Difference between revisions of "Development Team/Chroot"

From Sugar Labs
Jump to navigation Jump to search
Line 46: Line 46:
 
=== X11 ===
 
=== X11 ===
  
Most X11 servers are configured to disable TCP connections. This means that in order to get a working X connection we can:
+
We need to point Sugar at an X server. One easy (but insecure) way to do this is to make a nested X server like so, ''outside the chroot'':
 
 
# bind-mount the X unix socket into the chroot.
 
# ssh ''into'' the chroot with X11-forwarding enabled.
 
# Enable TCP on an X server, e.g. a nested Xephyr.
 
 
 
We're going to try option (3) first:
 
  
 
  Xephyr -ac :1  
 
  Xephyr -ac :1  
  
And, ''inside'' the chroot, set the <tt>DISPLAY</tt> to <tt>localhost:1</tt>.
+
See the talk page for more secure alternatives.
  
 
=== D-Bus ===
 
=== D-Bus ===

Revision as of 11:02, 23 May 2009

Sugar ought to be easy to run from chroots. For a variety of silly reasons, this isn't yet the case, but it might be soon. Ping Michael with questions.

Chroot Construction

There are lots of ways to create appropriate chroots; e.g. by hand, with debootstrap, with mock, etc.

Here are some ideas to help you get started:

Ubuntu jaunty chroot

With recent versions of debootstrap, in order to get a working chroot, you want something like:

export CHROOT=`pwd`/jaunty-root
sudo debootstrap --arch i386 jaunty $CHROOT http://ubuntu.media.mit.edu/ubuntu/
sudo chroot $CHROOT /bin/bash -l
mount -t proc proc /proc
mount -t devpts devpts /dev/pts

Debian sid chroot

With debootstrap, in order to get a working chroot, you want something like:

export CHROOT=`pwd`/sid-root
sudo debootstrap --arch i386 sid $CHROOT http://debian.lcs.mit.edu/debian
sudo chroot $CHROOT /bin/bash -l
# and some of the following:
mount -t proc proc $CHROOT/proc
mount -t devpts devpts $CHROOT/dev/pts
mount -t selinuxfs selinux $CHROOT/selinux

Reference: http://www.debian.org/doc/manuals/reference/ch-tips.en.html

Fedora rawhide chroot

With mock, it would be more like:

mock -r fedora-devel-i386 --init
mock -r fedora-devel-i386 --shell

Sugar Installation

jaunty chroot

sed -ie "s/main/main universe/" /etc/apt/sources.list
apt-get update
apt-get install sugar sugar-activities
# install your development tools here

X11

We need to point Sugar at an X server. One easy (but insecure) way to do this is to make a nested X server like so, outside the chroot:

Xephyr -ac :1 

See the talk page for more secure alternatives.

D-Bus

Sugar wants to be able to use global state stored in both HAL and NetworkManager, both of which live on the system bus. Consequently, we need to bind-mount

 mount --bind /var/run/dbus $CHROOT/var/run/dbus

before entering the chroot. (Mock uses unshare() to enter a new mount-point namespace since this makes garbage collection of mountpoints much easier.)

User Account

For stupid reasons, it's necessary that Sugar run under a uid inside the chroot which exists as a real account outside the chroot. (Talk to the DBus people.)

Consequently, run something like this both inside and outside the chroot:

 groupadd -g 64002 sugar
 useradd -m -u 64002 -g sugar -s /bin/bash sugar

Then, inside the chroot, you can happily run sugar as user 'sugar' with something like

 su sugar -
 export DISPLAY=:1
 export DBUS_SESSION_BUS_ADDRESS=$(dbus-daemon --session --print-address --fork)
 sugar