Compare commits
11 commits
5d8943b739
...
632a918780
Author | SHA1 | Date | |
---|---|---|---|
632a918780 | |||
6ba6d10c4f | |||
4f811b7117 | |||
ff2910a746 | |||
0da6f103a1 | |||
388c7980d3 | |||
8bc6a4daa9 | |||
0383efc554 | |||
1b0f7f1138 | |||
79ae6f03fd | |||
88619e4d9c |
4 changed files with 178 additions and 58 deletions
|
@ -1,3 +1,10 @@
|
|||
0.8.3 (2022-01-08)
|
||||
------------------
|
||||
|
||||
- allow codenames with apt patterns (requires apt >= 2.3.14)
|
||||
- don't overwrite existing files in setup code
|
||||
- don't copy in qemu-user-static binary if it's not needed
|
||||
|
||||
0.8.2 (2021-12-14)
|
||||
------------------
|
||||
|
||||
|
|
59
coverage.sh
59
coverage.sh
|
@ -127,7 +127,7 @@ if [ ! -e shared/hooks/eatmydata/customize.sh ] || [ hooks/eatmydata/customize.s
|
|||
fi
|
||||
fi
|
||||
starttime=
|
||||
total=177
|
||||
total=182
|
||||
skipped=0
|
||||
runtests=0
|
||||
i=1
|
||||
|
@ -533,6 +533,34 @@ else
|
|||
runtests=$((runtests+1))
|
||||
fi
|
||||
|
||||
# make sure that using codenames works https://bugs.debian.org/cgi-bin/1003191
|
||||
for dist in oldstable stable testing unstable; do
|
||||
print_header "mode=$defaultmode,variant=apt: test $dist using codename"
|
||||
cat << END > shared/test.sh
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
export LC_ALL=C.UTF-8
|
||||
/usr/lib/apt/apt-helper download-file "$mirror/dists/$dist/Release" Release
|
||||
codename=\$(awk '/^Codename: / { print \$2; }' Release)
|
||||
rm Release
|
||||
$CMD --mode=$defaultmode --variant=apt \$codename /tmp/debian-chroot.tar $mirror
|
||||
if [ "$dist" = "$DEFAULT_DIST" ]; then
|
||||
tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -
|
||||
fi
|
||||
rm /tmp/debian-chroot.tar
|
||||
END
|
||||
if [ "$HAVE_QEMU" = "yes" ]; then
|
||||
./run_qemu.sh
|
||||
runtests=$((runtests+1))
|
||||
elif [ "$defaultmode" = "root" ]; then
|
||||
./run_null.sh SUDO
|
||||
runtests=$((runtests+1))
|
||||
else
|
||||
./run_null.sh
|
||||
runtests=$((runtests+1))
|
||||
fi
|
||||
done
|
||||
|
||||
print_header "mode=unshare,variant=apt: fail without /etc/subuid"
|
||||
cat << END > shared/test.sh
|
||||
#!/bin/sh
|
||||
|
@ -1988,6 +2016,35 @@ else
|
|||
skipped=$((skipped+1))
|
||||
fi
|
||||
|
||||
print_header "mode=root,variant=apt: test ascii armored keys"
|
||||
cat << END > shared/test.sh
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
export LC_ALL=C.UTF-8
|
||||
if [ ! -e /mmdebstrap-testenv ]; then
|
||||
echo "this test modifies the system and should only be run inside a container" >&2
|
||||
exit 1
|
||||
fi
|
||||
for f in /usr/share/keyrings/*.gpg; do
|
||||
name=\$(basename "\$f" .gpg)
|
||||
gpg --enarmor < /usr/share/keyrings/\$name.gpg \
|
||||
| sed 's/ PGP ARMORED FILE/ PGP PUBLIC KEY BLOCK/;/^Comment: /d' \
|
||||
> /etc/apt/trusted.gpg.d/\$name.asc
|
||||
done
|
||||
rm /etc/apt/trusted.gpg.d/*.gpg
|
||||
rm /usr/share/keyrings/*.gpg
|
||||
$CMD --mode=root --variant=apt $DEFAULT_DIST /tmp/debian-chroot.tar $mirror
|
||||
tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -
|
||||
rm -r /tmp/debian-chroot.tar
|
||||
END
|
||||
if [ "$HAVE_QEMU" = "yes" ]; then
|
||||
./run_qemu.sh
|
||||
runtests=$((runtests+1))
|
||||
else
|
||||
echo "HAVE_QEMU != yes -- Skipping test..." >&2
|
||||
skipped=$((skipped+1))
|
||||
fi
|
||||
|
||||
print_header "mode=root,variant=apt: test signed-by with host keys"
|
||||
cat << END > shared/test.sh
|
||||
#!/bin/sh
|
||||
|
|
|
@ -80,6 +80,9 @@ deletecache() {
|
|||
rm "$dir/debian$i"
|
||||
done
|
||||
rm "$dir/mmdebstrapcache"
|
||||
# remove all symlinks
|
||||
find "$dir" -type l -delete
|
||||
|
||||
# now the rest should only be empty directories
|
||||
if [ -e "$dir" ]; then
|
||||
find "$dir" -depth -print0 | xargs -0 --no-run-if-empty rmdir
|
||||
|
@ -270,11 +273,14 @@ END
|
|||
curl --location "$mirror/dists/$dist/Release" > "$newmirrordir/dists/$dist/Release"
|
||||
curl --location "$mirror/dists/$dist/Release.gpg" > "$newmirrordir/dists/$dist/Release.gpg"
|
||||
curl --location "$mirror/dists/$dist/main/binary-$nativearch/Packages.xz" > "$newmirrordir/dists/$dist/main/binary-$nativearch/Packages.xz"
|
||||
codename=$(awk '/^Codename: / { print $2; }' < "$newmirrordir/dists/$dist/Release")
|
||||
[ -L "$newmirrordir/dists/$codename" ] || ln -s "$dist" "$newmirrordir/dists/$codename"
|
||||
case "$dist" in oldstable|stable)
|
||||
mkdir -p "$newmirrordir/dists/$dist-updates/main/binary-$nativearch/"
|
||||
curl --location "$mirror/dists/$dist-updates/Release" > "$newmirrordir/dists/$dist-updates/Release"
|
||||
curl --location "$mirror/dists/$dist-updates/Release.gpg" > "$newmirrordir/dists/$dist-updates/Release.gpg"
|
||||
curl --location "$mirror/dists/$dist-updates/main/binary-$nativearch/Packages.xz" > "$newmirrordir/dists/$dist-updates/main/binary-$nativearch/Packages.xz"
|
||||
[ -L "$newmirrordir/dists/$codename-updates" ] || ln -s "$dist-updates" "$newmirrordir/dists/$codename-updates"
|
||||
;;
|
||||
esac
|
||||
case "$dist" in
|
||||
|
@ -289,6 +295,7 @@ END
|
|||
curl --location "$security_mirror/dists/$dist-security/Release" > "$newcachedir/debian-security/dists/$dist-security/Release"
|
||||
curl --location "$security_mirror/dists/$dist-security/Release.gpg" > "$newcachedir/debian-security/dists/$dist-security/Release.gpg"
|
||||
curl --location "$security_mirror/dists/$dist-security/main/binary-$nativearch/Packages.xz" > "$newcachedir/debian-security/dists/$dist-security/main/binary-$nativearch/Packages.xz"
|
||||
[ -L "$newcachedir/debian-security/dists/$codename-security" ] || ln -s "$dist-security" "$newcachedir/debian-security/dists/$codename-security"
|
||||
;;
|
||||
esac
|
||||
|
||||
|
|
163
mmdebstrap
163
mmdebstrap
|
@ -23,7 +23,7 @@
|
|||
use strict;
|
||||
use warnings;
|
||||
|
||||
our $VERSION = '0.8.2';
|
||||
our $VERSION = '0.8.3';
|
||||
|
||||
use English;
|
||||
use Getopt::Long;
|
||||
|
@ -102,7 +102,13 @@ my @devfiles = (
|
|||
# 3 -> debug output
|
||||
my $verbosity_level = 1;
|
||||
|
||||
my $is_covering = !!(eval { Devel::Cover::get_coverage() });
|
||||
my $is_covering = 0;
|
||||
{
|
||||
# make $@ local, so we don't print "Undefined subroutine called"
|
||||
# in other parts where we evaluate $@
|
||||
local $@ = '';
|
||||
$is_covering = !!(eval { Devel::Cover::get_coverage() });
|
||||
}
|
||||
|
||||
# the reason why Perl::Critic warns about this is, that it suspects that the
|
||||
# programmer wants to implement a test whether the terminal is interactive or
|
||||
|
@ -1657,7 +1663,7 @@ sub run_setup() {
|
|||
# from inside the chroot.
|
||||
# The config filename is chosen such that any settings in it will be
|
||||
# overridden by what the user specified with --aptopt.
|
||||
{
|
||||
if (!-e "$options->{root}/etc/apt/apt.conf.d/00mmdebstrap") {
|
||||
open my $fh, '>', "$options->{root}/etc/apt/apt.conf.d/00mmdebstrap"
|
||||
or error "cannot open /etc/apt/apt.conf.d/00mmdebstrap: $!";
|
||||
print $fh "Apt::Install-Recommends false;\n";
|
||||
|
@ -1666,7 +1672,7 @@ sub run_setup() {
|
|||
}
|
||||
|
||||
# apt-get update requires this
|
||||
{
|
||||
if (!-e "$options->{root}/var/lib/dpkg/status") {
|
||||
open my $fh, '>', "$options->{root}/var/lib/dpkg/status"
|
||||
or error "failed to open(): $!";
|
||||
close $fh;
|
||||
|
@ -1678,9 +1684,11 @@ sub run_setup() {
|
|||
# architecture outside the chroot.
|
||||
chomp(my $hostarch = `dpkg --print-architecture`);
|
||||
if (
|
||||
scalar @{ $options->{foreignarchs} } > 0
|
||||
or ( $options->{mode} eq 'chrootless'
|
||||
and $hostarch ne $options->{nativearch})
|
||||
(!-e "$options->{root}/var/lib/dpkg/arch")
|
||||
and (
|
||||
scalar @{ $options->{foreignarchs} } > 0
|
||||
or ( $options->{mode} eq 'chrootless'
|
||||
and $hostarch ne $options->{nativearch}))
|
||||
) {
|
||||
open my $fh, '>', "$options->{root}/var/lib/dpkg/arch"
|
||||
or error "cannot open /var/lib/dpkg/arch: $!";
|
||||
|
@ -1691,7 +1699,8 @@ sub run_setup() {
|
|||
close $fh;
|
||||
}
|
||||
|
||||
if (scalar @{ $options->{aptopts} } > 0) {
|
||||
if (scalar @{ $options->{aptopts} } > 0
|
||||
and (!-e "$options->{root}/etc/apt/apt.conf.d/99mmdebstrap")) {
|
||||
open my $fh, '>', "$options->{root}/etc/apt/apt.conf.d/99mmdebstrap"
|
||||
or error "cannot open /etc/apt/apt.conf.d/99mmdebstrap: $!";
|
||||
foreach my $opt (@{ $options->{aptopts} }) {
|
||||
|
@ -1717,7 +1726,8 @@ sub run_setup() {
|
|||
}
|
||||
}
|
||||
|
||||
if (scalar @{ $options->{dpkgopts} } > 0) {
|
||||
if (scalar @{ $options->{dpkgopts} } > 0
|
||||
and (!-e "$options->{root}/etc/dpkg/dpkg.cfg.d/99mmdebstrap")) {
|
||||
# FIXME: in chrootless mode, dpkg will only read the configuration
|
||||
# from the host -- see #808203
|
||||
if ($options->{mode} eq 'chrootless') {
|
||||
|
@ -1747,7 +1757,7 @@ sub run_setup() {
|
|||
}
|
||||
}
|
||||
|
||||
{
|
||||
if (!-e "$options->{root}/etc/fstab") {
|
||||
open my $fh, '>', "$options->{root}/etc/fstab"
|
||||
or error "cannot open fstab: $!";
|
||||
print $fh "# UNCONFIGURED FSTAB FOR BASE SYSTEM\n";
|
||||
|
@ -1787,9 +1797,11 @@ sub run_setup() {
|
|||
$fname .= 'main.sources';
|
||||
}
|
||||
}
|
||||
open my $fh, '>', "$fname" or error "cannot open $fname: $!";
|
||||
print $fh $firstentry->{content};
|
||||
close $fh;
|
||||
if (!-e $fname) {
|
||||
open my $fh, '>', "$fname" or error "cannot open $fname: $!";
|
||||
print $fh $firstentry->{content};
|
||||
close $fh;
|
||||
}
|
||||
# everything else goes into /etc/apt/sources.list.d/
|
||||
for (my $i = 1 ; $i < scalar @{ $options->{sourceslists} } ; $i++) {
|
||||
my $entry = $options->{sourceslists}->[$i];
|
||||
|
@ -1816,15 +1828,17 @@ sub run_setup() {
|
|||
error "invalid type: $entry->{type}";
|
||||
}
|
||||
}
|
||||
open my $fh, '>', "$fname" or error "cannot open $fname: $!";
|
||||
print $fh $entry->{content};
|
||||
close $fh;
|
||||
if (!-e $fname) {
|
||||
open my $fh, '>', "$fname" or error "cannot open $fname: $!";
|
||||
print $fh $entry->{content};
|
||||
close $fh;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# allow network access from within
|
||||
foreach my $file ("/etc/resolv.conf", "/etc/hostname") {
|
||||
if (-e $file) {
|
||||
if (-e $file && !-e "$options->{root}/$file") {
|
||||
# this will create a new file with 644 permissions and copy
|
||||
# contents only even if $file was a symlink
|
||||
copy($file, "$options->{root}/$file")
|
||||
|
@ -1945,15 +1959,6 @@ sub run_setup() {
|
|||
}
|
||||
}
|
||||
|
||||
# setting PATH for chroot, ldconfig, start-stop-daemon...
|
||||
if (length $ENV{PATH}) {
|
||||
## no critic (Variables::RequireLocalizedPunctuationVars)
|
||||
$ENV{PATH} = "$ENV{PATH}:/usr/sbin:/usr/bin:/sbin:/bin";
|
||||
} else {
|
||||
## no critic (Variables::RequireLocalizedPunctuationVars)
|
||||
$ENV{PATH} = "/usr/sbin:/usr/bin:/sbin:/bin";
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -2150,7 +2155,10 @@ sub run_download() {
|
|||
'?narrow('
|
||||
. (
|
||||
length($options->{suite})
|
||||
? '?archive(' . $options->{suite} . '),'
|
||||
? '?or(?archive(^'
|
||||
. $options->{suite}
|
||||
. '$),?codename(^'
|
||||
. $options->{suite} . '$)),'
|
||||
: ''
|
||||
)
|
||||
. '?architecture('
|
||||
|
@ -2506,19 +2514,41 @@ sub run_prepare {
|
|||
$ENV{QEMU_LD_PREFIX} = $options->{root};
|
||||
}
|
||||
} elsif (any { $_ eq $options->{mode} } ('root', 'unshare')) {
|
||||
# other modes require a static qemu-user binary
|
||||
my $qemubin = "/usr/bin/qemu-$options->{qemu}-static";
|
||||
if (!-e $qemubin) {
|
||||
error "cannot find $qemubin";
|
||||
my $require_qemu_static = 1;
|
||||
# make $@ local, so we don't print an eventual error
|
||||
# in other parts where we evaluate $@
|
||||
local $@ = '';
|
||||
eval {
|
||||
# Check for the F flag which makes the kernel open the binfmt
|
||||
# binary at configuration time instead of lazily at startup
|
||||
# time. If the flag is set, then the qemu-static binary is not
|
||||
# required inside the chroot.
|
||||
open my $fh, '<',
|
||||
"/proc/sys/fs/binfmt_misc/qemu-$options->{qemu}";
|
||||
while (my $line = <$fh>) {
|
||||
chomp($line);
|
||||
if ($line =~ /^flags: [A-Z]*F[A-Z]*$/) {
|
||||
$require_qemu_static = 0;
|
||||
last;
|
||||
}
|
||||
}
|
||||
close $fh;
|
||||
};
|
||||
if ($require_qemu_static) {
|
||||
# other modes require a static qemu-user binary
|
||||
my $qemubin = "/usr/bin/qemu-$options->{qemu}-static";
|
||||
if (!-e $qemubin) {
|
||||
error "cannot find $qemubin";
|
||||
}
|
||||
copy $qemubin, "$options->{root}/$qemubin"
|
||||
or error "cannot copy $qemubin: $!";
|
||||
# File::Copy does not retain permissions but on some
|
||||
# platforms (like Travis CI) the binfmt interpreter must
|
||||
# have the executable bit set or otherwise execve will
|
||||
# fail with EACCES
|
||||
chmod 0755, "$options->{root}/$qemubin"
|
||||
or error "cannot chmod $qemubin: $!";
|
||||
}
|
||||
copy $qemubin, "$options->{root}/$qemubin"
|
||||
or error "cannot copy $qemubin: $!";
|
||||
# File::Copy does not retain permissions but on some
|
||||
# platforms (like Travis CI) the binfmt interpreter must
|
||||
# have the executable bit set or otherwise execve will
|
||||
# fail with EACCES
|
||||
chmod 0755, "$options->{root}/$qemubin"
|
||||
or error "cannot chmod $qemubin: $!";
|
||||
} else {
|
||||
error "unknown mode: $options->{mode}";
|
||||
}
|
||||
|
@ -2704,7 +2734,10 @@ sub run_install() {
|
|||
"?narrow("
|
||||
. (
|
||||
length($options->{suite})
|
||||
? '?archive(' . $options->{suite} . '),'
|
||||
? '?or(?archive(^'
|
||||
. $options->{suite}
|
||||
. '$),?codename(^'
|
||||
. $options->{suite} . '$)),'
|
||||
: ''
|
||||
)
|
||||
. "?architecture($options->{nativearch}),"
|
||||
|
@ -2864,8 +2897,11 @@ sub run_cleanup() {
|
|||
or error "failed to unlink $ENV{APT_CONFIG}: $!";
|
||||
}
|
||||
|
||||
if (defined $options->{qemu}
|
||||
and any { $_ eq $options->{mode} } ('root', 'unshare')) {
|
||||
if (any { $_ eq 'cleanup/mmdebstrap/qemu' } @{ $options->{skip} }) {
|
||||
info "skipping cleanup/mmdebstrap/qume as requested";
|
||||
} elsif (defined $options->{qemu}
|
||||
and any { $_ eq $options->{mode} } ('root', 'unshare')
|
||||
and -e "$options->{root}/usr/bin/qemu-$options->{qemu}-static") {
|
||||
unlink "$options->{root}/usr/bin/qemu-$options->{qemu}-static"
|
||||
or error
|
||||
"cannot unlink /usr/bin/qemu-$options->{qemu}-static: $!";
|
||||
|
@ -3915,19 +3951,25 @@ sub get_sourceslist_by_suite {
|
|||
# the security mirror changes, starting with bullseye
|
||||
# https://lists.debian.org/87r26wqr2a.fsf@43-1.org
|
||||
my $bullseye_or_later = 0;
|
||||
my $distro_info = '/usr/share/distro-info/debian.csv';
|
||||
if (
|
||||
any { $_ eq $suite }
|
||||
('stable', 'bullseye', 'bookworm', 'trixie')
|
||||
) {
|
||||
$bullseye_or_later = 1;
|
||||
}
|
||||
my $distro_info = '/usr/share/distro-info/debian.csv';
|
||||
# make $@ local, so we don't print "Can't locate Debian/DistroInfo.pm"
|
||||
# in other parts where we evaluate $@
|
||||
local $@ = '';
|
||||
eval { require Debian::DistroInfo; };
|
||||
if (!$@) {
|
||||
# libdistro-info-perl is installed
|
||||
debug "libdistro-info-perl is installed";
|
||||
my $debinfo = DebianDistroInfo->new();
|
||||
if ($debinfo->version($suite, 0) >= 11) {
|
||||
$bullseye_or_later = 1;
|
||||
}
|
||||
} elsif (-f $distro_info) {
|
||||
# distro-info-data is installed
|
||||
debug "distro-info-data is installed";
|
||||
open my $fh, '<', $distro_info
|
||||
or error "cannot open $distro_info: $!";
|
||||
my $i = 0;
|
||||
|
@ -3974,13 +4016,7 @@ sub get_sourceslist_by_suite {
|
|||
$bullseye_or_later = 1;
|
||||
}
|
||||
} else {
|
||||
# neither libdistro-info-perl nor distro-info-data is installed
|
||||
if (
|
||||
any { $_ eq $suite }
|
||||
('stable', 'bullseye', 'bookworm', 'trixie')
|
||||
) {
|
||||
$bullseye_or_later = 1;
|
||||
}
|
||||
debug "neither libdistro-info-perl nor distro-info-data installed";
|
||||
}
|
||||
if ($bullseye_or_later) {
|
||||
# starting from bullseye use
|
||||
|
@ -4314,7 +4350,11 @@ sub main() {
|
|||
error "invalid format. Choose from " . (join ', ', @valid_formats);
|
||||
}
|
||||
|
||||
if (!defined $ENV{PATH} || $ENV{PATH} eq "") {
|
||||
# setting PATH for chroot, ldconfig, start-stop-daemon...
|
||||
if (length $ENV{PATH}) {
|
||||
## no critic (Variables::RequireLocalizedPunctuationVars)
|
||||
$ENV{PATH} = "$ENV{PATH}:/usr/sbin:/usr/bin:/sbin:/bin";
|
||||
} else {
|
||||
## no critic (Variables::RequireLocalizedPunctuationVars)
|
||||
$ENV{PATH} = "/usr/sbin:/usr/bin:/sbin:/bin";
|
||||
}
|
||||
|
@ -4374,8 +4414,8 @@ sub main() {
|
|||
and $content =~ /^apt ([0-9]+\.[0-9]+\.[0-9]+) \([a-z0-9-]+\)$/m) {
|
||||
$aptversion = version->new($1);
|
||||
}
|
||||
if ($aptversion < "2.3.10") {
|
||||
error "need apt >= 2.3.10 but have $aptversion";
|
||||
if ($aptversion < "2.3.14") {
|
||||
error "need apt >= 2.3.14 but have $aptversion";
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -5723,7 +5763,12 @@ sub main() {
|
|||
if ($@) {
|
||||
# we cannot die here because that would leave the other thread
|
||||
# running without a parent
|
||||
# We send SIGHUP to all our processes (including eventually
|
||||
# running tar and this process itself) to reliably tear down
|
||||
# all running child processes. The main process is not affected
|
||||
# because we are ignoring SIGHUP.
|
||||
warning "creating tarball failed: $@";
|
||||
kill HUP => -getpgrp();
|
||||
$exitstatus = 1;
|
||||
}
|
||||
} else {
|
||||
|
@ -5804,9 +5849,11 @@ sub main() {
|
|||
if ($exitstatus == 0) {
|
||||
my $duration = Time::HiRes::time - $before;
|
||||
info "success in " . (sprintf "%.04f", $duration) . " seconds";
|
||||
exit 0;
|
||||
}
|
||||
|
||||
exit $exitstatus;
|
||||
error "mmdebstrap failed to run";
|
||||
return 1;
|
||||
}
|
||||
|
||||
main();
|
||||
|
@ -6546,7 +6593,9 @@ chroot as I<fileinside>. In contrast to B<copy-in>, this command only
|
|||
handles files and not directories. To copy a directory recursively into the
|
||||
chroot, use B<copy-in> or B<tar-in>. Its advantage is, that by being able to
|
||||
specify the full path on the inside, including the filename, the file on the
|
||||
inside can have a different name from the file on the outside.
|
||||
inside can have a different name from the file on the outside. In contrast to
|
||||
B<copy-in> and B<tar-in>, permission and ownership information will not be
|
||||
retained.
|
||||
|
||||
=back
|
||||
|
||||
|
|
Loading…
Reference in a new issue