On Fri, 12 Nov 2010 18:00:08 +0100
Adrian Schröter
Am Freitag, 12. November 2010, 13:47:42 schrieb Justus Winter:
On Thu, 11 Nov 2010 08:26:16 +0100 Adrian Schröter
wrote: ... debootstrap would be a full seperate path beside the build script. That means all other features, like modifing release numbers, take care about provided file lists (so that prjconf settings have an effect at all) and so on would need to get implemented seperatly.
Also debootstrap is afaik no secure build mechanism (like build with XEN or kvm). So we would not be able to allow service side builds anymore.
debootstrap is no build mechanism at all, it merely installs a debian system. Could you elaborate why the resulting installation couldn't be used with XEN or kvm to provide a secure build environment?
You need to run scripts (esp on debian) during installation. To do this in a secure way the script needs to know how to pre install (without scripts), jump into VM, run missing scripts and continue with rest of packages.
The debian script is no help here as it was not designed for this.
I think it is (or has a feature that can be used). man debootstrap says:
--foreign Do the initial unpack phase of bootstrapping only, for example if the target architecture does not match the host architecture. A copy of debootstrap suffi‐ cient for completing the bootstrap process will be installed as /debootstrap/debootstrap in the target filesystem. You can run it with the --second-stage option to complete the bootstrapping process.
--second-stage Complete the bootstrapping process. Other arguments are generally not needed.
-- Justus Winter winter@pre-sense.de PRESENSE Technologies GmbH Sachsenstr. 5, D-20097 HH USt-IdNr.: DE263765024 Geschäftsführer/Managing Directors AG Hamburg, HRB 107844 Till Dörges Jürgen Sander Axel Theilmann