From owner-freebsd-hackers@freebsd.org Mon Mar 26 03:54:32 2018 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 60C8CF6731E for ; Mon, 26 Mar 2018 03:54:32 +0000 (UTC) (envelope-from theron.tarigo@gmail.com) Received: from mail-qt0-x22d.google.com (mail-qt0-x22d.google.com [IPv6:2607:f8b0:400d:c0d::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E81ED688DC for ; Mon, 26 Mar 2018 03:54:31 +0000 (UTC) (envelope-from theron.tarigo@gmail.com) Received: by mail-qt0-x22d.google.com with SMTP id g5so7122714qth.7 for ; Sun, 25 Mar 2018 20:54:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=LBOwB1I8MMVRGNrlOBaiUmFEpI/Sxuej1Vro/GMWQdo=; b=AdtdxU/tMRK6Xv/zqeB/qcExBdZ2l66M/i+hSargWF8JyzHOFzb2tNo6yUZTUNQxuq Q3f593FuVvlzZLdT2BiBgfNqEt9C/hRThkspbrA0o4nMDcNPyigyR+hPOY89OMzSuiCm mRJuB1gvEy441uvSG6IF7L9SIeryOPX529Cbu/OT1efVDbj/5i7oKE/sovk44DMYDRzL 48vyskHIOVuDSNq3N/Gz+ulP4geGEU8uq9GHjUgivCR+U0GknxtkcUnAaUwKkrL1U5P9 jpf3zlRYihWDm7yhc4UvrRIUZlOMHuTxUwib+mvYEdf6jet0hibrgE5nLbu0qOGXuRik QlLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:subject:to:cc:references:from:message-id :date:user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=LBOwB1I8MMVRGNrlOBaiUmFEpI/Sxuej1Vro/GMWQdo=; b=J0pQh2tJ+qTM29XMUOtPnIM+b/9OJdluUr5kYvNzEUg1NqGOgh/nwwcSy5Lzc2HGi5 zfyFOKxz5y0thG42wZaaG67aYGE2GGwEYz4ejMXXyOD8q1+VMbkjStKc5DZ4IoQfDMzc E/hi3EyjD6tU6Mwho5sCLFJdNqe/4gMUE1Nkk5183C/gJZIsUiErh7bmVYzqyGbLPXfY VHf2B2uO0LHA+Lo9nIBEoeDOcb/YVeRRjT1m3Gb9QLEHD5vxAiYI0RfY2IH5W9EN+al5 Q1iLo3h8wAzwfMy9b6eD+VFQdAottpepojUCL+3Ae1t2PJxqX0zKyrWn7fiOyDSRYyX3 RP6w== X-Gm-Message-State: AElRT7FFrszPYrj1FcxDas67UI5VPT9WODh/K7VgWTzBgjCewytCafAH NIZ8bJgwVJoB2467nqP7iJaulX1J X-Google-Smtp-Source: AIpwx4+sjEJ7uSZHm4tBI3oJdrT8K/cBBiFrGe++T5D8k3mGUVIow/h1YDireHaj+0gaD5dIsv6mlw== X-Received: by 10.200.81.200 with SMTP id d8mr20896237qtn.1.1522036471337; Sun, 25 Mar 2018 20:54:31 -0700 (PDT) Received: from [168.122.12.186] (dhcp-wifi-8021x-168-122-12-186.bu.edu. [168.122.12.186]) by smtp.gmail.com with ESMTPSA id a12sm10699234qtm.74.2018.03.25.20.54.30 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 25 Mar 2018 20:54:30 -0700 (PDT) Sender: Theron Tarigo Subject: Re: GSoC Idea: Fakechroot on FreeBSD; Ports building in clean non-root environment To: Ryan Stone Cc: "freebsd-hackers@freebsd.org" References: From: Theron Tarigo Message-ID: Date: Sun, 25 Mar 2018 23:54:30 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Mar 2018 03:54:32 -0000 On 03/25/18 22:17, Ryan Stone wrote: > Hi Theron, > > Earlier in the year I experimented with a similar idea, although my > goal was quite different. I eventually hit a roadblock that I wasn't > able to overcome: on FreeBSD, /usr/bin/cc and /usr/bin/c++ are > statically linked binaries. The makes it impossible to intercept any > system calls made by the "victim" binary. Would this be a problem for > what you're trying to do? I'm not very familiar with the ports build > process. Hi Ryan, Thanks for pointing this out.  This will somewhat complicate the process - the fakechroot component will need to be statically linked into these binaries, which then would need to live somewhere as modified copies to achieve the goal of providing a solution that may be used without modification of the base installed system.  However, the number of these static binaries is small - apart from a few exceptions which aren't involved in compiling ports (devd, init), it seems to be limited to the compiler toolchain.  Within the realm of software provided by ports, "pkg-static" is the only statically linked binary I can find in my system.  Appropriately modified static toolchain binaries may be provided as a port, which has the additional advantage of further decoupling the ports building process from the local base system.  Using the existing llvm60 port might be another way, as these binaries are all dynamically linked, however many existing ports are tested to work with the toolchain from base, not with the one from the llvm port. Theron