1. 3

A shell based solution to deploy multiple isolated instances of applications using pkgsrc & chroot. I use the term isolated loosely, as stated in readme it’s more for keeping userland tidy rather than sandbox instances securely as per jails and alike. On the other hand, it should be trivial to extend to use such a mechanism instead for calling chroot.

  1.  

  2. 1

    It seems to me that since you’re not trusting sailor to provide security, a build tool like Nix would more cleanly provide userland isolation, while also coming pre-loaded with the many many packages already available.

    1. 1

      In which way would it be more cleanly?

      1. 2

        Ah! Yes, sure! An example is sailor is still a “bag of files” approach, where you have a filesystem as global state, and you mutate the whole state anytime you install anything.

        Example 1: If for some unholy reason you need 2 versions of a lib or binary, you have to play games with environment variables to make that work.

        Example 2: You also can still have undeclared dependencies through transitive dependencies accidentally fulfilling them. ie: You’re building package A which needs packages B and C, but has an undeclared dependency on package C. Building package B needs package C, so you may happen to have it installed already, but another person may not. This can be a tricky problem to solve.

        Nix solves both of these, by using a directional graph and absolute references for dependencies, and build sandboxing.