[Slackbuilds-users] Is building packages using fakeroot safe?

Jeremy Hansen jebrhansen+SBo at gmail.com
Sun Oct 30 14:52:13 UTC 2016


David Spencer's (55020) slackrepo will automate building using overlay,
ultimately keeping the build server completely clean (it starts with a
clean install for every build project since it uses overlays and doesn't
install the packages to the machine itself -- they're just installed to the
overlay, so as soon as it's removed, you're back to a clean system) and
setting up a slackpkg+ compatible repo.

http://idlemoor.github.io/slackrepo/

It might be something you'd be interested in.

On Sun, Oct 30, 2016, 9:28 AM Andrzej Telszewski <atelszewski at gmail.com>
wrote:

> On 30/10/16 12:02, Franzen wrote:
> > On 2016-10-30 11:08, Andrzej Telszewski wrote:
> >> Hi,
> >>
> >> I would like to ask you, if building packages within fakeroot is safe?
> >
> > I did build with fakeroot a few years long, and had some minor issues,
> > maybe this thread(and links in that thread) is a little bit helpful.
>
> Links missing?
>
> > Currently i build my personal packages as unprivileged user, with a
> > patched makepkg.
> > This does not work without also patching buildscripts from SBo, as there
> > is almost always a "chown root ..."
> >
>
> Changing build scripts is a no-go for me, in my opinion it's too much
> hassle.
>
> I am just playing with software and fakeroot just happened to be
> interesting to play with.
> But after a bit of thought, I think it won't be that useful.
> I'm already using VM to build packages, so I'm on the safe side.
>
> What I'm really aiming for is to ensure that the build process does not
> write outside of the build directories.
> And it's not possible to spot that happening with fakeroot, because the
> build process can easily write to /tmp or user directory.
> And I actually came across Makefile that would write into system
> directory if building as root or into home directory when building as user.
> In that cases the build wouldn't stop because of 'permission denied'.
>
> I think my best bet is to use overlay filesystem, alternatively there is
> another piece of software (can't really remember the name now) that can
> record the changes made to filesystem by particular process.
>
> But overlay filesystem is my favorite now, need to give it a go.
>
> --
> Best regards,
> Andrzej Telszewski
> _______________________________________________
> SlackBuilds-users mailing list
> SlackBuilds-users at slackbuilds.org
> http://lists.slackbuilds.org/mailman/listinfo/slackbuilds-users
> Archives - https://lists.slackbuilds.org/pipermail/slackbuilds-users/
> FAQ - https://slackbuilds.org/faq/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.slackbuilds.org/pipermail/slackbuilds-users/attachments/20161030/88314dee/attachment.html>


More information about the SlackBuilds-users mailing list