[arch-general] How to build package in "clean chroot" using the "-U" parameter?

Giancarlo Razzolini grazzolini at archlinux.org
Fri Dec 22 17:36:17 UTC 2017 

Em dezembro 22, 2017 13:55 Manuel Reimer escreveu:
> On 12/22/2017 03:17 PM, Giancarlo Razzolini via arch-general wrote:
>> Well, so far you said you want to autobuild some packages and that it 
>> MUST run
>> as root, with no good reason why.
> 
> I have a set of PKGBUILD's (around 40) and a self-made "build system":
> 
> http://repo-make.tuxfamily.org/
> 
> The autobuild system works completely without user interaction. You just 
> call "repo-make" and it will do *everything* that is needed to finally 
> have a working local repository.
> 
> This is meant to be used on a dedicated build VM and never on any 
> productive system.
> 
> Now my idea was to improve this process by doing every build in a chroot 
> environment.
> 
> So far my build system does things like installing packages directly, so 
> makepkg never has to do this as this would cause silly sudo password 
> prompts that I don't want to have in a fully automated build.
>

Now that things are a little more clear, I can tell you that, you mixes building
software, packaging software and installing it. Of the three, only the last one
(usually) requires root permissions.

> 
> I want to avoid unnecessary work that is not needed on a system that is 
> meant only to be used to build some packages. If I ever trash this 
> system, I just restore the VM from a backup.
>

If you build software always as root, you might mask some problems. I
personally wouldn't trust any software that cannot be built as a regular
user.

> 
> I have an existing build system that I call with root permissions and 
> from this point on it does everything on its own. Including creating the 
> required build user, fetching build dependencies, building packages in 
> context of the build user, ...
> 
> My idea was to make use of "chroot building" to have a clean state of 
> packages for every build. If this is possible, I would add this. If 
> fully automated processing doesn't work with the existing tools, I'll 
> stick with my way and keep building without chroot.
> 

You keep saying chroot and I guess that arises from the name of the tool,
makechrootpkg. But keep in mind that you don't actually use a chroot, you
use a container. There's a difference, and it's not just semantics.

To me, it seems, that all you need is to give NOPASSWD permissions to
whatever user you choose to use on your VM. That way you would not get
any prompts and build everything with the minimal permission set possible.

Regards,
Giancarlo Razzolini
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 870 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20171222/21043785/attachment.sig>

More information about the arch-general mailing list