Bug#844459: autopkgtest: Please add autopkgtest-virt-uchroot

Martin Pitt mpitt at debian.org
Wed Nov 16 15:17:29 UTC 2016

Hey Josch,

Johannes Schauer [2016-11-16 14:13 +0100]:
> Unfortunately, I was unable to achieve the same I'm currently doing with
> lxc-usernsexec and lxc-unshare with unshare and nsenter.

Interesting; now you sparked my curiosity :-) Do you happen to
remember the details what isn't working?

> Despite reports claiming otherwise, I never got lxc to run without superuser
> privileges. Is it easier with lxd?

It's not hard to do, but indeed "classic" LXC hasn't really been
designed for that from the start. Unprivileged containers are the
default mode of operation for lxd, so it's literally "sudo apt install
lxd", "sudo lxd init"(to set up its bridge, basically pecking on Enter
20 times), then "autopkgtest my-package/ -- lxd images:debian/sid/amd64"
works as normal user.

> I would keep the chroot backend if only as an example how to implement a simple
> autopkgtest backend. Its existence helped me with learning how to begin
> implementing this.

Right. It also doesn't hurt maintenance-wise, it's just not something
which I'd actually recommend to use for production.

> Also note, that uchroot is Linux specific.

Ah, good point.

> > |     VirtSubproc.check_exec(['lxc-usernsexec', '--', 'tar',
> > |                             '--exclude=./dev/urandom',
> > 
> > Eek, do chroot tarballs regularly have /dev in them? Might be easier
> > and safer to exclude /dev/ wholesale, as you provide a minimal /dev
> > later on anyway?
> sbuild-createchroot currently include character special devices, yes. But I
> also don't think that uchroot should make many special requirements for the
> tarballs that it is able to grok. So I thought it best to prepare for the worst
> and filter out the paths that would otherwise require mknod.

Right, that's why I think it should exclude /dev wholesale, and then
the code below makes sure to construct a known-working and minimal

> > Please arrange for downtmp-host= to be set (like in virt-chroot). A
> > shared directory should be fairly simple to do for this runner, and
> > it's much more efficient than squeezing everything through tar and a
> > pipe.
> If I understand correctly, then downtmp-host is the directory as seen from the
> host that is shared with the testbed?

Correct. If that is present, then packages and results will be copied
into/out of the testbed through that, otherwise they get tar'ed and
piped through the auxverb. There is no other choice for e. g. the ssh
backend, but if there is an efficient way of sharing a dir that makes
things much faster.

> That can be done. It will just not be used by sbuild because sbuild makes no
> requirements for the backend to provide that functionality and thus "squeezes
> everything through a pape" independent of the backend.

That's got nothing to do with sbuild -- this is just internal
communication between teh "autopkgtest" controller process on the host
(which has the initial package) and the virt backend in the testbed
(which receives the tests, and sends back results).

> I have another autopkgtest-specific question. Currently, when using this code
> with sbuild and I hit Ctrl+C to send a SIGINT, it appears as if autopkgtest
> would immediately call hook_cleanup(). Can that be? How do I prevent that from
> happening? It only happens with my uchroot backend and not any other, so I'm
> probably doing something wrong. Trapping SIGINT in the shell script doesn't
> seem to have any effect.

Right, lib/VirtSubproc.py does that in prepare(). The idea was that ^C
would cleanly shut down the virt runner, then the frontend
(autopkgtest) would notice and do its cleanup part.

How is calling hook_cleanup() not working/not enough for uchroot? We
can certainly make that more flexible if needed.


Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/autopkgtest-devel/attachments/20161116/e7c5cf2e/attachment.sig>

More information about the autopkgtest-devel mailing list