New version of mock working (I think)
seth vidal
skvidal at linux.duke.edu
Mon Jun 26 20:10:36 UTC 2006
On Mon, 2006-06-26 at 15:02 -0500, Michael_E_Brown at Dell.com wrote:
> > -----Original Message-----
> > From: fedora-buildsys-list-bounces at redhat.com
> > [mailto:fedora-buildsys-list-bounces at redhat.com] On Behalf Of
> > Jesse Keating
> > Sent: Monday, June 26, 2006 2:59 PM
> > To: fedora-buildsys-list at redhat.com
> > Subject: Re: New version of mock working (I think)
> >
> > In Red Hat land we use mock to run commands in a chroot.
> > Examples would be buildinstall from anaconda, pkgorder from
> > anaconda, createrepo, repoview, things of this nature that
> > should be ran in an environment it is trying to build and in
> > some cases on a particular arch it is trying to build.
> >
> > This is IMHO outside the original scope of Mock, and it is
>
> Agreed.
>
> > something we're just making use of as it is convenient to use
> > the same code paths for generating a chroot, installing a
> > package set into said chroot, and doing something inside that
> > chroot. In our case that something isn't building a package,
> > its doing something else.
>
> For security implications, there is a push to make mock 'safe to run by
> semi- or non-trusted users'. The chroot option is not ever going to be
> safe, from what I can tell, so we might have to make a two-level scheme,
> or a privleged config option for enabling/disabling this.
>
> The 'mach' project has much greater ambitions on this front, and might
> be a better choice for you.
If converting things back over to 'mach' makes more sense then I'd
suggest going that path for all of it.
At the time we put mock together b/c we needed an immediate solution to
a specific problem with a certain set of prereqs.
Thomas has made a number of changes to mach, if it is happy for our use
case then go with it.
-sv
More information about the Fedora-buildsys-list
mailing list