[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Another pbuilder run finished

Hi...
On Thu, 2 Jan 2003 09:27 pm, Russell Coker wrote:
> > Actually, the root requirement was a reason for me not to use
> > pbuilder.

Ditto. I don't really want to trust arbitrary build scripts written by 
people I don't know to run as root on my machine.

> > And personally, I would not like to have an automated
> > building process running as root on any box that has productive
> > jobs.

Another partial solution that no-one appears to have mentioned is to 
use sbuild instead. Although it does require sudo root on the build 
machine (for chroot), I think the actual build processes run under 
fakeroot, which should protect against rogue maintainer scripts. It 
does not, however, protect against rogue packages which are installed 
as dependencies in the chroot.

>
> What if the process is in a secure chroot provided by SE Linux or
> vserver?

Sounds like a good solution, I wish I'd thought of that last time I 
had this problem.

>
> I would be happy to assist on setting up SE Linux for this task...

Hmmm... I'd love to try this when I get time.

=)
Peter

-- 
peter@hawkins.emu.id.au aka peterh@debian.org
GPG key fingerprint:
C746 38A9 D3E4 A171 FB6A  56D4 5E30 DFCC BE11 F437
Reply to: