Bug 146650 - RFE: enhance chroot-installation
Summary: RFE: enhance chroot-installation
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: yum
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jeremy Katz
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-01-31 14:50 UTC by Enrico Scholz
Modified: 2014-01-21 22:51 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2005-09-21 19:24:53 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
Allows to specify (non-)chroot relative paths with 'hostfs://' resp. 'chrootfs://' prefixes (4.50 KB, patch)
2005-02-25 19:23 UTC, Enrico Scholz
no flags Details | Diff
Patch for yum-2.3.2 (7.65 KB, patch)
2005-04-10 12:24 UTC, Enrico Scholz
no flags Details | Diff
patch for yum-2.2.1 (7.26 KB, patch)
2005-04-10 12:25 UTC, Enrico Scholz
no flags Details | Diff
patch against yum-2.3.3 (7.51 KB, patch)
2005-06-18 19:59 UTC, Enrico Scholz
no flags Details | Diff
patch against yum-2.3.4 (7.46 KB, patch)
2005-07-10 17:25 UTC, Enrico Scholz
no flags Details | Diff
patch against yum-2.6.0 (7.29 KB, patch)
2006-03-26 11:26 UTC, Enrico Scholz
no flags Details | Diff

Description Enrico Scholz 2005-01-31 14:50:33 UTC
Description of problem:

Some ideas how to enhance the '--installroot' mode:

* let override '$releasever' directly; this allows to use the
  same yum.repos.d directory for both the host and the guest
  systems.

* allow to specify that 'cachedir', 'reposdir' and 'logfile' are located
  outside of the chroot. Currently, some magic is used to test where
  this directories are located.  This causes both an undeterministic and
  an insecure behaviour. E.g. an attacker withing the chroot could make
  /var/cache/yum a symlink into the host and cause fileremovals there.

  Shareing a 'cachedir' between several guests could save diskspace
  and network traffic also.

* it would be nice when the paths mentioned above could be overridden on
  the CLI. So the same configuration could be used for all guestsystems.


Version-Release number of selected component (if applicable):

yum-2.1.12-0.fc3

Comment 1 Enrico Scholz 2005-02-25 19:23:24 UTC
Created attachment 111435 [details]
Allows to specify (non-)chroot relative paths with 'hostfs://' resp. 'chrootfs://' prefixes

This patch solves the second point by introducing two new prefixes for
pathnames. When not used, the current behavior will not be changed.

Comment 2 Warren Togami 2005-03-25 02:22:13 UTC
Any comments Seth?


Comment 3 Seth Vidal 2005-03-25 02:46:39 UTC
adding non-real protocols to the relative paths is not going to happen in yum.
1. it adds unnecessary complexity
2. it'll be a bitch to maintain forever, esp when someone gets the wise idea of
actually having a hostfs:// or chrootfs:// protocol
3. it's a pretty narrow requirement
4. it's a lot more easily solved with the plugin infrastructure that's being
worked on in yum now, so that if YOU want to maintain stuff like this in your
own plugins, then YOU can, but I'm not going to.


Comment 4 Enrico Scholz 2005-03-25 03:31:45 UTC
When speaking about complexity: you can remove complexity by removing the magic
which guesses the final paths. When you want files in the chroot, then specify
the path within the chroot. The complexity in my patch was required to remove
this complexity. When you do not want protocol specifiers, then use a trampfs style 

/[hostfs]/ resp. /[chrootfs]/

or use relative paths to guess the final destination.

Comment 5 Enrico Scholz 2005-04-10 12:24:20 UTC
Created attachment 112920 [details]
Patch for yum-2.3.2

Attached is an updated version for yum-2.3.2. This applies the same
changes for the lockfile also which is made configurable. Now, the
main configuration file is searched in chroot only, when it was not
specified on the CLI explicitly.

I do not see how the current plugin system would solve the problem of
the magic detection of configuration files. AFAIS, the hooks are called
much too late so they can not modify the internal configuration values.

Perhaps the getRootedPath() method should be implemented by plugins?

Comment 6 Enrico Scholz 2005-04-10 12:25:19 UTC
Created attachment 112921 [details]
patch for yum-2.2.1

Comment 7 Enrico Scholz 2005-06-18 19:59:41 UTC
Created attachment 115657 [details]
patch against yum-2.3.3

Comment 8 Enrico Scholz 2005-07-10 17:25:55 UTC
Created attachment 116574 [details]
patch against yum-2.3.4

Comment 9 Rahul Sundaram 2005-08-27 20:06:10 UTC
Enrico Scholz,

Look at implementing this as yum plugin. There is a seperate package of them
called yum-utils in the Fedora Extras repository now. Seth Vidal has already
commented that it has a better chance of being implemented as a plugin and not
in yum itself. Closing this one

Comment 10 Enrico Scholz 2005-08-27 20:19:10 UTC
see comment #5; my patch begins to work before any configuration will be read
(e.g. it determines the location of 'yum.conf'). The brokeness which is fixed by
my patch is caused by redundant code in the yum codebase which is spread across
several places. So I really do not see how to make it a yum plugin.

Btw; last patch applies to yum-2.4.0 also.

Comment 11 Rahul Sundaram 2005-08-27 20:28:33 UTC
Does this patch provide a bug fix or does it add a enhancement?. If you are
providing a patch to fix bugs there is no need to combine them with something
that adds additional functionality. The enhancement to provide chroot
functionality can still be a yum plugin. 

Comment 12 Enrico Scholz 2005-08-27 20:34:17 UTC
Yes, it fixes a bug. 'yum' has an undefined behavior when it used for chroot
operations: sometimes it reads information from the chroot, sometimes from the
host. This can be a security risk e.g. when used in combination with vservers.

There is no new functionality provided by the patch.



Comment 13 Jeremy Katz 2005-09-21 19:24:53 UTC
I'm not taking this patch as a Fedora specific change.  I'm not convinced that
it's really needed and I do a fair bit with yum in chroots.

Comment 14 Enrico Scholz 2006-03-26 11:26:30 UTC
Created attachment 126765 [details]
patch against yum-2.6.0


Note You need to log in before you can comment on or make changes to this bug.