josch/mmdebstrap
2
3
Fork 6
Code Issues 8 Pull requests 1 Projects Releases Wiki Activity

Compare commits

base: josch:055e1719b95960496a0cda88535fd00e9a395516
Branches Tags
josch:main
josch:1.5.4
josch:1.5.3
josch:1.5.2
josch:1.5.1
josch:1.5.0
josch:1.4.3
josch:1.4.2
josch:1.4.1
josch:1.4.0
josch:1.3.8
josch:1.3.7
josch:1.3.6
josch:1.3.5
josch:1.3.4
josch:1.3.3
josch:1.3.2
josch:1.3.1
josch:1.3.0
josch:1.2.5
josch:1.2.4
josch:1.2.3
josch:1.2.2
josch:1.2.1
josch:1.2.0
josch:1.1.0
josch:1.0.1
josch:1.0.0
josch:0.8.6
josch:0.8.5
josch:0.8.4
josch:0.8.3
josch:0.8.2
josch:0.8.1
josch:0.8.0
josch:0.7.5
josch:0.7.4
josch:0.7.3
josch:0.7.2
josch:0.7.1
josch:0.7.0
josch:0.6.1
josch:0.6.0
josch:0.5.1
josch:0.5.0
josch:0.4.1
josch:0.4.0
josch:0.3.0
josch:0.2.0
josch:0.1.0
..
compare: josch:dd774b4f2008d98220ef3a24e959c21d0fcf27f9
Branches Tags
josch:main
josch:1.5.4
josch:1.5.3
josch:1.5.2
josch:1.5.1
josch:1.5.0
josch:1.4.3
josch:1.4.2
josch:1.4.1
josch:1.4.0
josch:1.3.8
josch:1.3.7
josch:1.3.6
josch:1.3.5
josch:1.3.4
josch:1.3.3
josch:1.3.2
josch:1.3.1
josch:1.3.0
josch:1.2.5
josch:1.2.4
josch:1.2.3
josch:1.2.2
josch:1.2.1
josch:1.2.0
josch:1.1.0
josch:1.0.1
josch:1.0.0
josch:0.8.6
josch:0.8.5
josch:0.8.4
josch:0.8.3
josch:0.8.2
josch:0.8.1
josch:0.8.0
josch:0.7.5
josch:0.7.4
josch:0.7.3
josch:0.7.2
josch:0.7.1
josch:0.7.0
josch:0.6.1
josch:0.6.0
josch:0.5.1
josch:0.5.0
josch:0.4.1
josch:0.4.0
josch:0.3.0
josch:0.2.0
josch:0.1.0

No commits in common. "055e1719b95960496a0cda88535fd00e9a395516" and "dd774b4f2008d98220ef3a24e959c21d0fcf27f9" have entirely different histories.
055e1719b9 ... dd774b4f20

9 changed files with 80 additions and 159 deletions
Show stats Expand all files Collapse all files

2
coverage.sh
View file

@ -69,7 +69,7 @@ mirror="http://127.0.0.1/debian"
export HAVE_QEMU HAVE_BINFMT RUN_MA_SAME_TESTS DEFAULT_DIST SOURCE_DATE_EPOCH CMD mirror export HAVE_QEMU HAVE_BINFMT RUN_MA_SAME_TESTS DEFAULT_DIST SOURCE_DATE_EPOCH CMD mirror
./coverage.py "$@" ./coverage.py
if [ -e shared/cover_db.img ]; then if [ -e shared/cover_db.img ]; then
# produce report inside the VM to make sure that the versions match or # produce report inside the VM to make sure that the versions match or

10
coverage.txt
View file

@ -283,16 +283,10 @@ Test: debootstrap-no-op-options
Needs-Root: true Needs-Root: true
Test: verbose Test: verbose
Variants: - standard Needs-Root: true
Skip-If:
variant == "-" and hostarch not in ["armel", "armhf", "mipsel"] # #1031276
variant == "standard" and hostarch in ["armel", "armhf", "mipsel"] # #1031276
Test: debug Test: debug
Variants: - standard Needs-Root: true
Skip-If:
variant == "-" and hostarch not in ["armel", "armhf", "mipsel"] # #1031276
variant == "standard" and hostarch in ["armel", "armhf", "mipsel"] # #1031276
Test: quiet Test: quiet
Needs-Root: true Needs-Root: true

28
make_mirror.sh
View file

@ -20,10 +20,7 @@ deletecache() {
return 1 return 1
fi fi
# be very careful with removing the old directory # be very careful with removing the old directory
# experimental is pulled in with USE_HOST_APT_CONFIG=yes on debci for dist in oldstable stable testing unstable; do
# when testing a package from experimental
for dist in oldstable stable testing unstable experimental; do
# deleting artifacts from test "debootstrap"
for variant in minbase buildd -; do for variant in minbase buildd -; do
if [ -e "$dir/debian-$dist-$variant.tar" ]; then if [ -e "$dir/debian-$dist-$variant.tar" ]; then
rm "$dir/debian-$dist-$variant.tar" rm "$dir/debian-$dist-$variant.tar"
@ -31,18 +28,6 @@ deletecache() {
echo "does not exist: $dir/debian-$dist-$variant.tar" >&2 echo "does not exist: $dir/debian-$dist-$variant.tar" >&2
fi fi
done done
# deleting artifacts from test "mmdebstrap"
for variant in essential apt minbase buildd - standard; do
for format in tar ext2 squashfs; do
if [ -e "$dir/mmdebstrap-$dist-$variant.$format" ]; then
# attempt to delete for all dists because DEFAULT_DIST might've been different the last time
rm "$dir/mmdebstrap-$dist-$variant.$format"
elif [ "$dist" = "$DEFAULT_DIST" ]; then
# only warn about non-existance when it's expected to exist
echo "does not exist: $dir/mmdebstrap-$dist-$variant.$format" >&2
fi
done
done
if [ -e "$dir/debian/dists/$dist" ]; then if [ -e "$dir/debian/dists/$dist" ]; then
rm --one-file-system --recursive "$dir/debian/dists/$dist" rm --one-file-system --recursive "$dir/debian/dists/$dist"
else else
@ -78,16 +63,11 @@ deletecache() {
rm --one-file-system "$f" rm --one-file-system "$f"
fi fi
done done
# on i386 and amd64, the intel-microcode and amd64-microcode packages if [ -e "$dir/debian/pool/main" ]; then
# from non-free-firwame get pulled in because they are rm --one-file-system --recursive "$dir/debian/pool/main"
# priority:standard with USE_HOST_APT_CONFIG=yes
for c in main non-free-firmware; do
if [ -e "$dir/debian/pool/$c" ]; then
rm --one-file-system --recursive "$dir/debian/pool/$c"
else else
echo "does not exist: $dir/debian/pool/$c" >&2 echo "does not exist: $dir/debian/pool/main" >&2
fi fi
done
if [ -e "$dir/debian-security/pool/updates/main" ]; then if [ -e "$dir/debian-security/pool/updates/main" ]; then
rm --one-file-system --recursive "$dir/debian-security/pool/updates/main" rm --one-file-system --recursive "$dir/debian-security/pool/updates/main"
else else

144
mmdebstrap
View file

@ -305,23 +305,14 @@ sub shellescape {
sub test_unshare_userns { sub test_unshare_userns {
my $verbose = shift; my $verbose = shift;
my $fail = shift; my $unshare_fail = shift;
if ($EFFECTIVE_USER_ID == 0) {
local *maybe_warn = sub { my $msg = "cannot unshare user namespace when executing as root";
my $msg = shift;
if ($verbose) { if ($verbose) {
if ($fail) {
error $msg;
} else {
warning $msg; warning $msg;
}
} else { } else {
debug $msg; debug $msg;
} }
};
if ($EFFECTIVE_USER_ID == 0) {
maybe_warn("cannot unshare user namespace when executing as root");
return 0; return 0;
} }
# arguments to syscalls have to be stored in their own variable or # arguments to syscalls have to be stored in their own variable or
@ -335,7 +326,12 @@ sub test_unshare_userns {
if ($ret == 0) { if ($ret == 0) {
exit 0; exit 0;
} else { } else {
maybe_warn("unshare syscall failed: $!"); my $msg = "unshare syscall failed: $!";
if ($verbose) {
warning $msg;
} else {
debug $msg;
}
exit 1; exit 1;
} }
} }
@ -348,140 +344,120 @@ sub test_unshare_userns {
system "newuidmap 2>/dev/null"; system "newuidmap 2>/dev/null";
if (($? >> 8) != 1) { if (($? >> 8) != 1) {
if (($? >> 8) == 127) { if (($? >> 8) == 127) {
maybe_warn("cannot find newuidmap"); my $msg = "cannot find newuidmap";
if ($verbose) {
if ($unshare_fail) {
error $msg;
} else { } else {
maybe_warn("newuidmap returned unknown exit status: $?"); warning $msg;
}
} else {
debug $msg;
}
} else {
my $msg = "newuidmap returned unknown exit status: $?";
if ($verbose) {
warning $msg;
} else {
debug $msg;
}
} }
return 0; return 0;
} }
system "newgidmap 2>/dev/null"; system "newgidmap 2>/dev/null";
if (($? >> 8) != 1) { if (($? >> 8) != 1) {
if (($? >> 8) == 127) { if (($? >> 8) == 127) {
maybe_warn("cannot find newgidmap"); my $msg = "cannot find newgidmap";
} else {
maybe_warn("newgidmap returned unknown exit status: $?");
}
return 0;
}
my @idmap = read_subuid_subgid($verbose);
if (scalar @idmap == 0) {
maybe_warn("failed to parse /etc/subuid and /etc/subgid");
return 0;
}
# too much can go wrong when doing the dance required to unsharing the user
# namespace, so instead of adding more complexity to support maybe_warn()
# to a function that is already too complex, we use eval()
eval {
$pid = get_unshare_cmd(
sub {
if ($EFFECTIVE_USER_ID == 0) {
exit 0;
} else {
exit 1;
}
},
\@idmap
);
waitpid $pid, 0;
if ($? != 0) {
maybe_warn("failed to unshare the user namespace");
return 0;
}
};
if ($@) {
maybe_warn($@);
return 0;
}
return 1;
}
sub read_subuid_subgid {
my $verbose = shift;
my @result = ();
my $username = getpwuid $REAL_USER_ID;
my ($subid, $num_subid, $fh, $n);
local *maybe_warn = sub {
my $msg = shift;
if ($verbose) { if ($verbose) {
warning $msg; warning $msg;
} else { } else {
debug $msg; debug $msg;
} }
}; } else {
my $msg = "newgidmap returned unknown exit status: $?";
if ($verbose) {
warning $msg;
} else {
debug $msg;
}
}
return 0;
}
return 1;
}
sub read_subuid_subgid() {
my $username = getpwuid $REAL_USER_ID;
my ($subid, $num_subid, $fh, $n);
my @result = ();
if (!-e "/etc/subuid") { if (!-e "/etc/subuid") {
maybe_warn("/etc/subuid doesn't exist"); warning "/etc/subuid doesn't exist";
return; return;
} }
if (!-r "/etc/subuid") { if (!-r "/etc/subuid") {
maybe_warn("/etc/subuid is not readable"); warning "/etc/subuid is not readable";
return; return;
} }
open $fh, "<", "/etc/subuid" open $fh, "<", "/etc/subuid"
or maybe_warn("cannot open /etc/subuid for reading: $!"); or error "cannot open /etc/subuid for reading: $!";
if (!$fh) {
return;
}
while (my $line = <$fh>) { while (my $line = <$fh>) {
($n, $subid, $num_subid) = split(/:/, $line, 3); ($n, $subid, $num_subid) = split(/:/, $line, 3);
last if ($n eq $username); last if ($n eq $username);
} }
close $fh; close $fh;
if (!length $subid) { if (!length $subid) {
maybe_warn("/etc/subuid is empty"); warning "/etc/subuid is empty";
return; return;
} }
if ($n ne $username) { if ($n ne $username) {
maybe_warn("no entry in /etc/subuid for $username"); warning "no entry in /etc/subuid for $username";
return; return;
} }
push @result, ["u", 0, $subid, $num_subid]; push @result, ["u", 0, $subid, $num_subid];
if (scalar(@result) < 1) { if (scalar(@result) < 1) {
maybe_warn("/etc/subuid does not contain an entry for $username"); warning "/etc/subuid does not contain an entry for $username";
return; return;
} }
if (scalar(@result) > 1) { if (scalar(@result) > 1) {
maybe_warn("/etc/subuid contains multiple entries for $username"); warning "/etc/subuid contains multiple entries for $username";
return; return;
} }
if (!-e "/etc/subgid") { if (!-e "/etc/subgid") {
maybe_warn("/etc/subgid doesn't exist"); warning "/etc/subgid doesn't exist";
return; return;
} }
if (!-r "/etc/subgid") { if (!-r "/etc/subgid") {
maybe_warn("/etc/subgid is not readable"); warning "/etc/subgid is not readable";
return; return;
} }
open $fh, "<", "/etc/subgid" open $fh, "<", "/etc/subgid"
or maybe_warn("cannot open /etc/subgid for reading: $!"); or error "cannot open /etc/subgid for reading: $!";
if (!$fh) {
return;
}
while (my $line = <$fh>) { while (my $line = <$fh>) {
($n, $subid, $num_subid) = split(/:/, $line, 3); ($n, $subid, $num_subid) = split(/:/, $line, 3);
last if ($n eq $username); last if ($n eq $username);
} }
close $fh; close $fh;
if (!length $subid) { if (!length $subid) {
maybe_warn("/etc/subgid is empty"); warning "/etc/subgid is empty";
return; return;
} }
if ($n ne $username) { if ($n ne $username) {
maybe_warn("no entry in /etc/subgid for $username"); warning "no entry in /etc/subgid for $username";
return; return;
} }
push @result, ["g", 0, $subid, $num_subid]; push @result, ["g", 0, $subid, $num_subid];
if (scalar(@result) < 2) { if (scalar(@result) < 2) {
maybe_warn("/etc/subgid does not contain an entry for $username"); warning "/etc/subgid does not contain an entry for $username";
return; return;
} }
if (scalar(@result) > 2) { if (scalar(@result) > 2) {
maybe_warn("/etc/subgid contains multiple entries for $username"); warning "/etc/subgid contains multiple entries for $username";
return; return;
} }
@ -4377,7 +4353,7 @@ sub main() {
} }
my @idmap = (); my @idmap = ();
if ($EFFECTIVE_USER_ID != 0) { if ($EFFECTIVE_USER_ID != 0) {
@idmap = read_subuid_subgid 1; @idmap = read_subuid_subgid;
} }
my $pid = get_unshare_cmd( my $pid = get_unshare_cmd(
sub { sub {
@ -5689,7 +5665,7 @@ sub main() {
# for unshare mode the rootfs directory has to have appropriate # for unshare mode the rootfs directory has to have appropriate
# permissions # permissions
if ($EFFECTIVE_USER_ID != 0 and $options->{mode} eq 'unshare') { if ($EFFECTIVE_USER_ID != 0 and $options->{mode} eq 'unshare') {
@idmap = read_subuid_subgid 1; @idmap = read_subuid_subgid;
# sanity check # sanity check
if ( scalar(@idmap) != 2 if ( scalar(@idmap) != 2
|| $idmap[0][0] ne 'u' || $idmap[0][0] ne 'u'

11
tests/check-for-bit-by-bit-identical-format-output
View file

@ -5,21 +5,14 @@ export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }}
trap "rm -f /tmp/debian-chroot-{{ MODE }}.{{ FORMAT }}" EXIT INT TERM trap "rm -f /tmp/debian-chroot-{{ MODE }}.{{ FORMAT }}" EXIT INT TERM
case {{ MODE }} in unshare|fakechroot) : ;; *) exit 1;; esac if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
prefix=
if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && [ "{{ MODE }}" != "auto" ]; then
if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
if [ ! -e /mmdebstrap-testenv ]; then if [ ! -e /mmdebstrap-testenv ]; then
echo "this test modifies the system and should only be run inside a container" >&2 echo "this test modifies the system and should only be run inside a container" >&2
exit 1 exit 1
fi fi
useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}" useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
fi
prefix="runuser -u ${SUDO_USER:-user} --"
fi fi
runuser -u "${SUDO_USER:-user}" -- {{ CMD }} --mode={{ MODE }} --variant={{ VARIANT }} {{ DIST }} /tmp/debian-chroot-{{ MODE }}.{{ FORMAT }} {{ MIRROR }}
$prefix {{ CMD }} --mode={{ MODE }} --variant={{ VARIANT }} {{ DIST }} /tmp/debian-chroot-{{ MODE }}.{{ FORMAT }} {{ MIRROR }}
cmp ./cache/mmdebstrap-{{ DIST }}-{{ VARIANT }}.{{ FORMAT }} /tmp/debian-chroot-{{ MODE }}.{{ FORMAT }} \ cmp ./cache/mmdebstrap-{{ DIST }}-{{ VARIANT }}.{{ FORMAT }} /tmp/debian-chroot-{{ MODE }}.{{ FORMAT }} \
|| diffoscope ./cache/mmdebstrap-{{ DIST }}-{{ VARIANT }}.{{ FORMAT }} /tmp/debian-chroot-{{ MODE }}.{{ FORMAT }} || diffoscope ./cache/mmdebstrap-{{ DIST }}-{{ VARIANT }}.{{ FORMAT }} /tmp/debian-chroot-{{ MODE }}.{{ FORMAT }}

17
tests/debug
View file

@ -1,17 +1,6 @@
#!/bin/sh #!/bin/sh
set -eu set -eu
export LC_ALL=C.UTF-8 export LC_ALL=C.UTF-8
export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }} {{ CMD }} --mode=root --variant=apt --debug {{ DIST }} /tmp/debian-chroot {{ MIRROR }}
tar -C /tmp/debian-chroot --one-file-system -c . | tar -t | sort | diff -u tar1.txt -
trap "rm -f /tmp/debian-chroot.tar" EXIT INT TERM rm -r /tmp/debian-chroot
# we use variant standard in verbose mode to see the maximum number of packages
# that was chosen in case of USE_HOST_APT_CONFIG=yes
# we use variant important on arches where variant standard is not bit-by-bit
# reproducible due to #1031276
case {{ VARIANT }} in standard|-) : ;; *) exit 1;; esac
{{ CMD }} --variant={{ VARIANT }} --debug {{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }}
cmp ./cache/mmdebstrap-{{ DIST }}-{{ VARIANT }}.tar /tmp/debian-chroot.tar \
|| diffoscope ./cache/mmdebstrap-{{ DIST }}-{{ VARIANT }}.tar /tmp/debian-chroot.tar

2
tests/fail-without-etc-subuid
View file

@ -13,4 +13,4 @@ if [ "$ret" = 0 ]; then
echo expected failure but got exit $ret >&2 echo expected failure but got exit $ret >&2
exit 1 exit 1
fi fi
[ ! -e /tmp/debian-chroot ] rm -r /tmp/debian-chroot

2
tests/fail-without-username-in-etc-subuid
View file

@ -14,4 +14,4 @@ if [ "$ret" = 0 ]; then
echo expected failure but got exit $ret >&2 echo expected failure but got exit $ret >&2
exit 1 exit 1
fi fi
[ ! -e /tmp/debian-chroot ] rm -r /tmp/debian-chroot

17
tests/verbose
View file

@ -1,17 +1,6 @@
#!/bin/sh #!/bin/sh
set -eu set -eu
export LC_ALL=C.UTF-8 export LC_ALL=C.UTF-8
export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }} {{ CMD }} --mode=root --variant=apt --verbose {{ DIST }} /tmp/debian-chroot {{ MIRROR }}
tar -C /tmp/debian-chroot --one-file-system -c . | tar -t | sort | diff -u tar1.txt -
trap "rm -f /tmp/debian-chroot.tar" EXIT INT TERM rm -r /tmp/debian-chroot
# we use variant standard in verbose mode to see the maximum number of packages
# that was chosen in case of USE_HOST_APT_CONFIG=yes
# we use variant important on arches where variant standard is not bit-by-bit
# reproducible due to #1031276
case {{ VARIANT }} in standard|-) : ;; *) exit 1;; esac
{{ CMD }} --variant={{ VARIANT }} --verbose {{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }}
cmp ./cache/mmdebstrap-{{ DIST }}-{{ VARIANT }}.tar /tmp/debian-chroot.tar \
|| diffoscope ./cache/mmdebstrap-{{ DIST }}-{{ VARIANT }}.tar /tmp/debian-chroot.tar