Usually running dpkg-preconfigure is not a problem unless in in
chrootless mode, which apt-extracttemplates does not and can not support
because it cannot know that this is a chrootless installation. We
always turn it off for equivalent behavior in all modes. Running
dpkg-preconfigure should not be needed as we also have set
DEBIAN_FRONTEND=noninteractive and DEBCONF_NONINTERACTIVE_SEEN=true and
should thus never see debconf prompts.
Debian-Bug: #1091442
Both arguments do the same but --check-trustdb avoids user interaction
and is implemented in gpg-from-sq.
Closes: #1077600
Suggested-by: Blair Noctis <n@sail.ng>
Otherwise they might hog resources like /dev/null which can then not be
unmounted resulting in their mountpoints (the regular files) not being
removable and then the removal of device nodes in run_cleanup (if
mmdebstrap is run with --skip=output/dev) will fail.
Another potential solution would be to run each hook and apt invocation
in its own process namespace but this would require to remount /proc and
this in turn would require a new mount namespace as well but we'd like
to keep the mount namespace across multiple hooks...
Since systemd 256~rc3-3, /tmp is regularly cleaned up, removing files
older than 10 days. Since a rootfs contains files with timestamps
potentially much older than that, we exclude our temporary directory by
adding an exclusive lock on it which will stop systemd-tmpfiles from
cleaning up anything in it.
Thanks: Peter Pentchev <roam@ringlet.net>
This emulates what unshare(1) does by default or by passing
--propagation=private explicitly. Mounting and unmounting filesystems
will affect mounts outside the namespace which are marked as shared (see
last column of `findmnt -o+PROPAGATION`). Since mmdebstrap's goal is to
isolate the mounts in the new namespace, we perform the equivalent of
mount(NULL, "/", MS_REC | MS_PRIVATE, NULL);
from util-linux/sys-utils/unshare.c:set_propagation() which is in shell:
mount --make-rprivate /
See mount_namespaces(7) for details. Without setting this, unmounting
/sys (and its sub-mounts) in unshare mode as root user will also unmount
the sub-mounts of /sys on the outside of the namespace. This breaks
tests/unshare-as-root-user which will fail to shut down with the following
errors in the log:
[FAILED] Failed unmounting mnt.mount - /mnt.
[FAILED] Failed unmounting run-lock.mount - Legacy Locks Directory /run/lock.
[...]
[ OK ] Reached target poweroff.target - System Power Off.
Afterwards it will stall indefinitely. Stopping mmdebstrap from messing
with the /sys mounts on the outside stops this behaviour and allows to
cleanly shut down the virtual machine.
Thanks: Helmut Grohne