-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Somebody in the thread at some point said: | Andy Green wrote: |> You might need an entry in ./etc/shells, which fakeroot can sort out for |> you enough to create a tarball from ./etc that says the right "root" |> permissions, but you will never need an entry in build host /etc/shells |> as part of this. | | Ah, interesting. I hadn't known that one. Thanks for the pointer ! | | So you'd install things under, say, fakeroot/root/, run the postinst | scripts under chroot, with a wrapper (also running under fakeroot) | that chroots to fakeroot/root/, and once postinst is done, you'd exit | the chroot and tar fakeroot/root/ into fakeroot/root.tar while still | running under fakeroot, so that the permissing in the tar file are | correct.
Yes it's pretty cool trick... and all the time you are normal user really, just electing to fool yourself temporarily (you can't fool anyone else though directly) that you can get some things only allowed to root. Dunno about opkg but on rpm anyway you don't need to deal with a chroot, you can give --root= and it will take care about chroot-type unpack actions while leaving real /bin accessible. | Okay, that solves the problem of needing root to do things when | you don't or are too afraid to use it. I had just assumed that we | can use root privileges when needed. | | However, it doesn't solve the cross-architecture problem. Anything | trying to explicitly run /bin/sh will still run into problems. Yeah. | It also doesn't seem to emulate mount, so we would need to find | something that created ext2 and VFAT file systems in user space. | I guess such things must exist - dumpe2fs already almost does it. I don't think we can totally eliminate root in whole scheme of things, at some point we have to mknod even with tar xf and that is a root-only job. Even with ext2 filesystem sitting there we have to dd to /dev/sdxn also root:root and 0660. But what we can do is push it back until the dangerous composition time is over and we have a simple tarball with relative paths. - -Andy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkkqppwACgkQOjLpvpq7dMp4nQCdFuWJ9qP3jRJOAkeg1sUC3/2A 2cwAoIbtQAyHPBgfB6lQhyjsQGtaBjlS =jBVS -----END PGP SIGNATURE----- _______________________________________________ devel mailing list [email protected] https://lists.openmoko.org/mailman/listinfo/devel
