[Piuparts-devel] Bug#1018893: support for unshare in some form

Jelmer Vernooij jelmer at debian.org
Thu Sep 1 16:51:19 BST 2022 

Package: piuparts
Severity: wishlist

It would be great if piuparts supported root-less operation, ideally in a less
complicated way than via podman+docker.

Conversation in #debian-qa suggests the are various options for building on
top of infrastructure that's provided by other packages, e.g. sbuild,
autopkgtest or mmdebootstrap.

<josch> Jelmer, h01ger: I'd second what helmut said. With mmdebstrap you get the equivalent of "lxc-usernsexec -- lxc-unshare -s 'MOUNT|PID|UTSNAME|IPC' -- /usr/sbin/chroot ./debian-rootfs /bin/bash" but without having to depend on lxc -- You can see a variant of this in the mmdebstrap man page where mmdebstrap is used as a wrapper of debootstrap to fix #829134. That way you can run debootstrap without 
needing root: mmdebstrap --variant=custom --mode=unshare --setup-hook='env container=lxc debootstrap unstable "$1"' - debian-debootstrap.tar

Alternatively, if you want to depend on neither lxc nor mmdebstrap, a number of tools implemented a simple unshare backend already using code like this:

https://salsa.debian.org/debian/sbuild/-/blob/main/lib/Sbuild/Utility.pm#L382

or this: https://salsa.debian.org/ci-team/autopkgtest/-/blob/master/virt/autopkgtest-virt-unshare#L131

re-using the unshare functionality of either mmdebstrap, sbuild or autopkgtest would probably be best

there was some discussion whether those three tools could share some code here: https://salsa.debian.org/ci-team/autopkgtest/-/merge_requests/138#note_306768
unfortunately i don't see how

if somebody wants to work on unshare support for piuparts, feel free to ask me questions about unshare or its implementation in mmdebstrap, sbuild or autopkgtest

the other people in the know are smcv and jochensp

oh and there is this as a standalone replacement: https://gitlab.mister-muffin.de/josch/user-unshare/src/branch/main/user-unshare

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
merged-usr: no
Architecture: amd64 (x86_64)

Kernel: Linux 5.18.0-4-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages piuparts depends on:
ii  debootstrap      1.0.127
pn  debsums          <none>
ii  libjs-sphinxdoc  4.5.0-4
ii  lsb-release      11.2
ii  lsof             4.95.0-1
ii  mount            2.38.1-1
pn  piuparts-common  <none>
ii  python3          3.10.6-1
ii  python3-debian   0.1.47

Versions of packages piuparts recommends:
pn  adequate  <none>

Versions of packages piuparts suggests:
pn  docker.io  <none>
pn  schroot    <none>

More information about the Piuparts-devel mailing list