GSoC Idea: Fakechroot on FreeBSD; Ports building in clean non-root environment

Sun Mar 25 05:54:30 UTC 2018

Hello All,

I am an undergraduate a Boston University looking to contribute to 
FreeBSD this summer under GSoC.  I made a posting to this list last week 
about an idea to implement per-process namespaces, but I have decided 
that this would be too big in scope for GSoC and I have decided instead 
to revisit a more manageable idea with similar motivations.

The motivation for this idea is to provided a way to safely and cleanly 
build ports without superuser privileges, jails, or touching the 
installed system in any way.

The project would consist of two parts.  The first would be to write a 
utility providing similar functionality to the "fakechroot" already 
found on Debian GNU, but compatible with FreeBSD's libc. This utility 
would intercept calls to open(...) and related libc functions to emulate 
the behavior of running the program within a modified file namespace, 
but without requiring any special kernel functionality or superuser 
priviliges.

Once this first part is out of the way, the utility will serve as the 
basis for a ports building script which is free to operate independently 
from the installed system.  One particular improvement I would like to 
make is to provide a command for fetching and installing (into a 
user-owned path) all build dependencies for a port from binary packages, 
saving space and time that would otherwise be needed to compile these 
from source.  Using the path redirection utility, "/usr/local" can be 
made to redirect to the user-owned installation, allowing unmodified 
binaries from the official package repository to function.  Furthermore, 
with such redirection of the PREFIX directory, binary packages may be 
built with the correct paths such that they may be later installed 
system-wide (by root) as with binary packages built by the existing 
processes.

The project would consist of a few related small, manageable parts, 
therefore a proper proposal will be somewhat lengthy, although not 
representing an overly complex project.  Should proper integration with 
pkg and ports not be achievable in time, the path redirection utility 
itself and consequent ability to build ports within a clean, non-jail 
environment at the very least would be useful deliverables.

I have several years of experience with programming in C and have 
previously implemented library function call intercepting tricks as will 
be needed for the fakechroot part of the project, so the approach is 
already familiar to me.  I have been a user of FreeBSD for the past two 
years and successfully maintain a personal system running CURRENT with a 
mix of installed binary packages and builds from ports, so I have 
familiarized myself with these parts of the system and have encountered 
some of the gotchas to be aware of.  I have previously performed an 
experiment in which I successfully built a working package of unmodified 
x11-servers/xorg-server without superuser or jails, which I accomplished 
through modifying PATH and LD_LIBRARY_PATH and with some other hacks.  
However, I believe that due to limitations I encountered with this 
approach, a generalized file path redirection library is a more 
appropriate solution.

Please let me know if you would be interested in mentoring this project 
or can suggest someone who might be.

Thanks,
Theron Tarigo