mmdebstrap

Author	SHA1	Message	Date
Johannes Schauer Marin Rodrigues	7123808b6c	do not clean up /run/lock as /var/lock is a symlink to it according to Debian policy §9.1.4	2022-09-06 21:30:48 +02:00
Johannes Schauer Marin Rodrigues	410c5fcb24	fix --include option for files and add test case	2022-09-06 13:06:40 +02:00
Johannes Schauer Marin Rodrigues	9682e74385	release 1.2.0	2022-09-05 06:26:40 +02:00
Johannes Schauer Marin Rodrigues	b0caeeef54	bump dates to 2022	2022-09-05 06:25:24 +02:00
Johannes Schauer Marin Rodrigues	d209fb0c11	reformat with perltidy	2022-09-05 06:21:17 +02:00
Johannes Schauer Marin Rodrigues	f4a3865c00	Remove support for proot. The proot mode was broken from the start because in contrast to fakechroot, no ownership information can be retained across multiple invocations of proot. Since mmdebstrap started using apt from the outside by setting DPkg::Chroot-Directory in mmdebstrap 0.8.0 proot mode was finally completely broken because proot cannot wrap the chroot call done by apt. Users of proot are recommended to run mmdebstrap in fakechroot mode and then use proot with the resulting directory.	2022-09-05 06:21:17 +02:00
Johannes Schauer Marin Rodrigues	7e8931578b	Store --include option values in MMDEBSTRAP_INCLUDE for hooks	2022-09-05 06:21:07 +02:00
Johannes Schauer Marin Rodrigues	e1f0b0fa40	ensure operator precedence using more parenthesis	2022-09-02 23:38:53 +02:00
Johannes Schauer Marin Rodrigues	e875bca7fb	support apt patterns and paths with commas and whitespace for the --include option	2022-09-02 23:35:56 +02:00
Johannes Schauer Marin Rodrigues	0af22912f7	also delete everything in /run and add --skip=cleanup/run	2022-09-02 23:29:52 +02:00
Johannes Schauer Marin Rodrigues	add9412a47	add --skip=chroot/mount and --skip=chroot/mount/dev, --skip=chroot/mount/proc, --skip=chroot/mount/sys	2022-09-02 23:27:27 +02:00
Johannes Schauer Marin Rodrigues	e61e352f67	add --skip=chroot/start-stop-daemon and --skip=chroot/policy-rc.d	2022-09-02 23:25:48 +02:00
Johannes Schauer Marin Rodrigues	18c1e9bbc5	multiple skip options can be passed by separating them by comma or whitespace	2022-09-02 23:23:53 +02:00
Gioele Barabucci	7ce6db0ca7	mmdebstrap: Show APT's dependency trace when in debug mode A dependency trace is a powerful tool to debug issues related to APT's selection of packages, especially in custom mode. Thus it makes sense to ask APT to output a dependency trace when `mmdebstrap` is run with the `--debug` flag.	2022-09-02 10:46:51 +02:00
Johannes Schauer Marin Rodrigues	226f86fea9	fix mmdebstrap hanging if apt in download step failed (closes: #1017795 )	2022-08-30 21:55:57 +02:00
Johannes Schauer Marin Rodrigues	34a9de929d	use standard character classes instead of bracketed character classes	2022-07-28 17:22:47 +02:00
Johannes Schauer Marin Rodrigues	b385eb548a	only check first argument if we have one	2022-07-28 17:21:27 +02:00
Johannes Schauer Marin Rodrigues	d82afec5de	error out if stdout is a tty	2022-07-28 17:20:57 +02:00
Johannes Schauer Marin Rodrigues	3fcb125e3c	release 1.1.0	2022-07-26 22:29:09 +02:00
Johannes Schauer Marin Rodrigues	35dc676394	relax apt version regex to allow devuan apt versions like 2.5.0devuan1	2022-07-26 22:29:09 +02:00
Johannes Schauer Marin Rodrigues	0ae0adde26	document mmdebstrap hanging forever instead of ENOSPC in qemu as a comment	2022-07-26 22:29:09 +02:00
Johannes Schauer Marin Rodrigues	5e22e0bfc8	adjust message about file-mirror-automount hook	2022-07-26 22:29:09 +02:00
Johannes Schauer Marin Rodrigues	d91a18a350	Adjust merged-/usr as it's done by debootstrap - implements the same as debootstrap in https://salsa.debian.org/installer-team/debootstrap/-/merge_requests/71 - builds a temporary usr-is-merged package and upgrades to the real one - create merged-/usr chroots for unstable and testing (which will become Debian 12 Bookworm) - add a dedicated merged-/usr section to the manual page	2022-07-26 22:29:08 +02:00
Johannes Schauer Marin Rodrigues	009089ee8a	Mount a new instance of /dev/pts in the chroot Before, we bind-mounted /dev/ptmx and /dev/pts from the host into the chroot. This will make posix_openpt() fail with 'No such file or directory'. The ability to create pseudo terminals is important for apt (which will throw a warning otherwise) or running script(1) or source package testsuites like for src:util-linux. This functionality is restored by mounting a new devpts instance to /dev/pts and making /dev/ptmx a symlink to /dev/pts/ptmx. Mounting with ptmxmode=666 is required such that also non-root users in unshare mode are able to create pseudo terminals. See also: https://www.kernel.org/doc/Documentation/filesystems/devpts.txt https://salsa.debian.org/debian/schroot/-/merge_requests/2 https://bugs.debian.org/856877 https://bugs.debian.org/817236	2022-06-14 08:26:48 +02:00
Johannes Schauer Marin Rodrigues	c37e5e6059	tests/custom-tmpdir: try running mmdebstrap in a TMPDIR with special shell characters in its path	2022-06-04 08:30:53 +02:00
Johannes Schauer Marin Rodrigues	b46149b851	release 1.0.1	2022-05-29 09:45:03 +02:00
Johannes Schauer Marin Rodrigues	e4ef326b59	Only set up FAKECHROOT_CMD_SUBST for paths in PATH containing the original binary If FAKECHROOT_CMD_SUBST sets up wrong substitutions, then binaries cannot be found. For example if /usr/bin/chroot is listed in FAKECHROOT_CMD_SUBST but /usr/sbin (the actual location of the chroot binary) is not in PATH, the command fails	2022-05-29 08:11:43 +02:00
Johannes Schauer Marin Rodrigues	158956e213	release 1.0.0	2022-05-28 17:51:14 +02:00
Johannes Schauer Marin Rodrigues	e71676e15c	use warning() instead of warn() when unmounting /sys and /proc fails	2022-05-28 17:47:51 +02:00
Johannes Schauer Marin Rodrigues	cffd47e087	drop /usr/sbin prefixes from executables	2022-05-26 07:36:22 +02:00
Johannes Schauer Marin Rodrigues	c6c9c27969	use DPkg::Path as default value for PATH	2022-05-26 07:36:22 +02:00
Johannes Schauer Marin Rodrigues	27926c75f9	unify checking if tools exist by running them with --version	2022-05-26 07:36:22 +02:00
Johannes Schauer Marin Rodrigues	0f9c6543c4	improve qemu-user - rephrase info message to be less misleading - do not require qemu-$arch-static binary - check if /proc/sys/fs/binfmt_misc/qemu-$arch exists before reading it	2022-05-26 07:36:22 +02:00
Johannes Schauer Marin Rodrigues	b99f1d53d5	add file-mirror-automount hook-dir	2022-05-26 07:36:21 +02:00
David Kalnischkies	cc3150ef04	Rework download stage to allow file:// mirrors - factor out package downloading function - replace -oApt::Get::Download-Only=true by -oDebug::pkgDpkgPm=1 - remove guessing of package names in /var/cache/apt/archives/ - drop edsp parsing with proxysolver/mmdebstrap-dump-solution to obtain downloaded filenames in favour of -oDpkg::Pre-Install-Pkgs::=cat - /var/cache/apt/archives/ is now allowed to contain packages - drop --skip=download/empty - file:// mirrors are now supported if their path is available inside the chroot	2022-05-26 07:36:21 +02:00
Johannes Schauer Marin Rodrigues	dc8b09ed50	fix pod formatting typo	2022-05-24 04:15:25 +02:00
Johannes Schauer Marin Rodrigues	21b23ebb9f	set MMDEBSTRAP_VERBOSITY in hooks	2022-05-24 04:14:08 +02:00
Johannes Schauer Marin Rodrigues	0664792cd5	manually push option arguments to array instead of using s@ By mixing s@ for --$foo-hook options and manual pushing in --hook-dir, it can happen that options get lost. Consider the following test: use Getopt::Long; my $arr = []; GetOptions( 'A=s@' => \$arr, 'B=s' => sub { push @{$arr}, $_[1]; } ); foreach my $hook (@{$arr}) { print "hook: $hook\n"; } This works fine: perl test.pl --A=a1 --B=b1 --A=a2 --B=b2 hook: a1 hook: b1 hook: a2 hook: b2 This misses b1: perl test.pl --B=b1 --A=a2 --B=b2 hook: a2 hook: b2	2022-05-24 04:09:41 +02:00
Johannes Schauer Marin Rodrigues	26af846d0a	fix that cached debs were not returned if there was nothing to download	2022-05-23 23:30:29 +02:00
Johannes Schauer Marin Rodrigues	5c5f7de898	more documentation for TMPDIR	2022-05-22 02:57:42 +02:00
Johannes Schauer Marin Rodrigues	29b23bbcbc	document how to build on top of an existing tarball	2022-05-22 02:57:01 +02:00
Johannes Schauer Marin Rodrigues	d10f320f5d	document how to build an sbuild unshare chroot mode tarball	2022-05-22 02:56:21 +02:00
Johannes Schauer Marin Rodrigues	ce23e702e2	fixup comparison with debootstrap	2022-05-22 02:54:41 +02:00
Johannes Schauer Marin Rodrigues	09f1dd2ee6	Improve documentation of reproducibility of /etc/resolv.conf and /etc/hostname Closes: #26	2022-05-11 10:47:25 +02:00
Johannes Schauer Marin Rodrigues	57e0ecb20f	release 0.8.6	2022-03-25 14:27:25 +01:00
Johannes Schauer Marin Rodrigues	70b081d299	allow running root mode inside unshare mode	2022-03-25 14:25:54 +01:00
Johannes Schauer Marin Rodrigues	64ba5f8229	release 0.8.5	2022-03-07 23:44:45 +01:00
Johannes Schauer Marin Rodrigues	409ce1cfee	improve man page further	2022-03-07 23:41:58 +01:00
Johannes Schauer Marin Rodrigues	7044baf6b1	run busybox from an absolute path to allow running it even when /proc is not mounted as busybox uses /proc/self/exe to figure out its own path	2022-03-07 11:27:10 +01:00
Johannes Schauer Marin Rodrigues	489e51a2eb	Run File::Find::find with no_chdir=>1 Without no_chdir=>1 the unshared child process in unshare mode needs read permissions for the directory from which mmdebstrap is executed. With this change, the current working directory does not need to be world-readable anymore. Closes: #1005857 Reported-by: Trent W. Buck <trentbuck@gmail.com>	2022-02-16 10:53:05 +01:00
Gioele Barabucci	5fa2457fd5	mmdebstrap: Add mbr.bin installation to autopkgtest-build-qemu instructions The generated image will not be bootable if `mbr.bin` is not installed into the MBR. These lines are copied from the "Debian desktop on USB stick" example.	2022-02-13 20:00:35 +01:00
Gioele Barabucci	8e6f183b3f	mmdebstrap: Install mbr.bin in /boot and keep after installation	2022-02-13 19:56:39 +01:00
Gioele Barabucci	97e6981ddc	mmdebstrap: Read extlinux's MBR from /usr/lib/EXTLINUX `/usr/lib/SYSLINUX` is not available if only `extlinux` is installed.	2022-02-13 19:55:29 +01:00
Gioele Barabucci	22c0ba45a0	mmdebstrap: Use ext4 instead of ext2 in examples	2022-02-13 17:44:25 +01:00
Gioele Barabucci	829df60242	mmdebstrap: Align autopkgtest-build-qemu and USB stick examples Write the same `guestfish` instructions in the same way in both the `autopkgtest-build-qemu` and the "Debian desktopn on a USB stick" example.	2022-02-13 17:42:26 +01:00
Johannes Schauer Marin Rodrigues	070a9cecb7	release 0.8.4	2022-02-11 23:04:31 +01:00
Johannes Schauer Marin Rodrigues	38a81e75bb	remove information about kernel.unprivileged_userns_clone from the man page	2022-02-11 23:02:31 +01:00
Johannes Schauer Marin Rodrigues	ce8a9f8764	also remove /var/lib/dbus/machine-id	2022-02-11 23:01:56 +01:00
Johannes Schauer Marin Rodrigues	e865ce850f	document another advantage of running apt outside the chroot	2022-02-11 23:01:36 +01:00
Johannes Schauer Marin Rodrigues	2b60a932a9	don't install essential packages in run_install()	2022-02-11 23:01:08 +01:00
Johannes Schauer Marin Rodrigues	632a918780	release 0.8.3	2022-01-08 08:37:00 +01:00
Johannes Schauer Marin Rodrigues	6ba6d10c4f	document that 'upload' doesn't retain permissions and ownership	2022-01-08 08:33:41 +01:00
Johannes Schauer Marin Rodrigues	4f811b7117	print errer message if mmdebstrap failed to run	2022-01-08 08:32:09 +01:00
Johannes Schauer Marin Rodrigues	ff2910a746	send SIGHUP to children if tar failed	2022-01-08 08:31:50 +01:00
Johannes Schauer Marin Rodrigues	0da6f103a1	hardcode 'stable' to use stable-security mirror	2022-01-08 08:31:26 +01:00
Johannes Schauer Marin Rodrigues	388c7980d3	don't copy in qemu-user-static if we don't need to	2022-01-08 08:29:48 +01:00
Johannes Schauer Marin Rodrigues	8bc6a4daa9	set PATH in main instead of run_setup	2022-01-08 07:44:05 +01:00
Johannes Schauer Marin Rodrigues	0383efc554	don't overwrite existing files in setup	2022-01-07 23:15:07 +01:00
Johannes Schauer Marin Rodrigues	1b0f7f1138	make $@ local, so we don't print "Can't locate Undefined subroutine &Devel::Cover::get_coverage called" in other parts where we evaluate $@	2022-01-07 23:15:07 +01:00
Johannes Schauer Marin Rodrigues	88619e4d9c	test codename apt pattern as well, requires apt >= 2.3.14 closes: #21	2022-01-07 12:46:42 +01:00
Johannes Schauer Marin Rodrigues	5d8943b739	release 0.8.2	2021-12-14 21:07:04 +01:00
Johannes Schauer Marin Rodrigues	7501708aaf	perltidy 20200110 -> 20210717	2021-12-14 21:07:04 +01:00
Konstantin Demin	e4e10b670c	allow custom daemon startup prevention don't bother with /sbin/start-stop-daemon and /usr/sbin/policy-rc.d if they're not a regular files (e.g. symlinks) Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>	2021-12-06 00:28:34 +03:00
Johannes Schauer Marin Rodrigues	c4a43ea0f9	make $@ local, so we don't print "Can't locate Dpkg/Vendor/Debian.pm" in other parts where we evaluate $@	2021-11-29 21:15:59 +01:00
Johannes Schauer Marin Rodrigues	60d69f6f78	Use apt patters to select priority variants - requires apt >= 2.3.10 - we can drop having to run apt-get indextargets and parse Packages files ourselves - we can drop the layer violation that computed the package set in run_download() and passed the package set around in setup() to run_install() - packages are selected by suite unless the suite is the empty string	2021-11-09 07:31:56 +01:00
Johannes Schauer Marin Rodrigues	3b41fe6805	document mmdebstrap as docker/podman replacement	2021-11-07 10:00:48 +01:00
Raul Tambre	c61e81a244	Relax dpkg version regex For non-release builds the version will include the number of commits since last release and the commit hash with dashes, e.g. 1.20.8-46-g0881. For downstream distros it seems it may include their identification strings, e.g. 1.20.9ubuntu2. Make the regex match everything after the version number to avoid incorrectly erroring on such versions. Fixes #18	2021-11-06 23:04:27 +02:00
Johannes Schauer Marin Rodrigues	7a062661e5	release 0.8.1	2021-10-07 13:35:39 +02:00
Johannes Schauer Marin Rodrigues	1d2a7ef71a	enforce dpkg >= 1.20.0 and remove dead code	2021-10-07 10:51:20 +02:00
Johannes Schauer Marin Rodrigues	4f278deadf	use rm and find instead of remove_tree() * remove_tree() requires the CWD to be accessible or fails with cannot chdir to $CWD from $DIR_TO_DELETE: Permission denied, aborting. * CWD is not always accessible -- example: run mmdebstrap from a directory only accessible by the current user (like a tempdir) in unshare mode * find from findutils also requires CWD to be accessible but it's easier to temporarily change CWD in a subprocess because using there is no utility in perl core that changes CWD temporarily and cleans up after itself * we need to use find from findutils instead of rm in unshare mode because the root directory itself might not be removable by the unshared user so we only want to remove its subdirectories	2021-10-07 07:07:45 +02:00
Johannes Schauer Marin Rodrigues	c2d988b475	enforce apt >= 2.3.7 and remove dead code (closes: #14 )	2021-10-06 23:30:09 +02:00
Johannes Schauer Marin Rodrigues	28cb757742	do not run xz and zstd with --threads=0 There are now systems with 160 cores (debci runs on two Ampere Altra ARMv8 Neoverse-N1), which makes xz fail with: "xz: (stdin): Cannot allocate memory"	2021-09-24 22:09:24 +02:00
Johannes Schauer Marin Rodrigues	12ec2c50aa	also create cmethopt and available in chrootless mode - this allows bit-by-bit identical output of chrootless mode compared to other modes	2021-09-22 15:22:35 +02:00
Johannes Schauer Marin Rodrigues	1a4491b4d3	release 0.8.0	2021-09-21 14:20:58 +02:00
Johannes Schauer Marin Rodrigues	2c945e4c87	improve fakechroot LD_LIBRARY_PATH - use /etc/ld.so.conf from the chroot instead of the host - parse /etc/ld.so.conf instead of blindly accessing /etc/ld.so.conf.d - add libraries from the chroot instead of the host	2021-09-21 14:17:31 +02:00
Johannes Schauer Marin Rodrigues	ddb642a1dc	update apt MR urls	2021-09-19 19:38:52 +02:00
Johannes Schauer Marin Rodrigues	dceb881bd0	drop DPkg::Install::Recursive::force=true (requires apt >= 2.3.7)	2021-09-19 19:37:06 +02:00
Johannes Schauer Marin Rodrigues	6d59d51a4a	add ldconfig.fakechroot and translate symlinks for bit-by-bit identical buildd variant	2021-09-16 16:23:46 +02:00
Johannes Schauer Marin Rodrigues	6a22e05d59	document that zstd is also called with --threads=0	2021-09-16 16:12:35 +02:00
Johannes Schauer Marin Rodrigues	c7390f648b	be more permissive in the FAKECHROOT_DETECT version format	2021-09-16 16:12:20 +02:00
Johannes Schauer Marin Rodrigues	631b103ca7	check for symlink first to compute disk usage because -f und -s otherwise follow symlinks	2021-09-16 16:11:34 +02:00
Johannes Schauer Marin Rodrigues	101229aa04	add a newline to /etc/machine-id as systemd does the same	2021-09-16 16:08:07 +02:00
Johannes Schauer Marin Rodrigues	5b0bb46421	add gpgvnoexpkeysig	2021-09-15 16:10:22 +02:00
Johannes Schauer Marin Rodrigues	6851cd7cb4	move hooks/setup00-merged-usr.sh -> hooks/merged-usr/setup00.sh, expand docs	2021-09-03 12:04:40 +02:00
Johannes Schauer Marin Rodrigues	6a8fbae9d8	make fakechroot mode bit-by-bit identical to the others	2021-08-29 10:25:34 +02:00
Johannes Schauer Marin Rodrigues	7d472ca116	document on how to use mmdebstrap with podman	2021-08-27 11:53:32 +02:00
Johannes Schauer Marin Rodrigues	047619967e	also check whether CAP_SYS_ADMIN is in the bounding set	2021-08-27 11:53:11 +02:00
Johannes Schauer Marin Rodrigues	5a5f57b404	Automatically skip using mount if that's not possible - instead of throwing an error, just print a warning - can now run as root without cap_sys_admin - can now run without mount installed - --skip=check/canmount is not needed anymore	2021-08-26 15:40:27 +02:00
Johannes Schauer Marin Rodrigues	1a18160fe8	document that apt-transport-https, ca-certificates and apt-transport-tor are no longer installed automatically	2021-08-26 11:17:13 +02:00
Johannes Schauer Marin Rodrigues	91d8be5f9c	Do not use gpg --trust-model=always - gpg will not create a trustdb when running with --update-trustdb with --trust-model=always: gpg: no need for a trustdb update with 'always' trust model - subsequent gpg calls will fail because there is no trustdb in GPGHOME	2021-08-26 07:58:27 +02:00
Johannes Schauer Marin Rodrigues	850eeb24d5	more code comments	2021-08-25 05:21:57 +02:00
Johannes Schauer Marin Rodrigues	8b12375de3	add more references to #808203	2021-08-25 05:15:44 +02:00
Johannes Schauer Marin Rodrigues	c627606110	document copy:// vs. file://	2021-08-23 10:41:44 +02:00
Johannes Schauer Marin Rodrigues	60dba1c19e	fixup read_subuid_subgid - use $REAL_USER_ID from English instead of $< - use getgrgid $REAL_GROUP_ID to get the group name instead of assuming the group name to be equal to the user name - also check whether /etc/subgid exists and is readable	2021-08-19 13:02:44 +02:00
Joe Groocock	15029c1c3b	improve error message for missing /etc/subuid entry (closes: #9 )	2021-08-19 11:18:53 +02:00
Johannes Schauer Marin Rodrigues	3c37d692a0	write 'uninitialized' to /etc/machine-id to support systemd ConditionFirstBoot (closes: #10 )	2021-08-19 07:18:21 +02:00
Nicolas Vigier	5283d74dfe	Remove files inside the auxfiles directory This is fixing the error: cannot rmdir /var/lib/apt/lists/auxfiles: Directory not empty at ./mmdebstrap/mmdebstrap line 3084. which happens when using apt-transport-mirror.	2021-08-19 07:18:21 +02:00
Johannes Schauer Marin Rodrigues	ea82b267c9	only run test_unshare_userns() if not root user	2021-08-18 22:06:16 +02:00
Johannes Schauer Marin Rodrigues	dfbf9cdcef	several fixes to chrootless mode	2021-08-17 23:39:20 +02:00
Johannes Schauer Marin Rodrigues	f868073b6e	add --skip=setup, --skip=update and --skip=cleanup	2021-08-17 11:11:00 +02:00
Johannes Schauer Marin Rodrigues	98f1f0abde	use apt pattern to select essential set	2021-08-17 10:30:06 +02:00
Johannes Schauer Marin Rodrigues	3e488dd1dd	use apt from the outside by setting DPkg::Chroot-Directory	2021-08-16 22:33:39 +02:00
Johannes Schauer Marin Rodrigues	c63ad87310	changes for release of Debian 11 Buster	2021-08-16 13:11:42 +02:00
Johannes Schauer Marin Rodrigues	594ea3c72e	improve busybox and --hook-dir examples in man page -- thanks Jochen Sprickerhof!	2021-05-31 16:33:34 +02:00
Johannes Schauer Marin Rodrigues	3f79c18a0d	since apt 2.1.16 we can use --error-on=any and do not anymore need to error out on all W: lines (closes: #6 )	2021-05-31 11:17:45 +02:00
Benjamin Drung	0378c101bb	Pass extended attributes (excluding system) to tar2sqfs /bin/ping (from iputils-ping) uses the security capabilities to allow users to use the program: ``` $ getcap /bin/ping /bin/ping cap_net_raw=ep ``` Debian testing/unstable images (variant important) contain security and system attributes: ``` $ mmdebstrap --variant=important bullseye root.tar $ tar --xattrs --xattrs-include='' -vv -tf root.tar \| grep -B 1 '^ ' -rwxr-xr-x 0/0 77432 2021-02-02 18:49 ./bin/ping x: 20 security.capability -- drwxr-sr-x* 0/102 0 2021-05-07 15:10 ./var/log/journal/ x: 44 system.posix_acl_access x: 44 system.posix_acl_default ``` When generating a squashfs image with mmdebstrap 0.7.5-2, these security capabilities are lost. Example for building a squashfs image in a minimal Debian unstable schroot: ``` $ apt install -y mmdebstrap squashfs-tools-ng $ mmdebstrap --variant=important buster root.squashfs $ rdsquashfs -x /bin/ping root.squashfs $ ``` tar2sqfs from squashfs-tools-ng 1.0.4-1 supports encoding extended attributes from the namespace `user`, `trusted`, and `security` (see `include/sqfs/xattr.h`). GNU tar (version 1.34) supports these three namespaces plus the namespace `system`. Passing extended attributes from the `system` namespace to tar2sqfs will produce an error: ``` ERROR: squashfs does not support xattr prefix of system.posix_acl_default ``` So pass the extended attributes to tar2sqfs, but exclude the `system` namespace. Then ping will keep its security attributes: ``` $ rdsquashfs -x /bin/ping root.squashfs security.capability=0x0100000200200000000000000000000000000000 ``` Closes: #988100 Signed-off-by: Benjamin Drung <benjamin.drung@ionos.com>	2021-05-17 21:43:10 +02:00
Johannes Schauer Marin Rodrigues	88a031477a	add --skip=cleanup/apt/lists and --skip=cleanup/apt/cache	2021-05-09 20:44:02 +02:00
Vagrant Cascadian	c51fb24c7b	Use all cores when compressing with zstd.	2021-05-09 17:32:04 +02:00
Johannes Schauer Marin Rodrigues	236b84a486	tarfilter: add --pax-exclude and --pax-include to strip extended attributes because tar2sqfs only supports user., trusted. and security.*	2021-05-07 09:39:40 +02:00
Johannes Schauer Marin Rodrigues	ebfac91738	also choose null format if stdout is /dev/null and check whether major and minor number of /dev/null are as expected to avoid false positives	2021-05-04 15:01:53 +02:00
Konstantin Demin	ccd4b5c163	gpg: handle ASCII-armored keyrings as well gpg command "--list-keys" requires input files to be passed with option "--keyring" and each file must match type "public keyring v4" while gpg command "--show-keys" doesn't require extra options and handles also ASCII-armored public keyrings as well. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>	2021-04-25 22:33:37 +03:00
Helmut Grohne	2767b051bc	implement --format=null	2021-03-25 07:04:14 +01:00
Johannes Schauer Marin Rodrigues	4c17f36072	better document the TMPDIR env var	2021-03-08 19:33:51 +01:00
Johannes Schauer Marin Rodrigues	5a3d1ab5c4	Rework /dev, /sys, /proc mounting - assume all entries in @devfiles to be in /dev - allow for /dev, /sys and /proc not to exist in the target and print warning - allow for /dev entries as well as /sys and /proc not to exist on the outside - simplify umount by storing special options in @umountopts - remove superfluous checks for root and unshare mode - make sure /dev entries are less than 100 chars in size for tar	2021-03-08 08:04:35 +01:00
Johannes Schauer Marin Rodrigues	d52eaa4814	instead of checking for defined-ness and then comparing with the empty string, we can just use 'length' which returns undef if its argument is undef	2021-03-08 07:54:04 +01:00
Johannes Schauer Marin Rodrigues	270fd09b43	update copyright information	2021-03-08 07:52:14 +01:00
Johannes Schauer Marin Rodrigues	d5c8a85ace	document problems with chrootless mode in man page	2021-02-23 12:50:18 +01:00
Johannes Schauer Marin Rodrigues	ecbc10794c	warn if --dpkgopt is used in chrootless mode because of #808203	2021-02-23 12:49:46 +01:00
Johannes Schauer Marin Rodrigues	49f464e7da	create /etc/dpkg/dpkg.cfg.d/ if --dpkgopt is used	2021-02-23 12:49:26 +01:00
Johannes Schauer Marin Rodrigues	067daaf4c2	also run unshare with --propagation unchanged in root mode	2021-02-19 12:53:14 +01:00
Josh Triplett	f8fc7d9bbf	Fix typo in hook directory example	2021-02-06 18:58:30 +01:00
Johannes Schauer Marin Rodrigues	976cc9c1c4	release 0.7.5	2021-02-06 14:46:37 +01:00
Johannes Schauer Marin Rodrigues	73cd7cd2e8	run unshare --mount with --propagation unchanged to prevent 'cannot change root filesystem propagation' when running mmdebstrap from inside a chroot	2021-02-06 10:11:53 +01:00
Johannes Schauer Marin Rodrigues	39167dbc30	expose hook name to hooks via MMDEBSTRAP_HOOK environment variable	2021-02-06 09:18:05 +01:00
Johannes Schauer Marin Rodrigues	8a4f4d90ab	remove example showing mmdebstrap as debootstrap replacement for sbuild-createchroot as it doesn't work in unshare mode	2021-02-04 17:47:40 +01:00
Johannes Schauer Marin Rodrigues	e1e0df7799	skip emulation check for extract variant	2021-02-04 17:47:10 +01:00
Johannes Schauer Marin Rodrigues	c740b01dc8	unset TMPDIR in hooks because there is no value that works inside as well as outside the chroot	2021-02-04 17:46:39 +01:00
Johannes Schauer Marin Rodrigues	0595c5c220	add new suite name trixie	2021-02-04 17:43:33 +01:00
Johannes Schauer Marin Rodrigues	7a43ff89dc	improve dpkg and apt version parsing	2021-02-04 17:42:40 +01:00
Johannes 'josch' Schauer	d9633d05fe	release 0.7.4	2021-01-16 00:33:40 +01:00
Johannes 'josch' Schauer	7bd733fb8b	In root mode, check whether it's possible to mount - even if the user is root, they might not have permission to mount - check for CAP_SYS_ADMIN and unshare --mount before proceeding - allow one to disable the check with --skip=check/canmount - this is useful in container environments like docker	2021-01-13 18:40:29 +01:00
Johannes 'josch' Schauer	205f5c2692	document how to use mmdebstrap to create a docker chroot	2021-01-13 18:08:04 +01:00
Johannes 'josch' Schauer	4693034138	allow unshare as root user - this is useful when you are already root and want the benefits of unsharing the mount namespace to prevent messing up your system - if the unshare mode is used as root, the user namespace is not unshared anymore and newuidmap, setuid and friends are not called anymore - if the unshare mode is used as non-root test if the user namespace can be unshared, otherwise test if the mount namespace can be unshared	2021-01-13 16:15:59 +01:00
Johannes 'josch' Schauer	ea6bbc1d9c	#898446 got closed and the default of kernel.unprivileged_userns_clone changed to 1	2021-01-09 19:44:39 +01:00
Johannes 'josch' Schauer	62bcf3261e	do not run an additional env command inside the chroot	2021-01-09 19:44:00 +01:00
Johannes 'josch' Schauer	7ff3f53fb9	apt 2.1.16 fixed immediate configure	2021-01-09 19:43:15 +01:00
Johannes 'josch' Schauer	ac21074243	set MMDEBSTRAP_APT_CONFIG, MMDEBSTRAP_MODE and MMDEBSTRAP_HOOKSOCK for hook scripts	2021-01-09 19:41:59 +01:00
Johannes 'josch' Schauer	9484107392	set PATH if it's unset or empty	2021-01-06 11:49:29 +01:00
Johannes 'josch' Schauer	2d03a81997	coverage.sh: reenabling tests because bugs got fixed - systemd didn't get fixed but somehow the order matches again (bug #963788) - python is installable again (bug #968217) - apt immediate configure was not fixed but src:glibc changed to not trigger the bug anymore (bugs #973305, #973325 and #972552)	2021-01-06 11:33:37 +01:00
Johannes 'josch' Schauer	0b2a0c5a55	release 0.7.3	2020-12-02 06:15:54 +01:00

1 2 3 4 5 ...

592 commits