[Rpm-ecosystem] lua, unprivileged rpm, and rpm-ostree
Colin Walters
walters at verbum.org
Thu Aug 11 17:39:40 UTC 2016
On Thu, Aug 11, 2016, at 12:25 PM, Neal Gompa wrote:
> There is a very important reason for Lua: it's the only way to do
> scripts without requiring an external interpreter. For packages that
> are part of the minimal rootfs required for building packages or
> creating containers or whatnot, this is critical in order to prevent a
> circular dependency error (package requires /bin/bash but bash isn't
> installed and can't be installed until the package is installed
> first). So, we do need it.
Yeah, this is a rationale on the http://www.rpm.org/wiki/PackagerDocs/RpmLua
page. But I can't think of a reason to ensure that at least everything
up to bash can be "installed" by simply unpacking. At that level the only
script that comes into play is ldconfig, which one can just run after.
I can't think of a good reason to make things harder than that. The
situation in Fedora with the `filesystem` package basically reimplementing
the `setup` package in lua is just crazy - just fold them into one, etc.
> Also, why can't the work you're doing go into RPM itself? It would be
> pretty nice if more of RPM's capabilities can operate in an
> unprivileged state.
Two reasons - first, basically all of the RPM filesystem code assumes it's
operating inside a chroot() call. I looked at undoing that assumption
and it's a high-risk rewrite.
In the larger picture of course, user namespaces are now in the kernel,
and that solves the "unprivileged chroot" problem, so that problem
is going to solve itself sooner than someone will rewrite the RPM I/O path.
But even if that was done, I really want to use the other core feature
ostree - the hardlink dedup/checkout.
More information about the Rpm-ecosystem
mailing list