We could try it.

That said, we quickly tried
https://wiki.debian.org/Multistrap/Environment#fakeroot two years ago, and it
failed even with Secure Apt disabled.

Not sure why Secure Apt requires root, but fakeroot requires that e.g. device
nodes are created and consumed (e.g., for image generation) from within the
same fakeroot process; we'll have to think what to do with "standalone
creators" like buildchroot, which are used from other recipes with sudo (cp,
install, chroot, etc.).

I've created https://github.com/ilbers/isar/issues/11.

With kind regards,
Baurzhan.