GSoC Idea: Fakechroot on FreeBSD; Ports building in clean non-root environment
Theron Tarigo
theron.tarigo at gmail.com
Sun Mar 25 05:54:30 UTC 2018
Hello All,
I am an undergraduate a Boston University looking to contribute to
FreeBSD this summer under GSoC. I made a posting to this list last week
about an idea to implement per-process namespaces, but I have decided
that this would be too big in scope for GSoC and I have decided instead
to revisit a more manageable idea with similar motivations.
The motivation for this idea is to provided a way to safely and cleanly
build ports without superuser privileges, jails, or touching the
installed system in any way.
The project would consist of two parts. The first would be to write a
utility providing similar functionality to the "fakechroot" already
found on Debian GNU, but compatible with FreeBSD's libc. This utility
would intercept calls to open(...) and related libc functions to emulate
the behavior of running the program within a modified file namespace,
but without requiring any special kernel functionality or superuser
priviliges.
Once this first part is out of the way, the utility will serve as the
basis for a ports building script which is free to operate independently
from the installed system. One particular improvement I would like to
make is to provide a command for fetching and installing (into a
user-owned path) all build dependencies for a port from binary packages,
saving space and time that would otherwise be needed to compile these
from source. Using the path redirection utility, "/usr/local" can be
made to redirect to the user-owned installation, allowing unmodified
binaries from the official package repository to function. Furthermore,
with such redirection of the PREFIX directory, binary packages may be
built with the correct paths such that they may be later installed
system-wide (by root) as with binary packages built by the existing
processes.
The project would consist of a few related small, manageable parts,
therefore a proper proposal will be somewhat lengthy, although not
representing an overly complex project. Should proper integration with
pkg and ports not be achievable in time, the path redirection utility
itself and consequent ability to build ports within a clean, non-jail
environment at the very least would be useful deliverables.
I have several years of experience with programming in C and have
previously implemented library function call intercepting tricks as will
be needed for the fakechroot part of the project, so the approach is
already familiar to me. I have been a user of FreeBSD for the past two
years and successfully maintain a personal system running CURRENT with a
mix of installed binary packages and builds from ports, so I have
familiarized myself with these parts of the system and have encountered
some of the gotchas to be aware of. I have previously performed an
experiment in which I successfully built a working package of unmodified
x11-servers/xorg-server without superuser or jails, which I accomplished
through modifying PATH and LD_LIBRARY_PATH and with some other hacks.
However, I believe that due to limitations I encountered with this
approach, a generalized file path redirection library is a more
appropriate solution.
Please let me know if you would be interested in mentoring this project
or can suggest someone who might be.
Thanks,
Theron Tarigo
More information about the freebsd-hackers
mailing list