Hi, Quoting Stéphane Glondu (2025-08-23 11:27:03) > Le 23/08/2025 à 10:52, Samuel Thibault a écrit : > >>> Concerning the "dpkg --install" step, some maintainer scripts fail when run > >>> under fakechroot/fakeroot. > >> > >> We should then fix that. We should be able to manage to get chrootless > >> working. > I wasn't familiar with the chrootless concept. be aware that because there is no chroot, maintainers scripts will operate on what they think is root which is your rootfs if the maintainer script has not yet been adjusted to make use of the DPKG_ROOT environment variable set by dpkg. This makes the chrootless mode of mmdebstrap dangerous which is why it is recommended to run it inside some form of isolation. > Indeed, I can run a "regular" mmdebstrap with --mode=chrootless, under > fakeroot. I've updated my notes accordingly: > > https://salsa.debian.org/glondu/hurd-notes/-/blob/master/rootless-subhurd.md You can reduce the number of steps and avoid temporary files by piping mmdebstrap output into mke2fs directly. mmdebstrap [options] [dist] '-' [mirrors] | mke2fs -d - 1G > >>> It makes more sense to me to run them inside the subhurd anyway. > >> > >> I don't think the required packages should need anything that chrootless > >> can't do. Even the hurd package now doesn't, with xattrs :) > > > > Johannes, I see that base-passwd and base-files use chown to set up some > > groups etc. That would however not work with non-root chrootless, so > > we'd have to use either root chrootless, or non-root fakeroot? > My observations confirm this. chrootless mode was not introduced to avoid requiring superuser privileges. On Linux we use unshared user namespaces to allow a chown 0:0 as the non-root user. Maybe hurd has a similar concept? root chrootless is dangerous. non-root fakeroot is brittle as you already have experienced. I would not put more of my own time into fixing fakeroot (too much was spent there already for little benefit). And thanks to Rules-Requires-Root:no being the default these days, fakeroot use is also rapidly declining. > > Also, can we tell mmdebstrap to use the normal chroot instead of > > fakechroot? chroot() is not a privileged operation in the Hurd. > Oh, I wasn't aware of that! Yes. If you have privileges to chroot(), you can just use --mode=root. Thanks! cheers, josch
Attachment:
signature.asc
Description: signature