From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6736062139219312640 X-Received: by 2002:a2e:89c9:: with SMTP id c9mr1277972ljk.183.1568712145266; Tue, 17 Sep 2019 02:22:25 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a2e:9bd0:: with SMTP id w16ls265330ljj.13.gmail; Tue, 17 Sep 2019 02:22:24 -0700 (PDT) X-Google-Smtp-Source: APXvYqzP59b1Y8IR4Emb/C5kFlhLjfHLyABWQv0oTfAW/wOsFhE9GsEFxXHEEUMyxdHYKlyw23wo X-Received: by 2002:a2e:3808:: with SMTP id f8mr780821lja.7.1568712144801; Tue, 17 Sep 2019 02:22:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568712144; cv=none; d=google.com; s=arc-20160816; b=DAtHGoelW8VL3CU8OE5RO8d85oHkXNUa57OiVYSTTz/UHHh1CByOtigs/5YjclNqlI EpD0QujvN6cBFzXD2Qy1CFUU76iYejioqN4utI1fGaoku8d3vM5TzCp69BB+lsWAsE24 fES5UVGtRWShqkrlkg2huSVF/ijz4scoL2nizBxvCLzw2Nan8x/nsAJCxleqc+nHjskv 94H+RLWZX6gJsnb+pCth2MTIL7SdlBt/FM8qzpOLlNWlpt0hO24JtoQnGFUDUJDsndMV eJTsZIleBjlFYZ07qKaZRaQFfBEwmghpn0eld32BF4bZFRXLsztNqc25WtsL8r+qphvt heQg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date; bh=pjb6AjMM9YNymaTl9GUvjuNmdRCAoDMg1MRbk+BE4aw=; b=Lhxw5X6BYXOCBtefxhSoYEYdZEoiq1ouSkoxRXAuEzU6dmeCYl/gA6l5FSqh/VX1Uk GfA+jaP9dA1AE5zKfX7ij4Kl3MnBH3nZMeq6nslMOq/q4WL/sxBXuKJOqyQTDdRnN4yv XKkYnJN2KS+TwuYSjh/t2cC0e9k9j46X+Gg+F1Eb2aSQeajaPz7+Bam/u7FPDTg4Fu7N 4SALUESgy4la6nHgzi/x9aDrBXqLJxXkU7iyOkENvVz+fxz9MBqSTKzR4DKOaeGCt+mC gdtKz1sZemF/MNk7CB+zb44GCtb6BT9md4WL4Y/gq/m9/JbOGYzqjknqK4sMIhSXpbbl XQIQ== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Return-Path: Received: from goliath.siemens.de (goliath.siemens.de. [192.35.17.28]) by gmr-mx.google.com with ESMTPS id e8si107478ljo.4.2019.09.17.02.22.24 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 17 Sep 2019 02:22:24 -0700 (PDT) Received-SPF: pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.28 as permitted sender) client-ip=192.35.17.28; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of henning.schild@siemens.com designates 192.35.17.28 as permitted sender) smtp.mailfrom=henning.schild@siemens.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siemens.com Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by goliath.siemens.de (8.15.2/8.15.2) with ESMTPS id x8H9MNdx020542 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Tue, 17 Sep 2019 11:22:24 +0200 Received: from md1za8fc.ad001.siemens.net ([139.25.68.240]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTP id x8H9MNRc000958; Tue, 17 Sep 2019 11:22:23 +0200 Date: Tue, 17 Sep 2019 11:22:22 +0200 From: Henning Schild To: "[ext] Quirin Gylstorff" Cc: Subject: Re: fakechroot Message-ID: <20190917112222.2adebb06@md1za8fc.ad001.siemens.net> In-Reply-To: <45b92ae7-08a1-3312-27ae-296b48f3517b@siemens.com> References: <87486b31-2560-1b78-6d7e-86bf10fc306f@siemens.com> <20190913081406.GJ6062@yssyq.m.ilbers.de> <8db6f5f1-8a36-768c-1b5d-0a0a3df866fb@siemens.com> <20190913093317.GL6062@yssyq.m.ilbers.de> <20190913121107.GN6062@yssyq.m.ilbers.de> <45b92ae7-08a1-3312-27ae-296b48f3517b@siemens.com> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-TUID: lpoiHpT0Yi3J Am Mon, 16 Sep 2019 10:38:44 +0200 schrieb "[ext] Quirin Gylstorff" : > On 9/13/19 2:11 PM, Baurzhan Ismagulov wrote: > > On Fri, Sep 13, 2019 at 12:57:45PM +0200, Quirin Gylstorff wrote: > >> fakechroot, fakeroot and pseudo are all using a similar mechanism > >> by modifying the LD_PRELOAD_PATH with there own Libraries and > >> abstracting the necessary systemcalls. pseudo uses a sqlite > >> Database to get a persistent view on the topic. > > > > > > Thanks, the persistent view was my actual question. I think we > > should be looking at pseudo, since the tools without persistency > > aren't going to work for our use case. Or do you see a possibility > > for fakechroot fakeroot? > > > If using fakeroot and fakechroot, debootstrap knows it is running in > a fakeroot and adapts itself to this environment. From the previous > test with pseudo it does not do that for pseudo[1]. > > I did not test of pseudo runs with --variant=fakeroot. > > [1] > https://groups.google.com/forum/#!msg/isar-users/WV0N4X2ZZMo/4EQI3c1wBQAJ Debootstrap is just one "problem", and i think we had that running without a privileged container or "root". A full build involves potentially setting binfmt and running wic, which brings in a lot of tools (filesystems, partitions, bootloaders). OE knows them as "wtools_sysroot" and builds them with dynamic linking (for the LD_PRELOAD trick). But we use the ones from our target distro in buildchroot, and guess what, they are essential system tools that are statically linked. So no LD-messing with them ... Lowering the privileges for some steps (like debootstrap) might be a good idea, but i still do not see how to do a full Isar build without root. Henning > > With kind regards, > > Baurzhan. > > > > Kind regards > Quirin >