[opensuse-buildservice] Why don't we use debootstrap?
Hi, could anyone (Adrian) please enlighten me my we can't simply use debootstrap to setup Debian & Ubuntu hosts and just be done with it? Point being I'm wondering that for quite some time but wasn't able to get some answer on it. Also I was asked that by the Ubuntu folks when I tried to debug the 10.10 chroot but wasn't able to provide a proper answer. So, why don't we use deboostrap and be done with it since that is maintained by the .deb folks and simply works? regards, Stephan -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
Am Donnerstag, 11. November 2010, 00:06:42 schrieb Stephan Kleine:
Hi,
could anyone (Adrian) please enlighten me my we can't simply use debootstrap to setup Debian & Ubuntu hosts and just be done with it?
check the mail archive, we just discussed that. In short, it would be incompatible and unsafe, so we won't be able to allow server side builds anymore.
Point being I'm wondering that for quite some time but wasn't able to get some answer on it. Also I was asked that by the Ubuntu folks when I tried to debug the 10.10 chroot but wasn't able to provide a proper answer.
So, why don't we use deboostrap and be done with it since that is maintained by the .deb folks and simply works?
regards, Stephan
-- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On Thu, 11 Nov 2010 08:26:16 +0100 Adrian Schröter <adrian@suse.de> wrote:
Am Donnerstag, 11. November 2010, 00:06:42 schrieb Stephan Kleine:
Hi,
could anyone (Adrian) please enlighten me my we can't simply use debootstrap to setup Debian & Ubuntu hosts and just be done with it?
check the mail archive, we just discussed that.
In short, it would be incompatible and unsafe, so we won't be able to allow server side builds anymore.
In the rather short discussion about debootstrap you wrote:
Also, regarding our general approach for creating debian based chroots: Why don't we simply use "debootstrap"? At least that is what the Ubuntu people wondered and, after giving it a try, I'm wondering too. It is a simple bash script (so the extracted debian package "just works" or it could easily get repackaged into a rpm) that takes the distro, architecture and wanted variant (minimal, with build tools, ...) as arguments and then automatically sets up a working chroot.
debootstrap would be a full seperate path beside the build script. That means all other features, like modifing release numbers, take care about provided file lists (so that prjconf settings have an effect at all) and so on would need to get implemented seperatly.
Also debootstrap is afaik no secure build mechanism (like build with XEN or kvm). So we would not be able to allow service side builds anymore.
debootstrap is no build mechanism at all, it merely installs a debian system. Could you elaborate why the resulting installation couldn't be used with XEN or kvm to provide a secure build environment? Thanks, Justus -- Justus Winter winter@pre-sense.de PRESENSE Technologies GmbH Sachsenstr. 5, D-20097 HH USt-IdNr.: DE263765024 Geschäftsführer/Managing Directors AG Hamburg, HRB 107844 Till Dörges Jürgen Sander Axel Theilmann
Am Freitag, 12. November 2010, 13:47:42 schrieb Justus Winter:
On Thu, 11 Nov 2010 08:26:16 +0100 Adrian Schröter <adrian@suse.de> wrote: ...
debootstrap would be a full seperate path beside the build script. That means all other features, like modifing release numbers, take care about provided file lists (so that prjconf settings have an effect at all) and so on would need to get implemented seperatly.
Also debootstrap is afaik no secure build mechanism (like build with XEN or kvm). So we would not be able to allow service side builds anymore.
debootstrap is no build mechanism at all, it merely installs a debian system. Could you elaborate why the resulting installation couldn't be used with XEN or kvm to provide a secure build environment?
You need to run scripts (esp on debian) during installation. To do this in a secure way the script needs to know how to pre install (without scripts), jump into VM, run missing scripts and continue with rest of packages. The debian script is no help here as it was not designed for this. -- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
On Fri, 12 Nov 2010 18:00:08 +0100 Adrian Schröter <adrian@suse.de> wrote:
Am Freitag, 12. November 2010, 13:47:42 schrieb Justus Winter:
On Thu, 11 Nov 2010 08:26:16 +0100 Adrian Schröter <adrian@suse.de> wrote: ...
debootstrap would be a full seperate path beside the build script. That means all other features, like modifing release numbers, take care about provided file lists (so that prjconf settings have an effect at all) and so on would need to get implemented seperatly.
Also debootstrap is afaik no secure build mechanism (like build with XEN or kvm). So we would not be able to allow service side builds anymore.
debootstrap is no build mechanism at all, it merely installs a debian system. Could you elaborate why the resulting installation couldn't be used with XEN or kvm to provide a secure build environment?
You need to run scripts (esp on debian) during installation. To do this in a secure way the script needs to know how to pre install (without scripts), jump into VM, run missing scripts and continue with rest of packages.
The debian script is no help here as it was not designed for this.
I think it is (or has a feature that can be used). man debootstrap says:
--foreign Do the initial unpack phase of bootstrapping only, for example if the target architecture does not match the host architecture. A copy of debootstrap suffi‐ cient for completing the bootstrap process will be installed as /debootstrap/debootstrap in the target filesystem. You can run it with the --second-stage option to complete the bootstrapping process.
--second-stage Complete the bootstrapping process. Other arguments are generally not needed.
-- Justus Winter winter@pre-sense.de PRESENSE Technologies GmbH Sachsenstr. 5, D-20097 HH USt-IdNr.: DE263765024 Geschäftsführer/Managing Directors AG Hamburg, HRB 107844 Till Dörges Jürgen Sander Axel Theilmann
On Thu, Nov 11, 2010 at 12:06:42AM +0100, Stephan Kleine wrote:
could anyone (Adrian) please enlighten me my we can't simply use debootstrap to setup Debian & Ubuntu hosts and just be done with it?
Point being I'm wondering that for quite some time but wasn't able to get some answer on it. Also I was asked that by the Ubuntu folks when I tried to debug the 10.10 chroot but wasn't able to provide a proper answer.
I fixed the 10.10 setup yesterday, so you should be able to build packages for 10.10. Cheers, Michael. -- Michael Schroeder mls@suse.de SUSE LINUX Products GmbH, GF Markus Rex, HRB 16746 AG Nuernberg main(_){while(_=~getchar())putchar(~_-1/(~(_|32)/13*2-11)*13);} -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
participants (4)
-
Adrian Schröter -
Justus Winter -
Michael Schroeder -
Stephan Kleine