Johannes Schauer Marin Rodrigues
5a3d1ab5c4
- assume all entries in @devfiles to be in /dev - allow for /dev, /sys and /proc not to exist in the target and print warning - allow for /dev entries as well as /sys and /proc not to exist on the outside - simplify umount by storing special options in @umountopts - remove superfluous checks for root and unshare mode - make sure /dev entries are less than 100 chars in size for tar |
||
---|---|---|
examples/twb | ||
hooks | ||
.gitignore | ||
.perltidyrc | ||
CHANGELOG.md | ||
coverage.sh | ||
make_mirror.sh | ||
mmdebstrap | ||
proxysolver | ||
README.md | ||
run_null.sh | ||
run_qemu.sh | ||
tarfilter | ||
taridshift |
mmdebstrap
An alternative to debootstrap which uses apt internally and is thus able to use more than one mirror and resolve more complex dependencies.
Usage
Use like debootstrap:
sudo mmdebstrap unstable ./unstable-chroot
Without superuser privileges:
mmdebstrap unstable unstable-chroot.tar
With complex apt options:
cat /etc/apt/sources.list | mmdebstrap > unstable-chroot.tar
For the full documentation use:
pod2man ./mmdebstrap | man -l -
The sales pitch in comparison to debootstrap
Summary:
- more than one mirror possible
- security and updates mirror included for Debian stable chroots
- twice as fast
- chroot with apt in 11 seconds
- gzipped tarball with apt is 27M small
- bit-by-bit reproducible output
- unprivileged operation using Linux user namespaces, fakechroot or proot
- can operate on filesystems mounted with nodev
- foreign architecture chroots with qemu-user
- variant installing only Essential:yes packages and dependencies
- temporary chroots by redirecting to /dev/null
The author believes that a chroot of a Debian stable release should include the latest packages including security fixes by default. This has been a wontfix with debootstrap since 2009 (See #543819 and #762222). Since mmdebstrap uses apt internally, support for multiple mirrors comes for free and stable or oldstable chroots will include security and updates mirrors.
A side-effect of using apt is being twice as fast as debootstrap. The timings were carried out on a laptop with an Intel Core i5-5200U, using a mirror on localhost and a tmpfs.
variant | mmdebstrap | debootstrap |
---|---|---|
essential | 9.52 s | n.a |
apt | 10.98 s | n.a |
minbase | 13.54 s | 26.37 s |
buildd | 21.31 s | 34.85 s |
- | 23.01 s | 48.83 s |
Apt considers itself an Essential: yes
package. This feature allows one to
create a chroot containing just the Essential: yes
packages and apt (and
their hard dependencies) in just 11 seconds.
If desired, a most minimal chroot with just the Essential: yes
packages and
their hard dependencies can be created with a gzipped tarball size of just 34M.
By using dpkg's --path-exclude
option to exclude documentation, even smaller
gzipped tarballs of 21M in size are possible. If apt is included, the result is
a gzipped tarball of only 27M.
These small sizes are also achieved because apt caches and other cruft is
stripped from the chroot. This also makes the result bit-by-bit
reproducible if the $SOURCE_DATE_EPOCH
environment variable is set.
The author believes, that it should not be necessary to have superuser privileges to create a file (the chroot tarball) in one's home directory. Thus, mmdebstrap provides multiple options to create a chroot tarball with the right permissions without superuser privileges. Depending on what is available, it uses either Linux user namespaces, fakechroot or proot. Debootstrap supports fakechroot but will not create a tarball with the right permissions by itself. Support for Linux user namespaces and proot is missing (see bugs #829134 and #698347, respectively).
When creating a chroot tarball with debootstrap, the temporary chroot directory cannot be on a filesystem that has been mounted with nodev. In unprivileged mode, mknod is never used, which means that /tmp can be used as a temporary directory location even if if it's mounted with nodev as a security measure.
If the chroot architecture cannot be executed by the current machine, qemu-user is used to allow one to create a foreign architecture chroot.
Limitations in comparison to debootstrap
Debootstrap supports creating a Debian chroot on non-Debian systems but mmdebstrap requires apt and is thus limited to Debian and derivatives.
There is no SCRIPT
argument.
The following options, don't exist: --second-stage
, --exclude
,
--resolve-deps
, --force-check-gpg
, --merged-usr
and --no-merged-usr
.
Tests
The script coverage.sh
runs mmdebstrap in all kind of scenarios to execute
all code paths of the script. It verifies its output in each scenario and
displays the results gathered with Devel::Cover. It also compares the output of
mmdebstrap with debootstrap in several scenarios. To run the testsuite, run:
./make_mirror.sh
CMD=./mmdebstrap ./coverage.sh
To also generate perl Devel::Cover data, omit the CMD
environment variable.
But that will also take a lot longer.
The make_mirror.sh
script will be a no-op if nothing changed in Debian
unstable. You don't need to run make_mirror.sh
before every invocation of
coverage.sh
. When you make changes to make_mirror.sh
and want to regenerate
the cache, run:
touch -d yesterday shared/cache/debian/dists/unstable/Release
The script coverage.sh
does not need an active internet connection by
default. An online connection is only needed by the make_mirror.sh
script
which fills a local cache with a few minimal Debian mirror copies.
By default, coverage.sh
will skip running a single test which tries creating
a Ubuntu Focal chroot. To not skip that test, run coverage.sh
with the
environment variable ONLINE=yes
.
Bugs
mmdebstrap has bugs. Report them here: https://gitlab.mister-muffin.de/josch/mmdebstrap/issues
Contributors
- Johannes Schauer (main author)
- Helmut Grohne
- Benjamin Drung
- Steve Dodd