On Sun, 12 Aug 2007 01:05:37 -0400 Kyle Moffett <[EMAIL PROTECTED]> wrote:
> Hi, I'm looking for some advice/guidance/sponsorship on a Debian > package I'm working on called "aptjail". It's basically a Perl > script I wrote to create/manage/update chroot() jails based around > package dependencies and contents obtained from apt/dpkg. When > building a jail, it looks at a few general things: > > (1) The list of packages it's configured to use, and all their > dependencies, subtracting ignoring packages in an "ignore" list. > (2) A list of additional files to copy > (3) A "template" directory containing configuration files and > replacements to copy into the chroot and maybe replace their > equivalents from the main filesystem > (4) A list of "data" patterns which identify paths not to modify at > all (logs, pidfile, databases, etc). What is the advantage over debootstrap or cdebootstrap? You have to write new config scripts for those too. (See emdebian-tools for our config scripts to build cross-building and foreign chroots.) > > "I want a Kerberos chroot jail installed in /private/krb5 with > > krb5- admin-server krb5-kdc, and all their dependencies, but not > > krb5- user (or any of the globally-excluded packages, including > > debconf, adduser, coreutils, net-tools, logrotate, lsb-base, > > netbase, tzdata, perl, tcpd, psmisc, etc). Also exclude everything > > in /usr/ share, /usr/lib/gconv, and kadmin.local. Everything > > in /var/lib/ krb5kdc and /var/log is a data file and should not be > > touched after the jail is created." OK, that's pseudo-code. You could do something similar with debootstrap. The question is: as you have to write config scripts for aptjail anyway and the process is not yet automatable, what is the benefit over debootstrap? > The relevant files are all found at http://moffetthome.net:18888/ > ~kyle/aptjail/ I've got all the outputs of dpkg-buildpackage, as > well as the original source tarball I made ("aptjail-0.01.tar.bz2") > and an extracted copy in the "aptjail" subdirectory. If you are looking for a sponsor, please follow the guidelines at mentors.debian.net, provide the location of the .dsc file and/or upload to mentors.debian.net. > At the moment you have to write your own init-scripts and configs to > handle the actual chrooting of the daemons, I don't see any decent > way of automating that without significant modifications to other > Debian packages. AFAICT this is no different to debootstrap. http://people.debian.org/~codehelp/#sponsor -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
pgppgEKSI5cZh.pgp
Description: PGP signature
