9. Environment isolation

One of the severe problems of reliable build is context, influencing the processes of binary packages creating. Uncontrolled context leads to the builds, which are unreproducible and prone to errors. The wider context is and more implicit character it has, the more difficult it is to control and account. Thereby the detection and minimization of context are the tasks of first importance to provide the reliable build.

The underlying technic to control the context is the isolation of environment inside a container. That may be done with varying tools, and chroot(1) became the first of them. Now the other mechanisms for containerisation are available as well. From the point of isolation view they all perform the same: move build process into closed filesystem, composed especially for that purpose. That means not entire operating system affects the build, but the limited and fitted environment instead. We call the following environment as host in the current guides.

The key advantages of host in comparison with building in main operating system:

Host contains needed programs of correct versions. There are no excess programs.
The same host is installed into all working directories - the relation on operating system and machine is much lower.
The host composition may be administered separately for each dir.

Along with advantages host bears complications as well:

The full host environment must be composed and maintained.
Host must match the environment, where the built apllication will work.
Users need the permissions for isolation commands (like chroot(1)).
Host occupies space, its deployment into each working directory takes time.