From mboxrd@z Thu Jan 1 00:00:00 1970 X-GM-THRID: 6480563028650622976 X-Received: by 10.25.67.30 with SMTP id q30mr563268lfa.40.1508945371525; Wed, 25 Oct 2017 08:29:31 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 10.46.25.80 with SMTP id p77ls489184lje.1.gmail; Wed, 25 Oct 2017 08:29:31 -0700 (PDT) X-Google-Smtp-Source: ABhQp+TNdDSr6Th6hdsBQCodpPwSC0K3KkpZfnNI7bMWWHQ18lee+7J0zoISyhtESKIv56cy8QGp X-Received: by 10.46.2.217 with SMTP id y86mr678459lje.27.1508945371051; Wed, 25 Oct 2017 08:29:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508945371; cv=none; d=google.com; s=arc-20160816; b=h3n3TpavR22OmrW2xiGAnNXFDdI7SXtxbCA6G5NzViXMSNwBs1liO7sx39R9zycgtD fEfd9N08wqSFd1+7ie264kPftSoYxRq8GyJ3wlGelomfz98j7S2xj/Ffy0ph50rph6H3 7dHzYma9iVvkxBACCMDmP1NfwJxex7elPIjmrTI6o1hqDsQ+qOPswkn3VIWHdoPRxAkd c2qqdL5oABwxigaXCTBWyKZ6ZiC7n3ugzMtBLFGtKeAUF5V91aek+mk6HfdPdNdyn+0W V5W42hvr3Sd6aT0vA8IfyssRlFv9LrGFWGgTGmRiFkvpz9QktUxRrPFfYuBuaLs9BE1D qmWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :user-agent:date:message-id:from:references:to:subject :arc-authentication-results; bh=Wwp2keguXB3TRND9FtVlPxFLVVnmwDh3SYWgCI8q/qI=; b=PTYHuZA+rkfOt8FK6AohCklThiaIdMRmZfHgZRGJqIeKmUjEPlOlg7/InjLsHoejIa x7wmFUcZJnMrup5aa9hapJFDEAf+cJeRMHU7aO6HnOEhQT1swhb/UjBo9w23gD+HuYNv l8ksLdDgB5FKx77GvtPS8e7NHVh7akboLDyfCTh7OfsWBlCqI+PIaqs33YIU0B7l5q5m h2xUGX/5bRefDT3VHg5vCHJJwfd3/aiYfCXEDN+jfKcuaxJ3wekFS+FcF0S7MOxCuPmY 6R3j9gr2rOOC3fWiQcJ/DfjGHunVpctIwxOALHJq3uQJUHRVKcfFZbsyWIzbayaG7rvJ CRnw== ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: best guess record for domain of asmirnov@ilbers.de designates 85.214.62.211 as permitted sender) smtp.mailfrom=asmirnov@ilbers.de Return-Path: Received: from aqmola.ilbers.de (aqmola.ilbers.de. [85.214.62.211]) by gmr-mx.google.com with ESMTPS id c23si119316ljf.4.2017.10.25.08.29.30 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Oct 2017 08:29:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of asmirnov@ilbers.de designates 85.214.62.211 as permitted sender) client-ip=85.214.62.211; Authentication-Results: gmr-mx.google.com; spf=pass (google.com: best guess record for domain of asmirnov@ilbers.de designates 85.214.62.211 as permitted sender) smtp.mailfrom=asmirnov@ilbers.de Received: from [10.0.2.15] ([188.227.110.165]) (authenticated bits=0) by aqmola.ilbers.de (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id v9PFTRma030269 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 25 Oct 2017 17:29:29 +0200 Subject: Re: PRoot: Drop sudo around buildchroot To: Benedikt Niedermayr , isar-users References: <8e0fb678-085a-1403-3ee9-f3afef3c080a@ilbers.de> <00b0017a-62e0-1e1b-4d67-786af7702f8d@siemens.com> <14315725-092a-8d1f-0c02-98efc30e7f2e@googlemail.com> From: Alexander Smirnov Message-ID: <267f7c90-272f-df53-99ee-f041a8407b9d@ilbers.de> Date: Wed, 25 Oct 2017 18:29:22 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <14315725-092a-8d1f-0c02-98efc30e7f2e@googlemail.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-TUID: RyPsvqI4kkxW On 10/25/2017 05:58 PM, 'Benedikt Niedermayr' via isar-users wrote: > Am 25.10.2017 um 11:48 schrieb Alexander Smirnov: >> >> >> On 10/24/2017 11:22 PM, Jan Kiszka wrote: >>> On 2017-10-24 21:34, Alexander Smirnov wrote: >>>> Hello all, >>>> >>>> I've successfully dropped 'sudo' around buildchroot operations: >>>> >>>> - Create buildchroot >>>> - Build dpkg-base package (hello) >>>> - Build dpkg-raw package (example-raw) >>>> >>>> The patch is quite small, proot works out-of-the box. I've tested the >>>> following configurations: >>>> >>>> - multiconfig:qemuarm-wheezy:isar-image-base >>>> - multiconfig:qemuarm-jessie:isar-image-base >>>> - multiconfig:qemuarm-stretch:isar-image-base >>>> - multiconfig:qemui386-jessie:isar-image-base >>>> - multiconfig:qemui386-stretch:isar-image-base >>>> - multiconfig:qemuamd64-jessie:isar-image-base >>>> - multiconfig:qemuamd64-stretch:isar-image-base >>>> >>>> So proot is really good tool :-) >>>> >>>> If you'd like to reproduce the test, please try my branch: >>>> asmirnov/devel >>>> >>>> NOTE: do not forget to install proot: apt-get install proot >>>> >>>> Build command: >>>> $ bitbake multiconfig:qemuarm-wheezy:isar-image-base >>>> multiconfig:qemuarm-jessie:isar-image-base >>>> multiconfig:qemuarm-stretch:isar-image-base >>>> multiconfig:qemui386-jessie:isar-image-base >>>> multiconfig:qemui386-stretch:isar-image-base >>>> multiconfig:qemuamd64-jessie:isar-image-base >>>> multiconfig:qemuamd64-stretch:isar-image-base >>>> >>> >>> Great news! Hope this passes all tests and then makes it into master >>> soon! >>> >> >> I've tested QEMU machines for images listed above, no difference >> observed in comparison with original 'sudo' approach. But anyway, it >> would be nice if somebody else will test this, especially in customer >> project environment. >> > May there be a problem when all files belonging to the build user and > not to root? That's exactly the topic why I started proot with buildchroot and why I'm asking about various test results (did you try? :-)). In the VM that I've built with proot patch I see the following: root@isar:~# ls -l /usr/bin/ | grep hello -rwxr-xr-x 1 root root 18068 Oct 24 18:52 hello root@isar:~# So the file from hello package (which is built using proot) has root ownership. In theory the problems could occur during generation of target filesystem, will see. But anyway, Yocto will do this without sudo, so probably here also this could be done. Alex