Em dezembro 22, 2017 13:55 Manuel Reimer escreveu:
On 12/22/2017 03:17 PM, Giancarlo Razzolini via arch-general wrote:
Well, so far you said you want to autobuild some packages and that it MUST run as root, with no good reason why.
I have a set of PKGBUILD's (around 40) and a self-made "build system":
The autobuild system works completely without user interaction. You just call "repo-make" and it will do *everything* that is needed to finally have a working local repository.
This is meant to be used on a dedicated build VM and never on any productive system.
Now my idea was to improve this process by doing every build in a chroot environment.
So far my build system does things like installing packages directly, so makepkg never has to do this as this would cause silly sudo password prompts that I don't want to have in a fully automated build.
Now that things are a little more clear, I can tell you that, you mixes building software, packaging software and installing it. Of the three, only the last one (usually) requires root permissions.
I want to avoid unnecessary work that is not needed on a system that is meant only to be used to build some packages. If I ever trash this system, I just restore the VM from a backup.
If you build software always as root, you might mask some problems. I personally wouldn't trust any software that cannot be built as a regular user.
I have an existing build system that I call with root permissions and from this point on it does everything on its own. Including creating the required build user, fetching build dependencies, building packages in context of the build user, ...
My idea was to make use of "chroot building" to have a clean state of packages for every build. If this is possible, I would add this. If fully automated processing doesn't work with the existing tools, I'll stick with my way and keep building without chroot.
You keep saying chroot and I guess that arises from the name of the tool, makechrootpkg. But keep in mind that you don't actually use a chroot, you use a container. There's a difference, and it's not just semantics.
To me, it seems, that all you need is to give NOPASSWD permissions to whatever user you choose to use on your VM. That way you would not get any prompts and build everything with the minimal permission set possible.
Regards, Giancarlo Razzolini