[buildd-tools-devel] [GIT] sbuild branch user/josch/unshare updated. release/sbuild-0.66.0-5-gac50af2

Tue Jan 5 09:49:26 UTC 2016

Hi Raphaël,

Quoting Raphael Hertzog (2016-01-05 10:37:43)
> On Sun, 13 Dec 2015, Johannes Schauer wrote:
> > for comments, ideas and critique I'd like to share a rather large-ish
> > experimental proof-of-concept commit with you that I just pushed to the branch
> > user/josch/unshare in the sbuild repository:
> 
> Thanks for exploring new territorry and making sbuild even more useful!

thanks a lot for giving that version a test drive in the course of bug #798835
:)

> > Using the decoupling explained in the last section I was able to add a new
> > backend which is able to make use of the adt-virt-* interface from the
> > autopkgtest package. This means that sbuild is now able to do a build in an lxc
> > container, on a networked ssh server or in a qemu virtual machine using the
> > same interface. For example, the following will demo its functionality using
> > the adt-virt-schroot backend (the current default):
> 
> In https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809443 I suggested
> that systemd-nspawn should be considered as a new ADT backend that
> would be widely available... and it would be really great if then sbuild
> can rely on this too.

if systemd-nspawn is added as an ADT backend, then using the previously
mentioned patches sbuild will automatically be able to use it :)

Unfortunately I lack the time right now to implement yet another sbuild backend
myself. Though patches welcome!

> I don't think that systemd-nspawn can be used right now to build a chroot
> without root rights but it might be something that the systemd developers
> might welcome.

Before I wrote uchroot/user-unshare I had a look at systemd-nspawn and it seems
that its developers are not interested in making it possible to run without
superuser privileges:

http://lists.freedesktop.org/archives/systemd-devel/2015-February/028139.html

> Thus I would suggest you to consider whether uchroot can be developed as a
> new systemd-nspawn feature. In fact, right now I'm rather annoyed that
> systemd-nspawn relies of btrfs for all "ephemeral chroots" and I would
> welcome some feature where it can use a tarball as the reference tree.

I would *very much* welcome if somebody showed me an existing piece of software
that would make uchroot/user-unshare unnecessary. Unfortunately I don't know of
any. I am told that LXC supports unprivileged containers but it seems that
their definition of "unprivileged containers" is unequal to being able to spawn
a new container as non-root. At least when trying to do so LXC will fail to
start because of lacking permissions.

Thanks!

cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20160105/4897eb5b/attachment.sig>