[systemd-devel] mknod forbidden in systemd-nspawn container

[Johan Ouwerkerk]

On Mon, Dec 28, 2015 at 4:29 PM, Emmanuel Coirier <ecoirier at olfeo.com> wrote:
>
> I'll look at multistrap. It let you customize device creation. It should then be possible to customize it to not create any device...
>

Multistrap doesn't do 'device node' creation at all. It uses APT to
download packages to a directory, extract the debs, and optionally
mark them autoinstalled (as opposed to manual installation, makes
using the packager on the device when the rootfs is 'online'/live
easier by having a more 'typical' state of the manual/auto-install
status of packages). The fact that it actually uses apt to do the
actual work of figuring out which packages to download (and you can
pass it a custom apt preferences, too, so you can do pinning) is a
major advantage and so you can set up a build that uses multiple
repositories OOTB by default without having to touch the build host
configuration itself.

There's also brickstrap which takes multistrap and turns it into a
kind of lightweight buildsystem that permits you to run the entire
bootstrap as a normal user, including entering a chroot jail and
partitioning of a disk image by taking advantage Linux namespaces,
chroot and guestfs. See: https://github.com/ev3dev/brickstrap

Downside to brickstrap is that right now it assumes you wish to build
an 'embedded' image file for ARM boards, but fortunately adding
necessary features to brickstrap to lift this limitation ought to be
quite doable.
Once that is done, I believe brickstrap should be arguably the 'best'
way to bootstrap a basic Debian installation -- primarily because of
the fact it doesn't run things as 'real' root OOTB which is a major
win when considering the safety of feet in the vicinity of guns.