From owner-freebsd-hackers@freebsd.org Sun Mar 25 05:54:29 2018 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C5448F70934 for ; Sun, 25 Mar 2018 05:54:29 +0000 (UTC) (envelope-from theron.tarigo@gmail.com) Received: from mail-qk0-x231.google.com (mail-qk0-x231.google.com [IPv6:2607:f8b0:400d:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5AB0F75918 for ; Sun, 25 Mar 2018 05:54:29 +0000 (UTC) (envelope-from theron.tarigo@gmail.com) Received: by mail-qk0-x231.google.com with SMTP id s188so17021529qkb.2 for ; Sat, 24 Mar 2018 22:54:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=+aDbwjQiirvSqG5ijQyVS/jwOqYMGKSFF2lghsyvVi4=; b=q5rzRhSJawnC+FaDirVaKrmP/zfAp8apoaCMeaZiWHXbjrmjkkUEFa3oMmOkkUwVbj TFiUu1yc7OAaaEBOZt9bpNZS8+n90vM93ZPVFdSy8GdJSzeuzLI8k8y8s6BYv+/XTj6m z5ekP77YuVGvt+2MBNui0Ebu/77ms1XRGGQaX/Wn0iU7r0T5PTUwdjUEaXZcjMnDqwzk WCINF5AVGc9rgb5TTIII9T1j9Fl+04gY66XHBHi4KORdNOl8Jln1immzPVy8wPWUZVMi 1TAfRzmkWdF0WEKD1zPXdXIpIYmxrYQu5DD7+s/BoVv8zm8ie5KO6ghvRCvxoly4M9Vx ExHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:to:from:subject:message-id:date :user-agent:mime-version:content-transfer-encoding:content-language; bh=+aDbwjQiirvSqG5ijQyVS/jwOqYMGKSFF2lghsyvVi4=; b=HcSh6XviB57uUB6vFqHEAL/fjNj567dttRnnT3SLWcz3CK0vjseJpqcxB2/Zl2mS2Z P8l6gi7fIzetpfJXqdHte6UWV1C9cm9eqIXxloEm1vuHyVyiF68HIMYrfpZdYD86enTO Ij57IdPsRPWs541WOP9IhTtgPcr03rK+4Q2SRv2crOmxrAH89l4leY7jXT+YJFzEhcCM Xb/fchQN/KJGMLF+FGyL8rXFB2X6JIqhFU1K/VsCZlpTR/a9tDpKhWV/bsAx93J2IQBA di/TVp2W9jgqr7AUow49wsDehO/OfecqgsTiQea6kBmjdvta4T4sGDb56Gvn6VJNHwRg hl5g== X-Gm-Message-State: AElRT7H2lJrx2JbUC1pFEohL7By5/njJ9BQyl4XyWcDoEi4x2VUNi5SU 0W75rmUCfgXT962cTjWnmt7nWJb7 X-Google-Smtp-Source: AG47ELvjKC3PYEQRK6juY6xjaTNRO8rJpAll6L7bkhDHRzmr3hEMLoQWznVoZiWgeqUgqjdPdD/MpA== X-Received: by 10.55.7.5 with SMTP id 5mr50137350qkh.290.1521957268585; Sat, 24 Mar 2018 22:54:28 -0700 (PDT) Received: from [168.122.12.186] (dhcp-wifi-8021x-168-122-12-186.bu.edu. [168.122.12.186]) by smtp.gmail.com with ESMTPSA id t36sm9244738qtd.69.2018.03.24.22.54.27 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 24 Mar 2018 22:54:28 -0700 (PDT) Sender: Theron Tarigo To: "freebsd-hackers@freebsd.org" From: Theron Tarigo Subject: GSoC Idea: Fakechroot on FreeBSD; Ports building in clean non-root environment Message-ID: Date: Sun, 25 Mar 2018 01:54:27 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Mar 2018 05:54:30 -0000 Hello All, I am an undergraduate a Boston University looking to contribute to FreeBSD this summer under GSoC.  I made a posting to this list last week about an idea to implement per-process namespaces, but I have decided that this would be too big in scope for GSoC and I have decided instead to revisit a more manageable idea with similar motivations. The motivation for this idea is to provided a way to safely and cleanly build ports without superuser privileges, jails, or touching the installed system in any way. The project would consist of two parts.  The first would be to write a utility providing similar functionality to the "fakechroot" already found on Debian GNU, but compatible with FreeBSD's libc. This utility would intercept calls to open(...) and related libc functions to emulate the behavior of running the program within a modified file namespace, but without requiring any special kernel functionality or superuser priviliges. Once this first part is out of the way, the utility will serve as the basis for a ports building script which is free to operate independently from the installed system.  One particular improvement I would like to make is to provide a command for fetching and installing (into a user-owned path) all build dependencies for a port from binary packages, saving space and time that would otherwise be needed to compile these from source.  Using the path redirection utility, "/usr/local" can be made to redirect to the user-owned installation, allowing unmodified binaries from the official package repository to function.  Furthermore, with such redirection of the PREFIX directory, binary packages may be built with the correct paths such that they may be later installed system-wide (by root) as with binary packages built by the existing processes. The project would consist of a few related small, manageable parts, therefore a proper proposal will be somewhat lengthy, although not representing an overly complex project.  Should proper integration with pkg and ports not be achievable in time, the path redirection utility itself and consequent ability to build ports within a clean, non-jail environment at the very least would be useful deliverables. I have several years of experience with programming in C and have previously implemented library function call intercepting tricks as will be needed for the fakechroot part of the project, so the approach is already familiar to me.  I have been a user of FreeBSD for the past two years and successfully maintain a personal system running CURRENT with a mix of installed binary packages and builds from ports, so I have familiarized myself with these parts of the system and have encountered some of the gotchas to be aware of.  I have previously performed an experiment in which I successfully built a working package of unmodified x11-servers/xorg-server without superuser or jails, which I accomplished through modifying PATH and LD_LIBRARY_PATH and with some other hacks.  However, I believe that due to limitations I encountered with this approach, a generalized file path redirection library is a more appropriate solution. Please let me know if you would be interested in mentoring this project or can suggest someone who might be. Thanks, Theron Tarigo