[PR PATCH] README.md: put chroot style information together, extend

[PR PATCH] README.md: put chroot style information together, extend

[Chocimier]

[-- Attachment #1: Type: text/plain, Size: 359 bytes --]

There is a new pull request by Chocimier against master on the void-packages repository

https://github.com/Chocimier/void-packages-org chroot-styles
https://github.com/void-linux/void-packages/pull/32446

README.md: put chroot style information together, extend
None

A patch file from https://github.com/void-linux/void-packages/pull/32446.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-chroot-styles-32446.patch --]
[-- Type: text/x-diff, Size: 3463 bytes --]

From 14239e4dc33a7a99c9d163e17019daad6adcdd4a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Piotr=20W=C3=B3jcik?= <chocimier@tlen.pl>
Date: Tue, 10 Aug 2021 20:46:25 +0200
Subject: [PATCH] README.md: put chroot style information together, extend

---
 README.md | 35 ++++++++++++++++++++++-------------
 1 file changed, 22 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index 315e6858bfaf..16a1cbd37d25 100644
--- a/README.md
+++ b/README.md
@@ -46,17 +46,12 @@ For bootstrapping additionally:
 - install(1) - GNU coreutils
 - objcopy(1), objdump(1), strip(1): binutils
 
-`xbps-src` requires a utility to chroot and bind mount existing directories
+`xbps-src` requires [a utility to chroot](#chroot-methods) and bind mount existing directories
 into a `masterdir` that is used as its main `chroot` directory. `xbps-src` supports
-multiple utilities to accomplish this task:
-
- - `bwrap` - bubblewrap, see https://github.com/projectatomic/bubblewrap.
- - `ethereal` - only useful for one-shot containers, i.e docker (used with CI).
- - `xbps-uunshare(1)` - XBPS utility that uses `user_namespaces(7)` (part of xbps, default).
- - `xbps-uchroot(1)` - XBPS utility that uses `namespaces` and must be `setgid` (part of xbps).
+multiple utilities to accomplish this task.
 
 > NOTE: `xbps-src` does not allow building as root anymore. Use one of the chroot
-methods shown above.
+methods.
 
 <a name="quick-start"></a>
 ### Quick start
@@ -100,6 +95,8 @@ Alternatively, packages can be installed with the `xi` utility, from the `xtools
 
 #### xbps-uunshare(1) (default)
 
+XBPS utility that uses `user_namespaces(7)` (part of xbps, default).
+
 This utility requires these Linux kernel options:
 
 - CONFIG\_NAMESPACES
@@ -112,6 +109,11 @@ options it will fail with `EINVAL (Invalid argument)`.
 
 #### xbps-uchroot(1)
 
+This is the only method that implements functionality of `xbps-src -t`, therefore the
+flag enables it ignoring choice in configuration file.
+
+XBPS utility that uses `namespaces` and must be `setgid` (part of xbps).
+
 This utility requires these Linux kernel options:
 
 - CONFIG\_NAMESPACES
@@ -138,6 +140,16 @@ If for some reason it's erroring out as `ERROR clone (Operation not permitted)`,
 your user is a member of the required `group` and that `xbps-uchroot(1)` utility has the
 proper permissions and owner/group as explained above.
 
+#### bwrap(1)
+
+bubblewrap, setuid implementation of a subset of user namespaces
+for unprivileged users. Requires no other permissions.
+See <https://github.com/containers/bubblewrap>.
+
+#### ethereal
+
+Destroys host system it runs on. Only useful for one-shot containers, i.e docker (used with CI).
+
 <a name="install-bootstrap"></a>
 ### Install the bootstrap packages
 
@@ -424,11 +436,8 @@ To use xbps-src in your Linux distribution use the following instructions. Let's
     $ tar xvf xbps-static-latest.<arch>-musl.tar.xz -C ~/XBPS
     $ export PATH=~/XBPS/usr/bin:$PATH
 
-If your system does not support `user namespaces`, a privileged group is required to be able to use
-`xbps-uchroot(1)` with xbps-src, by default it's set to the `xbuilder` group, change this to your desired group:
-
-    # chown root:<group> ~/XBPS/usr/bin/xbps-uchroot.static
-    # chmod 4750 ~/XBPS/usr/bin/xbps-uchroot.static
+If xbps-uunshare does not work because of no `user namespaces` support,
+try other [chroot methods](#chroot-methods).
 
 Clone the `void-packages` git repository:
 

Re: [PR REVIEW] README.md: put chroot style information together, extend

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 333 bytes --]

New review comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/32446#discussion_r686248950

Comment:
```suggestion
XBPS utility that uses `namespaces` and must be `setgid` (part of `xbps` package in Void Linux).

```

Maybe this should go before the "This is the only..." paragraph?

Re: [PR REVIEW] README.md: put chroot style information together, extend

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 234 bytes --]

New review comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/32446#discussion_r686248601

Comment:
```suggestion
flag enables it and ignores the choice made in configuration files.
```

Re: [PR REVIEW] README.md: put chroot style information together, extend

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 192 bytes --]

New review comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/32446#discussion_r686248293

Comment:
"a chroot-like utility" maybe? or `chroot(1)`

Re: [PR REVIEW] README.md: put chroot style information together, extend

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 303 bytes --]

New review comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/32446#discussion_r686249425

Comment:
Our bwrap isn't suid, it uses user namespaces as well. I think something like "sandbox tool that can use user namespaces or be suid" would be more adequate.

Re: [PR REVIEW] README.md: put chroot style information together, extend

[ericonr]

[-- Attachment #1: Type: text/plain, Size: 294 bytes --]

New review comment by ericonr on void-packages repository

https://github.com/void-linux/void-packages/pull/32446#discussion_r686250208

Comment:
```suggestion
If `xbps-uunshare` does not work because of lack of `user_namespaces(7)` support,
try other [chroot methods](#chroot-methods).
```

Re: [PR PATCH] [Updated] README.md: put chroot style information together, extend

[Chocimier]

[-- Attachment #1: Type: text/plain, Size: 364 bytes --]

There is an updated pull request by Chocimier against master on the void-packages repository

https://github.com/Chocimier/void-packages-org chroot-styles
https://github.com/void-linux/void-packages/pull/32446

README.md: put chroot style information together, extend
None

A patch file from https://github.com/void-linux/void-packages/pull/32446.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-chroot-styles-32446.patch --]
[-- Type: text/x-diff, Size: 3492 bytes --]

From e3d105e6899a039968bcf5fda81b22eb5bfd7807 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Piotr=20W=C3=B3jcik?= <chocimier@tlen.pl>
Date: Tue, 10 Aug 2021 20:46:25 +0200
Subject: [PATCH] README.md: put chroot style information together, extend

---
 README.md | 35 ++++++++++++++++++++++-------------
 1 file changed, 22 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index 315e6858bfaf..320365ef921a 100644
--- a/README.md
+++ b/README.md
@@ -46,17 +46,12 @@ For bootstrapping additionally:
 - install(1) - GNU coreutils
 - objcopy(1), objdump(1), strip(1): binutils
 
-`xbps-src` requires a utility to chroot and bind mount existing directories
+`xbps-src` requires [a utility to chroot](#chroot-methods) and bind mount existing directories
 into a `masterdir` that is used as its main `chroot` directory. `xbps-src` supports
-multiple utilities to accomplish this task:
-
- - `bwrap` - bubblewrap, see https://github.com/projectatomic/bubblewrap.
- - `ethereal` - only useful for one-shot containers, i.e docker (used with CI).
- - `xbps-uunshare(1)` - XBPS utility that uses `user_namespaces(7)` (part of xbps, default).
- - `xbps-uchroot(1)` - XBPS utility that uses `namespaces` and must be `setgid` (part of xbps).
+multiple utilities to accomplish this task.
 
 > NOTE: `xbps-src` does not allow building as root anymore. Use one of the chroot
-methods shown above.
+methods.
 
 <a name="quick-start"></a>
 ### Quick start
@@ -100,6 +95,8 @@ Alternatively, packages can be installed with the `xi` utility, from the `xtools
 
 #### xbps-uunshare(1) (default)
 
+XBPS utility that uses `user_namespaces(7)` (part of xbps, default without `-t` flag).
+
 This utility requires these Linux kernel options:
 
 - CONFIG\_NAMESPACES
@@ -112,6 +109,11 @@ options it will fail with `EINVAL (Invalid argument)`.
 
 #### xbps-uchroot(1)
 
+XBPS utility that uses `namespaces` and must be `setgid` (part of xbps).
+
+> NOTE: This is the only method that implements functionality of `xbps-src -t`, therefore the
+flag ignores the choice made in configuration files and enables `xbps-uchroot`.
+
 This utility requires these Linux kernel options:
 
 - CONFIG\_NAMESPACES
@@ -138,6 +140,16 @@ If for some reason it's erroring out as `ERROR clone (Operation not permitted)`,
 your user is a member of the required `group` and that `xbps-uchroot(1)` utility has the
 proper permissions and owner/group as explained above.
 
+#### bwrap(1)
+
+bubblewrap, sandboxing tool for unprivileged users that uses
+user namespaces or setuid.
+See <https://github.com/containers/bubblewrap>.
+
+#### ethereal
+
+Destroys host system it runs on. Only useful for one-shot containers, i.e docker (used with CI).
+
 <a name="install-bootstrap"></a>
 ### Install the bootstrap packages
 
@@ -424,11 +436,8 @@ To use xbps-src in your Linux distribution use the following instructions. Let's
     $ tar xvf xbps-static-latest.<arch>-musl.tar.xz -C ~/XBPS
     $ export PATH=~/XBPS/usr/bin:$PATH
 
-If your system does not support `user namespaces`, a privileged group is required to be able to use
-`xbps-uchroot(1)` with xbps-src, by default it's set to the `xbuilder` group, change this to your desired group:
-
-    # chown root:<group> ~/XBPS/usr/bin/xbps-uchroot.static
-    # chmod 4750 ~/XBPS/usr/bin/xbps-uchroot.static
+If `xbps-uunshare` does not work because of lack of `user_namespaces(7)` support,
+try other [chroot methods](#chroot-methods).
 
 Clone the `void-packages` git repository:
 

Re: [PR REVIEW] README.md: put chroot style information together, extend

[Chocimier]

[-- Attachment #1: Type: text/plain, Size: 243 bytes --]

New review comment by Chocimier on void-packages repository

https://github.com/void-linux/void-packages/pull/32446#discussion_r686271056

Comment:
It is part of xbps whereever it is extracted, remark is more useful when you are outside Void.

Re: [PR REVIEW] README.md: put chroot style information together, extend

[Chocimier]

[-- Attachment #1: Type: text/plain, Size: 236 bytes --]

New review comment by Chocimier on void-packages repository

https://github.com/void-linux/void-packages/pull/32446#discussion_r686269731

Comment:
sentence reads "utility to chroot and bind mount existing directories", hard to rewrite

Re: [PR REVIEW] README.md: put chroot style information together, extend

[Chocimier]

[-- Attachment #1: Type: text/plain, Size: 153 bytes --]

New review comment by Chocimier on void-packages repository

https://github.com/void-linux/void-packages/pull/32446#discussion_r686271237

Comment:
done

Re: [PR REVIEW] README.md: put chroot style information together, extend

[Chocimier]

[-- Attachment #1: Type: text/plain, Size: 153 bytes --]

New review comment by Chocimier on void-packages repository

https://github.com/void-linux/void-packages/pull/32446#discussion_r686271331

Comment:
done

Re: [PR REVIEW] README.md: put chroot style information together, extend

[Chocimier]

[-- Attachment #1: Type: text/plain, Size: 153 bytes --]

New review comment by Chocimier on void-packages repository

https://github.com/void-linux/void-packages/pull/32446#discussion_r686271415

Comment:
done

Re: [PR PATCH] [Merged]: README.md: put chroot style information together, extend

[Chocimier]

[-- Attachment #1: Type: text/plain, Size: 194 bytes --]

There's a merged pull request on the void-packages repository

README.md: put chroot style information together, extend
https://github.com/void-linux/void-packages/pull/32446

Description:
None