From: Thomas Deutschmann <whissi@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] [RFC] Revisiting GLEP 81 (acct-*) policies (reviews, cross-distro syncing)
Date: Tue, 10 Dec 2019 14:25:31 +0100 [thread overview]
Message-ID: <648f9c32-fd26-1725-7b54-9ba08322e42f@gentoo.org> (raw)
In-Reply-To: <CAGfcS_==-ipdXDW2q66Xs-qjTi2p6MSPhJ_HixCRa_w7BrA3Fw@mail.gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 1854 bytes --]
On 2019-12-10 13:44, Rich Freeman wrote:
> I'm not talking about container-host mapping. I'm talking about
> building the same container 100 times and having the container end up
> with the same UIDs inside each time.
>
> Build order in portage isn't really deterministic, especially over
> long periods of time, so you can't rely on stuff getting installed in
> the same order.
While I agree that portage doesn't guarantee you
deterministic/reproducible builds, in practice this isn't a problem:
Assume you are building a container for dev-db/mysql. I can only think
of one scenario where you would end up with different UIDs: That's when
dev-db/mysql (or a dependency) would suddenly create an own user and
will be merged before mysql's user was created.
But this is very theoretically. Especially in a container world, you
will create one container per services so it's *very* unlikely that
something like that will ever happen. Not?
Aside benefits from reproducible builds in general (which Gentoo doesn't
provide), please share reasons why one would care about used UIDs/GIDs
in containers...
> Uh, the container processes shouldn't even see the host
> processes/files whether they have the same UIDs or not...
Especially when you put mysql or any other service using data into a
container, service running in that container must be able to access this
data. And one common way to do that is allowing container to access data
stored on host, i.e.
> $ docker run \
> --name some-mysql \
> -v /my/own/datadir:/var/lib/mysql \
> -e MYSQL_ROOT_PASSWORD=my-secret-pw \
> -d mysql:tag
which will make /my/own/datadir from host available in container as
/var/lib/mysql.
--
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 618 bytes --]
next prev parent reply other threads:[~2019-12-10 13:25 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-09 8:17 [gentoo-dev] [RFC] Revisiting GLEP 81 (acct-*) policies (reviews, cross-distro syncing) Michał Górny
2019-12-09 9:44 ` Ulrich Mueller
2019-12-09 10:00 ` Ulrich Mueller
2019-12-09 16:54 ` Thomas Deutschmann
2019-12-09 17:47 ` Ulrich Mueller
2019-12-09 18:02 ` Thomas Deutschmann
2019-12-09 18:48 ` Ulrich Mueller
2019-12-09 20:10 ` Thomas Deutschmann
2019-12-10 14:36 ` Michael Orlitzky
2019-12-09 21:48 ` Alec Warner
2019-12-10 5:28 ` Michał Górny
2019-12-10 5:44 ` Joonas Niilola
2019-12-10 11:47 ` Rich Freeman
2019-12-10 12:26 ` Thomas Deutschmann
2019-12-10 12:44 ` Rich Freeman
2019-12-10 13:25 ` Thomas Deutschmann [this message]
2019-12-10 13:48 ` Rich Freeman
2019-12-10 16:05 ` Joonas Niilola
2019-12-10 16:25 ` Michael Orlitzky
2019-12-10 13:34 ` Michał Górny
2019-12-10 16:13 ` Joonas Niilola
2019-12-10 16:17 ` Michał Górny
2019-12-10 14:50 ` Michael Orlitzky
2019-12-10 15:04 ` Michał Górny
2019-12-10 15:54 ` Rich Freeman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=648f9c32-fd26-1725-7b54-9ba08322e42f@gentoo.org \
--to=whissi@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox