From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id UFGCLF7Ygl8ffQAA0tVLHw (envelope-from ) for ; Sun, 11 Oct 2020 10:03:10 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id UNkwKF7Ygl9lSQAAbx9fmQ (envelope-from ) for ; Sun, 11 Oct 2020 10:03:10 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 9B94C9400C7 for ; Sun, 11 Oct 2020 10:03:09 +0000 (UTC) Received: from localhost ([::1]:34674 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kRYC3-0004GK-RF for larch@yhetil.org; Sun, 11 Oct 2020 06:03:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53736) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kRYBy-0004Fd-53 for guix-patches@gnu.org; Sun, 11 Oct 2020 06:03:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:55904) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kRYBx-0000oW-Ry for guix-patches@gnu.org; Sun, 11 Oct 2020 06:03:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kRYBx-00078f-PC for guix-patches@gnu.org; Sun, 11 Oct 2020 06:03:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#43857] Supporting chroot builds on GNU/Hurd Resent-From: Jan Nieuwenhuizen Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 11 Oct 2020 10:03:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 43857 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= , 43857@debbugs.gnu.org Received: via spool by 43857-submit@debbugs.gnu.org id=B43857.160241053527387 (code B ref 43857); Sun, 11 Oct 2020 10:03:01 +0000 Received: (at 43857) by debbugs.gnu.org; 11 Oct 2020 10:02:15 +0000 Received: from localhost ([127.0.0.1]:39217 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kRYBC-00077f-NV for submit@debbugs.gnu.org; Sun, 11 Oct 2020 06:02:15 -0400 Received: from eggs.gnu.org ([209.51.188.92]:46788) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kRYBA-00077S-Im for 43857@debbugs.gnu.org; Sun, 11 Oct 2020 06:02:13 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:50189) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kRYB3-0000kh-M2; Sun, 11 Oct 2020 06:02:05 -0400 Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=48252 helo=dundal.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kRYB3-0002xD-6l; Sun, 11 Oct 2020 06:02:05 -0400 From: Jan Nieuwenhuizen In-Reply-To: <87sgapsnqz.fsf@gnu.org> References: <87sgapsnqz.fsf@gnu.org> Date: Sun, 11 Oct 2020 12:02:03 +0200 Message-ID: <87imbhqdwk.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -3.3 (---) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: -0.01 X-TUID: YsJq4OVttjwe Ludovic Court=C3=A8s writes: Hi! > The patch below is an attempt at supporting =E2=80=9Cchroot builds=E2=80= =9D on GNU/Hurd; > it=E2=80=99s =E2=80=9Calmost working=E2=80=9D. The main feature we need = is firmlinks (or =E2=80=9Cbind > mounts=E2=80=9D) and commenting out Linux-specific things (private bind m= ounts, > =E2=80=98pivot_root=E2=80=99, etc.). Yay! I finally got round to trying this, and I can confirm that it also "almost works" for me. [..] > With this patch, I can run =E2=80=9Cguix build hello --check=E2=80=9D in = a chroot=E2=80=A6 but > it eventually hangs somewhere in =E2=80=98DerivationGoal::buildDone=E2=80= =99 (I presume) > once the build has completed. It leaves behind it all its firmlink > processes: Yes, get something very similar. > I felt a need to hack on this as I was investigating an util-linux test > failure in a =E2=80=98--disable-chroot=E2=80=99 setup: the test would fin= d /proc and > would later fail for some reason. Had /proc been missing from the build > environment (as is the case with this patch), the test would have been > skipped (it explicitly handles that case). I think we=E2=80=99d rather n= ot > fiddle too much with test suites until we have defined what=E2=80=99s ava= ilable > in the default build environment. I also tried building util-linux and comparing it with the non-chrooted build: --8<---------------cut here---------------start------------->8--- -checking whether make sets $(MAKE)... yes +checking whether make sets $(MAKE)... no - : mountpoint ... FAILED (libmount/utils-m= ountpoint) + : mountpoint ... SKIPPED (no /proc) - 3 tests of 204 FAILED + 2 tests of 204 FAILED --8<---------------cut here---------------end--------------->8--- Not sure about the configure change, probably it uses /proc to determine that? Still failing: --8<---------------cut here---------------start------------->8--- fdisk: invalid input tests ... FAILED (fdisk/oddinput) ipcs: headers ... FAILED (ipcs/headers) --8<---------------cut here---------------end--------------->8--- so, this is already better. > Apart from that, this raises the question of what to put in the build > environment. As written in the blog post about childhurds that should > go out tomorrow, on GNU/Linux, we do not include any piece of userland > software in the environment. But here, we=E2=80=99d be doing just that: = running > Hurd translators that are not specified as derivation inputs. It=E2=80= =99s OK > for /dev/null, but maybe questionable for /servers/socket/*. Yes, certainly maybe ;) [..] > Thoughts? What about doing it in small steps, starting with the patch you suggest here and see how much it "hurts" to go towards more secure/more Hurd'y chrooted builds? > From 1887d0dee0031df0de117b3a6339495504b4b489 Mon Sep 17 00:00:00 2001 > From: =3D?UTF-8?q?Ludovic=3D20Court=3DC3=3DA8s?=3D > Date: Tue, 6 Oct 2020 23:53:24 +0200 > Subject: [PATCH] DRAFT daemon: Support chroot builds on GNU/Hurd. So...apart from > This has yet to be debugged. :-) otherwise, LGTM! Thanks a lot for looking into this! Greetings, Janneke --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com