Guessing filenames is boring. What if we could ask apt to tell us which
debs it downloaded (or found lying around elsewhere) directly? Turns out
we can rather easily avoiding a bunch of guesswork.
EIPP stands for "External Installation Planner Protocol" and is rather
similar to EDSP but with the clear advantage that we can extract the
information we need more easily as we can tell apt to write the file for
us rather than playing solver-in-the-middle and the problem space is
much smaller meaning less data for apt to generate and to pass through
our hands.
The idea here is simply that every package which doesn't have a Status
field in EIPP has the uninstalled status and the only reason its is part
of the EIPP request is that we want to change this by installing it.
That could be verified via the Install header at the start of the
request, but this commit doesn't implement that.
Note that this means we need "more" than the download-only mode can
provide: Either a simulation or "the real deal". Except we modify the
later to be a fancy no op.
* remove_tree() requires the CWD to be accessible or fails with
cannot chdir to $CWD from $DIR_TO_DELETE: Permission denied, aborting.
* CWD is not always accessible -- example: run mmdebstrap from a
directory only accessible by the current user (like a tempdir) in
unshare mode
* find from findutils *also* requires CWD to be accessible but it's
easier to temporarily change CWD in a subprocess because using
there is no utility in perl core that changes CWD temporarily and
cleans up after itself
* we need to use find from findutils instead of rm in unshare mode
because the root directory itself might not be removable by the
unshared user so we only want to remove its subdirectories
- instead of throwing an error, just print a warning
- can now run as root without cap_sys_admin
- can now run without mount installed
- --skip=check/canmount is not needed anymore
- assume all entries in @devfiles to be in /dev
- allow for /dev, /sys and /proc not to exist in the target and print warning
- allow for /dev entries as well as /sys and /proc not to exist on the outside
- simplify umount by storing special options in @umountopts
- remove superfluous checks for root and unshare mode
- make sure /dev entries are less than 100 chars in size for tar
- even if the user is root, they might not have permission to mount
- check for CAP_SYS_ADMIN and unshare --mount before proceeding
- allow one to disable the check with --skip=check/canmount
- this is useful in container environments like docker
- this is useful when you are already root and want the benefits of
unsharing the mount namespace to prevent messing up your system
- if the unshare mode is used as root, the user namespace is not unshared
anymore and newuidmap, setuid and friends are not called anymore
- if the unshare mode is used as non-root test if the user namespace can be
unshared, otherwise test if the mount namespace can be unshared
- systemd didn't get fixed but somehow the order matches again (bug #963788)
- python is installable again (bug #968217)
- apt immediate configure was not fixed but src:glibc changed to not
trigger the bug anymore (bugs #973305, #973325 and #972552)