On 09/12/2014 21:04, Colin Walters wrote: > On Thu, Dec 4, 2014, at 06:24 AM, Harald van Dijk wrote: >> Hello, >> >> I've recently been trying to use Nix in a somewhat different way than >> NixOS, and the builders I've got, it would be useful if they were able >> to run unshare -r. > > You might be interested in > https://git.gnome.org/browse/linux-user-chroot > > gnome-continuous uses it to do all builds chrooted as non-root, including > buildroot construction as non-root. > > It might eventually be obsoleted by user namespace support in the kernel, but > it's been quite useful in the last 4 years for my higher level tools.
Thanks, I appreciate the link. Perhaps surprisingly, though, is that one of the dependencies I am trying to avoid is really hardcoded build users: I've seen builders (of mine, not checked in Nixpkgs) that create e.g. tar archives from files created by that same builder, so the contents of those tar archives store the file owner, meaning the builder output depends on which of the several build users is used. I've come to the conclusion that fixing this reliably is best done by making those packages think they are always the same user (0). There was already the fakeroot package for that, and admittedly it does have its advantages (a daemon that remembers faked file ownership information, for instance), but it has drawbacks too: at the very least, I seem to remember various test suites breaking if running under fakeroot, so it requires careful planning to determine which bits should run under fakeroot and which bits shouldn't. That's a reason for me to give unshare -r a try instead. The chroot ability is a nice bonus, and now that I've seen that it's possible I'm definitely making use of it, but it wasn't what led me to it. Cheers, Harald van Dijk _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
