Just for the heck of it, this PoC PR disables the native solbuild namespace and networking setup, and calls ypkg via a rootlesskit chroot invocation directly instead of calling fakeroot as the 'build' user in a solbuild managed container.
This commit assumes the a priori existence of the solbuild user/group on the host system and assumes that this user has been set up with subuids and subgids.
NB: The current draft does not support networking (but rootlesskit has facilities for turning it on).
To enable networking support, the build command will need to be something like rootlesskit --net=slirp4netns --copy-up=/etc --disable-host-loopback ypkg-build (...).
This implies that the build executable command could perhaps be set from builder/manager.go (which is where networking is enabled currently).
Current status (as of e128f7ed0c1a17354cf04d75091798a8d238d7fb):
Just for the heck of it, this PoC PR disables the native solbuild namespace and networking setup, and calls ypkg via a rootlesskit chroot invocation directly instead of calling fakeroot as the 'build' user in a solbuild managed container.
This commit assumes the a priori existence of the solbuild user/group on the host system and assumes that this user has been set up with subuids and subgids.
NB: The current draft does not support networking (but rootlesskit has facilities for turning it on).
To enable networking support, the build command will need to be something like
rootlesskit --net=slirp4netns --copy-up=/etc --disable-host-loopback ypkg-build (...)
.This implies that the build executable command could perhaps be set from builder/manager.go (which is where networking is enabled currently).
Current status (as of e128f7ed0c1a17354cf04d75091798a8d238d7fb):