[fedora-virt] Spec weirdness

[Daniel P. Berrange]

On Mon, Aug 10, 2009 at 07:17:38PM +0100, Daniel P. Berrange wrote:
> On Mon, Aug 10, 2009 at 10:40:16AM -0700, Jesse Keating wrote:
> > I'm looking at the spec file for libguestfs, and all I can say is WTF.
> > There is a lot of crazyness going on in this spec, chroots within
> > chroots, making a repo of yum cache packages and using it again, calling
> > qemu, and none of it is really documented in the spec as for what and
> > why things are done this way.
> > 
> > The review for this is extremely light on comments regarding the spec
> > file construction as well, it looks very suspiciously like "it built and
> > passed rpmlint, let it in!"

> The idea of (fe|de)bootstrap is to allow ordinary unprivileged users to 
> be able to install a set of packages (RPMS / Debs) into a virtual root 
> directory of their own, without needing any privileged component. 
> This is done by using fakeroot & fakechroot. If a user builds libguestfs 

BTW, for those not familiar with fakeroot/fakechroot, the man pages have
quite useful descriptions

For fakeroot

       fakeroot runs a command in an environment wherein it appears  to
       have  root privileges for file manipulation.  This is useful for
       allowing users to create archives  (tar,  ar,  .deb  etc.)  with
       files in them with root permissions/ownership.  Without fakeroot
       one would need to have root privileges to create the constituent
       files  of  the  archives with the correct permissions and owner-
       ship, and then pack them up, or one would have to construct  the
       archives directly, without using the archiver.

       fakeroot  works by replacing the file manipulation library func-
       tions (chmod(2), stat(2) etc.) by ones that simulate the  effect
       the  real  library functions would have had, had the user really
       been root. These wrapper  functions  are  in  a  shared  library
       /usr/lib/libfakeroot.so*  which is loaded through the LD_PRELOAD
       mechanism of the dynamic loader. (See ld.so(8))


And for fakechroot

       fakechroot runs a command in an environment were is additional
       possibility to use chroot(8) command without root privileges.
       This is useful for allowing users to create own chrooted
       environment with possibility to install another packages without
       need for root privileges.

       fakechroot replaces more library functions (chroot(2), open(2),
       etc.) by ones that simulate the effect the real library
       functions would have had, had the user really been in chroot.
       These wrapper functions are in a shared library
       /usr/lib/fakechroot/libfakechroot.so which is loaded through the
       LD_PRELOAD mechanism of the dynamic loader.  (See ld.so(8))

       ....

       In the current version, the fakechroot does not provide the
       fakeroot(1) functionality! You might to call fakechroot with
       fakeroot command, if you want to emulate root environment, i.e.:

        $ fakeroot fakechroot /usr/sbin/chroot /tmp/debian /bin/sh
        # id
        uid=0(root) gid=0(root) groups=0(root)


And most importantly of all on security

       fakeroot is a regular, non-setuid program. It does not enhance a
       user’s privileges, or decrease the system’s security.
        
       fakechroot is a regular, non-setuid program.  It does not
       enhance a user’s privileges, or decrease the system’s security.

Regards,
Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|