[buildd-tools-devel] Bug#599518: Bug#599518: schroot: feature request: ssh-like -X option

Luca Capello luca at pca.it
Wed Nov 23 15:43:34 UTC 2011 

tags 599518 + patch
thanks

Hi there!

Thomas Koch (Cc:ed) asked a similar question in another bug, but I guess
his post went probably unseen because he replied to a closed (but not
archived) bug without reopening it:

  <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496246#27>

However, I think that the right place for your problem is #599518, thus
continuing the discussion there.

On Wed, 27 Apr 2011 12:07:19 +0200, Thomas Koch wrote:
> I used the following blogpost to get eclipse running in schroot:
> http://masterpatricko.blogspot.com/2011/04/development-and-build-environments_20.html
>
> Although I choosed the Desktop chroot type, I still had to run
> xauth -f /home/thkoch/.Xauthority extract /var/schroot/gerrit/home/thkoch/.Xauthority :0
>
> in the host system and

This is needed if you do not mount /home as you explained later on.

> export DISPLAY=:0
>
> in the chroot.

This is not needed if you use the --preserve-environment option.

> It would be nice, if you could provide some examples in the schroot
> documentation on how these two steps should be automated.
>
> I have commented out the mounting of /home, because I don't want to
> give the chroot access to my gpg keys and other personal settings.

On a clean and up-to-date sid, I can confirm that mounting /home and
using the --preserve-environment option is enough to have X applications
From within the schroot.  However, even with /run/dbus mounted I still
have trouble starting D-Bus applications (like Empathy) if I do not
clean DBUS_SESSION_BUS_ADDRESS, but this has nothing to do here.

OTOH, even when not mounting /home, everything should be OK if you mount
the /var used for X socket connections, according to:

  <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599518#10>

On Sat, 09 Oct 2010 12:32:49 +0200, Roger Leigh wrote:
> On Fri, Oct 08, 2010 at 12:19:28PM +0100, David Laban wrote:
>> http://www.debian-administration.org/articles/566 provides a wrapper script
>> for launching schroot with X enabled. It would be good if schroot supported
>> this natively via a command line flag, rather than requiring the user to
>> google for the answer and potentially come up with an insecure solution.
>> 
>> Does the approach given in the article look like the right one?
>
> I think there's a better approach now.  schroot 1.4 provides a
> "desktop" configuration profile specifically for running X
> applications.  Look at /etc/schroot/desktop.  Just set
> script-config=/etc/schroot/desktop/config (you might need to
> double-check the path).
>
> The only change this makes is to bind mount the directory under
> /var used for X socket connections.  This means X applications in
> the chroot can then automatically use the display.  You do still
> need to use -p so the environment is kept (which contains the
> X socket path), but that's all you need.
>
> Please do let me know if this isn't sufficient for your needs, and
> any extra details can be added to the desktop "profile".

At least with XDM, simply mounting the authentication directory does not
seem to be enough, you still need to extract the xauth information as
Thomas suggested:
=====
luca at gismo:~$ schroot -c sid-desktop

(sid-desktop)luca at gismo:~$ export | grep DISPLAY
declare -x DISPLAY=":0.0"

(sid-desktop)luca at gismo:~$ xterm
No protocol specified
xterm Xt error: Can't open display: :0.0

(sid-desktop)luca at gismo:~$ ls /var/lib/xdm/authdir/
ls: cannot open directory /var/lib/xdm/authdir/: Permission denied

(sid-desktop)luca at gismo:~$ su -c "find /var/lib/xdm/"
Password:
/var/lib/xdm/
/var/lib/xdm/authdir
/var/lib/xdm/authdir/authfiles
/var/lib/xdm/authdir/authfiles/A:0-6Buikn

(sid-desktop)luca at gismo:~$
=====

Attached a simple and "raw" schroot-setup script that automates the
Xauthority creation in the schroot: feel free to include it in the docs'
contrib/ folder, adapting it to your feelings.  I tested it with /home
mounted or not.

Thx, bye,
Gismo / Luca

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20xauthority
Type: application/x-sh
Size: 3064 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20111123/1839be54/attachment.sh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20111123/1839be54/attachment.pgp>

More information about the Buildd-tools-devel mailing list