Eh, I had my wordy second reply written, only to lose it with expiring session
, I have been punished now...
Rachael wrote:Romero did that, afair. He uses Mac and just ran GZDB using Parallels. But I think that was before it became UDB.
Good to know, thanks, forgot that tidbit.
Rachael wrote:Much as I am really not too fond of 3t0's condescending references to intellect,...
Please excuse me Rachael, nova++ and other readers, for my probably rude reply!
It was not my intention to offend you in any way, it was just reflexive reaction. I don't have very good soft skills, and given the direction world is taking these days (up to 11 in tragicomically ridiculous, so please buckle up), I am getting a bit tired of it. Not to give up, god forbid, it's just that condescending sarcasm is my normal reaction to anything these days. So sorry if I hurt you in some way, it was really not intended.
You are of course right Rachael, I don't know you guys, I have no clue about your skillset, so please don't let it bother you.
It's just that I am working for smallish cloud operator, i.e. we run containers for clients (the other side), and also lead few admins of my own, and human resource material is getting more and more lacking each year. Ridiculously lacking, I would add. Then I am called-in to analyze client's container problems, and seeing the image, investigating the issue, I ponder if billions years of universal evolution were really intended to produce entropy soup I am watching with my very eyes.
So not really an apology, but please take it as an explanation, at least.
Rachael wrote:...he does have a good point about chroots: You can build any debian-based chroot very easily on pretty much any distro using the "debootstrap" utility (you'll have to download and/or build that on your own if you're currently using a non-Debian based distro)...
That. If you combine it with zfs, or btrfs (not really a fan, but it should be more or less equivalent), you get the data isolated at filesystem level too (without need to spelunk with loop devices and whatnot) and you get filesystem snapshots for free, so you can always return to @this-udb-verison-wroks-best-for-me snapshot.
On btrfs, I strongly suggest you to investigate snapper
, as it can meta-annotate otherwise prety barebones btrfs snapshots, and it can also restore them into target location (btrfs doesn't know to do rollbacks natively).
is a way, if you can stomach last centry theories of package management (not really a fan), as apparently UDB was ported on debian-like os, but as Void guy, I think you are more interested in rolling (more future proof).
Although all major (but stale) package management tools: apt, yum/dnf - can manage chroots, its quite a far cry when compared to something with more modern design like pacman, xbps or pkg.
Given Void is by default built in containers itself, they have some pretty good tools for thin mutable containers, and xbps
is also very container friendly:
Code: Select all
: cat /jails/udbjail/xbps-install
I have similar wrappers for other major xbps
tools, I bet you get the gist. For chroot + unsharing from main host namespaces, check out xbps-uchroot(1)
which is very very minimal (compared to docker). If you don't mind namespace isolation chroot(1)
will be sufficient.
Keep in mind in such setup xbps
does not even reside within chroot(! - it's your "host's" xbps doing all the work). Whether to isolate other namespaces is your call, security wise.
Rachael wrote:Anyway, all the external utilities that UDB uses have Linux replacements. You should not even need to install wine at all. You will have to do some mount --rbind's to get the chroot running correctly, I at minimum bind /sys, /proc, and /dev when mounting my dual-booted Linux install as a chroot inside WSL2.
and gl compatible node-builder have external repos on gzdoom's github (I think) so there is everything you should need.
Regarding mounts you don't need to mount/have /sys
, as you are not running udev in container, and UDB has no business to query hardware.
is needed to due to Mono's .net CLR runtime self refrerential magics and binary loading, whether to isolate the PID namespace is your call.
needs to be rudimentary only, but you need to pass in gfx related stuff (depends on device, nvidia/amd/intel, you have) for OpenGL to work reliably.