[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Backports of newer Compilers (Clang/LLVM and GCC)

On Sun, Apr 17, 2022 at 11:27:57PM +0200, Gerion Entrup wrote:
> thanks for the suggestion but I think that container are not the best
> solution for us. This is mainly due to two reasons:
> - We have nearly 20 machines with a locally installed Debian, which are
>   used by alternating people. They are globally managed by Puppet. It
>   may be possible to provide an image to a VM to all these machines or
>   copy a chroot container but installing a single package is way easier.
> - Most of our users do not have root access. AFAIK, Docker is feasible
>   without root in the meantime but solutions that require chroot are not
>   possible without.

It is possible to use chroots without having root.  You need to have
various privileged scripts that are setuid root, such as schroot, and
dd-schroot-cmd, but that doesn't mean that the users themselves have
to have root.

The Debian porterboxes provide the ability for Debian Developers to
use chroots for the purposes of making sure Debian packages are
portable across multiple architectures, without having to give them
root access.

For more information, please see these links:

 * https://dsa.debian.org/doc/schroot/
 * https://wiki.debian.org/PorterBoxHowToUse
 * https://wiki.debian.org/PortsDocs/BuilddSetup

The last link has instructions for how to set up a porterbox.  The
sources to the puppet files referenced in that last link can be found
here:

 * https://salsa.debian.org/debian-ports-team/dsa-puppet


Alternatively, in terms of setting up a custom build schroot, I
personally use schroot (which is available as a package you can
install) and then I just use this script to generate the chroot:

 * https://github.com/tytso/xfstests-bld/blob/master/setup-buildchroot

It's customized for building a test appliance VM's for kvm-xfstests:

 * https://github.com/tytso/xfstests-bld/blob/master/Documentation/building-xfstests.md#preparing-a-build-chroot

... but it shouldn't be that hard to customize for your own purposes.

If you do this, you can make Debian testing and Debian unstable
chroots for your colleagues / students to use, and while setting up
the chroot requires root, once it's set up, they can *use* it via the
setuid schroot program without having root access.

The defaults in the setup-buildchroot script are to set up a Debian
stable chroot, since my personal machines and my desktop and laptop
machines provided by my employer at $WORK use Debian Testing, and for
my Test Appliance VM's I want to use Debian Stable.  But it's easy
enough adjust or override the defaults in the setup-buildchroot
command.

Cheers,

					- Ted

P.S.  If you don't want to push an unpacked chroot to your various
machines, the schroot command also supports unpacking a tar.gz file
(that's how the Debian Porterboxes are set up).  This slows down the
initial startup of the schroot, since it now needs to unpack the
tar.gz, but there are times when this is the better approach to use.
Reply to: