On Mon, 2006-06-26 at 15:02 -0500, Michael_E_Brown(a)Dell.com wrote:
> -----Original Message-----
> From: fedora-buildsys-list-bounces(a)redhat.com
> [mailto:fedora-buildsys-list-bounces@redhat.com] On Behalf Of
> Jesse Keating
> Sent: Monday, June 26, 2006 2:59 PM
> To: fedora-buildsys-list(a)redhat.com
> Subject: Re: New version of mock working (I think)
>
> In Red Hat land we use mock to run commands in a chroot.
> Examples would be buildinstall from anaconda, pkgorder from
> anaconda, createrepo, repoview, things of this nature that
> should be ran in an environment it is trying to build and in
> some cases on a particular arch it is trying to build.
>
> This is IMHO outside the original scope of Mock, and it is
Agreed.
> something we're just making use of as it is convenient to use
> the same code paths for generating a chroot, installing a
> package set into said chroot, and doing something inside that
> chroot. In our case that something isn't building a package,
> its doing something else.
For security implications, there is a push to make mock 'safe to run by
semi- or non-trusted users'. The chroot option is not ever going to be
safe, from what I can tell, so we might have to make a two-level scheme,
or a privleged config option for enabling/disabling this.
The 'mach' project has much greater ambitions on this front, and might
be a better choice for you.
If converting things back over to 'mach' makes more sense then I'd
suggest going that path for all of it.
At the time we put mock together b/c we needed an immediate solution to
a specific problem with a certain set of prereqs.
Thomas has made a number of changes to mach, if it is happy for our use
case then go with it.
-sv