7. Environment isolation

Besides explicit input data (source files, build code, configuration data) the build process is influenced by context, or implicit environment: toolchain and other utilities, launched during the compilation; state of applied dependecies; state of host operating system. Uncontrollable context leads to unreproducible and error-prone builds. The more wide context is and the more implicit nature it has, the more difficult its considering and handling. Thereby the detection and minimisation of context are severe tasks to provide reliable builds.

The underlying technic to control the context is the isolation of environment inside a container. That may be done with varying tools, and chroot(1) became the first of them. Now the other mechanisms for containerisation are available as well. From the point of isolation view they all perform the same thing: move build process into closed filesystem, composed especially for that purpose. That means not the entire operating system affects the build, but the limited and fit environment instead. We call the following environment as host in the current guides.

The key advantages of host compared to building in main operating system:

Host contains needed programs of correct versions. There are no excess programs.
The same host is installed into all working directories, thus the influence of operating system and machine is reduced significantly (but still is not excluded completely).
The host may be administered independently for each directory.

Along with advantages the host bears complications as well:

The complete host environment must be composed and maintained.
Host must match the run-time environment for the built application.
Users need the permissions for isolation commands (like chroot(1)).
Host occupies space, its deployment into each working directory takes time.