Compare commits
No commits in common. "632a9187804858e95b34aca5fe6b162b5aebaf9a" and "5d8943b7396d5e82abc91066788775adb480a58f" have entirely different histories.
632a918780
...
5d8943b739
4 changed files with 58 additions and 178 deletions
|
@ -1,10 +1,3 @@
|
|||
0.8.3 (2022-01-08)
|
||||
------------------
|
||||
|
||||
- allow codenames with apt patterns (requires apt >= 2.3.14)
|
||||
- don't overwrite existing files in setup code
|
||||
- don't copy in qemu-user-static binary if it's not needed
|
||||
|
||||
0.8.2 (2021-12-14)
|
||||
------------------
|
||||
|
||||
|
|
59
coverage.sh
59
coverage.sh
|
@ -127,7 +127,7 @@ if [ ! -e shared/hooks/eatmydata/customize.sh ] || [ hooks/eatmydata/customize.s
|
|||
fi
|
||||
fi
|
||||
starttime=
|
||||
total=182
|
||||
total=177
|
||||
skipped=0
|
||||
runtests=0
|
||||
i=1
|
||||
|
@ -533,34 +533,6 @@ else
|
|||
runtests=$((runtests+1))
|
||||
fi
|
||||
|
||||
# make sure that using codenames works https://bugs.debian.org/cgi-bin/1003191
|
||||
for dist in oldstable stable testing unstable; do
|
||||
print_header "mode=$defaultmode,variant=apt: test $dist using codename"
|
||||
cat << END > shared/test.sh
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
export LC_ALL=C.UTF-8
|
||||
/usr/lib/apt/apt-helper download-file "$mirror/dists/$dist/Release" Release
|
||||
codename=\$(awk '/^Codename: / { print \$2; }' Release)
|
||||
rm Release
|
||||
$CMD --mode=$defaultmode --variant=apt \$codename /tmp/debian-chroot.tar $mirror
|
||||
if [ "$dist" = "$DEFAULT_DIST" ]; then
|
||||
tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -
|
||||
fi
|
||||
rm /tmp/debian-chroot.tar
|
||||
END
|
||||
if [ "$HAVE_QEMU" = "yes" ]; then
|
||||
./run_qemu.sh
|
||||
runtests=$((runtests+1))
|
||||
elif [ "$defaultmode" = "root" ]; then
|
||||
./run_null.sh SUDO
|
||||
runtests=$((runtests+1))
|
||||
else
|
||||
./run_null.sh
|
||||
runtests=$((runtests+1))
|
||||
fi
|
||||
done
|
||||
|
||||
print_header "mode=unshare,variant=apt: fail without /etc/subuid"
|
||||
cat << END > shared/test.sh
|
||||
#!/bin/sh
|
||||
|
@ -2016,35 +1988,6 @@ else
|
|||
skipped=$((skipped+1))
|
||||
fi
|
||||
|
||||
print_header "mode=root,variant=apt: test ascii armored keys"
|
||||
cat << END > shared/test.sh
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
export LC_ALL=C.UTF-8
|
||||
if [ ! -e /mmdebstrap-testenv ]; then
|
||||
echo "this test modifies the system and should only be run inside a container" >&2
|
||||
exit 1
|
||||
fi
|
||||
for f in /usr/share/keyrings/*.gpg; do
|
||||
name=\$(basename "\$f" .gpg)
|
||||
gpg --enarmor < /usr/share/keyrings/\$name.gpg \
|
||||
| sed 's/ PGP ARMORED FILE/ PGP PUBLIC KEY BLOCK/;/^Comment: /d' \
|
||||
> /etc/apt/trusted.gpg.d/\$name.asc
|
||||
done
|
||||
rm /etc/apt/trusted.gpg.d/*.gpg
|
||||
rm /usr/share/keyrings/*.gpg
|
||||
$CMD --mode=root --variant=apt $DEFAULT_DIST /tmp/debian-chroot.tar $mirror
|
||||
tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -
|
||||
rm -r /tmp/debian-chroot.tar
|
||||
END
|
||||
if [ "$HAVE_QEMU" = "yes" ]; then
|
||||
./run_qemu.sh
|
||||
runtests=$((runtests+1))
|
||||
else
|
||||
echo "HAVE_QEMU != yes -- Skipping test..." >&2
|
||||
skipped=$((skipped+1))
|
||||
fi
|
||||
|
||||
print_header "mode=root,variant=apt: test signed-by with host keys"
|
||||
cat << END > shared/test.sh
|
||||
#!/bin/sh
|
||||
|
|
|
@ -80,9 +80,6 @@ deletecache() {
|
|||
rm "$dir/debian$i"
|
||||
done
|
||||
rm "$dir/mmdebstrapcache"
|
||||
# remove all symlinks
|
||||
find "$dir" -type l -delete
|
||||
|
||||
# now the rest should only be empty directories
|
||||
if [ -e "$dir" ]; then
|
||||
find "$dir" -depth -print0 | xargs -0 --no-run-if-empty rmdir
|
||||
|
@ -273,14 +270,11 @@ END
|
|||
curl --location "$mirror/dists/$dist/Release" > "$newmirrordir/dists/$dist/Release"
|
||||
curl --location "$mirror/dists/$dist/Release.gpg" > "$newmirrordir/dists/$dist/Release.gpg"
|
||||
curl --location "$mirror/dists/$dist/main/binary-$nativearch/Packages.xz" > "$newmirrordir/dists/$dist/main/binary-$nativearch/Packages.xz"
|
||||
codename=$(awk '/^Codename: / { print $2; }' < "$newmirrordir/dists/$dist/Release")
|
||||
[ -L "$newmirrordir/dists/$codename" ] || ln -s "$dist" "$newmirrordir/dists/$codename"
|
||||
case "$dist" in oldstable|stable)
|
||||
mkdir -p "$newmirrordir/dists/$dist-updates/main/binary-$nativearch/"
|
||||
curl --location "$mirror/dists/$dist-updates/Release" > "$newmirrordir/dists/$dist-updates/Release"
|
||||
curl --location "$mirror/dists/$dist-updates/Release.gpg" > "$newmirrordir/dists/$dist-updates/Release.gpg"
|
||||
curl --location "$mirror/dists/$dist-updates/main/binary-$nativearch/Packages.xz" > "$newmirrordir/dists/$dist-updates/main/binary-$nativearch/Packages.xz"
|
||||
[ -L "$newmirrordir/dists/$codename-updates" ] || ln -s "$dist-updates" "$newmirrordir/dists/$codename-updates"
|
||||
;;
|
||||
esac
|
||||
case "$dist" in
|
||||
|
@ -295,7 +289,6 @@ END
|
|||
curl --location "$security_mirror/dists/$dist-security/Release" > "$newcachedir/debian-security/dists/$dist-security/Release"
|
||||
curl --location "$security_mirror/dists/$dist-security/Release.gpg" > "$newcachedir/debian-security/dists/$dist-security/Release.gpg"
|
||||
curl --location "$security_mirror/dists/$dist-security/main/binary-$nativearch/Packages.xz" > "$newcachedir/debian-security/dists/$dist-security/main/binary-$nativearch/Packages.xz"
|
||||
[ -L "$newcachedir/debian-security/dists/$codename-security" ] || ln -s "$dist-security" "$newcachedir/debian-security/dists/$codename-security"
|
||||
;;
|
||||
esac
|
||||
|
||||
|
|
163
mmdebstrap
163
mmdebstrap
|
@ -23,7 +23,7 @@
|
|||
use strict;
|
||||
use warnings;
|
||||
|
||||
our $VERSION = '0.8.3';
|
||||
our $VERSION = '0.8.2';
|
||||
|
||||
use English;
|
||||
use Getopt::Long;
|
||||
|
@ -102,13 +102,7 @@ my @devfiles = (
|
|||
# 3 -> debug output
|
||||
my $verbosity_level = 1;
|
||||
|
||||
my $is_covering = 0;
|
||||
{
|
||||
# make $@ local, so we don't print "Undefined subroutine called"
|
||||
# in other parts where we evaluate $@
|
||||
local $@ = '';
|
||||
$is_covering = !!(eval { Devel::Cover::get_coverage() });
|
||||
}
|
||||
my $is_covering = !!(eval { Devel::Cover::get_coverage() });
|
||||
|
||||
# the reason why Perl::Critic warns about this is, that it suspects that the
|
||||
# programmer wants to implement a test whether the terminal is interactive or
|
||||
|
@ -1663,7 +1657,7 @@ sub run_setup() {
|
|||
# from inside the chroot.
|
||||
# The config filename is chosen such that any settings in it will be
|
||||
# overridden by what the user specified with --aptopt.
|
||||
if (!-e "$options->{root}/etc/apt/apt.conf.d/00mmdebstrap") {
|
||||
{
|
||||
open my $fh, '>', "$options->{root}/etc/apt/apt.conf.d/00mmdebstrap"
|
||||
or error "cannot open /etc/apt/apt.conf.d/00mmdebstrap: $!";
|
||||
print $fh "Apt::Install-Recommends false;\n";
|
||||
|
@ -1672,7 +1666,7 @@ sub run_setup() {
|
|||
}
|
||||
|
||||
# apt-get update requires this
|
||||
if (!-e "$options->{root}/var/lib/dpkg/status") {
|
||||
{
|
||||
open my $fh, '>', "$options->{root}/var/lib/dpkg/status"
|
||||
or error "failed to open(): $!";
|
||||
close $fh;
|
||||
|
@ -1684,11 +1678,9 @@ sub run_setup() {
|
|||
# architecture outside the chroot.
|
||||
chomp(my $hostarch = `dpkg --print-architecture`);
|
||||
if (
|
||||
(!-e "$options->{root}/var/lib/dpkg/arch")
|
||||
and (
|
||||
scalar @{ $options->{foreignarchs} } > 0
|
||||
or ( $options->{mode} eq 'chrootless'
|
||||
and $hostarch ne $options->{nativearch}))
|
||||
scalar @{ $options->{foreignarchs} } > 0
|
||||
or ( $options->{mode} eq 'chrootless'
|
||||
and $hostarch ne $options->{nativearch})
|
||||
) {
|
||||
open my $fh, '>', "$options->{root}/var/lib/dpkg/arch"
|
||||
or error "cannot open /var/lib/dpkg/arch: $!";
|
||||
|
@ -1699,8 +1691,7 @@ sub run_setup() {
|
|||
close $fh;
|
||||
}
|
||||
|
||||
if (scalar @{ $options->{aptopts} } > 0
|
||||
and (!-e "$options->{root}/etc/apt/apt.conf.d/99mmdebstrap")) {
|
||||
if (scalar @{ $options->{aptopts} } > 0) {
|
||||
open my $fh, '>', "$options->{root}/etc/apt/apt.conf.d/99mmdebstrap"
|
||||
or error "cannot open /etc/apt/apt.conf.d/99mmdebstrap: $!";
|
||||
foreach my $opt (@{ $options->{aptopts} }) {
|
||||
|
@ -1726,8 +1717,7 @@ sub run_setup() {
|
|||
}
|
||||
}
|
||||
|
||||
if (scalar @{ $options->{dpkgopts} } > 0
|
||||
and (!-e "$options->{root}/etc/dpkg/dpkg.cfg.d/99mmdebstrap")) {
|
||||
if (scalar @{ $options->{dpkgopts} } > 0) {
|
||||
# FIXME: in chrootless mode, dpkg will only read the configuration
|
||||
# from the host -- see #808203
|
||||
if ($options->{mode} eq 'chrootless') {
|
||||
|
@ -1757,7 +1747,7 @@ sub run_setup() {
|
|||
}
|
||||
}
|
||||
|
||||
if (!-e "$options->{root}/etc/fstab") {
|
||||
{
|
||||
open my $fh, '>', "$options->{root}/etc/fstab"
|
||||
or error "cannot open fstab: $!";
|
||||
print $fh "# UNCONFIGURED FSTAB FOR BASE SYSTEM\n";
|
||||
|
@ -1797,11 +1787,9 @@ sub run_setup() {
|
|||
$fname .= 'main.sources';
|
||||
}
|
||||
}
|
||||
if (!-e $fname) {
|
||||
open my $fh, '>', "$fname" or error "cannot open $fname: $!";
|
||||
print $fh $firstentry->{content};
|
||||
close $fh;
|
||||
}
|
||||
open my $fh, '>', "$fname" or error "cannot open $fname: $!";
|
||||
print $fh $firstentry->{content};
|
||||
close $fh;
|
||||
# everything else goes into /etc/apt/sources.list.d/
|
||||
for (my $i = 1 ; $i < scalar @{ $options->{sourceslists} } ; $i++) {
|
||||
my $entry = $options->{sourceslists}->[$i];
|
||||
|
@ -1828,17 +1816,15 @@ sub run_setup() {
|
|||
error "invalid type: $entry->{type}";
|
||||
}
|
||||
}
|
||||
if (!-e $fname) {
|
||||
open my $fh, '>', "$fname" or error "cannot open $fname: $!";
|
||||
print $fh $entry->{content};
|
||||
close $fh;
|
||||
}
|
||||
open my $fh, '>', "$fname" or error "cannot open $fname: $!";
|
||||
print $fh $entry->{content};
|
||||
close $fh;
|
||||
}
|
||||
}
|
||||
|
||||
# allow network access from within
|
||||
foreach my $file ("/etc/resolv.conf", "/etc/hostname") {
|
||||
if (-e $file && !-e "$options->{root}/$file") {
|
||||
if (-e $file) {
|
||||
# this will create a new file with 644 permissions and copy
|
||||
# contents only even if $file was a symlink
|
||||
copy($file, "$options->{root}/$file")
|
||||
|
@ -1959,6 +1945,15 @@ sub run_setup() {
|
|||
}
|
||||
}
|
||||
|
||||
# setting PATH for chroot, ldconfig, start-stop-daemon...
|
||||
if (length $ENV{PATH}) {
|
||||
## no critic (Variables::RequireLocalizedPunctuationVars)
|
||||
$ENV{PATH} = "$ENV{PATH}:/usr/sbin:/usr/bin:/sbin:/bin";
|
||||
} else {
|
||||
## no critic (Variables::RequireLocalizedPunctuationVars)
|
||||
$ENV{PATH} = "/usr/sbin:/usr/bin:/sbin:/bin";
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -2155,10 +2150,7 @@ sub run_download() {
|
|||
'?narrow('
|
||||
. (
|
||||
length($options->{suite})
|
||||
? '?or(?archive(^'
|
||||
. $options->{suite}
|
||||
. '$),?codename(^'
|
||||
. $options->{suite} . '$)),'
|
||||
? '?archive(' . $options->{suite} . '),'
|
||||
: ''
|
||||
)
|
||||
. '?architecture('
|
||||
|
@ -2514,41 +2506,19 @@ sub run_prepare {
|
|||
$ENV{QEMU_LD_PREFIX} = $options->{root};
|
||||
}
|
||||
} elsif (any { $_ eq $options->{mode} } ('root', 'unshare')) {
|
||||
my $require_qemu_static = 1;
|
||||
# make $@ local, so we don't print an eventual error
|
||||
# in other parts where we evaluate $@
|
||||
local $@ = '';
|
||||
eval {
|
||||
# Check for the F flag which makes the kernel open the binfmt
|
||||
# binary at configuration time instead of lazily at startup
|
||||
# time. If the flag is set, then the qemu-static binary is not
|
||||
# required inside the chroot.
|
||||
open my $fh, '<',
|
||||
"/proc/sys/fs/binfmt_misc/qemu-$options->{qemu}";
|
||||
while (my $line = <$fh>) {
|
||||
chomp($line);
|
||||
if ($line =~ /^flags: [A-Z]*F[A-Z]*$/) {
|
||||
$require_qemu_static = 0;
|
||||
last;
|
||||
}
|
||||
}
|
||||
close $fh;
|
||||
};
|
||||
if ($require_qemu_static) {
|
||||
# other modes require a static qemu-user binary
|
||||
my $qemubin = "/usr/bin/qemu-$options->{qemu}-static";
|
||||
if (!-e $qemubin) {
|
||||
error "cannot find $qemubin";
|
||||
}
|
||||
copy $qemubin, "$options->{root}/$qemubin"
|
||||
or error "cannot copy $qemubin: $!";
|
||||
# File::Copy does not retain permissions but on some
|
||||
# platforms (like Travis CI) the binfmt interpreter must
|
||||
# have the executable bit set or otherwise execve will
|
||||
# fail with EACCES
|
||||
chmod 0755, "$options->{root}/$qemubin"
|
||||
or error "cannot chmod $qemubin: $!";
|
||||
# other modes require a static qemu-user binary
|
||||
my $qemubin = "/usr/bin/qemu-$options->{qemu}-static";
|
||||
if (!-e $qemubin) {
|
||||
error "cannot find $qemubin";
|
||||
}
|
||||
copy $qemubin, "$options->{root}/$qemubin"
|
||||
or error "cannot copy $qemubin: $!";
|
||||
# File::Copy does not retain permissions but on some
|
||||
# platforms (like Travis CI) the binfmt interpreter must
|
||||
# have the executable bit set or otherwise execve will
|
||||
# fail with EACCES
|
||||
chmod 0755, "$options->{root}/$qemubin"
|
||||
or error "cannot chmod $qemubin: $!";
|
||||
} else {
|
||||
error "unknown mode: $options->{mode}";
|
||||
}
|
||||
|
@ -2734,10 +2704,7 @@ sub run_install() {
|
|||
"?narrow("
|
||||
. (
|
||||
length($options->{suite})
|
||||
? '?or(?archive(^'
|
||||
. $options->{suite}
|
||||
. '$),?codename(^'
|
||||
. $options->{suite} . '$)),'
|
||||
? '?archive(' . $options->{suite} . '),'
|
||||
: ''
|
||||
)
|
||||
. "?architecture($options->{nativearch}),"
|
||||
|
@ -2897,11 +2864,8 @@ sub run_cleanup() {
|
|||
or error "failed to unlink $ENV{APT_CONFIG}: $!";
|
||||
}
|
||||
|
||||
if (any { $_ eq 'cleanup/mmdebstrap/qemu' } @{ $options->{skip} }) {
|
||||
info "skipping cleanup/mmdebstrap/qume as requested";
|
||||
} elsif (defined $options->{qemu}
|
||||
and any { $_ eq $options->{mode} } ('root', 'unshare')
|
||||
and -e "$options->{root}/usr/bin/qemu-$options->{qemu}-static") {
|
||||
if (defined $options->{qemu}
|
||||
and any { $_ eq $options->{mode} } ('root', 'unshare')) {
|
||||
unlink "$options->{root}/usr/bin/qemu-$options->{qemu}-static"
|
||||
or error
|
||||
"cannot unlink /usr/bin/qemu-$options->{qemu}-static: $!";
|
||||
|
@ -3951,25 +3915,19 @@ sub get_sourceslist_by_suite {
|
|||
# the security mirror changes, starting with bullseye
|
||||
# https://lists.debian.org/87r26wqr2a.fsf@43-1.org
|
||||
my $bullseye_or_later = 0;
|
||||
if (
|
||||
any { $_ eq $suite }
|
||||
('stable', 'bullseye', 'bookworm', 'trixie')
|
||||
) {
|
||||
$bullseye_or_later = 1;
|
||||
}
|
||||
my $distro_info = '/usr/share/distro-info/debian.csv';
|
||||
my $distro_info = '/usr/share/distro-info/debian.csv';
|
||||
# make $@ local, so we don't print "Can't locate Debian/DistroInfo.pm"
|
||||
# in other parts where we evaluate $@
|
||||
local $@ = '';
|
||||
eval { require Debian::DistroInfo; };
|
||||
if (!$@) {
|
||||
debug "libdistro-info-perl is installed";
|
||||
# libdistro-info-perl is installed
|
||||
my $debinfo = DebianDistroInfo->new();
|
||||
if ($debinfo->version($suite, 0) >= 11) {
|
||||
$bullseye_or_later = 1;
|
||||
}
|
||||
} elsif (-f $distro_info) {
|
||||
debug "distro-info-data is installed";
|
||||
# distro-info-data is installed
|
||||
open my $fh, '<', $distro_info
|
||||
or error "cannot open $distro_info: $!";
|
||||
my $i = 0;
|
||||
|
@ -4016,7 +3974,13 @@ sub get_sourceslist_by_suite {
|
|||
$bullseye_or_later = 1;
|
||||
}
|
||||
} else {
|
||||
debug "neither libdistro-info-perl nor distro-info-data installed";
|
||||
# neither libdistro-info-perl nor distro-info-data is installed
|
||||
if (
|
||||
any { $_ eq $suite }
|
||||
('stable', 'bullseye', 'bookworm', 'trixie')
|
||||
) {
|
||||
$bullseye_or_later = 1;
|
||||
}
|
||||
}
|
||||
if ($bullseye_or_later) {
|
||||
# starting from bullseye use
|
||||
|
@ -4350,11 +4314,7 @@ sub main() {
|
|||
error "invalid format. Choose from " . (join ', ', @valid_formats);
|
||||
}
|
||||
|
||||
# setting PATH for chroot, ldconfig, start-stop-daemon...
|
||||
if (length $ENV{PATH}) {
|
||||
## no critic (Variables::RequireLocalizedPunctuationVars)
|
||||
$ENV{PATH} = "$ENV{PATH}:/usr/sbin:/usr/bin:/sbin:/bin";
|
||||
} else {
|
||||
if (!defined $ENV{PATH} || $ENV{PATH} eq "") {
|
||||
## no critic (Variables::RequireLocalizedPunctuationVars)
|
||||
$ENV{PATH} = "/usr/sbin:/usr/bin:/sbin:/bin";
|
||||
}
|
||||
|
@ -4414,8 +4374,8 @@ sub main() {
|
|||
and $content =~ /^apt ([0-9]+\.[0-9]+\.[0-9]+) \([a-z0-9-]+\)$/m) {
|
||||
$aptversion = version->new($1);
|
||||
}
|
||||
if ($aptversion < "2.3.14") {
|
||||
error "need apt >= 2.3.14 but have $aptversion";
|
||||
if ($aptversion < "2.3.10") {
|
||||
error "need apt >= 2.3.10 but have $aptversion";
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -5763,12 +5723,7 @@ sub main() {
|
|||
if ($@) {
|
||||
# we cannot die here because that would leave the other thread
|
||||
# running without a parent
|
||||
# We send SIGHUP to all our processes (including eventually
|
||||
# running tar and this process itself) to reliably tear down
|
||||
# all running child processes. The main process is not affected
|
||||
# because we are ignoring SIGHUP.
|
||||
warning "creating tarball failed: $@";
|
||||
kill HUP => -getpgrp();
|
||||
$exitstatus = 1;
|
||||
}
|
||||
} else {
|
||||
|
@ -5849,11 +5804,9 @@ sub main() {
|
|||
if ($exitstatus == 0) {
|
||||
my $duration = Time::HiRes::time - $before;
|
||||
info "success in " . (sprintf "%.04f", $duration) . " seconds";
|
||||
exit 0;
|
||||
}
|
||||
|
||||
error "mmdebstrap failed to run";
|
||||
return 1;
|
||||
exit $exitstatus;
|
||||
}
|
||||
|
||||
main();
|
||||
|
@ -6593,9 +6546,7 @@ chroot as I<fileinside>. In contrast to B<copy-in>, this command only
|
|||
handles files and not directories. To copy a directory recursively into the
|
||||
chroot, use B<copy-in> or B<tar-in>. Its advantage is, that by being able to
|
||||
specify the full path on the inside, including the filename, the file on the
|
||||
inside can have a different name from the file on the outside. In contrast to
|
||||
B<copy-in> and B<tar-in>, permission and ownership information will not be
|
||||
retained.
|
||||
inside can have a different name from the file on the outside.
|
||||
|
||||
=back
|
||||
|
||||
|
|
Loading…
Reference in a new issue