On 9/11/19 6:14 AM, Vít Ondruch wrote:
Dne 11. 09. 19 v 11:56 Miroslav Suchý napsal(a):
Please comment there:
https://github.com/rpm-software-management/mock/issues/331
Copy of Comment #0:
This is Request For Comments.
When systemd-nspawn has been added to mock, it brought a lot of bugs. For the
transition period we introduced
--old-chroot and --new-chroot. The intent was to steer toward the new chroot as
mock running containers is more secure
and everything. And maybe one day allow choosing between nspawn, docker, podman
and others.
But the world went another way. When people are interested in containers, they
usually do not want mock to run a
container, but they run mock inside of a container. When mock is running inside
of container then there is no need for
additional isolation and no one really wants to run another container inside of
a container. Therefore the --old-chroot
is a good choice when you run inside of a container.
My intention is to keep --old-chroot indefinitely and actually recommend it
when mock is running in a container. And
maybe later automatically choose old or new one depending on if mock is running
in a container or on bare metal.
In this situation, the names old/new are quite misleading. As it hints that you
should rather use the new stuff rather
than the old ones.
Therefore I want to rename (in fact, make alias) for those command-line options.
--old-chroot -> --simple-chroot
--new-chroot -> --container-chroot ??? I want to avoid confusion here
whether this option use container for chroot
(nspawn) or it is recommended to use when running in container.
I would like to hear your comments and ideas.
My first idea was:
--old-chroot -> --chroot
--new-chroot -> --container
But that is probably the confusion you are talking about. So should you
change this to something like `--isolation=[chroot,nspawn]`? At the and,
there are tools/technologies such as chroot and nspawn, which mock
facilitates to "isolate" (of course we can debate what level of
isolation chroot provides ...) the build environment from the rest of
the system.
I like the idea of `--isolation=`. To me this affords the best
clarity and also makes room for values of {none,{auto|detect}} or
whatever as well should those ever seem appropriate.
_______________________________________________
buildsys mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
