Currently, JuJu uses two binaries in order to run the environment with proot.
Using only the compat proot binaries would make the code a bit cleaner.

Use directly a default mirror url:

Server = https://mirrors.kernel.org/archlinux/$repo/os/$arch

The main added value of getopt is just the fact that it allows collapsed options (-kv -> -k -v). I am inclined to remove it since I prefer to have JuJu script even more portable.

JuJu is really great, I'm using it with Travis-CI as their Ubuntu images are terribly out of date. However, when I try to do a system update (pacman -Syu) the command never seems to complete and just hangs.

Unrelated to the issue: why can't we build a JuJu image in JuJu?

• http://static.proot.me/proot-x86_64
• http://static.proot.me/proot-x86
• http://static.proot.me/proot-arm

These are statically linked against a C library that assumes an old
kernel version:

https://github.com/cedric-vincent/proot-static-build/blob/76a05ef35a1c2bb74fee58d7cf13a331beaed12c/GNUmakefile#L58

These binaries should work on most systems.

In the last archlinux updates the certs are only readeable. Change the JuJu image in order to have certs writeable so they can be deleted with juju -d option.

Hi-

First off, I just wanted to thank you for making this. JuJu is a super useful tool for allowing users to install packages in a nice sandbox without messing up the rest of the system.

This isn't a technical issue, but I noticed that the project name is basically identical to Canonical's cloud software management tool (which appears to be much older; 2011 vs 2014). You might want to consider switching to another name since, beyond causing confusion, this prevents the two packages from both being installed on the same system (I can't think of a scenario where anyone would want to do this right now, but hey- who knows?).

Cheers,
John Pellman

There are two possible choices.

• JuJu script are placed in JuJu environment during the setup:
  • Pros: The user will always have the most recent up to date master branch
  • Cons: The image itself will not be self-contained
• JuJu script are placed in JuJu image directly (current behavior)

It would be nice to have a config file (probably inside JUJU_HOME or something) with extra user specified paths to bind, so the command goes from juju -p -b /myworkdir mycommand to juju mycommand with /myworkdir automagically mounted on the fakechroot (the same way proot -S does)

Check if it is feasible to use unionfs to ensure that root changes will not affect JuJu environment.

There are differences due to the fact that sh --login is not used.

[feel@myarch juju]$ which yaourt
/opt/yaourt/bin/yaourt

juju -- which yaourt
/usr/bin/yaourt

Create a script in tests/ directory that make a final check of juju:

• Download the image
• Install package with pacman using proot
• Install package with yaourt using proot
• Access using root user

Some essentials services for running properly the application could be handled inside JuJu.
This mostly an investigation issue to understand the feasibility of this feature.

From the last updates seems that locale-gen needs sed as dependency.

sed needs to be installed explicitly.

In the previous release of makepkg there was the option --asroot that allowed to build packages directly using root privileges. In the current release makepkg cannot be used with root access anymore for security reasons.

The JuJu uses a patch for yaourt and makepkg scripts that removes the root check of ($EUID == 0)
https://github.com/fsquillace/juju/blob/master/lib/core.sh#L300.
Furthermore, those scripts uses sudo or su depending if sudo is installed or not.

Ideally, it would be nice if we can run smoothly yaourt and makepkg without creating patches on them.

There are two improvements that can be done here:

• Bypassing sudo and su commands (maybe by intercepting calls for euid and uid?) so that we avoid failures when we run them. The bypass on those commands should work for the entire JuJu session.
• Mocking the EUID variable . The mock on that variable should not work for the entire JuJu session but should be used only for yaourt/makepkg scripts.

The current behavior for sudo inside juju is the following:

• As a fakeroot user:

  > sudo ls

  sudo: setresgid() [1419771904, 0, 1419771904] -> [-1, 1419771904, -1]: Operation not permitted

• As a normal user:

  $> sudo ls
  sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set

The current behavior for su inside juju is the following:

• As a fakeroot user it works well:

  > su -c ls

  bin lib tests

• As a normal user it requires password:

  $> su -c ls
  Password:

Reference: http://allanmcrae.com/2015/01/replacing-makepkg-asroot/

After a juju session it possible that JuJu tries to fallback to seccomp mode.
The seccomp mode need to be used only when the access to JuJu at the first time fails.

Since hard links can't go across partitions. I think this could be solved by tarring to symbolic links instead?

I can't seem to solve this with the current tar archive because there doesn't seem to be an option to convert hard links to symbolic links when untarring.

Target: Keep the linux kernel as the only dependency

The following does not work:

juju -f -- bash -c "yaourt -S archey"

Use directly the juju repo instead of building a mini juju.

When wget from Busybox is used the download fails with 404, changing the core script not to check for wget and use curl instead worked. If you make the script prefer curl over wget such cases would be avoided.

Build the images specifying a given architecture using qemu.

Provide a second method for installing juju based on downloading directly the juju image.
juju image contains the juju script as well.

http://alias.sh/

Trying to install packages with root privileges in proot gives a exec failed no such file or directory

Use tiny core linux to show how can be possible to install juju from zero.

http://distro.ibiblio.org/tinycorelinux/downloads.html

There are some change on pacman that could affect the building on JuJu image.

It looks that the getopt does not handle argument with embedded spaces.
The alternative is getopts but it does not support long options.

reference:http://wiki.bash-hackers.org/howto/getopts_tutorial

On some bash the test act diferently:
test_build_image_juju...OK
test_check_cli...FAIL
test_delete_juju...OK
test_help...OK
test_run_juju_as_fakeroot...OK
test_run_juju_as_root...OK
test_run_juju_as_user...OK
test_version...OK

As per #65 I think it would be really useful to be able to build JuJu in JuJu. Being able to bootstrap an Arch environment without having the parent is extremely useful. My intention is to completely build this in CI and create packages. pacstrap seemed to die when mounting, or chrooting depending on the distro underneath.