On Thu, 11 Nov 2010 08:26:16 +0100 Adrian Schröter wrote:

Am Donnerstag, 11. November 2010, 00:06:42 schrieb Stephan Kleine:

...

Hi,

could anyone (Adrian) please enlighten me my we can't simply use debootstrap to setup Debian & Ubuntu hosts and just be done with it?

check the mail archive, we just discussed that.

In short, it would be incompatible and unsafe, so we won't be able to allow server side builds anymore.

In the rather short discussion about debootstrap you wrote:

...

Also, regarding our general approach for creating debian based chroots: Why don't we simply use "debootstrap"? At least that is what the Ubuntu people wondered and, after giving it a try, I'm wondering too. It is a simple bash script (so the extracted debian package "just works" or it could easily get repackaged into a rpm) that takes the distro, architecture and wanted variant (minimal, with build tools, ...) as arguments and then automatically sets up a working chroot.

debootstrap would be a full seperate path beside the build script. That means all other features, like modifing release numbers, take care about provided file lists (so that prjconf settings have an effect at all) and so on would need to get implemented seperatly.

Also debootstrap is afaik no secure build mechanism (like build with XEN or kvm). So we would not be able to allow service side builds anymore.

debootstrap is no build mechanism at all, it merely installs a debian system. Could you elaborate why the resulting installation couldn't be used with XEN or kvm to provide a secure build environment? Thanks, Justus -- Justus Winter winter@pre-sense.de PRESENSE Technologies GmbH Sachsenstr. 5, D-20097 HH USt-IdNr.: DE263765024 Geschäftsführer/Managing Directors AG Hamburg, HRB 107844 Till Dörges Jürgen Sander Axel Theilmann

On Fri, 12 Nov 2010 18:00:08 +0100 Adrian Schröter wrote:

Am Freitag, 12. November 2010, 13:47:42 schrieb Justus Winter:

...

On Thu, 11 Nov 2010 08:26:16 +0100 Adrian Schröter wrote: ...

...

debootstrap would be a full seperate path beside the build script. That means all other features, like modifing release numbers, take care about provided file lists (so that prjconf settings have an effect at all) and so on would need to get implemented seperatly.

Also debootstrap is afaik no secure build mechanism (like build with XEN or kvm). So we would not be able to allow service side builds anymore.

debootstrap is no build mechanism at all, it merely installs a debian system. Could you elaborate why the resulting installation couldn't be used with XEN or kvm to provide a secure build environment?

You need to run scripts (esp on debian) during installation. To do this in a secure way the script needs to know how to pre install (without scripts), jump into VM, run missing scripts and continue with rest of packages.

The debian script is no help here as it was not designed for this.

I think it is (or has a feature that can be used). man debootstrap says:

--foreign Do the initial unpack phase of bootstrapping only, for example if the target architecture does not match the host architecture. A copy of debootstrap suffi‐ cient for completing the bootstrap process will be installed as /debootstrap/debootstrap in the target filesystem. You can run it with the --second-stage option to complete the bootstrapping process.

--second-stage Complete the bootstrapping process. Other arguments are generally not needed.

-- Justus Winter winter@pre-sense.de PRESENSE Technologies GmbH Sachsenstr. 5, D-20097 HH USt-IdNr.: DE263765024 Geschäftsführer/Managing Directors AG Hamburg, HRB 107844 Till Dörges Jürgen Sander Axel Theilmann