Bug#788764: live-build: Support building image without root.
Subject: live-build: Support building image without root. Package: live-build Version: 5.0~a8-1 Severity: wishlist Tags: upstream Dear Maintainer, At the momemt there seems to be no way to build a live image without root. In our environment we start lb build everytime a commit is pushed to our Git repo. But as live build reguire root. Everyone with access to the Git repo in practice have root access on the build server, and can install malicious software. Trying running lb build with fakeroot and fakechroot result in: lb config . /etc/fakechroot/debootstrap.env fakeroot fakechroot lb build | tee fake.log fake.log uploaded here: http://sprunge.us/eWUZ debootstrap.log uploaded here: http://sprunge.us/jdfe Regards Kristian Klausen -- Package-specific info: -- System Information: Debian Release: 8.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages live-build depends on: ii cdebootstrap 0.6.4 ii debootstrap 1.0.67 Versions of packages live-build recommends: ii cpio2.11+dfsg-4.1 ii live-boot-doc 4.0.2-1 ii live-config-doc 4.0.4-1 ii live-manual-html [live-manual] 1:4.0.1-1 live-build suggests no packages. -- no debconf information
Bug#788764: live-build: Support building image without root.
On 06/14/15 22:28, Kristian Klausen wrote: At the momemt there seems to be no way to build a live image without root. we've had some initial support for running lb with fakeroot/fakechroot at some point, but then removed it because we hit too many bugs in the process and it was too messy. are you interested in getting that back? if so, patches welcome. imho a much better/easier solution is to run the whole thing inside a linux container, something that live-build should do at some point by itself, but even then you'd require root (yes, unprivileged containers are possible, but they are still buggy too). -- Address:Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern Email: daniel.baum...@progress-technologies.net Internet: http://people.progress-technologies.net/~daniel.baumann/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
