README.md: put chroot style information together, extend

This commit is contained in:
Piotr Wójcik 2021-08-10 20:46:25 +02:00 committed by Piotr
parent 980ce1777d
commit 772b15704c

View file

@ -46,17 +46,12 @@ For bootstrapping additionally:
- install(1) - GNU coreutils - install(1) - GNU coreutils
- objcopy(1), objdump(1), strip(1): binutils - objcopy(1), objdump(1), strip(1): binutils
`xbps-src` requires a utility to chroot and bind mount existing directories `xbps-src` requires [a utility to chroot](#chroot-methods) and bind mount existing directories
into a `masterdir` that is used as its main `chroot` directory. `xbps-src` supports into a `masterdir` that is used as its main `chroot` directory. `xbps-src` supports
multiple utilities to accomplish this task: multiple utilities to accomplish this task.
- `bwrap` - bubblewrap, see https://github.com/projectatomic/bubblewrap.
- `ethereal` - only useful for one-shot containers, i.e docker (used with CI).
- `xbps-uunshare(1)` - XBPS utility that uses `user_namespaces(7)` (part of xbps, default).
- `xbps-uchroot(1)` - XBPS utility that uses `namespaces` and must be `setgid` (part of xbps).
> NOTE: `xbps-src` does not allow building as root anymore. Use one of the chroot > NOTE: `xbps-src` does not allow building as root anymore. Use one of the chroot
methods shown above. methods.
<a name="quick-start"></a> <a name="quick-start"></a>
### Quick start ### Quick start
@ -100,6 +95,8 @@ Alternatively, packages can be installed with the `xi` utility, from the `xtools
#### xbps-uunshare(1) (default) #### xbps-uunshare(1) (default)
XBPS utility that uses `user_namespaces(7)` (part of xbps, default without `-t` flag).
This utility requires these Linux kernel options: This utility requires these Linux kernel options:
- CONFIG\_NAMESPACES - CONFIG\_NAMESPACES
@ -112,6 +109,11 @@ options it will fail with `EINVAL (Invalid argument)`.
#### xbps-uchroot(1) #### xbps-uchroot(1)
XBPS utility that uses `namespaces` and must be `setgid` (part of xbps).
> NOTE: This is the only method that implements functionality of `xbps-src -t`, therefore the
flag ignores the choice made in configuration files and enables `xbps-uchroot`.
This utility requires these Linux kernel options: This utility requires these Linux kernel options:
- CONFIG\_NAMESPACES - CONFIG\_NAMESPACES
@ -138,6 +140,16 @@ If for some reason it's erroring out as `ERROR clone (Operation not permitted)`,
your user is a member of the required `group` and that `xbps-uchroot(1)` utility has the your user is a member of the required `group` and that `xbps-uchroot(1)` utility has the
proper permissions and owner/group as explained above. proper permissions and owner/group as explained above.
#### bwrap(1)
bubblewrap, sandboxing tool for unprivileged users that uses
user namespaces or setuid.
See <https://github.com/containers/bubblewrap>.
#### ethereal
Destroys host system it runs on. Only useful for one-shot containers, i.e docker (used with CI).
<a name="install-bootstrap"></a> <a name="install-bootstrap"></a>
### Install the bootstrap packages ### Install the bootstrap packages
@ -424,11 +436,8 @@ To use xbps-src in your Linux distribution use the following instructions. Let's
$ tar xvf xbps-static-latest.<arch>-musl.tar.xz -C ~/XBPS $ tar xvf xbps-static-latest.<arch>-musl.tar.xz -C ~/XBPS
$ export PATH=~/XBPS/usr/bin:$PATH $ export PATH=~/XBPS/usr/bin:$PATH
If your system does not support `user namespaces`, a privileged group is required to be able to use If `xbps-uunshare` does not work because of lack of `user_namespaces(7)` support,
`xbps-uchroot(1)` with xbps-src, by default it's set to the `xbuilder` group, change this to your desired group: try other [chroot methods](#chroot-methods).
# chown root:<group> ~/XBPS/usr/bin/xbps-uchroot.static
# chmod 4750 ~/XBPS/usr/bin/xbps-uchroot.static
Clone the `void-packages` git repository: Clone the `void-packages` git repository: