Re: [gentoo-dev] [RFC] Revisiting GLEP 81 (acct-*) policies (reviews, cross-distro syncing)

[Thomas Deutschmann <whissi@gentoo.org>]

[-- Attachment #1.1: Type: text/plain, Size: 1854 bytes --]

On 2019-12-10 13:44, Rich Freeman wrote:
> I'm not talking about container-host mapping.  I'm talking about
> building the same container 100 times and having the container end up
> with the same UIDs inside each time.
> 
> Build order in portage isn't really deterministic, especially over
> long periods of time, so you can't rely on stuff getting installed in
> the same order.

While I agree that portage doesn't guarantee you
deterministic/reproducible builds, in practice this isn't a problem:

Assume you are building a container for dev-db/mysql. I can only think
of one scenario where you would end up with different UIDs: That's when
dev-db/mysql (or a dependency) would suddenly create an own user and
will be merged before mysql's user was created.

But this is very theoretically. Especially in a container world, you
will create one container per services so it's *very* unlikely that
something like that will ever happen. Not?

Aside benefits from reproducible builds in general (which Gentoo doesn't
provide), please share reasons why one would care about used UIDs/GIDs
in containers...


> Uh, the container processes shouldn't even see the host
> processes/files whether they have the same UIDs or not...

Especially when you put mysql or any other service using data into a
container, service running in that container must be able to access this
data. And one common way to do that is allowing container to access data
stored on host, i.e.

> $ docker run \
>     --name some-mysql \
>     -v /my/own/datadir:/var/lib/mysql \
>     -e MYSQL_ROOT_PASSWORD=my-secret-pw \
>     -d mysql:tag

which will make /my/own/datadir from host available in container as
/var/lib/mysql.


-- 
Regards,
Thomas Deutschmann / Gentoo Linux Developer
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 618 bytes --]