Quoting Marc Haber (2019-07-24 08:17:19)
> Do we have a build technology that uses containers instead of chroots yet?
Either using any container-based autopkgtest backend (like lxc or lxd):
$ sbuild --chroot-mode=autopkgtest --autopkgtest-virt-server=lxc
Or using the built-in "unshare" backend which uses linux user namespaces:
$ sbuild --chroot-mode=unshare --chroot=debian-unstable.tar
The latter allows one to either directly specify a chroot tarball with the
--chroot argument or will look inside ~/.cache/sbuild for a fitting chroot
tarball.
If you also build your chroot tarballs using a tool that doesn't require
superuser privileges like mmdebstrap (or debootstrap with the patch from
#829134) then you can essentially build arbitrary packages inside arbitrary
chroots without ever becoming root or touching anything outside your home
directory, given that you at some point did "sysctl -w
kernel.unprivileged_userns_clone=1" until #898446 is fixed.
Thanks!
cheers, josch
Attachment:
signature.asc
Description: signature