GSoC Idea: Fakechroot on FreeBSD; Ports building in clean non-root environment

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

GSoC Idea: Fakechroot on FreeBSD; Ports building in clean non-root environment

Theron Tarigo
Hello All,

I am an undergraduate a Boston University looking to contribute to
FreeBSD this summer under GSoC.  I made a posting to this list last week
about an idea to implement per-process namespaces, but I have decided
that this would be too big in scope for GSoC and I have decided instead
to revisit a more manageable idea with similar motivations.

The motivation for this idea is to provided a way to safely and cleanly
build ports without superuser privileges, jails, or touching the
installed system in any way.

The project would consist of two parts.  The first would be to write a
utility providing similar functionality to the "fakechroot" already
found on Debian GNU, but compatible with FreeBSD's libc. This utility
would intercept calls to open(...) and related libc functions to emulate
the behavior of running the program within a modified file namespace,
but without requiring any special kernel functionality or superuser
priviliges.

Once this first part is out of the way, the utility will serve as the
basis for a ports building script which is free to operate independently
from the installed system.  One particular improvement I would like to
make is to provide a command for fetching and installing (into a
user-owned path) all build dependencies for a port from binary packages,
saving space and time that would otherwise be needed to compile these
from source.  Using the path redirection utility, "/usr/local" can be
made to redirect to the user-owned installation, allowing unmodified
binaries from the official package repository to function.  Furthermore,
with such redirection of the PREFIX directory, binary packages may be
built with the correct paths such that they may be later installed
system-wide (by root) as with binary packages built by the existing
processes.

The project would consist of a few related small, manageable parts,
therefore a proper proposal will be somewhat lengthy, although not
representing an overly complex project.  Should proper integration with
pkg and ports not be achievable in time, the path redirection utility
itself and consequent ability to build ports within a clean, non-jail
environment at the very least would be useful deliverables.

I have several years of experience with programming in C and have
previously implemented library function call intercepting tricks as will
be needed for the fakechroot part of the project, so the approach is
already familiar to me.  I have been a user of FreeBSD for the past two
years and successfully maintain a personal system running CURRENT with a
mix of installed binary packages and builds from ports, so I have
familiarized myself with these parts of the system and have encountered
some of the gotchas to be aware of.  I have previously performed an
experiment in which I successfully built a working package of unmodified
x11-servers/xorg-server without superuser or jails, which I accomplished
through modifying PATH and LD_LIBRARY_PATH and with some other hacks. 
However, I believe that due to limitations I encountered with this
approach, a generalized file path redirection library is a more
appropriate solution.

Please let me know if you would be interested in mentoring this project
or can suggest someone who might be.

Thanks,
Theron Tarigo
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: GSoC Idea: Fakechroot on FreeBSD; Ports building in clean non-root environment

Ryan Stone-2
Hi Theron,

Earlier in the year I experimented with a similar idea, although my
goal was quite different.  I eventually hit a roadblock that I wasn't
able to overcome: on FreeBSD, /usr/bin/cc and /usr/bin/c++ are
statically linked binaries.  The makes it impossible to intercept any
system calls made by the "victim" binary.  Would this be a problem for
what you're trying to do?  I'm not very familiar with the ports build
process.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: GSoC Idea: Fakechroot on FreeBSD; Ports building in clean non-root environment

Theron Tarigo
On 03/25/18 22:17, Ryan Stone wrote:
> Hi Theron,
>
> Earlier in the year I experimented with a similar idea, although my
> goal was quite different.  I eventually hit a roadblock that I wasn't
> able to overcome: on FreeBSD, /usr/bin/cc and /usr/bin/c++ are
> statically linked binaries.  The makes it impossible to intercept any
> system calls made by the "victim" binary.  Would this be a problem for
> what you're trying to do?  I'm not very familiar with the ports build
> process.
Hi Ryan,

Thanks for pointing this out.  This will somewhat complicate the process
- the fakechroot component will need to be statically linked into these
binaries, which then would need to live somewhere as modified copies to
achieve the goal of providing a solution that may be used without
modification of the base installed system.  However, the number of these
static binaries is small - apart from a few exceptions which aren't
involved in compiling ports (devd, init), it seems to be limited to the
compiler toolchain.  Within the realm of software provided by ports,
"pkg-static" is the only statically linked binary I can find in my
system.  Appropriately modified static toolchain binaries may be
provided as a port, which has the additional advantage of further
decoupling the ports building process from the local base system.  Using
the existing llvm60 port might be another way, as these binaries are all
dynamically linked, however many existing ports are tested to work with
the toolchain from base, not with the one from the llvm port.

Theron
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[hidden email]"