[Buildd-tools-devel] Bug#477937: Bug#477937: double check for repo type
Roger Leigh
rleigh at whinlatter.ukfsn.org
Tue Apr 29 12:52:33 UTC 2008
On Tue, Apr 29, 2008 at 02:14:45PM +0200, martin f krafft wrote:
> also sprach Roger Leigh <rleigh at whinlatter.ukfsn.org> [2008.04.26.2248 +0200]:
> > The chroot type is not just something used by the scripts--it's a
> > class in the source code which defines its properties in the
> > configuration file as well as some aspects of its behaviour. To add a
> > new type you would need to derive a new type e.g. sbuild::chroot_git
> > and add that into the sbuild::chroot factory function that
> > instantiates chroot objects.
>
> Is there actually much that has to happen in the C source?
> I understand it's a process:
>
> 1. prepare the base directory of the chroot
> 2. chroot into it
> 3. run command
>
> 1+2 have to be run as root. But is there any reason they shouldn't
> just be shell scripts, like 05file?
2 and 3 need to be run inside the setuid root binary (we need to fork, chroot,
set up the session and environment, drop privs and then execve). Early steps
(PAM auth) also need to be in the setuid root binary. The amount of
chroot type-specific stuff is actually quite small; the code is really
just handling parsing of the configuration file and then setting up the
environment. Pretty much all of the chroot setup is already done in the
shell scripts.
Check out run_impl, setup_chroot, run_chroot and run_child in
sbuild-session.cc for a better idea of what is going on to setup, run
and clean up a session:
http://git.debian.org/?p=buildd-tools/schroot.git;a=blob;f=sbuild/sbuild-session.cc;h=220a4fa972bc4a6fede21afbec2dff486d696175;hb=HEAD
However, one goal I would like to persue is support of virtualisation
with containers like kvm, vservers etc., and also accessing chroots
remotely with SSH (to e.g. build transparently on other architectures).
Some of these approaches would require chroot-specific logic in the
chroot-specific classes which could not go into the shell script. As an
example, the SSH idea would run as an SSH service like SFTP, so schroot
would run on both the client and server. (This is at this point only an
idea, however!)
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
More information about the Buildd-tools-devel
mailing list