Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hermetic builds should start a VM instead of a container #1559

Open
Conan-Kudo opened this issue Mar 11, 2025 · 0 comments
Open

Hermetic builds should start a VM instead of a container #1559

Conan-Kudo opened this issue Mar 11, 2025 · 0 comments
Labels
enhancement feature request, rfe

Comments

@Conan-Kudo
Copy link
Member

Conan-Kudo commented Mar 11, 2025
edited
Loading

Truly hermetic builds require complete isolation from the host, including removal of the influence of the host kernel and system properties. In order to do so, Mock needs to learn how to boot up a lightweight virtual machine, similar to what obs-build does in this scenario (and to note, this is the default for obs-build).

This would essentially mean adding a third runtime backend (in addition to simple and nspawn) for KVM, and maybe also a fourth one for plain QEMU (for foreign arch builds).

The code from obs-build is fairly straightforward:

This would also resolve several problems we have with container-based builds where host properties leak and break things (like #952, #691, #1100, #1222, #1487, #1554, and so on).
@Conan-Kudo Conan-Kudo added the enhancement feature request, rfe label Mar 11, 2025
@github-project-automation github-project-automation bot moved this to Needs triage in CPT Kanban Mar 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement feature request, rfe
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Conan-Kudo