more changes for merged-/usr which is now default in testing and unstable

This commit is contained in:
Johannes Schauer Marin Rodrigues 2022-10-18 10:32:03 +02:00
parent fce852770b
commit e887a329ab
Signed by untrusted user: josch
GPG key ID: F2CBA5C78FBD83E1
5 changed files with 56 additions and 28 deletions

View file

@ -270,7 +270,7 @@ END
# starting from Debian 12 (Bullseye)
case "$dist" in
oldstable|stable) : ;;
*) pkgs="$pkgs usr-is-merged" ;;
*) pkgs="$pkgs usr-is-merged usrmerge" ;;
esac
APT_CONFIG="$rootdir/etc/apt/apt.conf" apt-get --yes install $pkgs

View file

@ -7231,8 +7231,8 @@ I<--merged-usr> and I<--no-merged-usr>
B<mmdebstrap> will create a merged-/usr chroot or not depending on whether
packages setting up merged-/usr (i.e. the B<usrmerge> package) are installed or
not. In Debian, the essential package B<init-system-helpers> is will depend
on the B<usrmerge> package, starting with Debian 12 (Bookworm).
not. In Debian, the essential package B<init-system-helpers> depends on the
B<usrmerge> package, starting with Debian 12 (Bookworm).
Before Debian 12 (Bookworm), to force B<mmdebstrap> to create a chroot with
merged-/usr using symlinks, either explicitly install the B<usrmerge> package:

View file

@ -22,8 +22,22 @@ $prefix {{ CMD }} --mode={{ MODE }} --variant=apt --architectures=arm64 {{ DIST
# we ignore differences between architectures by ignoring some files
# and renaming others
{ tar -tf /tmp/debian-chroot.tar \
| grep -v '^\./lib/ld-linux-aarch64\.so\.1$' \
| grep -v '^\./lib/aarch64-linux-gnu/ld-linux-aarch64\.so\.1$' \
| grep -v '^\./usr/lib/ld-linux-aarch64\.so\.1$' \
| grep -v '^\./usr/lib/aarch64-linux-gnu/ld-linux-aarch64\.so\.1$' \
| grep -v '^\./usr/lib/aarch64-linux-gnu/perl/5.34.0/asm-generic/int-ll64.ph$' \
| grep -v '^\./usr/lib/aarch64-linux-gnu/perl/5.34.0/asm-generic/types.ph$' \
| grep -v '^\./usr/lib/aarch64-linux-gnu/perl/5.34.0/asm-generic/unistd.ph$' \
| grep -v '^\./usr/lib/aarch64-linux-gnu/perl/5.34.0/asm/sigcontext.ph$' \
| grep -v '^\./usr/lib/aarch64-linux-gnu/perl/5.34.0/asm/sve_context.ph$' \
| grep -v '^\./usr/lib/aarch64-linux-gnu/perl/5.34.0/asm/types.ph$' \
| grep -v '^\./usr/lib/aarch64-linux-gnu/perl/5.34.0/bits/procfs-extra.ph$' \
| grep -v '^\./usr/lib/aarch64-linux-gnu/perl/5.34.0/bits/procfs-id.ph$' \
| grep -v '^\./usr/lib/aarch64-linux-gnu/perl/5.34.0/bits/procfs-prregset.ph$' \
| grep -v '^\./usr/lib/aarch64-linux-gnu/perl/5.34.0/bits/procfs.ph$' \
| grep -v '^\./usr/lib/aarch64-linux-gnu/perl/5.34.0/gnu/stubs-lp64.ph$' \
| grep -v '^\./usr/lib/aarch64-linux-gnu/perl/5.34.0/linux/types.ph$' \
| grep -v '^\./usr/lib/aarch64-linux-gnu/perl/5.34.0/sys/procfs.ph$' \
| grep -v '^\./usr/lib/aarch64-linux-gnu/perl/5.34.0/sys/user.ph$' \
| grep -v '^\./usr/share/doc/[^/]\+/changelog\(\.Debian\)\?\.arm64\.gz$' \
| sed 's/aarch64-linux-gnu/x86_64-linux-gnu/' \
| sed 's/arm64/amd64/';
@ -31,11 +45,22 @@ $prefix {{ CMD }} --mode={{ MODE }} --variant=apt --architectures=arm64 {{ DIST
{ cat tar1.txt \
| grep -v '^\./usr/bin/i386$' \
| grep -v '^\./usr/bin/x86_64$' \
| grep -v '^\./lib64/$' \
| grep -v '^\./lib64/ld-linux-x86-64\.so\.2$' \
| grep -v '^\./lib/x86_64-linux-gnu/ld-linux-x86-64\.so\.2$' \
| grep -v '^\./lib/x86_64-linux-gnu/libmvec-2\.[0-9]\+\.so$' \
| grep -v '^\./lib/x86_64-linux-gnu/libmvec\.so\.1$' \
| grep -v '^\./lib32$' \
| grep -v '^\./lib64$' \
| grep -v '^\./libx32$' \
| grep -v '^\./usr/lib32/$' \
| grep -v '^\./usr/libx32/$' \
| grep -v '^\./usr/lib64/$' \
| grep -v '^\./usr/lib64/ld-linux-x86-64\.so\.2$' \
| grep -v '^\./usr/lib/x86_64-linux-gnu/ld-linux-x86-64\.so\.2$' \
| grep -v '^\./usr/lib/x86_64-linux-gnu/libmvec\.so\.1$' \
| grep -v '^\./usr/lib/x86_64-linux-gnu/perl/5.34.0/asm/posix_types_32.ph$' \
| grep -v '^\./usr/lib/x86_64-linux-gnu/perl/5.34.0/asm/posix_types_64.ph$' \
| grep -v '^\./usr/lib/x86_64-linux-gnu/perl/5.34.0/asm/posix_types_x32.ph$' \
| grep -v '^\./usr/lib/x86_64-linux-gnu/perl/5.34.0/asm/unistd_32.ph$' \
| grep -v '^\./usr/lib/x86_64-linux-gnu/perl/5.34.0/asm/unistd_64.ph$' \
| grep -v '^\./usr/lib/x86_64-linux-gnu/perl/5.34.0/asm/unistd_x32.ph$' \
| grep -v '^\./usr/lib/x86_64-linux-gnu/perl/5.34.0/gnu/stubs-64.ph$' \
| grep -v '^\./usr/share/doc/[^/]\+/changelog\(\.Debian\)\?\.amd64\.gz$' \
| grep -v '^\./usr/share/man/man8/i386\.8\.gz$' \
| grep -v '^\./usr/share/man/man8/x86_64\.8\.gz$';

View file

@ -12,25 +12,27 @@ apt-get remove --yes qemu-user-static binfmt-support qemu-user
# and renaming others
{ tar -tf /tmp/debian-chroot.tar \
| grep -v '^\./usr/bin/i386$' \
| grep -v '^\./lib/ld-linux\.so\.2$' \
| grep -v '^\./lib/i386-linux-gnu/ld-linux\.so\.2$' \
| grep -v '^\./usr/lib/ld-linux\.so\.2$' \
| grep -v '^\./usr/lib/i386-linux-gnu/ld-linux\.so\.2$' \
| grep -v '^\./usr/lib/gcc/i686-linux-gnu/$' \
| grep -v '^\./usr/lib/gcc/i686-linux-gnu/[0-9]\+/$' \
| grep -v '^\./usr/share/man/man8/i386\.8\.gz$' \
| grep -v '^\./usr/share/doc/[^/]\+/changelog\(\.Debian\)\?\.i386\.gz$' \
| sed 's/i386-linux-gnu/x86_64-linux-gnu/' \
| sed 's/i386/amd64/';
| sed 's/i386/amd64/' \
| sed 's/\/stubs-32.ph$/\/stubs-64.ph/';
} | sort > tar2.txt
{ cat tar1.txt \
| grep -v '^\./usr/bin/i386$' \
| grep -v '^\./usr/bin/x86_64$' \
| grep -v '^\./usr/lib32/$' \
| grep -v '^\./lib32$' \
| grep -v '^\./lib64/$' \
| grep -v '^\./lib64/ld-linux-x86-64\.so\.2$' \
| grep -v '^\./usr/lib64/ld-linux-x86-64\.so\.2$' \
| grep -v '^\./usr/lib/gcc/x86_64-linux-gnu/$' \
| grep -v '^\./usr/lib/gcc/x86_64-linux-gnu/[0-9]\+/$' \
| grep -v '^\./lib/x86_64-linux-gnu/ld-linux-x86-64\.so\.2$' \
| grep -v '^\./lib/x86_64-linux-gnu/libmvec-2\.[0-9]\+\.so$' \
| grep -v '^\./lib/x86_64-linux-gnu/libmvec\.so\.1$' \
| grep -v '^\./usr/lib/x86_64-linux-gnu/ld-linux-x86-64\.so\.2$' \
| grep -v '^\./usr/lib/x86_64-linux-gnu/libmvec\.so\.1$' \
| grep -v '^\./usr/share/doc/[^/]\+/changelog\(\.Debian\)\?\.amd64\.gz$' \
| grep -v '^\./usr/share/man/man8/i386\.8\.gz$' \
| grep -v '^\./usr/share/man/man8/x86_64\.8\.gz$';

View file

@ -18,11 +18,12 @@ runuser -u user -- {{ CMD }} --mode=unshare --variant=apt --include=iputils-ping
| ./tarfilter --idshift 0 > /tmp/debian-chroot.tar
# make sure that xattrs are set in the original tarball
mkdir /tmp/debian-chroot
tar --xattrs --xattrs-include='*' --directory /tmp/debian-chroot -xf /tmp/debian-chroot.tar ./bin/ping
echo "/tmp/debian-chroot/bin/ping cap_net_raw=ep" > /tmp/expected
getcap /tmp/debian-chroot/bin/ping | diff -u /tmp/expected - >&2
rm /tmp/debian-chroot/bin/ping
rmdir /tmp/debian-chroot/bin
tar --xattrs --xattrs-include='*' --directory /tmp/debian-chroot -xf /tmp/debian-chroot.tar ./usr/bin/ping
echo "/tmp/debian-chroot/usr/bin/ping cap_net_raw=ep" > /tmp/expected
getcap /tmp/debian-chroot/usr/bin/ping | diff -u /tmp/expected - >&2
rm /tmp/debian-chroot/usr/bin/ping
rmdir /tmp/debian-chroot/usr/bin
rmdir /tmp/debian-chroot/usr
rmdir /tmp/debian-chroot
# shift the uid/gid forward by 100000 and backward by 100000
./tarfilter --idshift 100000 < /tmp/debian-chroot.tar > /tmp/debian-chroot-shifted.tar
@ -48,12 +49,12 @@ tar --numeric-owner -tvf /tmp/debian-chroot-shifted.tar \
mkdir /tmp/debian-chroot
tar --xattrs --xattrs-include='*' --directory /tmp/debian-chroot -xf /tmp/debian-chroot-shifted.tar
echo "100000 100000" > /tmp/expected
stat --format="%u %g" /tmp/debian-chroot/bin/ping | diff -u /tmp/expected - >&2
echo "/tmp/debian-chroot/bin/ping cap_net_raw=ep" > /tmp/expected
getcap /tmp/debian-chroot/bin/ping | diff -u /tmp/expected - >&2
stat --format="%u %g" /tmp/debian-chroot/usr/bin/ping | diff -u /tmp/expected - >&2
echo "/tmp/debian-chroot/usr/bin/ping cap_net_raw=ep" > /tmp/expected
getcap /tmp/debian-chroot/usr/bin/ping | diff -u /tmp/expected - >&2
echo "0 0" > /tmp/expected
runuser -u user -- {{ CMD }} --unshare-helper /usr/sbin/chroot /tmp/debian-chroot stat --format="%u %g" /bin/ping \
runuser -u user -- {{ CMD }} --unshare-helper /usr/sbin/chroot /tmp/debian-chroot stat --format="%u %g" /usr/bin/ping \
| diff -u /tmp/expected - >&2
echo "/bin/ping cap_net_raw=ep" > /tmp/expected
runuser -u user -- {{ CMD }} --unshare-helper /usr/sbin/chroot /tmp/debian-chroot getcap /bin/ping \
echo "/usr/bin/ping cap_net_raw=ep" > /tmp/expected
runuser -u user -- {{ CMD }} --unshare-helper /usr/sbin/chroot /tmp/debian-chroot getcap /usr/bin/ping \
| diff -u /tmp/expected - >&2