Re: sbuild on hurd-amd64...

To: Johannes Schauer Marin Rodrigues <josch@debian.org>
Cc: Stéphane Glondu <glondu@debian.org>, debian-hurd@lists.debian.org
Subject: Re: sbuild on hurd-amd64...
From: Samuel Thibault <sthibault@debian.org>
Date: Sat, 6 Sep 2025 07:42:09 +0200
Message-id: <[🔎] aLvJsYqLMOXgxux0@begin>
Mail-followup-to: Johannes Schauer Marin Rodrigues <josch@debian.org>, Stéphane Glondu <glondu@debian.org>, debian-hurd@lists.debian.org
In-reply-to: <[🔎] 175712093030.20520.1053475883089889373@localhost>
References: <aKjR7BCUE7sPcMbP@begin> <3e8ef0b8-4960-4277-99cb-1531946324a0@debian.org> <aKlvoFuupzWS9GN7@begin> <aKmBU0AYssxxTLkY@begin> <830a4cb4-78a5-4bf2-bc23-1ac0faf7520d@debian.org> <[🔎] 175712093030.20520.1053475883089889373@localhost>

Hello,

Johannes Schauer Marin Rodrigues, le sam. 06 sept. 2025 03:08:50 +0200, a ecrit:
> Quoting Stéphane Glondu (2025-08-23 11:27:03)
> > Le 23/08/2025 à 10:52, Samuel Thibault a écrit :
> > >>> Concerning the "dpkg --install" step, some maintainer scripts fail when run
> > >>> under fakechroot/fakeroot.
> > >>
> > >> We should then fix that. We should be able to manage to get chrootless
> > >> working.
> > I wasn't familiar with the chrootless concept.
> 
> be aware that because there is no chroot, maintainers scripts will operate on
> what they think is root which is your rootfs if the maintainer script has not
> yet been adjusted to make use of the DPKG_ROOT environment variable set by
> dpkg. This makes the chrootless mode of mmdebstrap dangerous which is why it is
> recommended to run it inside some form of isolation.

Right :)

> > >>> It makes more sense to me to run them inside the subhurd anyway.
> > >>
> > >> I don't think the required packages should need anything that chrootless
> > >> can't do. Even the hurd package now doesn't, with xattrs :)
> > > 
> > > Johannes, I see that base-passwd and base-files use chown to set up some
> > > groups etc. That would however not work with non-root chrootless, so
> > > we'd have to use either root chrootless, or non-root fakeroot?
> > My observations confirm this.
> 
> chrootless mode was not introduced to avoid requiring superuser privileges. On
> Linux we use unshared user namespaces to allow a chown 0:0 as the non-root
> user. Maybe hurd has a similar concept?

It's a subhurd :) which is what we're here creating an image for :)

But here we only want a partial subhurd for just altering auth to fake
being root. That's fakeroot-hurd :)

> root chrootless is dangerous. non-root fakeroot is brittle as you already have
> experienced. I would not put more of my own time into fixing fakeroot (too much
> was spent there already for little benefit).

fakeroot-tcp/sysv is indeed difficult to fix. fakeroot-hurd, however, is
based on the auth partial subhurd, which thus just works.

So in the end one can just use fakeroot-hurd + chroot.

Samuel

Reply to:

References:
- Re: sbuild on hurd-amd64...
  - From: Johannes Schauer Marin Rodrigues <josch@debian.org>

Prev by Date: Re: sbuild on hurd-amd64...
Next by Date: Re: sbuild on hurd-amd64...
Previous by thread: Re: sbuild on hurd-amd64...
Next by thread: Re: sbuild on hurd-amd64...
Index(es):
- Date
- Thread