fakechroot on amd64 fails to chroot into aarch64

[sgstreet]

I'm trying to chroot into a ARM64 tree setup on AMD64 system, the command:

fakeroot fakechroot -d /usr/aarch64-linux-gnu chroot $PWD/arm64
/usr/sbin/chroot.fakechroot: 1: /usr/bin/seq: Permission denied
/usr/sbin/chroot.fakechroot: 1: /usr/bin/seq: Permission denied
/usr/sbin/chroot.fakechroot: 138: env: Permission denied

and

fakechroot -d /usr/aarch64-linux-gnu fakeroot chroot $PWD/arm64
/usr/bin/fakeroot: 1: getopt: Permission denied
/usr/bin/fakeroot: 1: getopt: Permission denied
/usr/bin/fakeroot: 7: cat: Permission denied

both fail on Ubuntu 24.04. While directly using sudo chroot $PWD/arm64 works as expected. Is there a way to make this work? FYI fakechroot fakeroot chroot $PWD/amd64 works as expected. Note the working example is a AMD64 tree.

[josch]

There are a couple of prerequisites you need for this to work:

• have native and foreign architecture libfakechroot and libfakeroot installed on the outside
• have qemu-user installed
• set up FAKECHROOT_CMD_SUBST with at least:
  • chroot => /usr/sbin/chroot.fakechroot
  • mkfifo => /bin/true
  • ldconfig => /usr/libexec/mmdebstrap/ldconfig.fakechroot
  • ldd => /usr/bin/ldd.fakechroot
  • ischroot => /bin/true
• set up LD_LIBRARY_PATH with all the directories you find referenced by /etc/ld.so.conf inside the chroot
• add /usr/lib/$deb_host_multiarch/fakechroot as well as /usr/lib/$deb_host_multiarch/libfakeroot to your LD_LIBRARY_PATH
• set QEMU_LD_PREFIX to your chroot directory

All of this is done by mmdebstrap to allow for foreign architecture fakechroot support. If you do not want to use mmdebstrap, read its code and just replicate what it does which includes what I listed above.

Ultimately though, please know that fakechroot is very brittle and using unshared user namespaces there are only very, very few situations where you should use fakechroot. What is your use-case?

[sgstreet]

What is your use-case?

I trying to assemble a usable sysroot for cross compiling arm64/aarch64 applications without requiring root privileges. I start with

$ mkdir noble-arm64
$ fakeroot tar -C noble-arm64 -xvf ubuntu-base-24.04-base-arm64.tar.gz

Now I want too chroot into noble-arm64 (or rather fakechroot) to further configure the sysroot for by installing addition packages need for my cross compilation.

[josch]

If you want to cross-compile for arm64 on amd64, then you do not need an arm64 chroot. You need an amd64 chroot and then install arm64 cross-build dependencies into it. If you build arm64 binaries inside a foreign architecture chroot using qemu user mode emulation then you are not cross compiling but you are emulating native compilation.

Is there a specific software or package you want to cross-compile?

The goal of not requiring superuser privileges for doing things with (even foreign) chroots is one that i share and on which I spent my free-time for more than 10 years already. This is why I can tell you that foreign architecture fakechroot does work (see mmdebstrap for proof) but that it is very fragile and that for anything serious you want to use something that is built around linux user namespaces, for example.

[sgstreet]

If you want to cross-compile for arm64 on amd64, then you do not need an arm64 chroot. You need an amd64 chroot and then install arm64 cross-build dependencies into it. If you build arm64 binaries inside a foreign architecture chroot using qemu user mode emulation then you are not cross compiling but you are emulating native compilation.

Sorry for the confusion, I completely understand the cross compilation process and have used buildroot and yocto to generate sysroots previously. I'm trying to generate a Debian/Ubuntu arm64 sysroot for later use. I'm trying to use qemu userspace emulation and a chroot environments for build up this sysroot.

Is there a specific software or package you want to cross-compile?

The sysroot I'm trying to assemble will be used to build a ROS2 application. The large Debian/Ubuntu dependency set of ROS2 is driving the hope to use a pre-configured sysroot to short circuit the build complexity.

The goal of not requiring superuser privileges for doing things with (even foreign) chroots is one that i share and on which I spent my free-time for more than 10 years already. This is why I can tell you that foreign architecture fakechroot does work (see mmdebstrap for proof) but that it is very fragile and that for anything serious you want to use something that is built around linux user namespaces, for example.

I will look into mmdebstrap, thanks for the pointer and you insights!

[josch]

Crossbuilding in Debian/Ubuntu does not work like cross-building in Yocto. You do not need to create a sysroot. Crossbuilding works using the multiarch mechanism which allows you to install foreign architecture packages in your native architecture build environment. You do not create a foreign architecture chroot if you want to cross-build on Debian or Ubuntu. Thus, you also do not need qemu userspace emulation to create the sysroot. Crossbuilding in Debian and Ubuntu does not require QEMU emulation of the foreign architecture at any point.

Maybe I can help you with your ROS problem as well. I also maintain a number of ROS packages in Debian.