[arch-general] How to build package in "clean chroot" using the "-U" parameter?
eschwartz at archlinux.org
Fri Dec 22 13:37:13 UTC 2017
On 12/22/2017 08:31 AM, Manuel Reimer wrote:
> My autobuild process runs as root. It also directly updates the chroot
> which also needs root permissions so it's the best to start with "root"
> and then drop privileges for the tasks that shouldn't run with root
> privileges. The whole system is a dedicated build VM, so there is no
> reason to not use "root" for the main purpose of this machine.
makechrootpkg already runs systemd-nspawn to enter the chroot and run
pacman -Syu as the root user, so this isn't strictly necessary.
>> That is the first time the makepkg command is run. The second time, is
>> inside the chroot, which should automatically be run as the "builduser"
>> user inside a systemd-nspawn container (we don't actually use chroot).
> And this one fails. But why? Does makechrootpkg for some reason miss to
> drop privileges if the "-U" parameter is used?
The -U parameter is completely ignored in the chroot. Once sources are
downloaded, it runs systemd-nspawn to enter the chroot as root, then
runs /chrootbuild, which uses a hardcoded command:
sudo -iu builduser bash -c 'cd /startdir; makepkg "$@"' -bash "$@"
Once you enter the chroot, nothing you do should matter, unless the
chroot itself is completely damaged.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the arch-general