[Slackbuilds-users] Is building packages using fakeroot safe?
Andrzej Telszewski
atelszewski at gmail.com
Sun Oct 30 13:26:20 UTC 2016
On 30/10/16 12:02, Franzen wrote:
> On 2016-10-30 11:08, Andrzej Telszewski wrote:
>> Hi,
>>
>> I would like to ask you, if building packages within fakeroot is safe?
>
> I did build with fakeroot a few years long, and had some minor issues,
> maybe this thread(and links in that thread) is a little bit helpful.
Links missing?
> Currently i build my personal packages as unprivileged user, with a
> patched makepkg.
> This does not work without also patching buildscripts from SBo, as there
> is almost always a "chown root ..."
>
Changing build scripts is a no-go for me, in my opinion it's too much
hassle.
I am just playing with software and fakeroot just happened to be
interesting to play with.
But after a bit of thought, I think it won't be that useful.
I'm already using VM to build packages, so I'm on the safe side.
What I'm really aiming for is to ensure that the build process does not
write outside of the build directories.
And it's not possible to spot that happening with fakeroot, because the
build process can easily write to /tmp or user directory.
And I actually came across Makefile that would write into system
directory if building as root or into home directory when building as user.
In that cases the build wouldn't stop because of 'permission denied'.
I think my best bet is to use overlay filesystem, alternatively there is
another piece of software (can't really remember the name now) that can
record the changes made to filesystem by particular process.
But overlay filesystem is my favorite now, need to give it a go.
--
Best regards,
Andrzej Telszewski
More information about the SlackBuilds-users
mailing list