Jump to content

Development Team/Chroot: Difference between revisions

From Sugar Labs
← Older editNewer edit →
Mstone (talk | contribs)
76 edits
Mstone (talk | contribs)
76 edits
Line 57: Line 57:


   groupadd -g 64002 sugar
   groupadd -g 64002 sugar
   useradd -m -u 64002 -g sugar sugar
   useradd -m -u 64002 -g sugar -s /bin/bash sugar


Then, inside the chroot, you can happily run sugar as user 'sugar' with something like
Then, inside the chroot, you can happily run sugar as user 'sugar' with something like


cat > as_person <<EOF
  su sugar -
#!/usr/bin/env python
  export DISPLAY=:1
from os import environ, chdir, setgroups, setgid, setuid, execve
  export DBUS_SESSION_BUS_ADDRESS=$(dbus-daemon --session --print-address --fork)
from sys import argv
  sugar
from pwd import getpwnam
user = getpwnam(argv[1])
environ['HOME'] = user.pw_dir
environ['USER'] = user.pw_name
chdir(user.pw_dir)
setgroups([user.pw_gid])
setgid(user.pw_gid)
setuid(user.pw_uid)
execve(argv[2], argv[2:], environ)
EOF
chmod a+x as_person
./as_person sugar /usr/bin/sugar
 


== Jhbuild ==
== Jhbuild ==

Revision as of 11:49, 23 May 2009

Sugar ought to be easy to run from chroots. For a variety of silly reasons, this isn't yet the case, but it might be soon. Ping Michael with questions.

Chroot Construction

There are lots of ways to create appropriate chroots; e.g. by hand, with debootstrap, with mock, etc.

debootstrap

With debootstrap, in order to get a working chroot, you want something like: 

 export CHROOT=`pwd`/sid-root
 sudo debootstrap --arch i386 sid $CHROOT http://debian.lcs.mit.edu/debian
 sudo chroot $CHROOT /bin/bash -l
 # and some of the following:
 mount -t proc proc $CHROOT/proc
 mount -t devpts devpts $CHROOT/dev/pts
 mount -t selinuxfs selinux $CHROOT/selinux

Reference: http://www.debian.org/doc/manuals/reference/ch-tips.en.html

mock

With mock, it would be more like: 

 mock -r fedora-devel-i386 --init
 mock -r fedora-devel-i386 --shell

X11

Most X11 servers are configured to disable TCP connections. This means that in order to get a working X connection we can:

  1. bind-mount the X unix socket into the chroot.
  2. ssh into the chroot with X11-forwarding enabled.
  3. Enable TCP on an X server, e.g. a nested Xephyr.

We're going to try option (3) first: 

Xephyr -ac :1

And, inside the chroot, set the DISPLAY to localhost:1.

D-Bus

Sugar wants to be able to use global state stored in both HAL and NetworkManager, both of which live on the system bus. Consequently, we need to bind-mount 

 mount --bind /var/run/dbus $CHROOT/var/run/dbus

before entering the chroot. (Mock uses unshare() to enter a new mount-point namespace since this makes garbage collection of mountpoints much easier.)

It also wants to have a session bus so, inside the chroot, as user sugar: 

 export DBUS_SESSION_BUS_ADDRESS=$(dbus-daemon --session --print-address --fork)

User Account

For stupid reasons, it's necessary that Sugar run under a uid inside the chroot which exists as a real account outside the chroot. (Talk to the DBus people.)

Consequently, run something like this both inside and outside the chroot: 

 groupadd -g 64002 sugar
 useradd -m -u 64002 -g sugar -s /bin/bash sugar

Then, inside the chroot, you can happily run sugar as user 'sugar' with something like 

 su sugar -
 export DISPLAY=:1
 export DBUS_SESSION_BUS_ADDRESS=$(dbus-daemon --session --print-address --fork)
 sugar

Jhbuild

After, you can also build sugar inside your chroot without compromising your main system.

Retrieved from "https://wiki.sugarlabs.org/index.php?title=Development_Team/Chroot&oldid=29643"