Bug#844459: autopkgtest: Please add autopkgtest-virt-uchroot

Johannes Schauer josch at debian.org
Wed Nov 16 00:12:27 UTC 2016

Package: autopkgtest
Version: 4.2
Severity: wishlist
Tags: patch

Hi Martin,

in the context of #833407 I told you about my plan of adding a
virtualization backend which would allow completely unprivileged chroot
operation by using linux user namespaces. In contrast to what I thought
was required back then, I now managed to write that backend using just
lxc-usernsexec and lxc-unshare. Thus, I was able to get it to work using
the existing Python modules. You can find the script attached.  As you
can see, it is extremely simple, which I find makes the beauty of it
all. All you need is:

 - the lxc package installed for lxc-usernsexec and lxc-unshare
 - sbuild from git (a tiny fix to its autopkgtest backend is required)
 - autopkgtest
 - a tarball as it is created by sbuild-createchroot for schroot
 - the attached virtualization backend as

Then you can do:

$ sbuild --chroot-mode=autopkgtest --autopkgtest-virt-server=uchroot \
    --autopkgtest-virt-server-opts="-- /srv/chroot/%r-%a-sbuild.tar.gz /tmp/rootfs"

By putting these arguments into your ~/.sbuildrc the above call can be
reduced to just running "sbuild".

The string /srv/chroot/%r-%a.tar.gz will resolve to, for example,
/srv/chroot/unstable-amd64-sbuild.tar.gz which is a chroot as created by
sbuild-createchroot. Using the script from #829134, this tarball can
also be created without superuser privileges and I might thus add this
script to sbuild-createchroot as well, for unprivileged tarball

The path /tmp/rootfs is the path that the rootfs will be extracted to
and can be at any location that the user has access to.

I called the backend uchroot because schroot is chroot with _s_uid. So
uchroot is a chroot as a _u_ser.

I don't think there is an existing backend which allows unprivileged
package building with so little overhead in terms of configuration. The
only two inputs are the chroot tarball and the location to extract it

It would be great if this backend could be added to autopkgtest itself.
If you think that it is not a good fit for autopkgtest, then I can
maintain it in a separate package.

What do you think?


cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: autopkgtest-virt-uchroot
Type: text/x-python
Size: 5664 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/autopkgtest-devel/attachments/20161116/20181968/attachment.py>

More information about the autopkgtest-devel mailing list