Roadmap for schroot development

Lenny

The old stable release provides schroot 1.2.2-0+lenny1.

Squeeze

The current stable release provides schroot 1.4.19-1+squeeze1.

Wheezy

The forthcoming Debian stable release, wheezy will provide schroot 1.6.x. These development 1.5.x releases will lead up to the first stable 1.6.0 release:

1.5.2 (experimental)

• A new "custom" chroot type has been added (477937)

• Support translation of the documentation with po4a (588962)

• /etc/default/schroot supports ending sessions (625202)

• Services may be started and stopped inside the chroot on session creation and session ending (625205)

• Support for overlayfs (648450)

• Fix typo (653732)

• Update da translation (658544)

• Update de translation (659524)

• Update zh_CN translation (659967)

• Update pt translation (660040)

• Update fr translation (661514)

• Arbitrary options may now be set in a chroot definition (666274)

• Make command-line parsing errors nicer to read (666497)

• Update overview text of schroot(1) (670881)

• 15killprocs kills processes under CHROOT_PATH rather than CHROOT_MOUNT_LOCATION (672113)

1.5.3 (unstable)

• QEMU linux-user support (604268)

• Change fallback shell handling (674040)

• Don't warn about non-existing groups (674041)

1.6.0 (unstable)

Final release.

• Provide documentation as po4a for translation
  • Needs comment from po4a upstream on srcdir/destdir issues
  • Needs installing in Makefile.
  • Pending translation update

• ssh-like -X option (599518)

  • Setup script to create .Xauthority for X11 users
  • Maybe only activate if desktop profile is in use
  • Convert example script into proper setup script
  • Pending changes requested from submitter in response to feedback about issues with patch

Wheezy+1

The next but one Debian stable release, wheezy+1 will provide schroot 1.8.x/2.0.x. These development releases will lead up to the first stable 1.8 or 2.0 release:

1.7.x

• Overwriting of nssdatabases in chroot (565613 and 557730)

  • General bug covering all nssdatabases
  • Changes within the chroot, e.g. package maintainer scripts adding/removing users and groups, are not preserved
  • Merge these two bugs
  • Solution: either add an option to disable updating (or clear database list), or do a partial update of just the changed records (complex)

• 20nssdatabases checks for file equivalence (586195)

  • Check if this is a genuine bug

• Support wildcards in users and groups (653491)

  • Partial patch already written (on nagini)
  • Not clear if this is desirable for all users/groups/root-users/root-groups (and source- variants)
  • Would ideally replace the existing keys rather than having to support regex and non-regex variants, especially because it's unlikely any existing user/group names could be a regex
  • Probably defer for 1.7.

Automatic setup

• Provide packaged schroot instances, ready to use (535943)

  • Separate package provides pre-canned chroot definitions. These just get installed under /etc/schroot/chroot.d.
  • Maybe add special debootstrap setup script to set up on first use. Maybe default to file-based? Where to store?

• Allow the direct creation of chroots (657709)

  • Add new "create" stage.
  • Maybe allow "delete" stage as well; would need to ensure all sessions are ended before removal, depending on chroot type.
  • Custom setup parameters would be passed in as user options.
  • Related to setup of pre-canned instances as above.

Environment

Setting environment and keyfile. Since the user settable options go into the environment, this could be extended for all environment variables. Extend keyfile format to hold extended attributes in addition to comments.

• if key was set in original file (on load)
• if key should be set in environment
• if key should be set in session file?
• if key is user modifiable? Think how this works with user-modifiable-keys WRT removing the modifiable status.

Uses:

• dump configuration (original config, user data, full state, environment); may need to make --config take arguments or add a second option.
• set environment (only those flagged for setting the environment; maybe add function to flag keys to export, replacing setup_env; automatically add flag for user keys)

• Provide a way to add things to the default environment filter (587770)

  • Just append to the existing default environment filter, rather than replacing it.
  • Maybe implement using two filter lists, internal defaults plus user list. The defaults can also be set in order to allow removal.

Keyfile

• Add annotations to keys. Annotation type is templated/inherited.
• Make group type a separate type, so keyfile methods simply call the same method on the group. This will allow chroots to maintain their
  • own group, and the set/key keyfile methods can just get/set the group object. The group can be used to get/set chroot state without needing special member variables for each settable item.
• Group type needs assignment/copy methods.

Undecided

Easy

• Stop setup scripts continuing on failure (477935)

  • Add chroot property to make run-parts exit on failure during setup-stop.
  • Session will require recovery after incomplete stop. Either auto-recover and exit non-zero or require manual recovery.
  • How should this behave with the --force option?

• Create rsyslog socket /dev/log in chroots (565745)

  • Doesn't look /too/ dangerous. Check potential impact on host system.

• Support read-only bind-mounts (623913)

  • Is this now supported without special patches?
  • Look at patch and apply if good.

• Make directories in copyfiles/nssdatabases/etc. if paths are nonexistent (624195 and 657715)

  • Titled "schroot --begin-session into an empty chroot doesn't work".
  • All operations should succeed in an otherwise empty chroot, or a chroot with the missing paths.
  • Makes sense to combine with debootstrap script functionality (run before doing copying).

• lvm-snapshot does not support /dev/mapper/VG-LV notation (624200)

  • Investigate where limitations lie
  • Allow both forms in configuration and in setup scripts, if possible.

  • Need to be able to quote and unquote the -- escaping in the /dev/mapper names.

• Add support for lvm-snapshot on crypted LV (639105)

  • Needs 1.5.2 with extensible key names.

Hard

• Support isolation of filesystem namespaces and other resources with CLONE_NEWNS (488225 and 637870)

  • Not currently supportable due to incompatibility with sessions.
  • Due to not running a persistent process, need some way to reattach to a namespace.
  • Will be possible with future kernel version, but not yet available? Needs a kernel with mnt namespace in /proc.

• Allow shell variable expansion in fstab files (579387)

  • We would need to create a tmpfile to allow getmntent etc. to work.

• Add support for unionfs-fuse (608121)

  • Ping last patch submitter.
  • May be much simpler now we have extensible schroot.conf keys.

Security issue to fix?

• copyfiles should expand variables and allow source and destination (528963 and 657711)

  • Is this something we should be doing? Are there any dangers we should be aware of
  • Compatibility with existing configurations? Will it break anything?
  • Security issue? Could end up expanding user-settable variables.

• add a --bindmounts flag (a la pbuilder) (623746)

  • Potential security issue (allows user to bind mount arbitrary thinks).
  • Now possible to implement using user options.
  • Check command-line syntax of pbuilder.
  • Maybe add an "insecure" option to the chroots, to enable insecure (but useful) features.

Not currently fixable

• schroot: Invokes PAM common session modules in host (478076)

  • Unclear if this is a bug. It's expected that the PAM stuff all happens on the host.
  • Investigate what sort of problems are being caused; maybe stuff in common-session should be moved into specific services?
  • Close if it's not a real bug, or move to appropriate package.

• schroot doesn't mount /home submount into the chroot (648459)

  • Mount issue due to no longer using rbind
  • If rbind can be made safe we can re-add this functionality, but for now it's not a safe default.

• git storage backend for chroots (477942)

  • git doesn't currently provide the required permissions model for a working chroot