IRC channel logs
2023-01-29.log
back to list of logs
<fossy>doras: thank you, reviewing now! <fossy>i don't like running rootfs.py with root as distfiles will be owned by root. otoh at the moment only tmp/ junk is owned by root at the moment <fossy>what is the difference between run() and an external script run with sudo? <fossy>doras: gah, i didnt test no --external-sources all the way through. i'm pretty sure the issue is; before, when no external-sources was given, we created a blank disk, but tmpdir._add_disk creates a partition (different behaviour for no external-sources to before). bootstrap.cfg had DISK=sda for non-external-sources, but i forgot to remove that <fossy>i did intentionally change that behaviour so a partition is created, to make it easier to inject stuff into sysc for debugging <stikonas[m]>Also running rootfs.py as root means you do remote downloads as root <Christoph[m]>I don't know how that works, but can you drop root privileges for dangerous tasks, or start unprivileged subprocesses for that? Or... guix has a daemon for doing the root stuff, right? Maybe that's an option? <fossy>well, right now we obtain root privs as required, rather than dropping privs.. not really sure the added complexity of dropping privs has any benefit <doras>fossy: if we have a small helper script to trigger the chroot bootstrap which runs as root after all preparations are done by the normal rootfs.py, we could make the chroot bootstrap two-phased such that the chroot operation between sysa and sysc is done at the script level and not by sysa itself. <stikonas>updated to new GAS style defs and also made it much smaller <stikonas>argh, and I somehow made off by 1 error in offset calculations...