rockdrilla
/
mmdebstrap
forked from josch/mmdebstrap
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
1,049 Commits
2 Branches
0 Tags
17 MiB
main
debextract
1.3.5
1.3.4
1.3.3
1.3.2
1.3.1
1.3.0
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.0
1.0.1
1.0.0
0.9.0
0.8.6
0.8.5
0.8.4
0.8.3
0.8.2
0.8.1
0.8.0
0.7.5
0.7.4
0.7.3
0.7.2
0.7.1
0.7.0
0.6.1
0.6.0
0.5.1
0.5.0
0.1.0
0.2.0
0.3.0
0.4.0
0.4.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
Commit Graph

591 Commits (main)

Author SHA1 Message Date
Johannes Schauer Marin Rodrigues 8b12375de3
add more references to #808203 3 years ago
Johannes Schauer Marin Rodrigues c627606110
document copy:// vs. file:// 3 years ago
Johannes Schauer Marin Rodrigues 60dba1c19e
fixup read_subuid_subgid 
- use $REAL_USER_ID from English instead of $<
 - use getgrgid $REAL_GROUP_ID to get the group name instead of assuming
   the group name to be equal to the user name
 - also check whether /etc/subgid exists and is readable
 3 years ago
Joe Groocock 15029c1c3b
improve error message for missing /etc/subuid entry (closes: #9) 3 years ago
Johannes Schauer Marin Rodrigues 3c37d692a0
write 'uninitialized' to /etc/machine-id to support systemd ConditionFirstBoot (closes: #10) 3 years ago
Nicolas Vigier 5283d74dfe
Remove files inside the auxfiles directory 
This is fixing the error:
  cannot rmdir /var/lib/apt/lists/auxfiles: Directory not empty at ./mmdebstrap/mmdebstrap line 3084.
which happens when using apt-transport-mirror.
 3 years ago
Johannes Schauer Marin Rodrigues ea82b267c9
only run test_unshare_userns() if not root user 3 years ago
Johannes Schauer Marin Rodrigues dfbf9cdcef
several fixes to chrootless mode 3 years ago
Johannes Schauer Marin Rodrigues f868073b6e
add --skip=setup, --skip=update and --skip=cleanup 3 years ago
Johannes Schauer Marin Rodrigues 98f1f0abde
use apt pattern to select essential set 3 years ago
Johannes Schauer Marin Rodrigues 3e488dd1dd
use apt from the outside by setting DPkg::Chroot-Directory 3 years ago
Johannes Schauer Marin Rodrigues c63ad87310
changes for release of Debian 11 Buster 3 years ago
Johannes Schauer Marin Rodrigues 594ea3c72e
improve busybox and --hook-dir examples in man page -- thanks Jochen Sprickerhof! 3 years ago
Johannes Schauer Marin Rodrigues 3f79c18a0d
since apt 2.1.16 we can use --error-on=any and do not anymore need to error out on all W: lines (closes: #6) 3 years ago
Benjamin Drung 0378c101bb
Pass extended attributes (excluding system) to tar2sqfs 
/bin/ping (from iputils-ping) uses the security capabilities to allow
users to use the program:

```
$ getcap /bin/ping
/bin/ping cap_net_raw=ep
```

Debian testing/unstable images (variant important) contain security and
system attributes:

```
$ mmdebstrap --variant=important bullseye root.tar
$ tar --xattrs --xattrs-include='*' -vv -tf root.tar | grep -B 1 '^ '
-rwxr-xr-x* 0/0           77432 2021-02-02 18:49 ./bin/ping
  x: 20 security.capability
--
drwxr-sr-x* 0/102             0 2021-05-07 15:10 ./var/log/journal/
  x: 44 system.posix_acl_access
  x: 44 system.posix_acl_default
```

When generating a squashfs image with mmdebstrap 0.7.5-2, these security
capabilities are lost. Example for building a squashfs image in a
minimal Debian unstable schroot:

```
$ apt install -y mmdebstrap squashfs-tools-ng
$ mmdebstrap --variant=important buster root.squashfs
$ rdsquashfs -x /bin/ping root.squashfs
$
```

tar2sqfs from squashfs-tools-ng 1.0.4-1 supports encoding extended
attributes from the namespace `user`, `trusted`, and `security` (see
`include/sqfs/xattr.h`). GNU tar (version 1.34) supports these three
namespaces plus the namespace `system`.

Passing extended attributes from the `system` namespace to tar2sqfs will
produce an error:

```
ERROR: squashfs does not support xattr prefix of system.posix_acl_default
```

So pass the extended attributes to tar2sqfs, but exclude the `system`
namespace. Then ping will keep its security attributes:

```
$ rdsquashfs -x /bin/ping root.squashfs
security.capability=0x0100000200200000000000000000000000000000
```

Closes: #988100
Signed-off-by: Benjamin Drung <benjamin.drung@ionos.com>
 3 years ago
Johannes Schauer Marin Rodrigues 88a031477a
add --skip=cleanup/apt/lists and --skip=cleanup/apt/cache 3 years ago
Vagrant Cascadian c51fb24c7b
Use all cores when compressing with zstd. 3 years ago
Johannes Schauer Marin Rodrigues 236b84a486
tarfilter: add --pax-exclude and --pax-include to strip extended attributes because tar2sqfs only supports user.*, trusted.* and security.* 3 years ago
Johannes Schauer Marin Rodrigues ebfac91738
also choose null format if stdout is /dev/null and check whether major and minor number of /dev/null are as expected to avoid false positives 3 years ago
Konstantin Demin ccd4b5c163
gpg: handle ASCII-armored keyrings as well 
gpg command "--list-keys" requires input files to be passed with
option "--keyring" and each file must match type "public keyring v4"
while gpg command "--show-keys" doesn't require extra options and
handles also ASCII-armored public keyrings as well.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
 3 years ago
Helmut Grohne 2767b051bc
implement --format=null 3 years ago
Johannes Schauer Marin Rodrigues 4c17f36072
better document the TMPDIR env var 3 years ago
Johannes Schauer Marin Rodrigues 5a3d1ab5c4
Rework /dev, /sys, /proc mounting 
- assume all entries in @devfiles to be in /dev
 - allow for /dev, /sys and /proc not to exist in the target and print warning
 - allow for /dev entries as well as /sys and /proc not to exist on the outside
 - simplify umount by storing special options in @umountopts
 - remove superfluous checks for root and unshare mode
 - make sure /dev entries are less than 100 chars in size for tar
 3 years ago
Johannes Schauer Marin Rodrigues d52eaa4814
instead of checking for defined-ness and then comparing with the empty string, we can just use 'length' which returns undef if its argument is undef 3 years ago
Johannes Schauer Marin Rodrigues 270fd09b43
update copyright information 3 years ago
Johannes Schauer Marin Rodrigues d5c8a85ace
document problems with chrootless mode in man page 3 years ago
Johannes Schauer Marin Rodrigues ecbc10794c
warn if --dpkgopt is used in chrootless mode because of #808203 3 years ago
Johannes Schauer Marin Rodrigues 49f464e7da
create /etc/dpkg/dpkg.cfg.d/ if --dpkgopt is used 3 years ago
Johannes Schauer Marin Rodrigues 067daaf4c2
also run unshare with --propagation unchanged in root mode 3 years ago
Josh Triplett f8fc7d9bbf
Fix typo in hook directory example 3 years ago
Johannes Schauer Marin Rodrigues 976cc9c1c4
release 0.7.5 3 years ago
Johannes Schauer Marin Rodrigues 73cd7cd2e8
run unshare --mount with --propagation unchanged to prevent 'cannot change root filesystem propagation' when running mmdebstrap from inside a chroot 3 years ago
Johannes Schauer Marin Rodrigues 39167dbc30
expose hook name to hooks via MMDEBSTRAP_HOOK environment variable 3 years ago
Johannes Schauer Marin Rodrigues 8a4f4d90ab
remove example showing mmdebstrap as debootstrap replacement for sbuild-createchroot as it doesn't work in unshare mode 3 years ago
Johannes Schauer Marin Rodrigues e1e0df7799
skip emulation check for extract variant 3 years ago
Johannes Schauer Marin Rodrigues c740b01dc8
unset TMPDIR in hooks because there is no value that works inside as well as outside the chroot 3 years ago
Johannes Schauer Marin Rodrigues 0595c5c220
add new suite name trixie 3 years ago
Johannes Schauer Marin Rodrigues 7a43ff89dc
improve dpkg and apt version parsing 3 years ago
Johannes 'josch' Schauer d9633d05fe
release 0.7.4 3 years ago
Johannes 'josch' Schauer 7bd733fb8b
In root mode, check whether it's possible to mount 
- even if the user is root, they might not have permission to mount
 - check for CAP_SYS_ADMIN and unshare --mount before proceeding
 - allow one to disable the check with --skip=check/canmount
 - this is useful in container environments like docker
 3 years ago
Johannes 'josch' Schauer 205f5c2692
document how to use mmdebstrap to create a docker chroot 3 years ago
Johannes 'josch' Schauer 4693034138
allow unshare as root user 
- this is useful when you are already root and want the benefits of
   unsharing the mount namespace to prevent messing up your system
 - if the unshare mode is used as root, the user namespace is not unshared
   anymore and newuidmap, setuid and friends are not called anymore
 - if the unshare mode is used as non-root test if the user namespace can be
   unshared, otherwise test if the mount namespace can be unshared
 3 years ago
Johannes 'josch' Schauer ea6bbc1d9c
#898446 got closed and the default of kernel.unprivileged_userns_clone changed to 1 3 years ago
Johannes 'josch' Schauer 62bcf3261e
do not run an additional env command inside the chroot 3 years ago
Johannes 'josch' Schauer 7ff3f53fb9
apt 2.1.16 fixed immediate configure 3 years ago
Johannes 'josch' Schauer ac21074243
set MMDEBSTRAP_APT_CONFIG, MMDEBSTRAP_MODE and MMDEBSTRAP_HOOKSOCK for hook scripts 3 years ago
Johannes 'josch' Schauer 9484107392
set PATH if it's unset or empty 3 years ago
Johannes 'josch' Schauer 2d03a81997
coverage.sh: reenabling tests because bugs got fixed 
- systemd didn't get fixed but somehow the order matches again (bug #963788)
 - python is installable again (bug #968217)
 - apt immediate configure was not fixed but src:glibc changed to not
   trigger the bug anymore (bugs #973305, #973325 and #972552)
 3 years ago
Johannes 'josch' Schauer 0b2a0c5a55
release 0.7.3 3 years ago
Johannes 'josch' Schauer 43ca8a5211
it is wrong to match the suite for the package set selection if more than one apt index is given (because the suite name might be equal) instead check whether there is more than zero matching and more than zero not-matching suites 3 years ago
Johannes 'josch' Schauer 2c232e0661
don't ignore packages added via --include if multiple apt indices are used 3 years ago
Johannes 'josch' Schauer 85328c5c7e
mmdebstrap: check for defined-ness before integer comparison 3 years ago
Johannes 'josch' Schauer 165cc82f97
preserve permissions of /etc/resolv.conf and /etc/hostname and resolve symlinks as debootstrap does it 3 years ago
Johannes 'josch' Schauer beb0b8c177
name solver mmdebstrap-dump-solution in official apt path 3 years ago
Johannes 'josch' Schauer f76bcb5750
release 0.7.2 3 years ago
Johannes 'josch' Schauer 732fde54f8
documentation improvements, add OPERATION section 3 years ago
Johannes 'josch' Schauer da449be3fe
fix missing I in front of <> 3 years ago
Johannes 'josch' Schauer 2e19a8bda4
remove nonsense code comment 3 years ago
Johannes 'josch' Schauer 96f45ec2e7
info messages start with lower case character 3 years ago
Johannes 'josch' Schauer b7e257871d
use Debian::DistroInfo if available 3 years ago
Johannes 'josch' Schauer b2ea7b230f
remove no-op if statement 3 years ago
Johannes 'josch' Schauer 1e7e002eb1
print explicit info message about installing essential packages 3 years ago
Johannes 'josch' Schauer ad56754a2a
pkgs_to_install might contain duplicates when multiple suites are used -- avoid that by using a hash instead of an array 4 years ago
Johannes 'josch' Schauer 0c990abc48
coverage.sh: only consider non-POD parts for maximum line length check 4 years ago
Johannes 'josch' Schauer 534798dbd2
add example for how to use a cache directory 4 years ago
Johannes 'josch' Schauer 12b26a8817
use /usr/share/distro-info/debian.csv to figure out the security mirror for bullseye and beyond 4 years ago
Johannes 'josch' Schauer 9d32dee3f5
if a suite name was specified, use the matching apt index to figure out the package set to install 4 years ago
Johannes 'josch' Schauer 21a26b5dac
pass verbosity to hook-listener 4 years ago
Johannes 'josch' Schauer e71487af5e
improve hook-helper and hook-listener debug output 4 years ago
Johannes 'josch' Schauer bf87e83bdb
make it possible to seed /var/cache/apt/archives with deb packages 4 years ago
Johannes 'josch' Schauer 50d8d5edae
check whether dpkg, apt and others are installed (closes: #18) 4 years ago
Johannes 'josch' Schauer 0a985948cf
create temporary test ext2 image in TMPDIR and not in CWD 4 years ago
Johannes 'josch' Schauer 1000a033e8
release 0.7.1 4 years ago
Johannes 'josch' Schauer 259a188e06
fix typo: 3030 -> 2020 (thanks Trent W. Buck!) 4 years ago
Johannes 'josch' Schauer 65e40c8c34
redirect stderr of dpkg --version to /dev/null to prevent error output if dpkg is too old (thanks Trent W. Buck!) 4 years ago
Johannes 'josch' Schauer 58925dc493
add two more debug messages 4 years ago
Johannes 'josch' Schauer 400b51ad7b
release 0.7.0 4 years ago
Johannes 'josch' Schauer 3713735240
document non-functional --variant=standard due to bug #968217 4 years ago
Johannes 'josch' Schauer 7c752fa8a0
print elapsed time after successful run 4 years ago
Johannes 'josch' Schauer 74725ac451
coverage.sh: test eatmydata and merged-usr hooks 4 years ago
Johannes 'josch' Schauer 465c056434
no longer needs to install twice when --depkgopt=path-exclude is given by filtering the tarball with new tarfilter utility 4 years ago
Johannes 'josch' Schauer 8f09c3e02f
unless in chrootless mode, omitting stuff in /var/lib/dpkg does not depend on the dpkg version outside, but on the version inside the chroot (and we don't know that one yet) 4 years ago
Johannes 'josch' Schauer dd64e8220d
use distro-info-data and debootstrap to help with suite name and keyring discovery 4 years ago
Johannes 'josch' Schauer 87d383d754
replace -t STDERR with a common function that explains the 'no critic' annotation 4 years ago
Johannes 'josch' Schauer 307cbf5a41
prefix certain progress bars with what is being done (closes: #16) 4 years ago
Johannes 'josch' Schauer df18304449
add a new pipe to communicate the number of blocks to the parent instead of abusing the hookhelper/listener 4 years ago
Johannes 'josch' Schauer a5ea38cbad
fix docs: there are four hooks, not three 4 years ago
Johannes 'josch' Schauer 0451d5f004
do not suggest using --dpkgopt=force-unsafe-io because it barely brings any speedups, see Debian bug #613428 4 years ago
Johannes 'josch' Schauer 614ef0e43d
make it clear that --aptopt and --dpkgopt add their content permamently 4 years ago
Johannes 'josch' Schauer 23fb2055e4
fix error message to specify the right command 4 years ago
Johannes 'josch' Schauer 501e29fdeb
fix closedir calls 4 years ago
Johannes 'josch' Schauer 12f41ad33f
fix syntax for perltidy 4 years ago
Johannes 'josch' Schauer 075645289f
add --hook-directory option and a directory with hooks 4 years ago
Johannes 'josch' Schauer e2a759967f
put hook listener into its own function and expose it to the CLI via --hook-listener 4 years ago
Johannes 'josch' Schauer c2c270390b
implement dpkg-realpath in perl so that we don't need to run tar inside the chroot anymore for modes other than fakechroot and proot 4 years ago
Johannes 'josch' Schauer dc67c1f4be
if we got dpkg >= 1.20.0, then we don't have to create certain files and directories ourselves 4 years ago
Johannes 'josch' Schauer 904274b9f4
adjust genext2fs (>= 1.5.0) interface 4 years ago
Johannes 'josch' Schauer 112c0a5a6d
add documentation about --{setup,extract,essential,customize}-hooks and --skip option, making them an official interface 4 years ago
Johannes 'josch' Schauer 40b6155967
add another --dpkgopt example 4 years ago
Johannes 'josch' Schauer 4d041140d5
instead of 'du' we use File::Find to avoid different results on different filesystems, see https://bugs.debian.org/650077 for a discussion 4 years ago
Johannes 'josch' Schauer 655857e525
don't use apt sandboxing in fakechroot or proot modes 4 years ago
Johannes 'josch' Schauer af13116336
do not hide errors even with --quiet 
This change also fixes the problem that when --quiet is given, an error
will never lead to a non-zero exit status because the error function
returns before it runs die()
 4 years ago
Johannes 'josch' Schauer dc9a5dc281
document how to use mmdebstrap as a debootstrap wrapper 4 years ago
Johannes 'josch' Schauer fa12e4f488
create /tmp with chmod 01777 4 years ago
Johannes 'josch' Schauer b60893aa83
add --skip=output/dev 4 years ago
Johannes 'josch' Schauer e1d0a17751
return immediately if nothing to do in download, extract and essential stages 4 years ago
Johannes 'josch' Schauer ccae6de410
fix message 'failed to start' -> 'failed to run' 4 years ago
Johannes 'josch' Schauer be2bb0bb7e
do not emit a tarball with xattrs for squashfs and ext2 output because tar2sqfs and genext2fs do not support extended attributes 4 years ago
Johannes 'josch' Schauer da88c56b9f
warn if chrootless mode is run by the root user 4 years ago
Johannes 'josch' Schauer 6af46f0b4a
fix typo squasfs -> squashfs 4 years ago
Johannes 'josch' Schauer 08319f6c77
Return the same block number irrespective of what is in /dev 
Depending on the mode an on whether mknod works (mount options of
$TMPDIR) different stuff might be in /dev. To make the blocksize in of
the ext2 output format reproducible, ignore the content of /dev.
 4 years ago
Johannes 'josch' Schauer af5841269c
always check if _apt user can access /var/lib/apt/lists/partial 4 years ago
Johannes 'josch' Schauer af4e77903b
add instructions how to convert from ext2 to ext3 and ext4 4 years ago
Johannes 'josch' Schauer 3b67de6d31
add note about the dangers of chrootless mode 4 years ago
Johannes 'josch' Schauer 5cf209996e
format mmdebstrap bold in POD 4 years ago
Johannes 'josch' Schauer 4ea784c1bc
add --skip check/empty 4 years ago
Johannes 'josch' Schauer 1b380e4513
add --skip check/qemu 4 years ago
Helmut Grohne d7f7f8cb34
skip the emulation check in chrootless mode 
Whenever the selected architecture differs from the native architecture
of the system that runs mmdebstrap, mmdebstrap checks whether it can run
the selected architecture. In the majority of cases, this is good and
helps avoid difficult to diagnose issues. However when running in
chrootless mode, we don't actually want to run any binaries from the
target system. For that reason, the emulation check should be skipped in
chrootless mode.
 4 years ago
Johannes 'josch' Schauer 9717faef59
refer to MODES section in docs for directory format 4 years ago
Johannes 'josch' Schauer 2678ccaf38
mention missing TARGET in docs for auto format 4 years ago
Johannes 'josch' Schauer 2ce9555dc5
expand docs for unshare mode 4 years ago
Johannes 'josch' Schauer a0c097a6fa
TARGET must be italic not bold 4 years ago
Johannes 'josch' Schauer f1a952d468
explicitly inform the user why apt-transport-https or apt-transport-tor are getting installed 4 years ago
Johannes 'josch' Schauer 9195972bef
dump contents of /etc/apt/apt.conf.d/99mmdebstrap and /etc/dpkg/dpkg.cfg.d/99mmdebstrap in debug mode 4 years ago
Johannes 'josch' Schauer f6214e343f
add debug output of which command is run in run_progress() 4 years ago
Johannes 'josch' Schauer ab5d5777d5
check whether qemu-$arch-static exists early 4 years ago
Johannes 'josch' Schauer f50ca9bf6d
also warn if /usr/sbin/update-binfmts has non-zero exit 4 years ago
Johannes 'josch' Schauer df1827d991
check if /usr/sbin/update-binfmts exists 4 years ago
Johannes 'josch' Schauer a0c393f256
fix /proc/mounts regex to find binfmt_misc 4 years ago
Johannes 'josch' Schauer d26f5de912
check whether arch-test exists 4 years ago
Johannes 'josch' Schauer 46f477f339
add --skip option 4 years ago
Johannes 'josch' Schauer 1076e9a78d
split up setup() into multiple functions 4 years ago
Johannes 'josch' Schauer 895c388ede
add --format option and ext2 image output 4 years ago
Johannes 'josch' Schauer 15d6f5528b
also print apt-get --version output with --debug 4 years ago
Johannes 'josch' Schauer 8d04ffee64
unset APT_CONFIG env var when running hook 4 years ago
Johannes 'josch' Schauer d29bdafb89
add workaround for dpkg bug to docs 4 years ago
Johannes 'josch' Schauer 323a353548
output tarball if output is named pipe or character special 4 years ago
Johannes 'josch' Schauer 412039bd66
commit de8b6a45 forgot to also run re-install with /proc, /dev and /sys mounted 4 years ago
Johannes 'josch' Schauer 02ed5e33f8
add --extract-hook 4 years ago
Johannes 'josch' Schauer 5fae5e83f9
release 0.6.1 4 years ago
Johannes 'josch' Schauer e1008006fc
add stub for future ext2 image support 4 years ago
Johannes 'josch' Schauer 773249a0ca
document limitation of missing /etc/ld.so.cache when using fakechroot 4 years ago
Johannes 'josch' Schauer 7bad5fb1e6
in unshare mode, the unshared process might not have enough permissions to rmdir root directory -- try again as normal user 4 years ago
Johannes 'josch' Schauer 3922851636
use Dpkg::Vendor::Debian and Dpkg::Vendor::Ubuntu for keyring locations, if they are available 4 years ago
Johannes 'josch' Schauer 89e7dd6756
store temporary files in /tmp inside the rootfs to avoid problems in unshare mode and TMPDIR set 4 years ago
Johannes 'josch' Schauer b9db466a26
add note about usage of /usr/sbin/policy-rc.d 4 years ago
Johannes 'josch' Schauer ff9b6509fb
add more usage examples 4 years ago
Johannes 'josch' Schauer 6c6378a6e0
emit more warnings about setting kernel.unprivileged_userns_clone to 1 4 years ago
Johannes 'josch' Schauer 48914894cb
dump temporary apt.conf with --debug 4 years ago
Johannes 'josch' Schauer 1ff5ba7e9e
set APT::Immediate-Configure to false in dry-run mode 4 years ago
Johannes 'josch' Schauer 3e50d09b43
create temporary apt.conf inside chroot because unshared process might not have permissions to write into TMPDIR 4 years ago
Johannes 'josch' Schauer 9918809a65
add another example about how to use mmdebstrap to make a bootable live system 4 years ago
Johannes 'josch' Schauer bd84829595
unset TMPDIR environment variable for everything running inside the chroot 4 years ago
Johannes 'josch' Schauer 5bf8c3fcf9
add sync, umount and shutdown to guestfish calls 4 years ago
Johannes 'josch' Schauer c4a47947ab
mount /sys and /proc as read-only in root mode 4 years ago
Johannes 'josch' Schauer d503e4fd96
put fh variables into their own scope 4 years ago
Johannes 'josch' Schauer 62159d124a
support deb822-style format apt sources 4 years ago
Johannes 'josch' Schauer 1579d06380
use tempdir(..., TMPDIR => 1) instead of tempdir(..., DIR => File::Spec->tmpdir) 4 years ago
Johannes 'josch' Schauer ae15fe3d9f
convert gpg keyring processing to less nesting and abort earlier if possible 4 years ago
Johannes 'josch' Schauer c26ec4d6fc
instead of hardcoding /etc/apt/trusted.gpg, read it from apt-config shell 4 years ago
Johannes 'josch' Schauer efaea907e9
run apt-cache policy instead of dumping sources.list 4 years ago
Johannes 'josch' Schauer c45e7d9baf
print warning if apt trusted cannot be read 4 years ago
Johannes 'josch' Schauer 75428e37dd
assign the absolute key path and not the relative one 4 years ago
Johannes 'josch' Schauer 64fedc530e
Restore deterministic tar with pax and xattr support 
- all creating and extraction of tarballs respects extended attributes
 - extended attributes require pax format, so explicitly request the
   format
 - to make pax bit-by-bit reproducible, ctime, atime and PID have to be
   removed from the headers with:
   --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime
 - always pass --numeric-owner to tar
 - always pass --xattrs when creating a tar
 - always pass --xattrs --xattrs-include=* when extracting a tar
 4 years ago
Johannes 'josch' Schauer a1df1a9730
fix docs: default variant is 'debootstrap' and not 'required' 4 years ago
Johannes 'josch' Schauer bef4c890d8
if /etc/machine-id exists, replace by an empty file 4 years ago
Johannes 'josch' Schauer 9eaacca795
dump apt config with verbosity level >= 3 4 years ago
Johannes 'josch' Schauer 6455cda34b
release 0.6.0 4 years ago
Johannes 'josch' Schauer c33ded3539
improve differences to debootstrap docs a bit more 4 years ago
Johannes 'josch' Schauer 98c8c573de
coverage.sh: test taridshift 4 years ago
Johannes 'josch' Schauer 30ec192c50
some improvements to the docs 4 years ago
Johannes 'josch' Schauer 6e829ca066
send error package when anything goes wrong in special hook handling 4 years ago
Johannes 'josch' Schauer 7d152ec7e0
add sync-in and sync-out hooks 4 years ago
Johannes 'josch' Schauer 7852a33d01
don't forget chrootless in the list of mode names 4 years ago
Johannes 'josch' Schauer 2cb6438454
add --dry-run and --simulate 4 years ago
Johannes 'josch' Schauer 9441184bf1
reformat some code to keep opening curly brace on the right 4 years ago
Johannes 'josch' Schauer f867384c20
coverage.sh: test with perlcritic 4 years ago
Johannes 'josch' Schauer 4ba82a41cf
format code with perltidy 4 years ago
Johannes 'josch' Schauer bba8922243
reformat code that would exceed 79 character width even after perltidy 4 years ago
Johannes 'josch' Schauer 6abbb3ebd9
wrap POD to 79 characters width 4 years ago
Johannes 'josch' Schauer 2782d14348
rewrite comments so that they fit into 79 characters 4 years ago
Johannes 'josch' Schauer 27bd6df320
add vim modeline 4 years ago
Johannes 'josch' Schauer b10177cb6e
use spaces instead of tabs 4 years ago
Johannes 'josch' Schauer 6d3a824b45
disable Devel::Cover before exec-ing external tools to avoid massive slowdowns 4 years ago
Johannes 'josch' Schauer 4fed488c35
when re-execing itself, keep Devel::Cover options 4 years ago
Johannes 'josch' Schauer dbdf3f34c6
add support for generating squashfs images using tar2sqfs 4 years ago
Johannes 'josch' Schauer c6944d0b8f
cleanup leftovers in /tmp inside the chroot 4 years ago
Johannes 'josch' Schauer 61db086921
also clean package lists and apt cache from sources.d directory 4 years ago
Johannes 'josch' Schauer 327c0e83ca
further document prerequisites and limitations of different modes 4 years ago
Johannes 'josch' Schauer ecd5c7a662
fixup warning message 4 years ago
Johannes 'josch' Schauer 8abb93633c
warn that creating tarball might also fail in proot mode for extract and custom variants 4 years ago
Johannes 'josch' Schauer 05e796cd95
add missing error handlers for fork() and open() calls 4 years ago
Johannes 'josch' Schauer ed0b5069ce
on debug level verbosity, also print the line number 4 years ago
Johannes 'josch' Schauer c8f79cf4b5
document that --xattrs --xattrs-include='*' is needed when extracting a tarball 4 years ago
Benjamin Drung 1dbb576c99
Preserve extended attributes in tarball 
When specifying a tarball as output format, the extended attributes are
lost. This leads to programs like ping fail to run as normal user.

Therefore preserve the extended attributes when generating the tarball.

Signed-off-by: Benjamin Drung <benjamin.drung@cloud.ionos.com>
 4 years ago
Johannes 'josch' Schauer 868081727e
add special hooks copy-in, copy-out, tar-in, tar-out, upload and download 4 years ago
Johannes 'josch' Schauer e6d5d74d87
--keyring now overwrites the default apt keyring 
- apt can only handle one directory and one file as keyring
 - the signed-by option is used to specify the keyrings for suites that
   are not known by apt
 4 years ago
Johannes 'josch' Schauer db1e7f27ad
add oldoldstable and jessie 4 years ago
Johannes 'josch' Schauer 2de2eb6a8c
add space between negation operator and test operator 4 years ago
Johannes 'josch' Schauer 394731102a
before unmounting /proc, check if /proc/sys/fs/binfmt_misc is mounted 4 years ago
Johannes 'josch' Schauer d262d67877
Fix parallel xz compression... hopefully for the last time... 4 years ago
Johannes 'josch' Schauer 9f2ea61265
Fix parallel xz compression 5 years ago
Johannes 'josch' Schauer aad36777e8
add --man option and reduce output of --help option 
Printing the full man page requires the perl-doc package. To avoid this
dependency, print the less verbose output containing only the synopsis
and the option list for the --help option and print the full output
(requiring perldoc) for the --man option.
 5 years ago
Johannes 'josch' Schauer de8b6a457d
also run initial installation of Essential:yes with /proc, /dev and /sys mounted 
In Debian Jessie, init is part of Essential:yes and thus systemd gets
installed which needs working /proc, /dev and /sys
 5 years ago
Johannes 'josch' Schauer 3a1d5413e2
also remove /var/log/apt/eipp.log.xz 5 years ago
Johannes 'josch' Schauer f5afbfaab0
don't let make_path fail if directory already existed 5 years ago
Benjamin Drung 4b82a664da
Use parallel xz compression 
One of mmdebstrap benefits over deboostrap is that it is faster.
Creating a xz tarball as output will take a lot of time, since xz
consumes a lot of compute power and tar uses only one core.

Therefore use parallel xz compression since xz supports it using the -T
parameter.

Closes: #943327
Signed-off-by: Benjamin Drung <benjamin.drung@cloud.ionos.com>
 5 years ago
Johannes 'josch' Schauer bc423e6ab6
Add disclaimer of warranty and limitation of liability 5 years ago
Johannes 'josch' Schauer a2cd0e9843
add --keyring option as a shorthand for --aptopt='Dir::Etc::Trusted... 5 years ago
Johannes 'josch' Schauer 6cac8e70e8
allow multiple --include options and use array instead of hash 
Package order is important when calling apt. Consider this dependency
graph:

    A -> B -> C | D , E -> D | C

"apt install A E" it will install "A B C E"
"apt install E A" it will install "E D A B"
 5 years ago
Johannes 'josch' Schauer e12db588bd
add debug output for unknown data type 5 years ago
Johannes 'josch' Schauer da4f9e4349
check whether /sbin/start-stop-daemon.REAL exists before overwriting it 5 years ago
Johannes 'josch' Schauer daab09bfdd
only write /usr/sbin/policy-rc.d if /usr/sbin exists in the chroot 5 years ago
Johannes 'josch' Schauer e0732140c0
make hooks work in chrootless mode 5 years ago
Johannes 'josch' Schauer d36ba6b371
allow multiple --architecture options and separation by whitespace 5 years ago
Johannes 'josch' Schauer 7eb0851c59
only remove policy-rc.d if it exists 5 years ago
Johannes 'josch' Schauer 1f15f690e7
release 0.5.1 5 years ago
Johannes 'josch' Schauer 59472cc8fc
improve error message about arch not being executable 5 years ago
Johannes 'josch' Schauer 22c90c2ca6
it's possible that apt is already downloaded at the time where we want to install it 5 years ago
Johannes 'josch' Schauer 78358eaf9a
improve --components parsing with comma and whitespace as separator 5 years ago
Johannes 'josch' Schauer 9978cbddcb
turn error when --include is used with essential variant into a warning 5 years ago
Johannes 'josch' Schauer 86b430190f
set qemu binfmt identifier before using it to avoid uninitialized value error 5 years ago
Johannes 'josch' Schauer ec1619d664
release 0.5.0 5 years ago
Johannes 'josch' Schauer 1f5e1483c7
add more to bugs section of man page 5 years ago
Johannes 'josch' Schauer 39a3915ea6
add more examples to man page 5 years ago
Johannes 'josch' Schauer ad6883992a
fix mirror URIs for ubuntu 5 years ago
Johannes 'josch' Schauer 7a4cefaee2
only append to QEMU_LD_PREFIX if it's already set 5 years ago
Johannes 'josch' Schauer b3536b98d0
export QEMU_LD_PREFIX in chrootless mode 5 years ago
Johannes 'josch' Schauer d2a1029ee5
collect all diagnostics about binfmt_misc before throwing error 5 years ago
Johannes 'josch' Schauer d5033dd0d1
also check for situations in which a non-native arch can be executed without emulation 5 years ago
Johannes 'josch' Schauer 3d3d3fe12d
Do not copy /etc/resolv.conf or /etc/hostname if the host system doesn't have them 5 years ago
Johannes 'josch' Schauer 3dc32b81b0
add --force-check-gpg dummy option 5 years ago
Helmut Grohne 4b440a0e01
allow messing with s-s-d in hooks 
Presently, mmdebstrap fails hard if e.g. a --setup-hook removes
start-stop-daemon.REAL.
 5 years ago
Helmut Grohne ea0a6bcd89
make errors about moving s-s-d more verbose 5 years ago
Helmut Grohne 519046094e
fix error message about opening s-s-d 5 years ago
Johannes 'josch' Schauer 58ae0bb97d
select the right mirror for ubuntu, kali and tanglu 5 years ago
Johannes 'josch' Schauer b70d8a0381
fix typo unpriviliged -> unprivileged 5 years ago
Johannes 'josch' Schauer 874a19050c
document that autopkgtest needs an additional entry in /etc/hosts 5 years ago
Johannes 'josch' Schauer c8a3f053d7
document that the full apt syntax can be used 5 years ago
Johannes 'josch' Schauer bfba0e7dce
add more debug output 5 years ago
Johannes 'josch' Schauer 4447769b50
when creating a tarball in chrootless mode, use root ownership 5 years ago
Johannes 'josch' Schauer a921e32e6c
Do not unconditionally read standard input 
mmdebstrap used to attempt reading stdin if it was not a tty. This leads
to unexpected behaviour when mmdebstrap is used through ssh without a
pseudo-terminal allocated like so:

    $ ssh remote mmdebstrap unstable /output/dir http://mirror

This will stall forever, waiting for data on standard input. Or
consider:

    $ ssh remote << END
    > somecommand
    > mmdebstrap unstable /output/dir http://mirror
    > othercommand
    END

This will make mmdebstrap read "othercommand" and everything that
follows as a sources.list entry. To prevent this unexpected behaviour,
the following ways to use mmdebstrap will not be supported anymore:

    $ mmdebstrap unstable /output/dir < sources.list
    $ mmdebstrap unstable /output/dir http://mirror < sources.list

Instead, one must now explicitly pass "-" if one wants mmdebstrap to
read from stdin:

    $ mmdebstrap unstable /output/dir - < sources.list
    $ mmdebstrap unstable /output/dir http://mirror - < sources.list
 5 years ago
Johannes 'josch' Schauer 1219a65723
add /var/lib/dpkg/arch in chrootless mode when chroot architecture differs 5 years ago
Helmut Grohne 4f2e655ad5
Only attempt removing qemu-user-static for root or unshare mode 5 years ago
Johannes 'josch' Schauer 2d2cdfbbc3
create /var/lib/dpkg/cmethopt for dselect (see #930788) 5 years ago
Johannes 'josch' Schauer 68d7ec15bd
fix docs: fakechroot is tried before proot in auto mode 5 years ago
Johannes 'josch' Schauer da489c6a53
Only error out on W: and Err: lines, on "apt-get update" 
Otherwise, maintainer scripts that output W: or Err: lines will break
package installation on "apt-get install".
 5 years ago
Johannes 'josch' Schauer c734a59f86
chdir to parent of root before remove_tree to prevent 'cannot stat initial working directory' of File::Path 5 years ago
Johannes 'josch' Schauer ca37c4e89e
chmod 0755 on qemu-user-static binary 5 years ago
Johannes 'josch' Schauer 14d3a4e30f
add Dir::State::Status to apt config for apt << 1.3 5 years ago