Re: Strategy for running BuildStream on RHEL 7.x?

[Justin Erenkrantz <justin erenkrantz com>]

On Mon, Jul 31, 2017 at 4:08 PM, Tristan Van Berkom <tristan vanberkom codethink co uk> wrote:

Flatpak includes bubblewrap as a git submodule and builds itself a
little hybrid helper program.

Ah, so it must be a hidden dependency rather than an explicit dependency.

There is now a public RH BZ about flatpak being broken with RHEL 7.4:

https://bugzilla.redhat.com/show_bug.cgi?id=1476905

It has been indicated that this will be documented in the upcoming 7.4 release notes.
 

I should note that ostree itself requires glib (with or without
introspection), and beyond glib, the introspection data for ostree and
pygobject itself there are no other GNOME specific dependencies (in
other words, I would hardly call this "pulling in the whole GNOME
stack").

It also needs cairo and a few other things that building from source is not a trivial amount of work.  (The pygobject that ships with RHEL 7 conflicts with the newer version.)

Having something like BuildStream would make it far easier to do this integration.  =)

I'm not sure what to do for RHEL 7, if they are adamant about not
including an suid bubblewrap (or even a non-suid bubblewrap) then I
suppose we could try looking into a linux-user-chroot solution (not
sure, is it worth going this far for RHEL 7 ?).

 

Note that some distros have bubblewrap non-suid and instead require
that the OS allow regular users to create namespaces and drop
priviledges.

On a RHEL 7.4 beta box (with the above workaround mentioned in BZ), I do see a suid binary at /usr/libexec/flatpak-bwrap.  Perhaps that is sufficient?   It reports itself as 0.8.7.

I'll be back in Manchester later this week - we can examine then what is provided in RHEL 7.4 and if that is a sufficient toehold for BuildStream to not require a linux-user-chroot for 7.4.

Cheers.  -- justin