Schroot cheatsheet

I don’t always install software whose idea of installation instructions is curl ... | sudo, but when I do, I jail it. In this case, I’m setting up a chroot for Nodejs:

sudo apt install schroot deboostrap
sudo mkdir /srv/npm-chroot
sudo debootstrap stable /srv/npm-chroot
sudo mkdir -p /srv/npm-chroot/home/joe/projects
sudo chown -R joe:joe /srv/npm-chroot/home/joe/

In these examples, “joe” is my username.

The “s” in “schroot” stands for “securely,” but it might as well be “simple” because “schroot” handles fiddly bookkeeping tasks for setting up your environment, based on its config file.

Edit /etc/schroot/schroot.conf:

[npm]
description=npm projects
type=directory
directory=/srv/npm-chroot
root-users=joe
setup.fstab=joe-projects/fstab

Normally, schroot mounts /home from the host as /home in the chroot. I don’t want programs in jail to muck about with my home on the host though, so I edit the setup.fstab option. Its default lives in /etc/schroot/default/fstab.

For my purposes, the schroot’s default configuration is a good start, so:

sudo mkdir /etc/schroot/joe-projects
sudo cp /etc/schroot/default/fstab /etc/schroot/joe-projects/

Edit /etc/schroot/joe-projects/fstab, removing the /home line and adding instead:

/home/joe/projects /home/joe/projects none rw,bind 0 0

Finally, enter the chroot, as root.

schroot -c npm -u root

I like to install sudo so it feels like a normal Ubuntu:

# now in the schroot
apt update
apt install sudo
exit

Then log in as my normal user:

# in the host
schroot -c npm

From here I can install npm in relative isolation; this is not sufficient for isolating malicious software, but it’s a nice way to avoid inconsiderate programs from pooping all over your system.

Why Is Worse Than How

When we use software, we operate in a binary tree. At the root, we could be in success or failure mode, where we are either doing whatever we meant to do, or distracted by some idiosyncrasy of our tool. In success mode, our productivity flows. We could be CTRL+Spacing to auto-complete or ESC, colon, w, q-ing to save and exit, and doing what we meant to do.

In failure mode, we have another couple of options:

  1. Why does this suck?
  2. Where is the option to make a zero-based list in WordPress?

I want a zero-based list because it appeals to my binary metaphor. The first item, zero, equals bad software. It is the tool that you wish you could will into nonexistence. You imagine the deepest levels of hell holding those who inflicted this impediment on you.

While you use them, you usually do not think about good tools. Your drill lets you swap bits without thinking about the drill. You only wonder whether this bit will work for that material and do you want 5/16 or 1/4?

Sometimes your tool cannot meet the challenge. You want to bore a new dryer vent through your cinder block or put drywall around the entirely bare laundry room and your minuscule battery-powered appliance will fight valiantly and fail. This is where you leave the text editor and open the IDE, but it is not a failure mode; you have simply exceeded your tool’s capability, and you need to go get that spiffy hammer drill.

You encounter tool failure mode when you do not immediately know how to accomplish your immediate task with the tool you are using, and you do not immediately have another tool that does it. You now find yourself in one of two camps, but you have no idea  which:

  1. Your tool cannot do it
  2. You do not know that ESC, y, y copies a line

So you have to feel your way through, based on your prior experience with that package. In the good programs, you, like the Little Engine, believe that you can.