rockdrilla/mmdebstrap
1
0
Fork 0
forked from josch/mmdebstrap
Code Issues Pull requests Projects Releases Wiki Activity
1122 commits 2 branches 0 tags 17 MiB
Commit graph

625 commits

Author SHA1 Message Date
Johannes Schauer Marin Rodrigues
ea2b57870b
warn if a hook is named like one but not executable and if a hook is executable but not named like one 2023-01-16 07:55:27 +01:00
Johannes Schauer Marin Rodrigues
0b7188ce32
be more verbose when 'apt-get update' failed 2023-01-16 07:54:27 +01:00
Johannes Schauer Marin Rodrigues
9945e65701
skip running apt-get update if we are very sure that it was already run 2023-01-16 07:43:09 +01:00
Johannes Schauer Marin Rodrigues
5fd96553f5
release 1.2.5 2023-01-04 07:24:50 +01:00
Johannes Schauer Marin Rodrigues
b67d30cb86
mmdebstrap: bump copyright year 2023-01-04 07:24:14 +01:00
Johannes Schauer Marin Rodrigues
d4eb268795
warn if hook directory contains no executable scripts 2023-01-04 07:23:56 +01:00
Johannes Schauer Marin Rodrigues
4595d3df44
release 1.2.4 2022-12-23 10:57:11 +01:00
Johannes Schauer Marin Rodrigues
2b832e0128
add jessie-or-older extract hook 2022-12-23 10:06:28 +01:00
Johannes Schauer Marin Rodrigues
a7b7e16033
move extract hook execution after run_prepare so that fakechroot works in it 2022-12-23 10:06:28 +01:00
Johannes Schauer Marin Rodrigues
eb98dfbaee
apt also needs /var/lib to exist 2022-12-23 10:06:28 +01:00
Johannes Schauer Marin Rodrigues
6c5210a94f
error out early if setup fails and thus the ext2 block reader returns EOF 2022-12-23 10:06:28 +01:00
Johannes Schauer Marin Rodrigues
a6a31e60eb
make sure that the unshared user has read access to the included package files 2022-12-23 10:06:28 +01:00
Johannes Schauer Marin Rodrigues
0dfd9adf2b
make sure absolute package paths start with a slash and are readable files 2022-12-23 10:06:28 +01:00
Johannes Schauer Marin Rodrigues
2fd3d768e8
avoid division by zero in progress computation 2022-12-23 10:06:27 +01:00
Johannes Schauer Marin Rodrigues
830270840b
make sure genext2fs and genext2fs exist for the respective formats 2022-12-21 20:02:56 +01:00
Jochen Sprickerhof
374ae3dc99
use $username for subgid check 
/etc/subgid contains a mapping of user names (not group names) to group
ids as defined in man subgid.
 2022-11-18 21:39:15 +01:00
Johannes Schauer Marin Rodrigues
7a057e37dd
release 1.2.3 2022-11-16 14:06:50 +01:00
Johannes Schauer Marin Rodrigues
889c02419e
update for perltidy 20220613 2022-11-15 14:48:01 +01:00
Johannes Schauer Marin Rodrigues
420080648e
Revert "add another --dpkgopt example" 
This reverts commit 40b6155967.

dpkg does not support the {foo,bar,baz} type of glob

Closes: #28
 2022-11-14 14:35:12 +01:00
Johannes Schauer Marin Rodrigues
ea146ad108
add undocumented --chrooted-*-hook calling pivot_root in unshare mode 2022-11-14 14:35:12 +01:00
Johannes Schauer Marin Rodrigues
449fb248e2
Instead of mounting and unmounting for each run_chroot() call, do it once before the extract hook and unmount after the customize hooks 2022-11-14 14:31:06 +01:00
Johannes Schauer Marin Rodrigues
eb54f6a23a
Instead of re-execing mmdebstrap under /bin/sh, use Text::ParseWords::shellwords 
- saves a few PIDs
 - saves a bit of time because useless exec and fork is avoided
 - allows to run in pivoted chroots without mmdebstrap
 2022-11-14 14:31:05 +01:00
Johannes Schauer Marin Rodrigues
bf33a614c3
add mini-mmdebstrap in shell to the man page 2022-11-14 14:31:05 +01:00
Johannes Schauer Marin Rodrigues
d9ca7c21ff
make failure to remove /dev/ptmx a warning and not an error 2022-11-07 16:10:55 +01:00
Johannes Schauer Marin Rodrigues
b454892ddd
release 1.2.2 2022-10-27 16:11:30 +02:00
Johannes Schauer Marin Rodrigues
e887a329ab
more changes for merged-/usr which is now default in testing and unstable 2022-10-18 10:32:03 +02:00
Johannes Schauer Marin Rodrigues
4048293be5
only print progress bars on interactive terminals that are wide enough 2022-10-16 22:03:06 +02:00
Johannes Schauer Marin Rodrigues
d4cb065639
Write an empty /etc/machine-id instead of writing 'uninitialized'. 
Writing "uninitialized" instructs systemd to run units with
ConditionFirstBoot=yes which should only be done by tools that know how
to correctly set up such units.

Debian-Bug: #1021478
 2022-10-10 15:01:03 +02:00
Jochen Sprickerhof
adf62afcea
guestfish: move set-label after mkfs 
Fixes:

libguestfs: error: set_label: don't know how to set the label for '' filesystems
 2022-09-23 09:23:38 +02:00
Johannes Schauer Marin Rodrigues
3999212c48
always create /var/lib/dpkg/arch to make foreign architecture chrootless tarballs bit-by-bit identical 2022-09-22 14:22:37 +02:00
Johannes Schauer Marin Rodrigues
6c68ab2e5e
also provide the info() function to debootstrap 2022-09-12 11:56:26 +02:00
Johannes Schauer Marin Rodrigues
2f27eccad4
allow /etc/apt/trusted.gpg.d/ not to exist 2022-09-11 21:12:14 +02:00
Johannes Schauer Marin Rodrigues
045b56bb4e
release 1.2.1 2022-09-08 04:43:37 +02:00
Johannes Schauer Marin Rodrigues
7123808b6c
do not clean up /run/lock as /var/lock is a symlink to it according to Debian policy §9.1.4 2022-09-06 21:30:48 +02:00
Johannes Schauer Marin Rodrigues
410c5fcb24
fix --include option for files and add test case 2022-09-06 13:06:40 +02:00
Johannes Schauer Marin Rodrigues
9682e74385
release 1.2.0 2022-09-05 06:26:40 +02:00
Johannes Schauer Marin Rodrigues
b0caeeef54
bump dates to 2022 2022-09-05 06:25:24 +02:00
Johannes Schauer Marin Rodrigues
d209fb0c11
reformat with perltidy 2022-09-05 06:21:17 +02:00
Johannes Schauer Marin Rodrigues
f4a3865c00
Remove support for proot. 
The proot mode was broken from the start because in contrast to
fakechroot, no ownership information can be retained across multiple
invocations of proot. Since mmdebstrap started using apt from the
outside by setting DPkg::Chroot-Directory in mmdebstrap 0.8.0 proot mode
was finally completely broken because proot cannot wrap the chroot call
done by apt. Users of proot are recommended to run mmdebstrap in
fakechroot mode and then use proot with the resulting directory.
 2022-09-05 06:21:17 +02:00
Johannes Schauer Marin Rodrigues
7e8931578b
Store --include option values in MMDEBSTRAP_INCLUDE for hooks 2022-09-05 06:21:07 +02:00
Johannes Schauer Marin Rodrigues
e1f0b0fa40
ensure operator precedence using more parenthesis 2022-09-02 23:38:53 +02:00
Johannes Schauer Marin Rodrigues
e875bca7fb
support apt patterns and paths with commas and whitespace for the --include option 2022-09-02 23:35:56 +02:00
Johannes Schauer Marin Rodrigues
0af22912f7
also delete everything in /run and add --skip=cleanup/run 2022-09-02 23:29:52 +02:00
Johannes Schauer Marin Rodrigues
add9412a47
add --skip=chroot/mount and --skip=chroot/mount/dev, --skip=chroot/mount/proc, --skip=chroot/mount/sys 2022-09-02 23:27:27 +02:00
Johannes Schauer Marin Rodrigues
e61e352f67
add --skip=chroot/start-stop-daemon and --skip=chroot/policy-rc.d 2022-09-02 23:25:48 +02:00
Johannes Schauer Marin Rodrigues
18c1e9bbc5
multiple skip options can be passed by separating them by comma or whitespace 2022-09-02 23:23:53 +02:00
Gioele Barabucci
7ce6db0ca7
mmdebstrap: Show APT's dependency trace when in debug mode 
A dependency trace is a powerful tool to debug issues related to
APT's selection of packages, especially in custom mode.

Thus it makes sense to ask APT to output a dependency trace when
`mmdebstrap` is run with the `--debug` flag.
 2022-09-02 10:46:51 +02:00
Johannes Schauer Marin Rodrigues
226f86fea9
fix mmdebstrap hanging if apt in download step failed (closes: #1017795) 2022-08-30 21:55:57 +02:00
Johannes Schauer Marin Rodrigues
34a9de929d
use standard character classes instead of bracketed character classes 2022-07-28 17:22:47 +02:00
Johannes Schauer Marin Rodrigues
b385eb548a
only check first argument if we have one 2022-07-28 17:21:27 +02:00
Johannes Schauer Marin Rodrigues
d82afec5de
error out if stdout is a tty 2022-07-28 17:20:57 +02:00
Johannes Schauer Marin Rodrigues
3fcb125e3c
release 1.1.0 2022-07-26 22:29:09 +02:00
Johannes Schauer Marin Rodrigues
35dc676394
relax apt version regex to allow devuan apt versions like 2.5.0devuan1 2022-07-26 22:29:09 +02:00
Johannes Schauer Marin Rodrigues
0ae0adde26
document mmdebstrap hanging forever instead of ENOSPC in qemu as a comment 2022-07-26 22:29:09 +02:00
Johannes Schauer Marin Rodrigues
5e22e0bfc8
adjust message about file-mirror-automount hook 2022-07-26 22:29:09 +02:00
Johannes Schauer Marin Rodrigues
d91a18a350
Adjust merged-/usr as it's done by debootstrap 
- implements the same as debootstrap in
   https://salsa.debian.org/installer-team/debootstrap/-/merge_requests/71
 - builds a temporary usr-is-merged package and upgrades to the real one
 - create merged-/usr chroots for unstable and testing (which will
   become Debian 12 Bookworm)
 - add a dedicated merged-/usr section to the manual page
 2022-07-26 22:29:08 +02:00
Johannes Schauer Marin Rodrigues
009089ee8a
Mount a new instance of /dev/pts in the chroot 
Before, we bind-mounted /dev/ptmx and /dev/pts from the host into the
chroot. This will make posix_openpt() fail with 'No such file or
directory'.  The ability to create pseudo terminals is important for apt
(which will throw a warning otherwise) or running script(1) or source
package testsuites like for src:util-linux. This functionality is
restored by mounting a new devpts instance to /dev/pts and making
/dev/ptmx a symlink to /dev/pts/ptmx. Mounting with ptmxmode=666 is
required such that also non-root users in unshare mode are able to
create pseudo terminals. See also:

https://www.kernel.org/doc/Documentation/filesystems/devpts.txt
https://salsa.debian.org/debian/schroot/-/merge_requests/2
https://bugs.debian.org/856877
https://bugs.debian.org/817236
 2022-06-14 08:26:48 +02:00
Johannes Schauer Marin Rodrigues
c37e5e6059
tests/custom-tmpdir: try running mmdebstrap in a TMPDIR with special shell characters in its path 2022-06-04 08:30:53 +02:00
Johannes Schauer Marin Rodrigues
b46149b851
release 1.0.1 2022-05-29 09:45:03 +02:00
Johannes Schauer Marin Rodrigues
e4ef326b59
Only set up FAKECHROOT_CMD_SUBST for paths in PATH containing the original binary 
If FAKECHROOT_CMD_SUBST sets up wrong substitutions, then binaries
cannot be found. For example if /usr/bin/chroot is listed in
FAKECHROOT_CMD_SUBST but /usr/sbin (the actual location of the chroot
binary) is not in PATH, the command fails
 2022-05-29 08:11:43 +02:00
Johannes Schauer Marin Rodrigues
158956e213
release 1.0.0 2022-05-28 17:51:14 +02:00
Johannes Schauer Marin Rodrigues
e71676e15c
use warning() instead of warn() when unmounting /sys and /proc fails 2022-05-28 17:47:51 +02:00
Johannes Schauer Marin Rodrigues
cffd47e087
drop /usr/sbin prefixes from executables 2022-05-26 07:36:22 +02:00
Johannes Schauer Marin Rodrigues
c6c9c27969
use DPkg::Path as default value for PATH 2022-05-26 07:36:22 +02:00
Johannes Schauer Marin Rodrigues
27926c75f9
unify checking if tools exist by running them with --version 2022-05-26 07:36:22 +02:00
Johannes Schauer Marin Rodrigues
0f9c6543c4
improve qemu-user 
- rephrase info message to be less misleading
 - do not require qemu-$arch-static binary
 - check if /proc/sys/fs/binfmt_misc/qemu-$arch exists before reading it
 2022-05-26 07:36:22 +02:00
Johannes Schauer Marin Rodrigues
b99f1d53d5
add file-mirror-automount hook-dir 2022-05-26 07:36:21 +02:00
David Kalnischkies
cc3150ef04
Rework download stage to allow file:// mirrors 
- factor out package downloading function
 - replace -oApt::Get::Download-Only=true by -oDebug::pkgDpkgPm=1
 - remove guessing of package names in /var/cache/apt/archives/
 - drop edsp parsing with proxysolver/mmdebstrap-dump-solution to obtain
   downloaded filenames in favour of -oDpkg::Pre-Install-Pkgs::=cat
 - /var/cache/apt/archives/ is now allowed to contain packages
 - drop --skip=download/empty
 - file:// mirrors are now supported if their path is available inside
   the chroot
 2022-05-26 07:36:21 +02:00
Johannes Schauer Marin Rodrigues
dc8b09ed50
fix pod formatting typo 2022-05-24 04:15:25 +02:00
Johannes Schauer Marin Rodrigues
21b23ebb9f
set MMDEBSTRAP_VERBOSITY in hooks 2022-05-24 04:14:08 +02:00
Johannes Schauer Marin Rodrigues
0664792cd5
manually push option arguments to array instead of using s@ 
By mixing s@ for --$foo-hook options and manual pushing in --hook-dir,
it can happen that options get lost. Consider the following test:

use Getopt::Long;
my $arr = [];
GetOptions(
    'A=s@' => \$arr,
    'B=s' => sub { push @{$arr}, $_[1]; }
);
foreach my $hook (@{$arr}) { print "hook: $hook\n"; }

This works fine:

    perl test.pl --A=a1 --B=b1 --A=a2 --B=b2
    hook: a1
    hook: b1
    hook: a2
    hook: b2

This misses b1:

    perl test.pl --B=b1 --A=a2 --B=b2
    hook: a2
    hook: b2
 2022-05-24 04:09:41 +02:00
Johannes Schauer Marin Rodrigues
26af846d0a
fix that cached debs were not returned if there was nothing to download 2022-05-23 23:30:29 +02:00
Johannes Schauer Marin Rodrigues
5c5f7de898
more documentation for TMPDIR 2022-05-22 02:57:42 +02:00
Johannes Schauer Marin Rodrigues
29b23bbcbc
document how to build on top of an existing tarball 2022-05-22 02:57:01 +02:00
Johannes Schauer Marin Rodrigues
d10f320f5d
document how to build an sbuild unshare chroot mode tarball 2022-05-22 02:56:21 +02:00
Johannes Schauer Marin Rodrigues
ce23e702e2
fixup comparison with debootstrap 2022-05-22 02:54:41 +02:00
Johannes Schauer Marin Rodrigues
09f1dd2ee6
Improve documentation of reproducibility of /etc/resolv.conf and /etc/hostname 
Closes: #26
 2022-05-11 10:47:25 +02:00
Johannes Schauer Marin Rodrigues
57e0ecb20f
release 0.8.6 2022-03-25 14:27:25 +01:00
Johannes Schauer Marin Rodrigues
70b081d299
allow running root mode inside unshare mode 2022-03-25 14:25:54 +01:00
Johannes Schauer Marin Rodrigues
64ba5f8229
release 0.8.5 2022-03-07 23:44:45 +01:00
Johannes Schauer Marin Rodrigues
409ce1cfee
improve man page further 2022-03-07 23:41:58 +01:00
Johannes Schauer Marin Rodrigues
7044baf6b1
run busybox from an absolute path to allow running it even when /proc is not mounted as busybox uses /proc/self/exe to figure out its own path 2022-03-07 11:27:10 +01:00
Johannes Schauer Marin Rodrigues
489e51a2eb
Run File::Find::find with no_chdir=>1 
Without no_chdir=>1 the unshared child process in unshare mode needs
read permissions for the directory from which mmdebstrap is executed.
With this change, the current working directory does not need to be
world-readable anymore.

Closes: #1005857
Reported-by: Trent W. Buck <trentbuck@gmail.com>
 2022-02-16 10:53:05 +01:00
Gioele Barabucci
5fa2457fd5 mmdebstrap: Add mbr.bin installation to autopkgtest-build-qemu instructions 
The generated image will not be bootable if `mbr.bin` is not installed
into the MBR.

These lines are copied from the "Debian desktop on USB stick" example.
 2022-02-13 20:00:35 +01:00
Gioele Barabucci
8e6f183b3f mmdebstrap: Install mbr.bin in /boot and keep after installation 2022-02-13 19:56:39 +01:00
Gioele Barabucci
97e6981ddc mmdebstrap: Read extlinux's MBR from /usr/lib/EXTLINUX 
`/usr/lib/SYSLINUX` is not available if only `extlinux` is installed.
 2022-02-13 19:55:29 +01:00
Gioele Barabucci
22c0ba45a0 mmdebstrap: Use ext4 instead of ext2 in examples 2022-02-13 17:44:25 +01:00
Gioele Barabucci
829df60242 mmdebstrap: Align autopkgtest-build-qemu and USB stick examples 
Write the same `guestfish` instructions in the same way in both the
`autopkgtest-build-qemu` and the "Debian desktopn on a USB stick" example.
 2022-02-13 17:42:26 +01:00
Johannes Schauer Marin Rodrigues
070a9cecb7
release 0.8.4 2022-02-11 23:04:31 +01:00
Johannes Schauer Marin Rodrigues
38a81e75bb
remove information about kernel.unprivileged_userns_clone from the man page 2022-02-11 23:02:31 +01:00
Johannes Schauer Marin Rodrigues
ce8a9f8764
also remove /var/lib/dbus/machine-id 2022-02-11 23:01:56 +01:00
Johannes Schauer Marin Rodrigues
e865ce850f
document another advantage of running apt outside the chroot 2022-02-11 23:01:36 +01:00
Johannes Schauer Marin Rodrigues
2b60a932a9
don't install essential packages in run_install() 2022-02-11 23:01:08 +01:00
Johannes Schauer Marin Rodrigues
632a918780
release 0.8.3 2022-01-08 08:37:00 +01:00
Johannes Schauer Marin Rodrigues
6ba6d10c4f
document that 'upload' doesn't retain permissions and ownership 2022-01-08 08:33:41 +01:00
Johannes Schauer Marin Rodrigues
4f811b7117
print errer message if mmdebstrap failed to run 2022-01-08 08:32:09 +01:00
Johannes Schauer Marin Rodrigues
ff2910a746
send SIGHUP to children if tar failed 2022-01-08 08:31:50 +01:00
Johannes Schauer Marin Rodrigues
0da6f103a1
hardcode 'stable' to use stable-security mirror 2022-01-08 08:31:26 +01:00
Johannes Schauer Marin Rodrigues
388c7980d3
don't copy in qemu-user-static if we don't need to 2022-01-08 08:29:48 +01:00
Johannes Schauer Marin Rodrigues
8bc6a4daa9
set PATH in main instead of run_setup 2022-01-08 07:44:05 +01:00
Johannes Schauer Marin Rodrigues
0383efc554
don't overwrite existing files in setup 2022-01-07 23:15:07 +01:00
Johannes Schauer Marin Rodrigues
1b0f7f1138
make $@ local, so we don't print "Can't locate Undefined subroutine &Devel::Cover::get_coverage called" in other parts where we evaluate $@ 2022-01-07 23:15:07 +01:00
Johannes Schauer Marin Rodrigues
88619e4d9c
test codename apt pattern as well, requires apt >= 2.3.14 
closes: #21
 2022-01-07 12:46:42 +01:00
Johannes Schauer Marin Rodrigues
5d8943b739
release 0.8.2 2021-12-14 21:07:04 +01:00
Johannes Schauer Marin Rodrigues
7501708aaf
perltidy 20200110 -> 20210717 2021-12-14 21:07:04 +01:00
Konstantin Demin
e4e10b670c
allow custom daemon startup prevention 
don't bother with /sbin/start-stop-daemon and /usr/sbin/policy-rc.d
if they're not a regular files (e.g. symlinks)

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
 2021-12-06 00:28:34 +03:00
Johannes Schauer Marin Rodrigues
c4a43ea0f9
make $@ local, so we don't print "Can't locate Dpkg/Vendor/Debian.pm" in other parts where we evaluate $@ 2021-11-29 21:15:59 +01:00
Johannes Schauer Marin Rodrigues
60d69f6f78
Use apt patters to select priority variants 
- requires apt >= 2.3.10
 - we can drop having to run apt-get indextargets and parse Packages
   files ourselves
 - we can drop the layer violation that computed the package set in
   run_download() and passed the package set around in setup() to
   run_install()
 - packages are selected by suite unless the suite is the empty string
 2021-11-09 07:31:56 +01:00
Johannes Schauer Marin Rodrigues
3b41fe6805
document mmdebstrap as docker/podman replacement 2021-11-07 10:00:48 +01:00
Raul Tambre
c61e81a244 Relax dpkg version regex 
For non-release builds the version will include the number of commits since last release and the commit hash with dashes, e.g. 1.20.8-46-g0881.
For downstream distros it seems it may include their identification strings, e.g. 1.20.9ubuntu2.

Make the regex match everything after the version number to avoid incorrectly erroring on such versions.

Fixes #18
 2021-11-06 23:04:27 +02:00
Johannes Schauer Marin Rodrigues
7a062661e5
release 0.8.1 2021-10-07 13:35:39 +02:00
Johannes Schauer Marin Rodrigues
1d2a7ef71a
enforce dpkg >= 1.20.0 and remove dead code 2021-10-07 10:51:20 +02:00
Johannes Schauer Marin Rodrigues
4f278deadf
use rm and find instead of remove_tree() 
* remove_tree() requires the CWD to be accessible or fails with
   cannot chdir to $CWD from $DIR_TO_DELETE: Permission denied, aborting.
 * CWD is not always accessible -- example: run mmdebstrap from a
   directory only accessible by the current user (like a tempdir) in
   unshare mode
 * find from findutils *also* requires CWD to be accessible but it's
   easier to temporarily change CWD in a subprocess because using
   there is no utility in perl core that changes CWD temporarily and
   cleans up after itself
 * we need to use find from findutils instead of rm in unshare mode
   because the root directory itself might not be removable by the
   unshared user so we only want to remove its subdirectories
 2021-10-07 07:07:45 +02:00
Johannes Schauer Marin Rodrigues
c2d988b475
enforce apt >= 2.3.7 and remove dead code (closes: #14) 2021-10-06 23:30:09 +02:00
Johannes Schauer Marin Rodrigues
28cb757742
do not run xz and zstd with --threads=0 
There are now systems with 160 cores (debci runs on two Ampere Altra
ARMv8 Neoverse-N1), which makes xz fail with: "xz: (stdin): Cannot
allocate memory"
 2021-09-24 22:09:24 +02:00
Johannes Schauer Marin Rodrigues
12ec2c50aa
also create cmethopt and available in chrootless mode 
- this allows bit-by-bit identical output of chrootless mode compared
   to other modes
 2021-09-22 15:22:35 +02:00
Johannes Schauer Marin Rodrigues
1a4491b4d3
release 0.8.0 2021-09-21 14:20:58 +02:00
Johannes Schauer Marin Rodrigues
2c945e4c87
improve fakechroot LD_LIBRARY_PATH 
- use /etc/ld.so.conf from the chroot instead of the host
 - parse /etc/ld.so.conf instead of blindly accessing /etc/ld.so.conf.d
 - add libraries from the chroot instead of the host
 2021-09-21 14:17:31 +02:00
Johannes Schauer Marin Rodrigues
ddb642a1dc
update apt MR urls 2021-09-19 19:38:52 +02:00
Johannes Schauer Marin Rodrigues
dceb881bd0
drop DPkg::Install::Recursive::force=true (requires apt >= 2.3.7) 2021-09-19 19:37:06 +02:00
Johannes Schauer Marin Rodrigues
6d59d51a4a
add ldconfig.fakechroot and translate symlinks for bit-by-bit identical buildd variant 2021-09-16 16:23:46 +02:00
Johannes Schauer Marin Rodrigues
6a22e05d59
document that zstd is also called with --threads=0 2021-09-16 16:12:35 +02:00
Johannes Schauer Marin Rodrigues
c7390f648b
be more permissive in the FAKECHROOT_DETECT version format 2021-09-16 16:12:20 +02:00
Johannes Schauer Marin Rodrigues
631b103ca7
check for symlink first to compute disk usage because -f und -s otherwise follow symlinks 2021-09-16 16:11:34 +02:00
Johannes Schauer Marin Rodrigues
101229aa04
add a newline to /etc/machine-id as systemd does the same 2021-09-16 16:08:07 +02:00
Johannes Schauer Marin Rodrigues
5b0bb46421
add gpgvnoexpkeysig 2021-09-15 16:10:22 +02:00
Johannes Schauer Marin Rodrigues
6851cd7cb4
move hooks/setup00-merged-usr.sh -> hooks/merged-usr/setup00.sh, expand docs 2021-09-03 12:04:40 +02:00
Johannes Schauer Marin Rodrigues
6a8fbae9d8
make fakechroot mode bit-by-bit identical to the others 2021-08-29 10:25:34 +02:00
Johannes Schauer Marin Rodrigues
7d472ca116
document on how to use mmdebstrap with podman 2021-08-27 11:53:32 +02:00
Johannes Schauer Marin Rodrigues
047619967e
also check whether CAP_SYS_ADMIN is in the bounding set 2021-08-27 11:53:11 +02:00
Johannes Schauer Marin Rodrigues
5a5f57b404
Automatically skip using mount if that's not possible 
- instead of throwing an error, just print a warning
 - can now run as root without cap_sys_admin
 - can now run without mount installed
 - --skip=check/canmount is not needed anymore
 2021-08-26 15:40:27 +02:00
Johannes Schauer Marin Rodrigues
1a18160fe8
document that apt-transport-https, ca-certificates and apt-transport-tor are no longer installed automatically 2021-08-26 11:17:13 +02:00
Johannes Schauer Marin Rodrigues
91d8be5f9c
Do not use gpg --trust-model=always 
- gpg will not create a trustdb when running with --update-trustdb with
   --trust-model=always:
       gpg: no need for a trustdb update with 'always' trust model
 - subsequent gpg calls will fail because there is no trustdb in GPGHOME
 2021-08-26 07:58:27 +02:00
Johannes Schauer Marin Rodrigues
850eeb24d5
more code comments 2021-08-25 05:21:57 +02:00
Johannes Schauer Marin Rodrigues
8b12375de3
add more references to #808203 2021-08-25 05:15:44 +02:00
Johannes Schauer Marin Rodrigues
c627606110
document copy:// vs. file:// 2021-08-23 10:41:44 +02:00
Johannes Schauer Marin Rodrigues
60dba1c19e
fixup read_subuid_subgid 
- use $REAL_USER_ID from English instead of $<
 - use getgrgid $REAL_GROUP_ID to get the group name instead of assuming
   the group name to be equal to the user name
 - also check whether /etc/subgid exists and is readable
 2021-08-19 13:02:44 +02:00
Joe Groocock
15029c1c3b
improve error message for missing /etc/subuid entry (closes: #9) 2021-08-19 11:18:53 +02:00
Johannes Schauer Marin Rodrigues
3c37d692a0
write 'uninitialized' to /etc/machine-id to support systemd ConditionFirstBoot (closes: #10) 2021-08-19 07:18:21 +02:00
Nicolas Vigier
5283d74dfe
Remove files inside the auxfiles directory 
This is fixing the error:
  cannot rmdir /var/lib/apt/lists/auxfiles: Directory not empty at ./mmdebstrap/mmdebstrap line 3084.
which happens when using apt-transport-mirror.
 2021-08-19 07:18:21 +02:00
Johannes Schauer Marin Rodrigues
ea82b267c9
only run test_unshare_userns() if not root user 2021-08-18 22:06:16 +02:00
Johannes Schauer Marin Rodrigues
dfbf9cdcef
several fixes to chrootless mode 2021-08-17 23:39:20 +02:00
Johannes Schauer Marin Rodrigues
f868073b6e
add --skip=setup, --skip=update and --skip=cleanup 2021-08-17 11:11:00 +02:00
Johannes Schauer Marin Rodrigues
98f1f0abde
use apt pattern to select essential set 2021-08-17 10:30:06 +02:00
Johannes Schauer Marin Rodrigues
3e488dd1dd
use apt from the outside by setting DPkg::Chroot-Directory 2021-08-16 22:33:39 +02:00
Johannes Schauer Marin Rodrigues
c63ad87310
changes for release of Debian 11 Buster 2021-08-16 13:11:42 +02:00
Johannes Schauer Marin Rodrigues
594ea3c72e
improve busybox and --hook-dir examples in man page -- thanks Jochen Sprickerhof! 2021-05-31 16:33:34 +02:00
Johannes Schauer Marin Rodrigues
3f79c18a0d
since apt 2.1.16 we can use --error-on=any and do not anymore need to error out on all W: lines (closes: #6) 2021-05-31 11:17:45 +02:00
Benjamin Drung
0378c101bb
Pass extended attributes (excluding system) to tar2sqfs 
/bin/ping (from iputils-ping) uses the security capabilities to allow
users to use the program:

```
$ getcap /bin/ping
/bin/ping cap_net_raw=ep
```

Debian testing/unstable images (variant important) contain security and
system attributes:

```
$ mmdebstrap --variant=important bullseye root.tar
$ tar --xattrs --xattrs-include='*' -vv -tf root.tar | grep -B 1 '^ '
-rwxr-xr-x* 0/0           77432 2021-02-02 18:49 ./bin/ping
  x: 20 security.capability
--
drwxr-sr-x* 0/102             0 2021-05-07 15:10 ./var/log/journal/
  x: 44 system.posix_acl_access
  x: 44 system.posix_acl_default
```

When generating a squashfs image with mmdebstrap 0.7.5-2, these security
capabilities are lost. Example for building a squashfs image in a
minimal Debian unstable schroot:

```
$ apt install -y mmdebstrap squashfs-tools-ng
$ mmdebstrap --variant=important buster root.squashfs
$ rdsquashfs -x /bin/ping root.squashfs
$
```

tar2sqfs from squashfs-tools-ng 1.0.4-1 supports encoding extended
attributes from the namespace `user`, `trusted`, and `security` (see
`include/sqfs/xattr.h`). GNU tar (version 1.34) supports these three
namespaces plus the namespace `system`.

Passing extended attributes from the `system` namespace to tar2sqfs will
produce an error:

```
ERROR: squashfs does not support xattr prefix of system.posix_acl_default
```

So pass the extended attributes to tar2sqfs, but exclude the `system`
namespace. Then ping will keep its security attributes:

```
$ rdsquashfs -x /bin/ping root.squashfs
security.capability=0x0100000200200000000000000000000000000000
```

Closes: #988100
Signed-off-by: Benjamin Drung <benjamin.drung@ionos.com>
 2021-05-17 21:43:10 +02:00
Johannes Schauer Marin Rodrigues
88a031477a
add --skip=cleanup/apt/lists and --skip=cleanup/apt/cache 2021-05-09 20:44:02 +02:00