Difference between revisions of "Development Team/Chroot"
m (→X11) |
(→X11) |
||
Line 34: | Line 34: | ||
We're going to try option (3) first: | We're going to try option (3) first: | ||
− | + | # ''outside chroot'' | |
− | + | DISP=:1 # adjust to suit your configuration | |
− | |||
− | |||
− | DISP=:1 # adjust to suit | ||
COOKIE=$(mcookie) | COOKIE=$(mcookie) | ||
AUTH=$(mktemp) | AUTH=$(mktemp) | ||
− | echo "add | + | echo "add $DISP . $COOKIE" | xauth -f "$AUTH" |
echo "add these commands to clients:" | echo "add these commands to clients:" | ||
echo "export DISPLAY=\"localhost$DISP\"" | echo "export DISPLAY=\"localhost$DISP\"" | ||
Line 47: | Line 44: | ||
Xephyr -auth "$AUTH" -reset -terminate "$DISP" && rm "$AUTH" | Xephyr -auth "$AUTH" -reset -terminate "$DISP" && rm "$AUTH" | ||
− | And, ''inside'' the chroot | + | And, ''inside'' the chroot, set the <tt>DISPLAY</tt> and <tt>XAUTHORITY</tt> variables as directed by the setup script. |
− | |||
− | |||
− | |||
=== D-Bus === | === D-Bus === |
Revision as of 08:54, 22 May 2009
Sugar ought to be easy to run from chroots. For a variety of silly reasons, this isn't yet the case, but it might be soon. Ping Michael with questions.
Chroot Construction
There are lots of ways to create appropriate chroots; e.g. by hand, with debootstrap, with mock, etc.
debootstrap
With debootstrap, in order to get a working chroot, you want something like:
export CHROOT=`pwd`/sid-root sudo debootstrap --arch i386 sid $CHROOT http://debian.lcs.mit.edu/debian sudo chroot $CHROOT /bin/bash -l # and some of the following: mount -t proc proc $CHROOT/proc mount -t devpts devpts $CHROOT/dev/pts mount -t selinuxfs selinux $CHROOT/selinux
Reference: http://www.debian.org/doc/manuals/reference/ch-tips.en.html
mock
With mock, it would be more like:
mock -r fedora-devel-i386 --init mock -r fedora-devel-i386 --shell
X11
Most X11 servers are configured to disable TCP connections. This means that in order to get a working X connection we can:
- bind-mount the X unix socket into the chroot.
- ssh into the chroot with X11-forwarding enabled.
- Enable TCP on an X server, e.g. a nested Xephyr.
We're going to try option (3) first:
# outside chroot DISP=:1 # adjust to suit your configuration COOKIE=$(mcookie) AUTH=$(mktemp) echo "add $DISP . $COOKIE" | xauth -f "$AUTH" echo "add these commands to clients:" echo "export DISPLAY=\"localhost$DISP\"" echo "export XAUTHORITY=\"$AUTH\"" Xephyr -auth "$AUTH" -reset -terminate "$DISP" && rm "$AUTH"
And, inside the chroot, set the DISPLAY and XAUTHORITY variables as directed by the setup script.
D-Bus
Sugar wants to be able to use global state stored in both HAL and NetworkManager, both of which live on the system bus. Consequently, we need to bind-mount
mount --bind /var/run/dbus $CHROOT/var/run/dbus
before entering the chroot. (Mock uses unshare() to enter a new mount-point namespace since this makes garbage collection of mountpoints much easier.)
User Account
For stupid reasons, it's necessary that Sugar run under a uid inside the chroot which exists as a real account outside the chroot. (Talk to the DBus people.)
Consequently, run something like this both inside and outside the chroot:
groupadd -g 64002 sugar useradd -m -u 64002 -g sugar sugar
Then, inside the chroot, you can happily run sugar as user 'sugar' with something like
cat > as_person <<EOF #!/usr/bin/env python from os import environ, chdir, setgroups, setgid, setuid, execve from sys import argv from pwd import getpwnam user = getpwnam(argv[1]) environ['HOME'] = user.pw_dir environ['USER'] = user.pw_name chdir(user.pw_dir) setgroups([user.pw_gid]) setgid(user.pw_gid) setuid(user.pw_uid) execve(argv[2], argv[2:], environ) EOF chmod a+x as_person ./as_person sugar /usr/bin/sugar
Jhbuild
After you can also build sugar inside your chroot without compromising your main system.