Hi, Quoting Samuel Thibault (2025-09-06 15:30:34) > > > But currently none of the expected ways work as non-root: > > > > > > $ mmdebstrap --mode=root --variant=required --keyring=/usr/share/keyrings/debian-ports-archive-keyring.gpg '' foo.tar.gz 'deb http://deb.debian.org/debian-ports unreleased main' 'deb http://deb.debian.org/debian-ports/ unstable main' > > > E: need to be root > > > > Would/should the above work as the non-root user on hurd? > > Well, I don't know the exact intention of --mode=root :) --mode=root is the mode which you need to be superuser for on Linux as it does a real chroot(), so you need cap_sys_admin for it. An alias for --mode=root is --mode=sudo because a normal user would typically run mmdebstrap with sudo for this mode. > What I was understanding is that it is a mode that uses an actual root uid, > not faking root. The only mode that is faking root is the fakechroot mode. Both --mode=root as well as --mode=unshare do a real chroot. The latter mode does so with an unshared user namespace but the chroot call is still "real". But since unshare is linux-specific i do not think it is interesting for you. > But I also read that it uses chroot, which is what we'd want to use on the > Hurd, but along with an additionnal fakeroot-hurd, which would rather be the > fakeroot mode. There is no "fakeroot" mode. There is fakechroot mode which uses fakechroot instead of chroot. But to use this mode on linux, you would typically wrap the fakechroot call in fakeroot. So usually one would use --mode=fakechroot under *both* fakeroot and fakechroot. If fakeroot-hurd is something that you wrap the mmdebstrap call in, then it's not something that mmdebstrap should call. Instead, mmdebstrap should be able to do the right thing when it is run inside fakeroot-hurd on hurd, no? > > * instead, maybe a different check can/should be performed on hurd but i > > don't know enough hurd to implement this > > I don't think there is any check need: you can always mount something > the hurd. The translator will run under the user identity, simply. Okay. > > > on GNU/Hurd it should be using chroot instead of using the fragile > > > fakechroot. I had tried to create a hurdish fakechroot that just calls > > > chroot(), but apparently mmdebstrap is expecting various fakechroot > > > environment variables, I didn't easily manage to find out what. > > > > Instead of you creating a fakechroot for hurd which is close enough to the > > fakechroot on linux, lets instead fix mmdebstrap to do the right thing on > > hurd out-of-the-box. I'll gladly accept patches! > > I don't really know where one would tell mmdebstrap to just use chroot. That's --mode=root. Could you try this patch: https://paste.debian.net/hidden/8e5bf3c7/ And then run mmdebstrap with --skip=check/root,check/canmount which should disable both checks that made it fail before and then hopefully you get a bit further. > > I can easily implement the --skip=... options mentioned above but I'll need > > help with adding hurd-specific things. > > I don't think there is really much hurd-specific. Really I believe it's > just about calling fakeroot-hurd and chroot, just like you would use > fakeroot + chroot on linux. Except that fakeroot is not doing chroot at all. And even fakeroot+fakechroot is not doing any actual chroot. It's just intercepting and modifying syscalls. In slightly related news, the dpkg-root-demo salsa-ci QA job (scheduled to run daily) now includes a test which sets up a hurd qemu machine using mmdebstrap-chrootless and checks if the result successfully boots: https://salsa.debian.org/helmutg/dpkg-root-demo/-/blob/master/install-hurd.sh Since the mmdebstrap test suite runs all tests inside a qemu virtual machine, I think I can add hurd tests to the mmdebstrap testsuite as well without much pain. Thanks! cheers, josch
Attachment:
signature.asc
Description: signature