coverage.txt: skip check-for-bit-by-bit-identical-format-output in variant standard on armel, armhf and mipsel because of #1031276

Thanks: Helmut Grohne

coverage.py

@@ -13,14 +13,13 @@ from collections import defaultdict
 from itertools import product
 
 have_qemu = os.getenv("HAVE_QEMU", "yes") == "yes"
-have_unshare = os.getenv("HAVE_UNSHARE", "yes") == "yes"
 have_binfmt = os.getenv("HAVE_BINFMT", "yes") == "yes"
 run_ma_same_tests = os.getenv("RUN_MA_SAME_TESTS", "yes") == "yes"
 cmd = os.getenv("CMD", "./mmdebstrap")
 
 default_dist = os.getenv("DEFAULT_DIST", "unstable")
 all_dists = ["oldstable", "stable", "testing", "unstable"]
-default_mode = "auto" if have_unshare else "root"
+default_mode = "auto"
 all_modes = ["auto", "root", "unshare", "fakechroot", "chrootless"]
 default_variant = "apt"
 all_variants = [
@@ -202,7 +201,7 @@ def main():
     args = parser.parse_args()
 
     # copy over files from git or as distributed
-    for (git, dist, target) in [
+    for git, dist, target in [
         ("./mmdebstrap", "/usr/bin/mmdebstrap", "mmdebstrap"),
         ("./tarfilter", "/usr/bin/mmtarfilter", "tarfilter"),
         (
@@ -273,12 +272,8 @@ def main():
                 tt = ("skip", "test needs QEMU")
             elif test.get("Needs-Root", "false") == "true":
                 tt = "sudo"
-            elif mode == "auto" and not have_unshare:
-                tt = "sudo"
             elif mode == "root":
                 tt = "sudo"
-            elif mode == "unshare" and not have_unshare:
-                tt = ("skip", "test needs unshare")
             else:
                 tt = "null"
             tests.append((tt, name, dist, mode, variant, fmt))
@@ -371,7 +366,9 @@ def main():
                 argv = ["./run_null.sh"]
             case ("skip", reason):
                 skipped[reason].append(
-                    ("(%d/%d) %s" % (i + 1, len(tests), name), dist, mode, variant, fmt)
+                    format_test(
+                        i + 1, len(tests), name, dist, mode, variant, fmt, config_dict
+                    )
                 )
                 print(f"skipped because of {reason}", file=sys.stderr)
                 continue

coverage.sh

@@ -51,21 +51,6 @@ if [ "$HAVE_QEMU" = "yes" ]; then
 	fi
 fi
 
-# check if all required debootstrap tarballs exist
-notfound=0
-for dist in oldstable stable testing unstable; do
-	for variant in minbase buildd -; do
-		if [ ! -e "shared/cache/debian-$dist-$variant.tar" ]; then
-			echo "shared/cache/debian-$dist-$variant.tar does not exist" >&2
-			notfound=1
-		fi
-	done
-done
-if [ "$notfound" -ne 0 ]; then
-	echo "not all required debootstrap tarballs are present" >&2
-	exit 1
-fi
-
 # choose the timestamp of the unstable Release file, so that we get
 # reproducible results for the same mirror timestamp
 SOURCE_DATE_EPOCH=$(date --date="$(grep-dctrl -s Date -n '' "$mirrordir/dists/$DEFAULT_DIST/Release")" +%s)
@@ -73,7 +58,6 @@ SOURCE_DATE_EPOCH=$(date --date="$(grep-dctrl -s Date -n '' "$mirrordir/dists/$D
 # for traditional sort order that uses native byte values
 export LC_ALL=C.UTF-8
 
-: "${HAVE_UNSHARE:=yes}"
 : "${HAVE_BINFMT:=yes}"
 
 # by default, use the mmdebstrap executable in the current directory together
@@ -81,7 +65,7 @@ export LC_ALL=C.UTF-8
 : "${CMD:=perl -MDevel::Cover=-silent,-nogcov ./mmdebstrap}"
 mirror="http://127.0.0.1/debian"
 
-export HAVE_QEMU HAVE_UNSHARE HAVE_BINFMT RUN_MA_SAME_TESTS DEFAULT_DIST SOURCE_DATE_EPOCH CMD mirror
+export HAVE_QEMU HAVE_BINFMT RUN_MA_SAME_TESTS DEFAULT_DIST SOURCE_DATE_EPOCH CMD mirror
 
 ./coverage.py
 
@@ -99,8 +83,6 @@ cover -delete cover_db >&2
 END
 	if [ "$HAVE_QEMU" = "yes" ]; then
 		./run_qemu.sh
-	elif [ "$HAVE_UNSHARE" != "yes" ]; then
-		./run_null.sh SUDO
 	else
 		./run_null.sh
 	fi

coverage.txt

@@ -1,10 +1,17 @@
+Test: debootstrap
+Dists: any
+Variants: minbase buildd -
+Needs-Root: true
+
 Test: check-against-debootstrap-dist
 Dists: any
 Variants: minbase buildd -
 Needs-Root: true
 
 Test: as-debootstrap-unshare-wrapper
-Needs-QEMU: true
+Modes: unshare
+Needs-Root: true
+Variants: minbase -
 
 Test: help
 
@@ -34,7 +41,7 @@ Test: root-mode-inside-chroot
 Needs-Root: true
 
 Test: root-mode-inside-unshare-chroot
-Needs-QEMU: true
+Modes: unshare
 
 Test: root-without-cap-sys-admin
 Needs-Root: true
@@ -43,7 +50,8 @@ Test: mount-is-missing
 Needs-QEMU: true
 
 Test: check-for-bit-by-bit-identical-format-output
-Needs-QEMU: true
+Needs-Root: true
+Modes: unshare fakechroot
 Formats: tar squashfs ext2
 Variants: essential apt minbase buildd - standard
 Skip-If:
@@ -51,6 +59,9 @@ Skip-If:
  variant == "important" and dist == "oldstable" # /var/lib/systemd/catalog/database differs
  fmt == "squashfs" and dist == "oldstable" # squashfs-tools-ng is not available
  fmt == "ext2" and dist == "oldstable" # genext2fs does not support SOURCE_DATE_EPOCH
+ mode == "fakechroot" and variant in ["-", "standard"] # no extended attributes
+ mode == "fakechroot" and hostarch in ["i386", "armel", "armhf", "mipsel"] # #1030638
+ variant == "standard" and hostarch in ["armel", "armhf", "mipsel"] # #1031276
 
 Test: tarfilter-idshift
 Needs-QEMU: true
@@ -74,19 +85,21 @@ Test: missing-device-nodes-outside-the-chroot
 Needs-QEMU: true
 
 Test: missing-dev-sys-proc-inside-the-chroot
-Needs-QEMU: true
+Modes: unshare
+Variants: custom
 
 Test: chroot-directory-not-accessible-by-apt-user
 Needs-Root: true
 
 Test: cwd-directory-not-accessible-by-unshared-user
-Needs-QEMU: true
+Needs-Root: true
+Modes: unshare
 
 Test: create-gzip-compressed-tarball
-Needs-QEMU: true
 
 Test: custom-tmpdir
-Needs-QEMU: true
+Needs-Root: true
+Modes: unshare
 
 Test: xz-compressed-tarball
 
@@ -233,7 +246,6 @@ Needs-Root: true
 
 Test: special-hooks-with-mode-mode
 Modes: root unshare fakechroot
-Needs-QEMU: true
 
 Test: debootstrap-no-op-options
 Needs-Root: true
@@ -274,14 +286,14 @@ Skip-If:
  variant == "important" and dist == "oldstable" # /var/lib/systemd/catalog/database differs
 
 Test: create-directory-dry-run
+Modes: root
 
 Test: create-tarball-dry-run
 Variants: any
 Modes: any
 
 Test: unpack-doc-debian
-Needs-QEMU: true
-Modes: any
+Modes: root fakechroot
 Variants: extract
 
 Test: install-doc-debian
@@ -298,7 +310,6 @@ Skip-If:
 Test: chrootless-fakeroot
 Variants: essential
 Modes: chrootless
-Needs-QEMU: true
 Skip-If:
  dist in ["oldstable", "stable"]
 
@@ -320,6 +331,8 @@ Variants: custom
 Modes: chrootless
 
 Test: install-libmagic-mgc-on-arm64
+Variants: custom
+Modes: chrootless
 Skip-If:
  hostarch != "amd64"
  not have_binfmt
@@ -339,7 +352,6 @@ Modes: fakechroot
 
 Test: dev-ptmx
 Modes: root unshare
-Needs-QEMU: true
 
 Test: error-if-stdout-is-tty
 
@@ -349,14 +361,13 @@ Test: include-deb-file
 
 Test: unshare-include-deb
 Modes: unshare
-Needs-QEMU: true
 
 Test: pivot_root
 Modes: root unshare
-Needs-QEMU: true
 
 Test: jessie-or-older
-Needs-QEMU: true
+Needs-Root: true
+Modes: root unshare fakechroot
 Variants: essential apt minbase
 
 Test: apt-patterns
@@ -367,3 +378,6 @@ Test: empty-sources.list
 
 Test: merged-fakechroot-inside-unmerged-chroot
 Needs-Root: true
+
+Test: auto-mode-as-normal-user
+Modes: auto

make_mirror.sh

@@ -673,37 +673,6 @@ END
 	trap "cleanup_newcachedir" EXIT INT TERM
 fi
 
-mirror="http://127.0.0.1/debian"
-for dist in oldstable stable testing unstable; do
-	for variant in minbase buildd -; do
-		echo "running debootstrap --variant=$variant $dist \${TEMPDIR} $mirror"
-		cat << END > shared/test.sh
-#!/bin/sh
-set -eu
-export LC_ALL=C.UTF-8
-export SOURCE_DATE_EPOCH=$SOURCE_DATE_EPOCH
-echo "SOURCE_DATE_EPOCH=\$SOURCE_DATE_EPOCH"
-tmpdir="\$(mktemp -d)"
-chmod 755 "\$tmpdir"
-case "$dist" in
-	oldstable|stable)
-		debootstrap --no-merged-usr --variant=$variant $dist "\$tmpdir" $mirror
-		;;
-	*)
-		debootstrap --merged-usr --variant=$variant $dist "\$tmpdir" $mirror
-		;;
-esac
-tar --sort=name --mtime=@$SOURCE_DATE_EPOCH --clamp-mtime --numeric-owner --one-file-system --xattrs -C "\$tmpdir" -c . > "$newcache/debian-$dist-$variant.tar"
-rm -r "\$tmpdir"
-END
-		if [ "$HAVE_QEMU" = "yes" ]; then
-			cachedir=$newcachedir ./run_qemu.sh
-		else
-			./run_null.sh SUDO
-		fi
-	done
-done
-
 if [ "$HAVE_QEMU" = "yes" ]; then
 	# now replace the minihttpd config with one that serves the new repository
 	guestfish -a "$newcachedir/debian-$DEFAULT_DIST.qcow" -i <<EOF

mmdebstrap

@@ -1336,11 +1336,11 @@ sub setup_mounts {
                   . " /sys directory is missing in the target");
         } elsif ((any { $_ eq $options->{mode} } ('root', 'unshare'))
             && !-e "/sys") {
-            warning("skipping bind-mounting /sys because"
+            warning("skipping mounting /sys because"
                   . " /sys does not exist on the outside");
         } elsif ((any { $_ eq $options->{mode} } ('root', 'unshare'))
             && !-d "/sys") {
-            warning("skipping bind-mounting /sys because"
+            warning("skipping mounting /sys because"
                   . " /sys on the outside is not a directory");
         } elsif ($options->{mode} eq 'root') {
             # we don't know whether we run in root mode inside an unshared
@@ -1411,18 +1411,19 @@ sub setup_mounts {
                   . " /proc directory is missing in the target");
         } elsif ((any { $_ eq $options->{mode} } ('root', 'unshare'))
             && !-e "/proc") {
-            warning("skipping bind-mounting /proc because"
+            warning("skipping mounting /proc because"
                   . " /proc does not exist on the outside");
         } elsif ((any { $_ eq $options->{mode} } ('root', 'unshare'))
             && !-d "/proc") {
-            warning("skipping bind-mounting /proc because"
+            warning("skipping mounting /proc because"
                   . " /proc on the outside is not a directory");
-        } elsif ($options->{mode} eq 'root') {
+        } elsif (any { $_ eq $options->{mode} } ('root', 'unshare')) {
             # we don't know whether we run in root mode inside an unshared
             # user namespace or as real root so we first try the real mount and
             # then fall back to mounting in a way that works in unshared
             if (
-                0 == system(
+                $options->{mode} eq 'root'
+                && 0 == system(
                     'mount', '-t', 'proc', '-o', 'ro', 'proc',
                     "$options->{root}/proc"
                 )
@@ -1451,22 +1452,35 @@ sub setup_mounts {
                     0 == system('umount', '--no-mtab', "$options->{root}/proc")
                       or warning("umount /proc failed: $?");
                 };
+            } elsif (
+                # if mounting proc failed, try bind-mounting it read-only as a
+                # last resort
+                0 == system(
+                    'mount', '-o',
+                    'rbind', '/proc',
+                    "$options->{root}/proc"
+                )
+            ) {
+                warning("since mounting /proc normally failed, /proc is now "
+                      . "bind-mounted instead");
+                # to make sure that changes (like unmounting) to the
+                # bind-mounted /proc do not affect the outside /proc, change
+                # all the bind-mounts under /proc to be a slave mount.
+                if (
+                    0 != system('mount', '--make-rslave',
+                        "$options->{root}/proc")) {
+                    warning("mount --make-rslave /proc failed");
+                }
+                push @cleanup_tasks, sub {
+                    # since we cannot write to /etc/mtab we need --no-mtab
+                    0 == system(
+                        'umount', '--no-mtab',
+                        '--lazy', "$options->{root}/proc"
+                    ) or warning("umount /proc failed: $?");
+                };
             } else {
                 error "mount /proc failed: $?";
             }
-        } elsif ($options->{mode} eq 'unshare') {
-            # naturally we have to clean up after ourselves in sudo mode where
-            # we do a real mount. But we also need to unmount in unshare mode
-            # because otherwise, even with the --one-file-system tar option,
-            # the permissions of the mount source will be stored and not the
-            # mount target (the directory)
-            push @cleanup_tasks, sub {
-                # since we cannot write to /etc/mtab we need --no-mtab
-                0 == system('umount', '--no-mtab', "$options->{root}/proc")
-                  or warning("umount /proc failed: $?");
-            };
-            0 == system('mount', '-t', 'proc', 'proc', "$options->{root}/proc")
-              or error "mount /proc failed: $?";
         } elsif (any { $_ eq $options->{mode} } ('fakechroot', 'chrootless')) {
             # we cannot mount in fakechroot mode
         } else {
@@ -4711,7 +4725,7 @@ sub main() {
         );
         close $fh;
         if (    $? == 0
-            and $content =~ /^apt (\d+\.\d+\.\d+)\w* \(\S+\)$/am) {
+            and $content =~ /^apt (\d+\.\d+\.\d+)\S* \(\S+\)$/am) {
             $aptversion = version->new($1);
         }
         if ($aptversion < "2.3.14") {
@@ -6635,14 +6649,30 @@ needs to be able to mount and thus requires C<SYS_CAP_ADMIN>.
 
 =item B<unshare>
 
-This mode uses Linux user namespaces to allow unprivileged use of chroot and
-creation of files that appear to be owned by the superuser inside the unshared
-namespace. A tarball created in this mode should be bit-by-bit identical to a
-tarball created with the B<root> mode.
+When used as a normal (not root) user, this mode uses Linux user namespaces to
+allow unprivileged use of chroot and creation of files that appear to be owned
+by the superuser inside the unshared namespace. A tarball created in this mode
+will be bit-by-bit identical to a tarball created with the B<root> mode. With
+this mode, the only binaries that will run as the root user will be
+B<newuidmap(1)> and B<newgidmap(1)> via their setuid bit. Running those
+successfully requires F</etc/subuid> and F</etc/subgid> to have an entry for
+your username. This entry was usually created by B<adduser(8)> already.
+
+The unshared user will not automatically have access to the same files as you
+do. This is intentional and an additional security against unintended changes
+to your files that could theoretically result from running B<mmdebstrap> and
+package maintainer scripts. To copy files in and out of the chroot, either use
+globally readable or writable directories or use special hooks like B<copy-in>
+and B<copy-out>.
+
+Besides the user namespace, the mount, pid (process ids), uts (hostname) and
+ipc namespaces will be unshared as well. See the man pages of B<namespaces(7)>
+and B<unshare(2)> as well as the manual pages they are linking to.
 
 A directory chroot created with this mode will end up with wrong ownership
-information. For correct ownership information, the directory must be accessed
-from a user namespace with the right subuid/subgid offset, like so:
+information (seen from outside the unshared user namespace). For correct
+ownership information, the directory must be accessed from a user namespace
+with the right subuid/subgid offset, like so:
 
     $ lxc-usernsexec -- lxc-unshare -s 'MOUNT|PID|UTSNAME|IPC' -- \
     > /usr/sbin/chroot ./debian-rootfs /bin/bash

tarfilter

@@ -178,14 +178,14 @@ Lastly, shift user id and group id of each entry by the value given by the
         skip = False
         if not hasattr(args, "pathfilter"):
             return False
-        for (t, r) in args.pathfilter:
+        for t, r in args.pathfilter:
             if r.match(member.name[1:]) is not None:
                 if t == "path_include":
                     skip = False
                 else:
                     skip = True
         if skip and (member.isdir() or member.issym()):
-            for (t, r) in args.pathfilter:
+            for t, r in args.pathfilter:
                 if t != "path_include":
                     continue
                 prefix = prefix_prog.sub(r"\1", r.pattern)
@@ -198,7 +198,7 @@ Lastly, shift user id and group id of each entry by the value given by the
         if not hasattr(args, "paxfilter"):
             return False
         skip = False
-        for (t, r) in args.paxfilter:
+        for t, r in args.paxfilter:
             if r.match(header) is None:
                 continue
             if t == "pax_include":

tests/as-debootstrap-unshare-wrapper

@@ -2,18 +2,58 @@
 set -eu
 export LC_ALL=C.UTF-8
 export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }}
+
+prefix=
+if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && [ "{{ MODE }}" != "auto" ]; then
+	if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
 		if [ ! -e /mmdebstrap-testenv ]; then
 			echo "this test modifies the system and should only be run inside a container" >&2
 			exit 1
 		fi
-useradd --home-dir /home/user --create-home user
-runuser -u user -- {{ CMD }} --variant=custom --mode=unshare --setup-hook='env container=lxc debootstrap unstable "$1" {{ MIRROR }}' - /tmp/debian-mm.tar {{ MIRROR }}
+		useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
+	fi
+	prefix="runuser -u ${SUDO_USER:-user} --"
+fi
+
+# debootstrap uses apt-config to figure out whether the system running it has
+# any proxies configured and then runs the binary to set the http_proxy
+# environment variable. This will fail if debootstrap is run in a linux user
+# namespace because auto-apt-proxy will see /tmp/.auto-apt-proxy-0 as being
+# owned by the user "nobody" and group "nogroup" and fail with:
+#   insecure cache dir /tmp/.auto-apt-proxy-0. Must be owned by UID 0 and have permissions 700
+# We cannot overwrite a configuration item using the APT_CONFIG environment
+# variable, so instead we use it to set the Dir configuration option
+# to /dev/null to force all apt settings to their defaults.
+# There is currently no better way to disable this behavior. See also:
+# https://bugs.debian.org/1031105
+# https://salsa.debian.org/installer-team/debootstrap/-/merge_requests/90
+AUTOPROXY=
+eval "$(apt-config shell AUTOPROXY Acquire::http::Proxy-Auto-Detect)"
+if [ -n "$AUTOPROXY" ] && [ -x "$AUTOPROXY" ] && [ -e /tmp/.auto-apt-proxy-0 ]; then
+	TMP_APT_CONFIG=$(mktemp)
+	echo "Dir \"/dev/null\";" > "$TMP_APT_CONFIG"
+	chmod 644 "$TMP_APT_CONFIG"
+fi
+
+# debootstrap runs mount -t proc proc /proc which doesn't work in an unshared
+# namespace on privileged docker (like salsaci), so mount /proc manually
+# https://bugs.debian.org/1031222
+# https://salsa.debian.org/installer-team/debootstrap/-/merge_requests/91
+$prefix {{ CMD }} --variant=custom --mode={{ MODE }} \
+	--setup-hook='env '"${AUTOPROXY:+APT_CONFIG='$TMP_APT_CONFIG'}"' container=lxc debootstrap --variant={{ VARIANT }} unstable "$1" {{ MIRROR }}' \
+	--setup-hook='mount -o rbind /proc "$1/proc"' \
+	--setup-hook='chroot "$1" dpkg-reconfigure systemd || true' \
+	--setup-hook='umount --lazy "$1/proc"' \
+	- /tmp/debian-mm.tar {{ MIRROR }}
+if [ -n "$AUTOPROXY" ] && [ -x "$AUTOPROXY" ] && [ -e /tmp/.auto-apt-proxy-0 ]; then
+	rm "$TMP_APT_CONFIG"
+fi
 
 mkdir /tmp/debian-mm
 tar --xattrs --xattrs-include='*' -C /tmp/debian-mm -xf /tmp/debian-mm.tar
 
 mkdir /tmp/debian-debootstrap
-tar --xattrs --xattrs-include='*' -C /tmp/debian-debootstrap -xf "cache/debian-unstable--.tar"
+tar --xattrs --xattrs-include='*' -C /tmp/debian-debootstrap -xf "cache/debian-unstable-{{ VARIANT }}.tar"
 
 # diff cannot compare device nodes, so we use tar to do that for us and then
 # delete the directory
@@ -41,7 +81,9 @@ rm /tmp/debian-debootstrap/var/lib/apt/lists/127.0.0.1_debian_dists_unstable_mai
 	/tmp/debian-debootstrap/var/lib/apt/lists/127.0.0.1_debian_dists_unstable_Release \
 	/tmp/debian-debootstrap/var/lib/apt/lists/127.0.0.1_debian_dists_unstable_Release.gpg
 
+if [ -e /tmp/debian-debootstrap/etc/machine-id ]; then
 	rm /tmp/debian-debootstrap/etc/machine-id /tmp/debian-mm/etc/machine-id
+fi
 rm /tmp/debian-mm/var/cache/apt/archives/lock
 rm /tmp/debian-mm/var/lib/apt/lists/lock
 rm /tmp/debian-mm/var/lib/dpkg/arch
@@ -50,6 +92,9 @@ rm /tmp/debian-mm/var/lib/dpkg/arch
 # also needed for users that are created by systemd-sysusers before systemd 252
 # https://github.com/systemd/systemd/pull/24534
 for f in shadow shadow-; do
+	if [ ! -e /tmp/debian-debootstrap/etc/$f ]; then
+		continue
+	fi
 	if ! cmp /tmp/debian-debootstrap/etc/$f /tmp/debian-mm/etc/$f >&2; then
 		echo patching /etc/$f >&2
 		awk -v FS=: -v OFS=: -v SDE={{ SOURCE_DATE_EPOCH }} '{ print $1,$2,int(SDE/60/60/24),$4,$5,$6,$7,$8,$9 }' < /tmp/debian-mm/etc/$f > /tmp/debian-mm/etc/$f.bak

tests/auto-mode-as-normal-user

@@ -0,0 +1,22 @@
+#!/bin/sh
+set -eu
+export LC_ALL=C.UTF-8
+
+trap "rm -f /tmp/debian-chroot.tar.gz" EXIT INT TERM
+
+[ {{ MODE }} = "auto" ]
+
+prefix=
+if [ "$(id -u)" -eq 0 ]; then
+	if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
+		if [ ! -e /mmdebstrap-testenv ]; then
+			echo "this test modifies the system and should only be run inside a container" >&2
+			exit 1
+		fi
+		useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
+	fi
+	prefix="runuser -u ${SUDO_USER:-user} --"
+fi
+
+$prefix {{ CMD }} --mode={{ MODE }} --variant=apt {{ DIST }} /tmp/debian-chroot.tar.gz {{ MIRROR }}
+tar -tf /tmp/debian-chroot.tar.gz | sort | diff -u tar1.txt -

tests/check-for-bit-by-bit-identical-format-output

@@ -1,12 +1,21 @@
 #!/bin/sh
 set -eu
 export LC_ALL=C.UTF-8
+export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }}
+
+trap "rm -f /tmp/debian-chroot-{{ MODE }}.{{ FORMAT }} /tmp/debian-chroot-root.{{ FORMAT }}" EXIT INT TERM
+
+[ "$(id -u)" -eq 0 ]
+
+if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
 	if [ ! -e /mmdebstrap-testenv ]; then
 		echo "this test modifies the system and should only be run inside a container" >&2
 		exit 1
 	fi
-useradd --home-dir /home/user --create-home user
-export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }}
+	useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
+fi
+prefix="runuser -u ${SUDO_USER:-user} --"
+
 {{ CMD }} --mode=root --variant={{ VARIANT }} {{ DIST }} /tmp/debian-chroot-root.{{ FORMAT }} {{ MIRROR }}
 if [ "{{ FORMAT }}" = tar ]; then
 	printf 'ustar ' | cmp --bytes=6 --ignore-initial=257:0 /tmp/debian-chroot-root.tar -
@@ -18,19 +27,11 @@ else
 	echo "unknown format: {{ FORMAT }}" >&2
 	exit 1
 fi
-runuser -u user -- {{ CMD }} --mode=unshare --variant={{ VARIANT }} {{ DIST }} /tmp/debian-chroot-unshare.{{ FORMAT }} {{ MIRROR }}
-cmp /tmp/debian-chroot-root.{{ FORMAT }} /tmp/debian-chroot-unshare.{{ FORMAT }}
-rm /tmp/debian-chroot-unshare.{{ FORMAT }}
-case {{ VARIANT }} in essential|apt|minbase|buildd)
-	# variants important and standard differ because permissions drwxr-sr-x
-	# and extended attributes of ./var/log/journal/ cannot be preserved
-	# in fakechroot mode
-	runuser -u user -- {{ CMD }} --mode=fakechroot --variant={{ VARIANT }} {{ DIST }} /tmp/debian-chroot-fakechroot.{{ FORMAT }} {{ MIRROR }}
-	cmp /tmp/debian-chroot-root.{{ FORMAT }} /tmp/debian-chroot-fakechroot.{{ FORMAT }}
-	rm /tmp/debian-chroot-fakechroot.{{ FORMAT }}
-	;;
-esac
+
+$prefix {{ CMD }} --mode={{ MODE }} --variant={{ VARIANT }} {{ DIST }} /tmp/debian-chroot-{{ MODE }}.{{ FORMAT }} {{ MIRROR }}
+cmp /tmp/debian-chroot-root.{{ FORMAT }} /tmp/debian-chroot-{{ MODE }}.{{ FORMAT }} \
+	|| diffoscope /tmp/debian-chroot-root.{{ FORMAT }} /tmp/debian-chroot-{{ MODE }}.{{ FORMAT }}
+
 # we cannot test chrootless mode here, because mmdebstrap relies on the
 # usrmerge package to set up merged-/usr and that doesn't work in chrootless
 # mode
-rm /tmp/debian-chroot-root.{{ FORMAT }}

tests/chrootless

@@ -11,6 +11,6 @@ for INCLUDE in '' 'apt' 'apt,build-essential' 'systemd-sysv'; do
 			${INCLUDE:+--include="$INCLUDE"} \
 			{{ DIST }} "/tmp/$MODE.tar" {{ MIRROR }}
 	done
-	cmp /tmp/root.tar /tmp/chrootless.tar
+	cmp /tmp/root.tar /tmp/chrootless.tar || diffoscope /tmp/root.tar /tmp/chrootless.tar
 	rm /tmp/chrootless.tar /tmp/root.tar
 done

tests/chrootless-fakeroot

@@ -3,15 +3,21 @@ set -eu
 export LC_ALL=C.UTF-8
 export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }}
 trap "rm -f /tmp/chrootless.tar /tmp/root.tar" EXIT INT TERM
-if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
+
+[ {{ MODE }} = chrootless ]
+
+prefix=
+if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && [ "{{ MODE }}" != "auto" ]; then
+	if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
 		if [ ! -e /mmdebstrap-testenv ]; then
 			echo "this test modifies the system and should only be run inside a container" >&2
 			exit 1
 		fi
-	useradd --home-dir /home/user --create-home user
+		useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
 	fi
-prefix=
-[ "$(id -u)" -eq 0 ] && prefix="runuser -u user --"
+	prefix="runuser -u ${SUDO_USER:-user} --"
+fi
+
 # we need --hook-dir=./hooks/merged-usr because usrmerge does not understand
 # DPKG_ROOT
 # permissions drwxr-sr-x and extended attributes of ./var/log/journal/ cannot
@@ -21,9 +27,9 @@ for INCLUDE in '' 'apt' 'apt,build-essential' 'systemd-sysv'; do
 		--customize-hook='if [ -d "$1"/var/log/journal ]; then rmdir "$1"/var/log/journal; mkdir --mode=2755 "$1"/var/log/journal; chroot "$1" chown root:systemd-journal /var/log/journal; fi' \
 		${INCLUDE:+--include="$INCLUDE"} \
 		{{ DIST }} /tmp/root.tar {{ MIRROR }}
-	$prefix fakeroot {{ CMD }} --mode=chrootless --variant={{ VARIANT }} --hook-dir=./hooks/merged-usr \
+	$prefix fakeroot {{ CMD }} --mode={{ MODE }} --variant={{ VARIANT }} --hook-dir=./hooks/merged-usr \
 		${INCLUDE:+--include="$INCLUDE"} \
 		{{ DIST }} /tmp/chrootless.tar {{ MIRROR }}
-	cmp /tmp/root.tar /tmp/chrootless.tar
+	cmp /tmp/root.tar /tmp/chrootless.tar || diffoscope /tmp/root.tar /tmp/chrootless.tar
 	rm /tmp/chrootless.tar /tmp/root.tar
 done

tests/chrootless-foreign

@@ -63,6 +63,6 @@ for INCLUDE in '' 'apt' 'systemd-sysv'; do
 			> "/tmp/$tar.tar.tmp"
 		mv "/tmp/$tar.tar.tmp" "/tmp/$tar.tar"
 	done
-	cmp /tmp/root.tar /tmp/chrootless.tar
+	cmp /tmp/root.tar /tmp/chrootless.tar || diffoscope /tmp/root.tar /tmp/chrootless.tar
 	rm /tmp/chrootless.tar /tmp/root.tar
 done

tests/create-arm64-tarball

@@ -1,15 +1,19 @@
 #!/bin/sh
 set -eu
 export LC_ALL=C.UTF-8
-if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
+
+prefix=
+if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && [ "{{ MODE }}" != "auto" ]; then
+	if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
 		if [ ! -e /mmdebstrap-testenv ]; then
 			echo "this test modifies the system and should only be run inside a container" >&2
 			exit 1
 		fi
-	useradd --home-dir /home/user --create-home user
+		useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
 	fi
-prefix=
-[ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && prefix="runuser -u user --"
+	prefix="runuser -u ${SUDO_USER:-user} --"
+fi
+
 [ "{{ MODE }}" = "fakechroot" ] && prefix="$prefix fakechroot fakeroot"
 $prefix {{ CMD }} --mode={{ MODE }} --variant=apt --architectures=arm64 {{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }}
 # we ignore differences between architectures by ignoring some files

tests/create-gzip-compressed-tarball

@@ -1,12 +1,20 @@
 #!/bin/sh
 set -eu
 export LC_ALL=C.UTF-8
+
+prefix=
+if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && [ "{{ MODE }}" != "auto" ]; then
+	if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
 		if [ ! -e /mmdebstrap-testenv ]; then
 			echo "this test modifies the system and should only be run inside a container" >&2
 			exit 1
 		fi
-useradd --home-dir /home/user --create-home user
-runuser -u user -- {{ CMD }} --mode=unshare --variant=apt {{ DIST }} /tmp/debian-chroot.tar.gz {{ MIRROR }}
+		useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
+	fi
+	prefix="runuser -u ${SUDO_USER:-user} --"
+fi
+
+$prefix {{ CMD }} --mode={{ MODE }} --variant=apt {{ DIST }} /tmp/debian-chroot.tar.gz {{ MIRROR }}
 printf '\037\213\010' | cmp --bytes=3 /tmp/debian-chroot.tar.gz -
 tar -tf /tmp/debian-chroot.tar.gz | sort | diff -u tar1.txt -
 rm /tmp/debian-chroot.tar.gz

tests/create-tarball-dry-run

@@ -8,15 +8,14 @@ export LC_ALL=C.UTF-8
 prefix=
 include=,
 if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != root ] && [ "{{ MODE }}" != auto ]; then
-	# this must be qemu
-	if ! id -u user >/dev/null 2>&1; then
+	if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
 		if [ ! -e /mmdebstrap-testenv ]; then
 			echo "this test modifies the system and should only be run inside a container" >&2
 			exit 1
 		fi
-		useradd --home-dir /home/user --create-home user
+		useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
 	fi
-	prefix="runuser -u user --"
+	prefix="runuser -u ${SUDO_USER:-user} --"
 	if [ "{{ VARIANT }}" = extract ] || [ "{{ VARIANT }}" = custom ]; then
 		include="$(tr '\n' ',' < pkglist.txt)"
 	fi

tests/custom-tmpdir

@@ -1,25 +1,33 @@
 #!/bin/sh
 set -eu
 export LC_ALL=C.UTF-8
+
+[ "$(id -u)" -eq 0 ]
+[ {{ MODE }} = "unshare" ]
+
+if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
 	if [ ! -e /mmdebstrap-testenv ]; then
 		echo "this test modifies the system and should only be run inside a container" >&2
 		exit 1
 	fi
+	useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
+fi
+prefix="runuser -u ${SUDO_USER:-user} --"
+
 # https://www.etalabs.net/sh_tricks.html
 quote () { printf %s\\n "$1" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/" ; }
-useradd --home-dir /home/user --create-home user
-homedir=$(runuser -u user -- sh -c 'cd && pwd')
+homedir=$($prefix sh -c 'cd && pwd')
 # apt:test/integration/test-apt-key
 TMPDIR_ADD="This is fü\$\$ing cràzy, \$(apt -v)\$!"
-runuser -u user -- mkdir "$homedir/$TMPDIR_ADD"
+$prefix mkdir "$homedir/$TMPDIR_ADD"
 # make sure the unshared user can traverse into the TMPDIR
 chmod 711 "$homedir"
 # set permissions and sticky bit like the real /tmp
 chmod 1777 "$homedir/$TMPDIR_ADD"
-runuser -u user -- env TMPDIR="$homedir/$TMPDIR_ADD" {{ CMD }} --mode=unshare --variant=apt \
+$prefix env TMPDIR="$homedir/$TMPDIR_ADD" {{ CMD }} --mode={{ MODE }} --variant=apt \
 	--setup-hook='case "$1" in '"$(quote "$homedir/$TMPDIR_ADD/mmdebstrap.")"'??????????) exit 0;; *) echo "$1"; exit 1;; esac' \
 	 {{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }}
 tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -
 # use rmdir as a quick check that nothing is remaining in TMPDIR
-runuser -u user -- rmdir "$homedir/$TMPDIR_ADD"
+$prefix rmdir "$homedir/$TMPDIR_ADD"
 rm /tmp/debian-chroot.tar

tests/cwd-directory-not-accessible-by-unshared-user

@@ -1,21 +1,30 @@
 #!/bin/sh
 set -eu
 export LC_ALL=C.UTF-8
+
+[ "$(id -u)" -eq 0 ]
+[ {{ MODE }} = "unshare" ]
+
+if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
        if [ ! -e /mmdebstrap-testenv ]; then
                echo "this test modifies the system and should only be run inside a container" >&2
                exit 1
        fi
-useradd --home-dir /home/user --create-home user
+       useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
+fi
+prefix="runuser -u ${SUDO_USER:-user} --"
+
 mkdir /tmp/debian-chroot
 chmod 700 /tmp/debian-chroot
-chown user:user /tmp/debian-chroot
+chown "${SUDO_USER:-user}:${SUDO_USER:-user}" /tmp/debian-chroot
+set -- env --chdir=/tmp/debian-chroot
 if [ "{{ CMD }}" = "./mmdebstrap" ]; then
-	set -- "$(realpath --canonicalize-existing ./mmdebstrap)"
+	set -- "$@" "$(realpath --canonicalize-existing ./mmdebstrap)"
 elif [ "{{ CMD }}" = "perl -MDevel::Cover=-silent,-nogcov ./mmdebstrap" ]; then
-	set -- perl -MDevel::Cover=-silent,-nogcov "$(realpath --canonicalize-existing ./mmdebstrap)"
+	set -- "$@" perl -MDevel::Cover=-silent,-nogcov "$(realpath --canonicalize-existing ./mmdebstrap)"
 else
-	set -- {{ CMD }}
+	set -- "$@" {{ CMD }}
 fi
-env --chdir=/tmp/debian-chroot runuser -u user -- "$@" --mode=unshare --variant=apt {{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }}
+$prefix "$@" --mode={{ MODE }} --variant=apt {{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }}
 tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -
 rm /tmp/debian-chroot.tar

tests/debootstrap

@@ -0,0 +1,17 @@
+#!/bin/sh
+set -eu
+export LC_ALL=C.UTF-8
+export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }}
+
+tmpdir="$(mktemp -d)"
+chmod 755 "$tmpdir"
+case "{{ DIST }}" in
+	oldstable|stable)
+		debootstrap --no-merged-usr --variant={{ VARIANT }} {{ DIST }} "$tmpdir" {{ MIRROR }}
+		;;
+	*)
+		debootstrap --merged-usr --variant={{ VARIANT }} {{ DIST }} "$tmpdir" {{ MIRROR }}
+		;;
+esac
+tar --sort=name --mtime=@$SOURCE_DATE_EPOCH --clamp-mtime --numeric-owner --one-file-system --xattrs -C "$tmpdir" -c . > "./cache/debian-{{ DIST }}-{{ VARIANT }}.tar"
+rm -r "$tmpdir"

tests/dev-ptmx

@@ -7,15 +7,17 @@ if [ {{ MODE }} != unshare ] && [ {{ MODE }} != root ]; then
 	exit 1
 fi
 
+prefix=
+if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && [ "{{ MODE }}" != "auto" ]; then
+	if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
 		if [ ! -e /mmdebstrap-testenv ]; then
 			echo "this test modifies the system and should only be run inside a container" >&2
 			exit 1
 		fi
-if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
-	useradd --home-dir /home/user --create-home user
+		useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
+	fi
+	prefix="runuser -u ${SUDO_USER:-user} --"
 fi
-prefix=
-[ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && prefix="runuser -u user --"
 
 # this mimics what apt does in apt-pkg/deb/dpkgpm.cc/pkgDPkgPM::StartPtyMagic()
 cat > /tmp/test.c << 'END'
@@ -123,12 +125,13 @@ script -qfec "$prefix {{ CMD }} --mode={{ MODE }} --variant=apt \
 	--customize-hook='chroot \"\$1\" runuser -u user -- python3 -c \"import pty; print(pty.openpty())\"' \
 	--customize-hook='chroot \"\$1\" script -c \"echo foobar\"' \
 	--customize-hook='chroot \"\$1\" runuser -u user -- env --chdir=/home/user script -c \"echo foobar\"' \
-	--customize-hook='chroot \"\$1\" apt-get install --yes doc-debian 2>&1 | tee /tmp/log' \
+	--customize-hook='chroot \"\$1\" apt-get install --yes doc-debian 2>&1 | tee \"\$1\"/tmp/log' \
 	--customize-hook=\"copy-in /tmp/test.c /tmp\" \
 	--customize-hook='chroot \"\$1\" gcc /tmp/test.c -o /tmp/test' \
 	--customize-hook='chroot \"\$1\" /tmp/test' \
 	--customize-hook='chroot \"\$1\" runuser -u user -- /tmp/test' \
 	--customize-hook='rm \"\$1\"/tmp/test \"\$1\"/tmp/test.c' \
+	--customize-hook=\"copy-out /tmp/log /tmp\" \
 	{{ DIST }} /dev/null {{ MIRROR }}" /dev/null
 
 fail=0

tests/dist-using-codename

@@ -4,8 +4,10 @@
 
 set -eu
 export LC_ALL=C.UTF-8
-trap "rm -f Release; rm -rf /tmp/debian-chroot" EXIT INT TERM
+trap "rm -f Release; rm -rf /tmp/debian-chroot.tar /tmp/expected" EXIT INT TERM
 /usr/lib/apt/apt-helper download-file "{{ MIRROR }}/dists/{{ DIST }}/Release" Release
 codename=$(awk '/^Codename: / { print $2; }' Release)
-{{ CMD }} --mode={{ MODE }} --variant=apt "$codename" /tmp/debian-chroot {{ MIRROR }}
-echo "deb {{ MIRROR }} $codename main" | diff -u - /tmp/debian-chroot/etc/apt/sources.list
+{{ CMD }} --mode={{ MODE }} --variant=apt "$codename" /tmp/debian-chroot.tar {{ MIRROR }}
+echo "deb {{ MIRROR }} $codename main" > /tmp/expected
+tar --to-stdout --extract --file /tmp/debian-chroot.tar ./etc/apt/sources.list \
+	| diff -u /tmp/expected -

tests/essential-hook

@@ -8,7 +8,7 @@ echo tzdata tzdata/Zones/Europe select Berlin | chroot "$1" debconf-set-selectio
 SCRIPT
 chmod +x /tmp/essential.sh
 {{ CMD }} --mode=root --variant=apt --include=tzdata --essential-hook='echo tzdata tzdata/Areas select Europe | chroot "$1" debconf-set-selections' --essential-hook=/tmp/essential.sh {{ DIST }} /tmp/debian-chroot {{ MIRROR }}
-echo Europe/Berlin | cmp /tmp/debian-chroot/etc/timezone
+[ "$(readlink /tmp/debian-chroot/etc/localtime)" = "/usr/share/zoneinfo/Europe/Berlin" ]
 tar -C /tmp/debian-chroot --one-file-system -c . | tar -t | sort \
 	| grep -v '^./etc/localtime' \
 	| grep -v '^./etc/timezone' \

tests/install-doc-debian

@@ -1,16 +1,23 @@
 #!/bin/sh
 set -eu
 export LC_ALL=C.UTF-8
-if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
+
+[ {{ VARIANT }} = "custom" ]
+[ {{ MODE }} = "chrootless" ]
+
+prefix=
+if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && [ "{{ MODE }}" != "auto" ]; then
+	if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
 		if [ ! -e /mmdebstrap-testenv ]; then
 			echo "this test modifies the system and should only be run inside a container" >&2
 			exit 1
 		fi
-	useradd --home-dir /home/user --create-home user
+		useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
 	fi
-prefix=
-[ "$(id -u)" -eq 0 ] && prefix="runuser -u user --"
-$prefix {{ CMD }} --mode=chrootless --variant=custom --include=doc-debian {{ DIST }} /tmp/debian-chroot {{ MIRROR }}
+	prefix="runuser -u ${SUDO_USER:-user} --"
+fi
+
+$prefix {{ CMD }} --mode={{ MODE }} --variant={{ VARIANT }} --include=doc-debian {{ DIST }} /tmp/debian-chroot {{ MIRROR }}
 tar -C /tmp/debian-chroot --owner=0 --group=0 --numeric-owner --sort=name --clamp-mtime --mtime="$(date --utc --date=@{{ SOURCE_DATE_EPOCH }} --iso-8601=seconds)" -cf /tmp/debian-chroot.tar .
 tar tvf /tmp/debian-chroot.tar > doc-debian.tar.list
 rm /tmp/debian-chroot.tar

tests/install-doc-debian-and-output-tarball

@@ -2,15 +2,22 @@
 set -eu
 export LC_ALL=C.UTF-8
 export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }}
-if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
+
+[ {{ VARIANT }} = "custom" ]
+[ {{ MODE }} = "chrootless" ]
+
+prefix=
+if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && [ "{{ MODE }}" != "auto" ]; then
+	if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
 		if [ ! -e /mmdebstrap-testenv ]; then
 			echo "this test modifies the system and should only be run inside a container" >&2
 			exit 1
 		fi
-	useradd --home-dir /home/user --create-home user
+		useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
 	fi
-prefix=
-[ "$(id -u)" -eq 0 ] && prefix="runuser -u user --"
-$prefix {{ CMD }} --mode=chrootless --variant=custom --include=doc-debian {{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }}
+	prefix="runuser -u ${SUDO_USER:-user} --"
+fi
+
+$prefix {{ CMD }} --mode={{ MODE }} --variant={{ VARIANT }} --include=doc-debian {{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }}
 tar tvf /tmp/debian-chroot.tar | grep -v ' ./dev' | diff -u doc-debian.tar.list -
 rm /tmp/debian-chroot.tar

tests/install-doc-debian-and-test-hooks

@@ -2,16 +2,23 @@
 set -eu
 export LC_ALL=C.UTF-8
 export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }}
-if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
+
+[ {{ VARIANT }} = "custom" ]
+[ {{ MODE }} = "chrootless" ]
+
+prefix=
+if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && [ "{{ MODE }}" != "auto" ]; then
+	if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
 		if [ ! -e /mmdebstrap-testenv ]; then
 			echo "this test modifies the system and should only be run inside a container" >&2
 			exit 1
 		fi
-	useradd --home-dir /home/user --create-home user
+		useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
 	fi
-prefix=
-[ "$(id -u)" -eq 0 ] && prefix="runuser -u user --"
-$prefix {{ CMD }} --mode=chrootless --skip=cleanup/tmp --variant=custom --include=doc-debian --setup-hook='touch "$1/tmp/setup"' --customize-hook='touch "$1/tmp/customize"' {{ DIST }} /tmp/debian-chroot {{ MIRROR }}
+	prefix="runuser -u ${SUDO_USER:-user} --"
+fi
+
+$prefix {{ CMD }} --mode={{ MODE }} --skip=cleanup/tmp --variant={{ VARIANT }} --include=doc-debian --setup-hook='touch "$1/tmp/setup"' --customize-hook='touch "$1/tmp/customize"' {{ DIST }} /tmp/debian-chroot {{ MIRROR }}
 rm /tmp/debian-chroot/tmp/setup
 rm /tmp/debian-chroot/tmp/customize
 tar -C /tmp/debian-chroot --owner=0 --group=0 --numeric-owner --sort=name --clamp-mtime --mtime="$(date --utc --date=@{{ SOURCE_DATE_EPOCH }} --iso-8601=seconds)" -cf /tmp/debian-chroot.tar .

tests/install-libmagic-mgc-on-arm64

@@ -1,16 +1,23 @@
 #!/bin/sh
 set -eu
 export LC_ALL=C.UTF-8
-if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
+
+[ {{ VARIANT }} = "custom" ]
+[ {{ MODE }} = "chrootless" ]
+
+prefix=
+if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && [ "{{ MODE }}" != "auto" ]; then
+	if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
 		if [ ! -e /mmdebstrap-testenv ]; then
 			echo "this test modifies the system and should only be run inside a container" >&2
 			exit 1
 		fi
-	useradd --home-dir /home/user --create-home user
+		useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
 	fi
-prefix=
-[ "$(id -u)" -eq 0 ] && prefix="runuser -u user --"
-$prefix {{ CMD }} --mode=chrootless --variant=custom --architectures=arm64 --include=libmagic-mgc {{ DIST }} /tmp/debian-chroot {{ MIRROR }}
+	prefix="runuser -u ${SUDO_USER:-user} --"
+fi
+
+$prefix {{ CMD }} --mode={{ MODE }} --variant={{ VARIANT }} --architectures=arm64 --include=libmagic-mgc {{ DIST }} /tmp/debian-chroot {{ MIRROR }}
 # delete contents of libmagic-mgc
 rm /tmp/debian-chroot/usr/lib/file/magic.mgc
 rm /tmp/debian-chroot/usr/share/doc/libmagic-mgc/README.Debian

tests/jessie-or-older

@@ -1,15 +1,30 @@
 #!/bin/sh
 set -eu
 export LC_ALL=C.UTF-8
+export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }}
+
+trap "rm -f /tmp/debian-chroot-{{ MODE }}.tar /tmp/debian-chroot-root-normal.tar" EXIT INT TERM
+
+[ "$(id -u)" -eq 0 ]
+
+prefix=
+if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && [ "{{ MODE }}" != "auto" ]; then
+	if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
 		if [ ! -e /mmdebstrap-testenv ]; then
 			echo "this test modifies the system and should only be run inside a container" >&2
 			exit 1
 		fi
-useradd --home-dir /home/user --create-home user
-export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }}
+		useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
+	fi
+	prefix="runuser -u ${SUDO_USER:-user} --"
+fi
+
+MMTARFILTER=
+[ -x /usr/bin/mmtarfilter ] && MMTARFILTER=/usr/bin/mmtarfilter
+[ -x ./tarfilter ] && MMTARFILTER=./tarfilter
 
 filter() {
-	./tarfilter \
+	"$MMTARFILTER" \
 		--path-exclude=/usr/bin/uncompress \
 		--path-exclude=/var/cache/debconf/config.dat-old \
 		--path-exclude=/var/cache/debconf/templates.dat-old \
@@ -20,19 +35,7 @@ filter() {
 }
 
 # base for comparison without jessie-or-older hook
-{{ CMD }} --mode=root --variant={{ VARIANT }} {{ DIST }} - {{ MIRROR }} | filter > /tmp/debian-chroot-root-normal.tar
+{{ CMD }} --mode=root --variant={{ VARIANT }} {{ DIST }} - {{ MIRROR }} > /tmp/debian-chroot-root-normal.tar
 
-# root
-{{ CMD }} --mode=root --variant={{ VARIANT }} --hook-dir=./hooks/jessie-or-older {{ DIST }} - {{ MIRROR }} | filter > /tmp/debian-chroot-root.tar
-cmp /tmp/debian-chroot-root-normal.tar /tmp/debian-chroot-root.tar
-rm /tmp/debian-chroot-root.tar
-# unshare
-runuser -u user -- {{ CMD }} --mode=unshare --variant={{ VARIANT }} --hook-dir=./hooks/jessie-or-older {{ DIST }} - {{ MIRROR }} | filter > /tmp/debian-chroot-unshare.tar
-cmp /tmp/debian-chroot-root-normal.tar /tmp/debian-chroot-unshare.tar
-rm /tmp/debian-chroot-unshare.tar
-# fakechroot
-runuser -u user -- {{ CMD }} --mode=fakechroot --variant={{ VARIANT }} --hook-dir=./hooks/jessie-or-older {{ DIST }} - {{ MIRROR }} | filter > /tmp/debian-chroot-fakechroot.tar
-cmp /tmp/debian-chroot-root-normal.tar /tmp/debian-chroot-fakechroot.tar
-rm /tmp/debian-chroot-fakechroot.tar
-
-rm /tmp/debian-chroot-root-normal.tar
+$prefix {{ CMD }} --mode={{ MODE }} --variant={{ VARIANT }} --hook-dir=./hooks/jessie-or-older {{ DIST }} - {{ MIRROR }} | filter > /tmp/debian-chroot-{{ MODE }}.tar
+filter < /tmp/debian-chroot-root-normal.tar | cmp - /tmp/debian-chroot-{{ MODE }}.tar

tests/merged-fakechroot-inside-unmerged-chroot

@@ -46,4 +46,4 @@ chmod +x script.sh
 	--customize-hook=./script.sh \
 	--customize-hook="copy-out /tmp/chroot-fakechroot.tar /tmp" \
 	{{ DIST }} /dev/null {{ MIRROR }}
-cmp /tmp/chroot-fakechroot.tar /tmp/chroot-root.tar
+cmp /tmp/chroot-fakechroot.tar /tmp/chroot-root.tar || diffoscope /tmp/chroot-fakechroot.tar /tmp/chroot-root.tar

tests/missing-dev-sys-proc-inside-the-chroot

@@ -1,9 +1,20 @@
 #!/bin/sh
 set -eu
 export LC_ALL=C.UTF-8
+
+[ {{ MODE }} = "unshare" ]
+[ {{ VARIANT }} = "custom" ]
+
+prefix=
+if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && [ "{{ MODE }}" != "auto" ]; then
+	if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
 		if [ ! -e /mmdebstrap-testenv ]; then
 			echo "this test modifies the system and should only be run inside a container" >&2
 			exit 1
 		fi
-useradd --home-dir /home/user --create-home user
-runuser -u user -- {{ CMD }} --mode=unshare --variant=custom --include=dpkg,dash,diffutils,coreutils,libc-bin,sed {{ DIST }} /dev/null {{ MIRROR }}
+		useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
+	fi
+	prefix="runuser -u ${SUDO_USER:-user} --"
+fi
+
+$prefix {{ CMD }} --mode={{ MODE }} --variant={{ VARIANT }} --include=dpkg,dash,diffutils,coreutils,libc-bin,sed {{ DIST }} /dev/null {{ MIRROR }}

tests/multiple-include

@@ -8,7 +8,6 @@ rm -r /tmp/debian-chroot/usr/share/doc/debian
 rm -r /tmp/debian-chroot/usr/share/doc/doc-debian
 rm /tmp/debian-chroot/usr/share/lintian/overrides/tzdata
 rm /tmp/debian-chroot/etc/localtime
-rm /tmp/debian-chroot/etc/timezone
 rm -r /tmp/debian-chroot/usr/share/doc/tzdata
 rm -r /tmp/debian-chroot/usr/share/zoneinfo
 rm /tmp/debian-chroot/var/lib/apt/extended_states

tests/no-sbin-in-path

@@ -7,16 +7,22 @@
 
 set -eu
 export LC_ALL=C.UTF-8
-[ "{{ MODE }}" = "fakechroot" ]
+
 trap "rm -f /tmp/debian-chroot.tar" EXIT INT TERM
-if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
+
+[ "{{ MODE }}" = "fakechroot" ]
+
+prefix=
+if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && [ "{{ MODE }}" != "auto" ]; then
+	if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
 		if [ ! -e /mmdebstrap-testenv ]; then
 			echo "this test modifies the system and should only be run inside a container" >&2
 			exit 1
 		fi
-	useradd --home-dir /home/user --create-home user
+		useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
 	fi
-prefix=
-[ "$(id -u)" -eq 0 ] && prefix="runuser -u user --"
-$prefix env PATH=/usr/bin:/bin fakechroot fakeroot {{ CMD }} --mode=fakechroot --variant=apt {{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }}
+	prefix="runuser -u ${SUDO_USER:-user} --"
+fi
+
+$prefix env PATH=/usr/bin:/bin fakechroot fakeroot {{ CMD }} --mode={{ MODE }} --variant=apt {{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }}
 tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -

tests/pivot_root

@@ -4,21 +4,17 @@ export LC_ALL=C.UTF-8
 export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }}
 trap "rm -f /tmp/chroot1.tar /tmp/chroot2.tar /tmp/chroot3.tar /tmp/mmdebstrap" EXIT INT TERM
 
+prefix=
+if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && [ "{{ MODE }}" != "auto" ]; then
+	if ! id "${SUDO_USER:-user}" 2>/dev/null; then
 		if [ ! -e /mmdebstrap-testenv ]; then
 			echo "this test modifies the system and should only be run inside a container" >&2
 			exit 1
 		fi
-
-if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
-	useradd --home-dir /home/user --create-home user
+		useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
+	fi
+	prefix="runuser -u ${SUDO_USER:-user} --"
 fi
-
-prefix=
-[ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && prefix="runuser -u user --"
-
-MMDEBSTRAP=
-[ -e /usr/bin/mmdebstrap ] && MMDEBSTRAP=/usr/bin/mmdebstrap
-[ -e ./mmdebstrap ] && MMDEBSTRAP=./mmdebstrap
 
 $prefix {{ CMD }} --mode={{ MODE }} --variant=apt \
 	--include=mount \
@@ -28,28 +24,31 @@ if [ {{ MODE }} = "unshare" ]; then
 	# calling pivot_root in root mode does not work for mysterious reasons:
 	# pivot_root: failed to change root from `.' to `mnt': Invalid argument
 	$prefix {{ CMD }} --mode={{ MODE }} --variant=apt --include=mount \
-		--customize-hook="upload $MMDEBSTRAP /$MMDEBSTRAP" \
-		--customize-hook='chmod +x "$1"/'"$MMDEBSTRAP" \
-		--customize-hook='mount -o rbind "$1" /mnt && cd /mnt && /sbin/pivot_root . mnt' \
+		--customize-hook='mkdir -p "$1/mnt" "$1/oldroot"' \
+		--customize-hook='[ ! -e /usr/bin/mmdebstrap ] || cp -aT /usr/bin/mmdebstrap "$1/usr/bin/mmdebstrap"' \
+		--customize-hook='[ ! -e ./mmdebstrap ] || cp -aT ./mmdebstrap "$1/mnt/mmdebstrap"' \
+		--customize-hook='mount -o rbind "$1" /mnt && cd /mnt && /sbin/pivot_root . oldroot' \
 		--customize-hook='unshare -U echo nested unprivileged unshare' \
-		--customize-hook="/$MMDEBSTRAP"' --mode=unshare --variant=apt --include=mount {{ DIST }} /tmp/chroot3.tar {{ MIRROR }}' \
+		--customize-hook='env --chdir=/mnt {{ CMD }} --mode=unshare --variant=apt --include=mount {{ DIST }} /tmp/chroot3.tar {{ MIRROR }}' \
 		--customize-hook='copy-out /tmp/chroot3.tar /tmp' \
-		--customize-hook='rm "$1/'"$MMDEBSTRAP"'"' \
-		--customize-hook='umount -l mnt sys' \
+		--customize-hook='rm -f "/usr/bin/mmdebstrap" "/mnt/mmdebstrap"' \
+		--customize-hook='umount -l oldroot sys' \
+		--customize-hook='rmdir /oldroot' \
 		{{ DIST }} /tmp/chroot2.tar {{ MIRROR }}
 
-		cmp /tmp/chroot1.tar /tmp/chroot2.tar
-		cmp /tmp/chroot1.tar /tmp/chroot3.tar
+		cmp /tmp/chroot1.tar /tmp/chroot2.tar || diffoscope /tmp/chroot1.tar /tmp/chroot2.tar
+		cmp /tmp/chroot1.tar /tmp/chroot3.tar || diffoscope /tmp/chroot1.tar /tmp/chroot3.tar
 		rm /tmp/chroot2.tar /tmp/chroot3.tar
 fi
 
 $prefix {{ CMD }} --mode={{ MODE }} --variant=apt --include=mount \
-	--customize-hook="upload $MMDEBSTRAP /$MMDEBSTRAP" \
-	--customize-hook='chmod +x "$1"/'"$MMDEBSTRAP" \
-	--chrooted-customize-hook="/$MMDEBSTRAP"' --mode=unshare --variant=apt --include=mount {{ DIST }} /tmp/chroot3.tar {{ MIRROR }}' \
+	--customize-hook='mkdir -p "$1/mnt"' \
+	--customize-hook='[ ! -e /usr/bin/mmdebstrap ] || cp -aT /usr/bin/mmdebstrap "$1/usr/bin/mmdebstrap"' \
+	--customize-hook='[ ! -e ./mmdebstrap ] || cp -aT ./mmdebstrap "$1/mnt/mmdebstrap"' \
+	--chrooted-customize-hook='env --chdir=/mnt {{ CMD }} --mode=unshare --variant=apt --include=mount {{ DIST }} /tmp/chroot3.tar {{ MIRROR }}' \
 	--customize-hook='copy-out /tmp/chroot3.tar /tmp' \
-	--customize-hook='rm "$1/'"$MMDEBSTRAP"'"' \
+	--customize-hook='rm -f "$1/usr/bin/mmdebstrap" "$1/mnt/mmdebstrap"' \
 	{{ DIST }} /tmp/chroot2.tar {{ MIRROR }}
 
-cmp /tmp/chroot1.tar /tmp/chroot2.tar
-cmp /tmp/chroot1.tar /tmp/chroot3.tar
+cmp /tmp/chroot1.tar /tmp/chroot2.tar || diffoscope /tmp/chroot1.tar /tmp/chroot2.tar
+cmp /tmp/chroot1.tar /tmp/chroot3.tar || diffoscope /tmp/chroot1.tar /tmp/chroot3.tar

tests/root-mode-inside-unshare-chroot

@@ -5,13 +5,22 @@
 
 set -eu
 export LC_ALL=C.UTF-8
+
+[ {{ MODE }} = "unshare" ]
+
+prefix=
+if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && [ "{{ MODE }}" != "auto" ]; then
+	if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
 		if [ ! -e /mmdebstrap-testenv ]; then
 			echo "this test modifies the system and should only be run inside a container" >&2
 			exit 1
 		fi
-[ "$(whoami)" = "root" ]
-useradd --home-dir /home/user --create-home user
-cat << 'SCRIPT' > script.sh
+		useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
+	fi
+	prefix="runuser -u ${SUDO_USER:-user} --"
+fi
+
+cat << 'SCRIPT' > /tmp/script.sh
 #!/bin/sh
 set -eu
 rootfs="$1"
@@ -22,10 +31,10 @@ chroot "$rootfs" env --chdir=/mnt \
 	{{ CMD }} --mode=root --variant=apt \
 	{{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }}
 SCRIPT
-chmod +x script.sh
-runuser -u user -- {{ CMD }} --mode=unshare --variant=apt --include=perl,mount \
-	--customize-hook=./script.sh \
+chmod +x /tmp/script.sh
+$prefix {{ CMD }} --mode={{ MODE }} --variant=apt --include=perl,mount \
+	--customize-hook=/tmp/script.sh \
 	--customize-hook="download /tmp/debian-chroot.tar /tmp/debian-chroot.tar" \
 	{{ DIST }} /dev/null {{ MIRROR }}
 tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -
-rm /tmp/debian-chroot.tar script.sh
+rm /tmp/debian-chroot.tar /tmp/script.sh

tests/special-hooks-with-mode-mode

@@ -1,15 +1,19 @@
 #!/bin/sh
 set -eu
 export LC_ALL=C.UTF-8
-if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
+
+prefix=
+if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && [ "{{ MODE }}" != "auto" ]; then
+	if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
 		if [ ! -e /mmdebstrap-testenv ]; then
 			echo "this test modifies the system and should only be run inside a container" >&2
 			exit 1
 		fi
-	useradd --home-dir /home/user --create-home user
+		useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
 	fi
-prefix=
-[ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && prefix="runuser -u user --"
+	prefix="runuser -u ${SUDO_USER:-user} --"
+fi
+
 [ "{{ MODE }}" = "fakechroot" ] && prefix="$prefix fakechroot fakeroot"
 symlinktarget=/real
 [ "{{ MODE }}" = "fakechroot" ] && symlinktarget='$1/real'

tests/unpack-doc-debian

@@ -1,17 +1,23 @@
 #!/bin/sh
 set -eu
 export LC_ALL=C.UTF-8
-if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
+
+[ {{ VARIANT }} = extract ]
+
+prefix=
+if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && [ "{{ MODE }}" != "auto" ]; then
+	if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
 		if [ ! -e /mmdebstrap-testenv ]; then
 			echo "this test modifies the system and should only be run inside a container" >&2
 			exit 1
 		fi
-	useradd --home-dir /home/user --create-home user
+		useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
 	fi
-prefix=
-[ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && prefix="runuser -u user --"
+	prefix="runuser -u ${SUDO_USER:-user} --"
+fi
+
 [ "{{ MODE }}" = "fakechroot" ] && prefix="$prefix fakechroot fakeroot"
-$prefix {{ CMD }} --mode={{ MODE }} --variant=extract --include=doc-debian {{ DIST }} /tmp/debian-chroot {{ MIRROR }}
+$prefix {{ CMD }} --mode={{ MODE }} --variant={{ VARIANT }} --include=doc-debian {{ DIST }} /tmp/debian-chroot {{ MIRROR }}
 # delete contents of doc-debian
 rm /tmp/debian-chroot/usr/share/doc-base/debian-*
 rm -r /tmp/debian-chroot/usr/share/doc/debian

tests/unshare-include-deb

@@ -5,14 +5,17 @@ export LC_ALL=C.UTF-8
 
 [ "{{ MODE }}" = unshare ]
 
-if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
+prefix=
+if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && [ "{{ MODE }}" != "auto" ]; then
+	if ! id "${SUDO_USER:-user}" >/dev/null 2>&1; then
 		if [ ! -e /mmdebstrap-testenv ]; then
 			echo "this test modifies the system and should only be run inside a container" >&2
 			exit 1
 		fi
-	useradd --home-dir /home/user --create-home user
+		useradd --home-dir "/home/${SUDO_USER:-user}" --create-home "${SUDO_USER:-user}"
+	fi
+	prefix="runuser -u ${SUDO_USER:-user} --"
 fi
-[ "$(id -u)" -eq 0 ] && prefix="runuser -u user --"
 
 # instead of obtaining a .deb from our cache, we create a new package because
 # otherwise apt might decide to download the package with the same name and
@@ -31,9 +34,8 @@ Description: dummypkg
 END
 dpkg-deb --build "/tmp/dummypkg" "/tmp/dummypkg.deb"
 
-# make the .deb only redable by user which will exclude the unshared user
+# make the .deb only redable by its owner which will exclude the unshared user
 chmod 600 /tmp/dummypkg.deb
-chown user /tmp/dummypkg.deb
 
 ret=0
 $prefix {{ CMD }} --variant=apt --mode={{ MODE }} --include="/tmp/dummypkg.deb" \