tests: changelog.Debian.$foreign_arch.gz files are not always present

coverage.txt

@@ -433,4 +433,4 @@ Test: skip-output-mknod
 Modes: root unshare
 
 Test: skip-tar-in-mknod
-Modes: unshare
+Modes: root

hooks/copy-host-apt-sources-and-preferences/setup00.sh

@@ -1,4 +1,13 @@
 #!/bin/sh
+#
+# This script makes sure that the apt sources.list and preferences from outside
+# the chroot also exist inside the chroot by *appending* them to any existing
+# files. If you do not want to keep the original content, add another setup
+# hook before this one which cleans up the files you don't want to keep.
+#
+# If instead of copying sources.list verbatim you want to mangle its contents,
+# consider using python-apt for that. An example can be found in the Debian
+# packaging of mmdebstrap in ./debian/tests/sourcesfilter
 
 set -eu
 

hooks/file-mirror-automount/setup00.sh

@@ -15,7 +15,7 @@ env APT_CONFIG="$MMDEBSTRAP_APT_CONFIG" apt-get indextargets --no-release-info -
 	| while read -r path; do
 		mkdir -p "$rootdir/run/mmdebstrap"
 		if [ ! -d "/$path" ]; then
-			echo "/$path is not an existing directory" >&2
+			echo "W: /$path is not an existing directory" >&2
 			continue
 		fi
 		case $MMDEBSTRAP_MODE in

hooks/maybe-merged-usr/essential00.sh

@@ -15,6 +15,10 @@ case "$ver" in
 		echo "usr-is-merged package from src:usrmerge installed -- not running merged-usr essential hook" >&2
 		exit 0
 		;;
+	'not-installed  ')
+		echo "usr-is-merged was not installed in a previous hook -- not running merged-usr essential hook" >&2
+		exit 0
+		;;
 	*)
 		echo "unexpected situation for package usr-is-merged: $ver" >&2
 		exit 1

hooks/maybe-merged-usr/extract00.sh

@@ -4,12 +4,22 @@ set -eu
 
 env --chdir="$1" APT_CONFIG="$MMDEBSTRAP_APT_CONFIG" apt-get update --error-on=any
 
-# if the usr-is-merged package cannot be installed with apt, do nothing
-if ! env --chdir="$1" APT_CONFIG="$MMDEBSTRAP_APT_CONFIG" apt-cache show --no-all-versions usr-is-merged > /dev/null 2>&1; then
-	echo "no package called usr-is-merged found -- not running merged-usr extract hook" >&2
-	exit 0
+if env --chdir="$1" APT_CONFIG="$MMDEBSTRAP_APT_CONFIG" apt-cache show --no-all-versions usr-is-merged > /dev/null 2>&1; then
+	# if apt-cache exited successfully, then usr-is-merged exists either as
+	# a real or virtual package
+	if env --chdir="$1" APT_CONFIG="$MMDEBSTRAP_APT_CONFIG" apt-cache show --no-all-versions usr-is-merged 2>/dev/null | grep -q "Package: usr-is-merged"; then
+		echo "usr-is-merged found -- running merged-usr extract hook" >&2
+	else
+		# The usr-is-merged must be virtual, so assume that nothing
+		# has to be done. This is the case with Debian Trixie or later
+		# or with Ubuntu Lunar or later
+		echo "usr-is-merged found but not real -- not running merged-usr extract hook" >&2
+		exit 0
+	fi
 else
-	echo "package usr-is-merged found -- running merged-usr extract hook" >&2
+	# if the usr-is-merged package cannot be installed with apt, do nothing
+	echo "no package providing usr-is-merged found -- not running merged-usr extract hook" >&2
+	exit 0
 fi
 
 # resolve the script path using several methods in order:

hooks/maybe-merged-usr/setup00.sh

@@ -4,12 +4,22 @@ set -eu
 
 env --chdir="$1" APT_CONFIG="$MMDEBSTRAP_APT_CONFIG" apt-get update --error-on=any
 
-# if the usr-is-merged package cannot be installed with apt, do nothing
-if ! env --chdir="$1" APT_CONFIG="$MMDEBSTRAP_APT_CONFIG" apt-cache show --no-all-versions usr-is-merged > /dev/null 2>&1; then
-	echo "no package called usr-is-merged found -- not running merged-usr setup hook" >&2
-	exit 0
+if env --chdir="$1" APT_CONFIG="$MMDEBSTRAP_APT_CONFIG" apt-cache show --no-all-versions usr-is-merged > /dev/null 2>&1; then
+	# if apt-cache exited successfully, then usr-is-merged exists either as
+	# a real or virtual package
+	if env --chdir="$1" APT_CONFIG="$MMDEBSTRAP_APT_CONFIG" apt-cache show --no-all-versions usr-is-merged 2>/dev/null | grep -q "Package: usr-is-merged"; then
+		echo "usr-is-merged found -- running merged-usr setup hook" >&2
+	else
+		# The usr-is-merged must be virtual, so assume that nothing
+		# has to be done. This is the case with Debian Trixie or later
+		# or with Ubuntu Lunar or later
+		echo "usr-is-merged found but not real -- not running merged-usr setup hook" >&2
+		exit 0
+	fi
 else
-	echo "package usr-is-merged found -- running merged-usr setup hook" >&2
+	# if the usr-is-merged package cannot be installed with apt, do nothing
+	echo "no package providing usr-is-merged found -- not running merged-usr setup hook" >&2
+	exit 0
 fi
 
 # resolve the script path using several methods in order:

make_mirror.sh

@@ -236,7 +236,11 @@ END
 	esac
 
 	# shellcheck disable=SC2086
-	APT_CONFIG="$rootdir/etc/apt/apt.conf" apt-get --yes install $pkgs
+	APT_CONFIG="$rootdir/etc/apt/apt.conf" apt-get --yes install $pkgs \
+		|| APT_CONFIG="$rootdir/etc/apt/apt.conf" apt-get --yes install \
+			-oDebug::pkgProblemResolver=true -oDebug::pkgDepCache::Marker=1 \
+			-oDebug::pkgDepCache::AutoInstall=1 \
+			$pkgs
 
 	rm "$rootdir/var/cache/apt/archives/lock"
 	rmdir "$rootdir/var/cache/apt/archives/partial"
@@ -453,6 +457,7 @@ if [ "$HAVE_QEMU" = "yes" ]; then
 	if [ ! -e ./mmdebstrap ]; then
 		pkgs="$pkgs,mmdebstrap"
 	fi
+	pkgs="$pkgs,auditd"
 	arches=$HOSTARCH
 	if [ "$RUN_MA_SAME_TESTS" = "yes" ]; then
 		case "$HOSTARCH" in

mmdebstrap

@@ -6877,7 +6877,24 @@ Or without LXC:
 
     $ mmdebstrap --unshare-helper /usr/sbin/chroot ./debian-rootfs /bin/bash
 
-Or, if you don't mind using superuser privileges and have systemd-nspawn
+Or without mmdebstrap:
+
+    $ unshare --map-auto --map-user=65536 --map-group=65536 --keep-caps -- \
+    > /usr/sbin/chroot ./debian-rootfs /bin/bash
+
+The above uses C<--map-auto> to map the block of user/group ids for the
+effective user/group to a block starting at user/group ID 0. We also want to
+map the current effective user/group ID into the subuid/subgid range using
+C<--map-user> and C<--map-group>, respectively. But if that uid/gid overlaps
+with the respective range, a "hole" will be removed from the mapping and the
+remaining uid/gid values will get shifted. Thus, we map the current effective
+user/group ID to the highest possible uid/gid, putting them at the end. Since
+that means that the user/group will be "nobody" and not "root" inside the
+namespace, C<--keep-caps> propagate permitted capabilities into the ambient set
+and thus give the user C<CAP_DAC_OVERRIDE> and other capabilities that it
+would've had.
+
+Lastly, if you don't mind using superuser privileges and have systemd-nspawn
 available and you know your subuid/subgid offset (100000 in this example):
 
     $ sudo systemd-nspawn --private-users=100000 \
@@ -6888,6 +6905,11 @@ Instead, use something like this:
 
     $ unshare --map-root-user --map-auto rm -rf ./debian-rootfs
 
+The above L<unshare(1)> command will map user and group ids into different
+ranges compared to the mapping used by B<mmdebstrap> (effectively shifting them
+one up) but it will provide the required capabilities for the removal
+operation.
+
 If this mode is used as the root user, the user namespace is not unshared (but
 the mount namespace and other still are) and created directories will have
 correct ownership information. This is also useful in cases where the root user

mmdebstrap-autopkgtest-build-qemu

@@ -308,12 +308,15 @@ FAT_SIZE_SECTORS=$((1024*254))
 #  - users who prefer qcow2 get to choose to run it themselves with their own
 #    custom options like compression
 #
+# --map-users=auto --map-user=0     => 0:$UID:1 + 1:$SUBUIDBASE:65535
+# --map-users=auto --map-user=65536 => 0:$SUBUIDBASE:65536 + 65536:$UID:1
+#
 # Make the image writeable to the first subgid. mmdebstrap will map this gid to
 # the root group. unshare instead will map the current gid to 0 and the first
 # subgid to 1. Therefore mmdebstrap will be able to write to the image.
 rm -f "$IMAGE"
 : >"$IMAGE"
-unshare -U -r --map-groups=auto chown 0:1 "$IMAGE"
+unshare --map-user=0 --map-group=0 --map-groups=auto chown 0:1 "$IMAGE"
 chmod 0660 "$IMAGE"
 
 # Make sure that the unshared user is able to access the file.

tests/include-foreign-libmagic-mgc

@@ -30,7 +30,7 @@ export LC_ALL=C.UTF-8
 { echo "$native_arch"; echo "$foreign_arch"; } | cmp /tmp/debian-chroot/var/lib/dpkg/arch -
 rm /tmp/debian-chroot/usr/lib/file/magic.mgc
 rm /tmp/debian-chroot/usr/share/doc/libmagic-mgc/README.Debian
-rm /tmp/debian-chroot/usr/share/doc/libmagic-mgc/"changelog.Debian.$foreign_arch.gz"
+rm -f /tmp/debian-chroot/usr/share/doc/libmagic-mgc/"changelog.Debian.$foreign_arch.gz"
 rm /tmp/debian-chroot/usr/share/doc/libmagic-mgc/changelog.Debian.gz
 rm /tmp/debian-chroot/usr/share/doc/libmagic-mgc/changelog.gz
 rm /tmp/debian-chroot/usr/share/doc/libmagic-mgc/copyright

tests/include-foreign-libmagic-mgc-with-multiple-arch-options

@@ -31,7 +31,7 @@ export LC_ALL=C.UTF-8
 { echo "$native_arch"; echo "$foreign_arch"; } | cmp /tmp/debian-chroot/var/lib/dpkg/arch -
 rm /tmp/debian-chroot/usr/lib/file/magic.mgc
 rm /tmp/debian-chroot/usr/share/doc/libmagic-mgc/README.Debian
-rm /tmp/debian-chroot/usr/share/doc/libmagic-mgc/"changelog.Debian.$foreign_arch.gz"
+rm -f /tmp/debian-chroot/usr/share/doc/libmagic-mgc/"changelog.Debian.$foreign_arch.gz"
 rm /tmp/debian-chroot/usr/share/doc/libmagic-mgc/changelog.Debian.gz
 rm /tmp/debian-chroot/usr/share/doc/libmagic-mgc/changelog.gz
 rm /tmp/debian-chroot/usr/share/doc/libmagic-mgc/copyright

tests/install-libmagic-mgc-on-foreign

@@ -37,7 +37,7 @@ rm /tmp/debian-chroot/usr/share/doc/libmagic-mgc/README.Debian
 rm /tmp/debian-chroot/usr/share/doc/libmagic-mgc/changelog.Debian.gz
 rm /tmp/debian-chroot/usr/share/doc/libmagic-mgc/changelog.gz
 rm /tmp/debian-chroot/usr/share/doc/libmagic-mgc/copyright
-rm /tmp/debian-chroot/usr/share/doc/libmagic-mgc/"changelog.Debian.$foreign_arch.gz"
+rm -f /tmp/debian-chroot/usr/share/doc/libmagic-mgc/"changelog.Debian.$foreign_arch.gz"
 rm /tmp/debian-chroot/usr/share/file/magic.mgc
 rm /tmp/debian-chroot/usr/share/misc/magic.mgc
 # delete real files

tests/skip-tar-in-mknod

@@ -3,7 +3,7 @@ set -eu
 export LC_ALL=C.UTF-8
 export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }}
 
-[ {{ MODE }} = "unshare" ]
+#[ {{ MODE }} = "unshare" ]
 
 trap "rm -f /tmp/debian-chroot.tar" EXIT INT TERM
 
@@ -22,7 +22,8 @@ fi
 $prefix {{ CMD }} --mode={{ MODE }} --variant=custom \
 	--skip=update,setup,cleanup,tar-in/mknod \
 	--setup-hook='tar-in ./cache/mmdebstrap-{{ DIST }}-apt.tar /' \
-	'' /tmp/debian-chroot.tar
+	--setup-hook='/sbin/auditctl -w "$1" -p wxa -k mykey' \
+	'' /tmp/debian-chroot.tar || /sbin/ausearch --format text -k mykey
 
 cmp ./cache/mmdebstrap-{{ DIST }}-apt.tar /tmp/debian-chroot.tar \
 	|| diffoscope ./cache/mmdebstrap-{{ DIST }}-apt.tar /tmp/debian-chroot.tar