Paul Cager <paul-debian@home.paulcager.org> writes: > Tim Cutts wrote: >> What I'd actually like is some sort of non-root packaging system so that >> users could build software with decent dependency checking for their >> shared software infrastructure. Can dpkg be cajoled into doing that? > > Could you use a schroot instance to do that? You can if you combine it with sbuild (specifically for Debian packaging, though). However, it's still a bit risky, because there are ways the user could abuse their access to the chroot in order to subvert the system (e.g. via the debian/rules binary target or in the postinst of a package pulled in as a build-dependency). Worse, the current design allows the sbuild user unrestricted root access to the chroot. If you don't use schroot, sbuild *requires* unrestricted sudo access to the host system! I do have plans (post-etch) to eliminate the user access to the chroot via sudo or schroot, so that sbuild should become safe for untrusted users. Once I have got my thoughts organised, I'll post them to buildd-tools-devel in the next week. Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
Attachment:
pgpzTEbDTAHDM.pgp
Description: PGP signature