[Buildd-tools-devel] schroot >< dchroot

Roger Leigh rleigh at whinlatter.ukfsn.org
Sun Jun 11 19:52:10 UTC 2006 

Luk Claes <luk at debian.org> writes:

> Roger Leigh wrote:
>> Luk Claes <luk at debian.org> writes:
>> 
>> Hi,
>> 
>>> I recently took over dchroot without knowing about schroot. It seems
>>> schroot has everything dchroot has and much more. Don't you think it
>>> would be best to drop dchroot in favor of schroot? If so, maybe it would
>>> be a good idea for you to ship a transitional dchroot package in schroot?
>> 
>> We already do :)
>> 
>> I wrote a compatibility wrapper which is exactly the same as schroot,
>> but:
>> - has all the dchroot command-line options
>> - has the additional schroot functionality restricted
>> - it will use the dchroot configuration if present, but otherwise will
>>   fall back to using the standard schroot configuration.
>
> Though it's not a transition package of course...

It will take over the dchroot conffile, and offers a means of
transitioning to fully to schroot (you can automatically dump the
dchroot.conf in the schroot.conf format using --config), though this
does need to be done by hand.

>> On the downside
>> - schroot is rather more featureful than dchroot, but this may
>>   translate to being potentially more insecure, due to having a larger
>>   and more complex codebase.  There is a testsuite to avoid this, but
>>   it's still a legitimate concern (which the previous dchroot
>>   maintainer had, when I proposed merging the two).
>
> It's maintained by a team instead of by an individual and as you
> mention: the team is trying to reduce that risk, so I don't see a reason
> to keep a seperate dchroot source package as there is no upstream.

OK.  (I should probably mention here that, while it's maintained by
the team, so far I'm the only one to commit any changes, though anyone
is free to hack on it.)

> All the reported bugs in schroot are tagged pending, though bug #354344
> (schroot: please use mount --rbind when mounting session-managed plain
> chroots) is blocked by another bug, did lamont promiss a fix or are you
> using /proc/mounts? I didn't have a look at the svn repository yet,
> though I'll probably do that in the near future...

The "pending" label is actually a BTS bug (pending and unclassified
got switched by accident yesterday).  None of those are really
pending.

#354344: The --rbind thing is waiting on the mount fix.  However... as
of yesterday with version 0.2.11 we do look at /proc/mounts to do
umounting, so --rbind can probably be introduced in the next version.
There's a helper binary to do the work:

$ /usr/lib/schroot/schroot-listmounts -m /srv/chroot/sid
/srv/chroot/sid/tmp
/srv/chroot/sid/home
/srv/chroot/sid/dev/shm
/srv/chroot/sid/dev/pts
/srv/chroot/sid

This is called by the setup scripts, e.g. 10mount.

#367885: This is fixed.  The remaining issue is that the backports.org
buildds are not installing backported build dependencies, but that's
an sbuild issue.  This can be closed.

#372569: This is a simple fix; it just needs an earlier patch to
sbuild-session.cc reverting (which special-cased authorisation when
root).

Other than that, schroot is (at least for me) currently fairly
feature-complete.  There are some ideas (not necessarily good or
practical) and pending items in doc/schroot/html/todo.html and TODO.
Feel free to propose any other features or changes you would like.

schroot was originally written to integrate and work with sbuild
(which it now does).  In the long term, we could possibly move more
parts of sbuild into C++, at which point it can manage chroots itself,
as well as use libapt.  This is a major undertaking, however.

> So, I'd better file the removal bug for the dchroot source package?! :-)

Sure.  If you're happy with the replacement, please go ahead!


Regards,
Roger

-- 
Roger Leigh
                Printing on GNU/Linux?  http://gutenprint.sourceforge.net/
                Debian GNU/Linux        http://www.debian.org/
                GPG Public Key: 0x25BFB848.  Please sign and encrypt your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20060611/d87bbdf6/attachment.pgp

More information about the Buildd-tools-devel mailing list