[pacman-dev] [suggestion] Sandboxed package building

Maxime GAUDUIN alucryd at gmail.com
Wed May 15 14:03:33 EDT 2013

On Wed, May 15, 2013 at 7:31 PM, BlissSam <m13253 at hotmail.com> wrote:

> On Wed, 15 May 2013 12:14:46 -0500, <danielwallace at gtmanfred.com> wrote:
> > Have you looked at devtools? Extra-*-build builds in a clean chroot.
> Besides, users should be reading pkgbuilds before running makepkg.
> It is true as you have said, however:
> 1. Does providing this feature cost a lot of time developing? If so, it is
> really better to give up implementing such a tiny function. IMHO, it is
> similar as implementing fakeroot during package().
> 2. Not all PKGBUILDs with something badly written can be recognized by
> user at first glance. I have once met a poor Makefile which even wrote
> temporary files in my home dir. (Though this kind of Makefile is hard to
> meet, it does cause troubles.) It is really hard to figure out if only by
> reading the PKGBUILD.
> 3. Chrooted building is necessary for maintainers, however sandbox is
> useful for normal users (non-maintainers) as they do not have time to
> maintain a separate chroot environment.
> 4. 'Users should be reading PKGBUILDs.' It is true. I read every PKGBUILDs
> when I make packages. But isn't it better if there is
> another protective layer such as sandbox?
Just my 2 cents, but building in a chroot using devtools isn't exactly more
time consuming than doing it with makepkg. It is as simple as running 'sudo
repo-arch-build' followed by 'pacman -U path_to_package' instead of
'makepkg -cis'. Put this in a nice shell function and you're good to go (I
use 'chbuild repo arch [-options]' from a function defined in my .zshrc).


More information about the pacman-dev mailing list