opkg - adding an offline-path option

Andy Green andy at openmoko.com
Mon Nov 24 14:05:33 CET 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Somebody in the thread at some point said:
| Andy Green wrote:
|> You might need an entry in ./etc/shells, which fakeroot can sort out for
|> you enough to create a tarball from ./etc that says the right "root"
|> permissions, but you will never need an entry in build host /etc/shells
|> as part of this.
|
| Ah, interesting. I hadn't known that one. Thanks for the pointer !
|
| So you'd install things under, say, fakeroot/root/, run the postinst
| scripts under chroot, with a wrapper (also running under fakeroot)
| that chroots to fakeroot/root/, and once postinst is done, you'd exit
| the chroot and tar fakeroot/root/ into fakeroot/root.tar while still
| running under fakeroot, so that the permissing in the tar file are
| correct.

Yes it's pretty cool trick... and all the time you are normal user
really, just electing to fool yourself temporarily (you can't fool
anyone else though directly) that you can get some things only allowed
to root.

Dunno about opkg but on rpm anyway you don't need to deal with a chroot,
you can give --root= and it will take care about chroot-type unpack
actions while leaving real /bin accessible.

| Okay, that solves the problem of needing root to do things when
| you don't or are too afraid to use it. I had just assumed that we
| can use root privileges when needed.
|
| However, it doesn't solve the cross-architecture problem. Anything
| trying to explicitly run /bin/sh will still run into problems.

Yeah.

| It also doesn't seem to emulate mount, so we would need to find
| something that created ext2 and VFAT file systems in user space.
| I guess such things must exist - dumpe2fs already almost does it.

I don't think we can totally eliminate root in whole scheme of things,
at some point we have to mknod even with tar xf and that is a root-only
job.  Even with ext2 filesystem sitting there we have to dd to /dev/sdxn
also root:root and 0660.  But what we can do is push it back until the
dangerous composition time is over and we have a simple tarball with
relative paths.

- -Andy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkkqppwACgkQOjLpvpq7dMp4nQCdFuWJ9qP3jRJOAkeg1sUC3/2A
2cwAoIbtQAyHPBgfB6lQhyjsQGtaBjlS
=jBVS
-----END PGP SIGNATURE-----



More information about the devel mailing list