[buildd-tools-devel] Bug#731573: Bug#731573: sbuild: Please clarify help output of sbuild-adduser

Roger Leigh rleigh at codelibre.net
Sun Dec 8 23:23:11 UTC 2013 

On Fri, Dec 06, 2013 at 10:51:28PM +0000, Reuben Thomas wrote:
> When I run sbuild-adduser, it outputs the following:

Before going into your questions in detail, let me just say that
if you're using sbuild with schroot, you can ignore this entirely.
In this case, we should probably skip printing of the message--
it's pointless for the vast majority of users.

These are notes of what you need to do to make sbuild work with
a chroot using sudo(8).  They are unfortunately quite terse,
and they look a bit bitrotted--they don't match current practice.

> # BUILD
> # HOME directory in chroot, user:sbuild, 0770 perms, from
> # passwd/group copying to chroot, filtered
> # Maybe source 50sbuild, or move into common location.
> 
> I find this hard to understand, even after some searching online and
> reading the documentation. I end up with the following questions:
> 
> 1. Is BUILD an environment variable? What must I do with it? (It’s not
> mentioned in sbuild(1))

I'm not sure myself and I wrote it (!).  It's either incomplete or had
some meaning which was "obvious" at the time.  I suspect it might be
something to do with creating a build directory inside the chroot.

> 2. Does the second line mean that I should set up a HOME directory in
> the chroot, with user:group user:sbuild (why not substitute the first
> user argument supplied to sbuild-adduser to be more illustrative?),
> and 0770 perms?

I think so.  But I'm unsure it's correct; there's not current requirement
for your home directory to be owned by group sbuild, or even to be
present in the chroot.  I'd ignore it entirely.

> 3. I can’t work out whether the end of the second line “from…” is
> meant to lead into the third line (“passwd/group copying to chroot”)
> or not. Is this something about copying /etc/{passwd,group} to the
> chroot? Or passwords and groups for my user? What does “from” mean
> here? This is the bit I found hardest to understand. What does
> “filtered” mean here?

This is just saying that the user and group need to be in the passwd
and group databases inside the chroot by copying the databases from
the host system.  They can be filtered so that only the needed
entries are copied, e.g.

getent group sbuild >> $chroot/etc/group
getent passwd $users >> $chroot/etc/passwd

schroot does this automatically, so can be ignored if using schroot.

> 4. The last line: where should I source 50sbuild? If I move it into a
> common location, what would that be?

It's a historical schroot setup script for sbuild to do all this setup
stuff for you.  We moved it all into sbuild (lib/Sbuild/ChrootSetup.pm)
to handle it automatically and correctly for all use cases.

> All the above may mean something to a seasoned user, but I presume
> it’s intended to be helpful to a first timer. I first read this output
> while following along with the recipe in:
> https://wiki.debian.org/sbuild This page does not seem to refer to ANY
> of the matters referred to in the output of sbuild-adduser, which only
> left me more confused: should it be self-evident? Do I have to do
> something, or are those bits of advice either irrelevant to me, or
> covered somehow by other steps in the recipe on that page?

On a current system, the only setup requirement is that your user is
a member of the "sbuild" group; no additional setup is required if
using schroot.  sbuild-adduser should have done this for you.
If you are using sudo, then I think that should also just work
providing you update the passwd/group databases, but this isn't
something which is actively used much nowadays, and so doesn't get
much testing--the above text was last updated in 2008.


I will
- update this text to only be printed out when $chroot_mode == sudo
- fix the text to clearly document the actions which need to be taken
  (if we know ourselves), and remove the incorrect/obsolete material
- [future] removing sudo support, if possible, would remove a lot of
  bitrotted codepaths


Regards,
Roger

-- 
  .''`.  Roger Leigh
 : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
 `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20131208/bf0bf873/attachment.sig>

More information about the Buildd-tools-devel mailing list