mmdebstrap

Author	SHA1	Message	Date
Johannes Schauer Marin Rodrigues	850eeb24d5	more code comments	2021-08-25 05:21:57 +02:00
Johannes Schauer Marin Rodrigues	8b12375de3	add more references to #808203	2021-08-25 05:15:44 +02:00
Johannes Schauer Marin Rodrigues	c627606110	document copy:// vs. file://	2021-08-23 10:41:44 +02:00
Johannes Schauer Marin Rodrigues	60dba1c19e	fixup read_subuid_subgid - use $REAL_USER_ID from English instead of $< - use getgrgid $REAL_GROUP_ID to get the group name instead of assuming the group name to be equal to the user name - also check whether /etc/subgid exists and is readable	2021-08-19 13:02:44 +02:00
Joe Groocock	15029c1c3b	improve error message for missing /etc/subuid entry (closes: #9 )	2021-08-19 11:18:53 +02:00
Johannes Schauer Marin Rodrigues	3c37d692a0	write 'uninitialized' to /etc/machine-id to support systemd ConditionFirstBoot (closes: #10 )	2021-08-19 07:18:21 +02:00
Nicolas Vigier	5283d74dfe	Remove files inside the auxfiles directory This is fixing the error: cannot rmdir /var/lib/apt/lists/auxfiles: Directory not empty at ./mmdebstrap/mmdebstrap line 3084. which happens when using apt-transport-mirror.	2021-08-19 07:18:21 +02:00
Johannes Schauer Marin Rodrigues	ea82b267c9	only run test_unshare_userns() if not root user	2021-08-18 22:06:16 +02:00
Johannes Schauer Marin Rodrigues	dfbf9cdcef	several fixes to chrootless mode	2021-08-17 23:39:20 +02:00
Johannes Schauer Marin Rodrigues	f868073b6e	add --skip=setup, --skip=update and --skip=cleanup	2021-08-17 11:11:00 +02:00
Johannes Schauer Marin Rodrigues	98f1f0abde	use apt pattern to select essential set	2021-08-17 10:30:06 +02:00
Johannes Schauer Marin Rodrigues	3e488dd1dd	use apt from the outside by setting DPkg::Chroot-Directory	2021-08-16 22:33:39 +02:00
Johannes Schauer Marin Rodrigues	c63ad87310	changes for release of Debian 11 Buster	2021-08-16 13:11:42 +02:00
Johannes Schauer Marin Rodrigues	594ea3c72e	improve busybox and --hook-dir examples in man page -- thanks Jochen Sprickerhof!	2021-05-31 16:33:34 +02:00
Johannes Schauer Marin Rodrigues	3f79c18a0d	since apt 2.1.16 we can use --error-on=any and do not anymore need to error out on all W: lines (closes: #6 )	2021-05-31 11:17:45 +02:00
Benjamin Drung	0378c101bb	Pass extended attributes (excluding system) to tar2sqfs /bin/ping (from iputils-ping) uses the security capabilities to allow users to use the program: ``` $ getcap /bin/ping /bin/ping cap_net_raw=ep ``` Debian testing/unstable images (variant important) contain security and system attributes: ``` $ mmdebstrap --variant=important bullseye root.tar $ tar --xattrs --xattrs-include='' -vv -tf root.tar \| grep -B 1 '^ ' -rwxr-xr-x 0/0 77432 2021-02-02 18:49 ./bin/ping x: 20 security.capability -- drwxr-sr-x* 0/102 0 2021-05-07 15:10 ./var/log/journal/ x: 44 system.posix_acl_access x: 44 system.posix_acl_default ``` When generating a squashfs image with mmdebstrap 0.7.5-2, these security capabilities are lost. Example for building a squashfs image in a minimal Debian unstable schroot: ``` $ apt install -y mmdebstrap squashfs-tools-ng $ mmdebstrap --variant=important buster root.squashfs $ rdsquashfs -x /bin/ping root.squashfs $ ``` tar2sqfs from squashfs-tools-ng 1.0.4-1 supports encoding extended attributes from the namespace `user`, `trusted`, and `security` (see `include/sqfs/xattr.h`). GNU tar (version 1.34) supports these three namespaces plus the namespace `system`. Passing extended attributes from the `system` namespace to tar2sqfs will produce an error: ``` ERROR: squashfs does not support xattr prefix of system.posix_acl_default ``` So pass the extended attributes to tar2sqfs, but exclude the `system` namespace. Then ping will keep its security attributes: ``` $ rdsquashfs -x /bin/ping root.squashfs security.capability=0x0100000200200000000000000000000000000000 ``` Closes: #988100 Signed-off-by: Benjamin Drung <benjamin.drung@ionos.com>	2021-05-17 21:43:10 +02:00
Johannes Schauer Marin Rodrigues	88a031477a	add --skip=cleanup/apt/lists and --skip=cleanup/apt/cache	2021-05-09 20:44:02 +02:00
Vagrant Cascadian	c51fb24c7b	Use all cores when compressing with zstd.	2021-05-09 17:32:04 +02:00
Johannes Schauer Marin Rodrigues	236b84a486	tarfilter: add --pax-exclude and --pax-include to strip extended attributes because tar2sqfs only supports user., trusted. and security.*	2021-05-07 09:39:40 +02:00
Johannes Schauer Marin Rodrigues	ebfac91738	also choose null format if stdout is /dev/null and check whether major and minor number of /dev/null are as expected to avoid false positives	2021-05-04 15:01:53 +02:00
Konstantin Demin	ccd4b5c163	gpg: handle ASCII-armored keyrings as well gpg command "--list-keys" requires input files to be passed with option "--keyring" and each file must match type "public keyring v4" while gpg command "--show-keys" doesn't require extra options and handles also ASCII-armored public keyrings as well. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>	2021-04-25 22:33:37 +03:00
Helmut Grohne	2767b051bc	implement --format=null	2021-03-25 07:04:14 +01:00
Johannes Schauer Marin Rodrigues	4c17f36072	better document the TMPDIR env var	2021-03-08 19:33:51 +01:00
Johannes Schauer Marin Rodrigues	5a3d1ab5c4	Rework /dev, /sys, /proc mounting - assume all entries in @devfiles to be in /dev - allow for /dev, /sys and /proc not to exist in the target and print warning - allow for /dev entries as well as /sys and /proc not to exist on the outside - simplify umount by storing special options in @umountopts - remove superfluous checks for root and unshare mode - make sure /dev entries are less than 100 chars in size for tar	2021-03-08 08:04:35 +01:00
Johannes Schauer Marin Rodrigues	d52eaa4814	instead of checking for defined-ness and then comparing with the empty string, we can just use 'length' which returns undef if its argument is undef	2021-03-08 07:54:04 +01:00
Johannes Schauer Marin Rodrigues	270fd09b43	update copyright information	2021-03-08 07:52:14 +01:00
Johannes Schauer Marin Rodrigues	d5c8a85ace	document problems with chrootless mode in man page	2021-02-23 12:50:18 +01:00
Johannes Schauer Marin Rodrigues	ecbc10794c	warn if --dpkgopt is used in chrootless mode because of #808203	2021-02-23 12:49:46 +01:00
Johannes Schauer Marin Rodrigues	49f464e7da	create /etc/dpkg/dpkg.cfg.d/ if --dpkgopt is used	2021-02-23 12:49:26 +01:00
Johannes Schauer Marin Rodrigues	067daaf4c2	also run unshare with --propagation unchanged in root mode	2021-02-19 12:53:14 +01:00
Josh Triplett	f8fc7d9bbf	Fix typo in hook directory example	2021-02-06 18:58:30 +01:00
Johannes Schauer Marin Rodrigues	976cc9c1c4	release 0.7.5	2021-02-06 14:46:37 +01:00
Johannes Schauer Marin Rodrigues	73cd7cd2e8	run unshare --mount with --propagation unchanged to prevent 'cannot change root filesystem propagation' when running mmdebstrap from inside a chroot	2021-02-06 10:11:53 +01:00
Johannes Schauer Marin Rodrigues	39167dbc30	expose hook name to hooks via MMDEBSTRAP_HOOK environment variable	2021-02-06 09:18:05 +01:00
Johannes Schauer Marin Rodrigues	8a4f4d90ab	remove example showing mmdebstrap as debootstrap replacement for sbuild-createchroot as it doesn't work in unshare mode	2021-02-04 17:47:40 +01:00
Johannes Schauer Marin Rodrigues	e1e0df7799	skip emulation check for extract variant	2021-02-04 17:47:10 +01:00
Johannes Schauer Marin Rodrigues	c740b01dc8	unset TMPDIR in hooks because there is no value that works inside as well as outside the chroot	2021-02-04 17:46:39 +01:00
Johannes Schauer Marin Rodrigues	0595c5c220	add new suite name trixie	2021-02-04 17:43:33 +01:00
Johannes Schauer Marin Rodrigues	7a43ff89dc	improve dpkg and apt version parsing	2021-02-04 17:42:40 +01:00
Johannes 'josch' Schauer	d9633d05fe	release 0.7.4	2021-01-16 00:33:40 +01:00
Johannes 'josch' Schauer	7bd733fb8b	In root mode, check whether it's possible to mount - even if the user is root, they might not have permission to mount - check for CAP_SYS_ADMIN and unshare --mount before proceeding - allow one to disable the check with --skip=check/canmount - this is useful in container environments like docker	2021-01-13 18:40:29 +01:00
Johannes 'josch' Schauer	205f5c2692	document how to use mmdebstrap to create a docker chroot	2021-01-13 18:08:04 +01:00
Johannes 'josch' Schauer	4693034138	allow unshare as root user - this is useful when you are already root and want the benefits of unsharing the mount namespace to prevent messing up your system - if the unshare mode is used as root, the user namespace is not unshared anymore and newuidmap, setuid and friends are not called anymore - if the unshare mode is used as non-root test if the user namespace can be unshared, otherwise test if the mount namespace can be unshared	2021-01-13 16:15:59 +01:00
Johannes 'josch' Schauer	ea6bbc1d9c	#898446 got closed and the default of kernel.unprivileged_userns_clone changed to 1	2021-01-09 19:44:39 +01:00
Johannes 'josch' Schauer	62bcf3261e	do not run an additional env command inside the chroot	2021-01-09 19:44:00 +01:00
Johannes 'josch' Schauer	7ff3f53fb9	apt 2.1.16 fixed immediate configure	2021-01-09 19:43:15 +01:00
Johannes 'josch' Schauer	ac21074243	set MMDEBSTRAP_APT_CONFIG, MMDEBSTRAP_MODE and MMDEBSTRAP_HOOKSOCK for hook scripts	2021-01-09 19:41:59 +01:00
Johannes 'josch' Schauer	9484107392	set PATH if it's unset or empty	2021-01-06 11:49:29 +01:00
Johannes 'josch' Schauer	2d03a81997	coverage.sh: reenabling tests because bugs got fixed - systemd didn't get fixed but somehow the order matches again (bug #963788) - python is installable again (bug #968217) - apt immediate configure was not fixed but src:glibc changed to not trigger the bug anymore (bugs #973305, #973325 and #972552)	2021-01-06 11:33:37 +01:00
Johannes 'josch' Schauer	0b2a0c5a55	release 0.7.3	2020-12-02 06:15:54 +01:00
Johannes 'josch' Schauer	43ca8a5211	it is wrong to match the suite for the package set selection if more than one apt index is given (because the suite name might be equal) instead check whether there is more than zero matching and more than zero not-matching suites	2020-12-02 00:47:16 +01:00
Johannes 'josch' Schauer	2c232e0661	don't ignore packages added via --include if multiple apt indices are used	2020-12-02 00:33:18 +01:00
Johannes 'josch' Schauer	85328c5c7e	mmdebstrap: check for defined-ness before integer comparison	2020-11-29 20:54:50 +01:00
Johannes 'josch' Schauer	165cc82f97	preserve permissions of /etc/resolv.conf and /etc/hostname and resolve symlinks as debootstrap does it	2020-11-29 20:54:31 +01:00
Johannes 'josch' Schauer	beb0b8c177	name solver mmdebstrap-dump-solution in official apt path	2020-11-29 02:30:03 +01:00
Johannes 'josch' Schauer	f76bcb5750	release 0.7.2	2020-11-28 14:32:14 +01:00
Johannes 'josch' Schauer	732fde54f8	documentation improvements, add OPERATION section	2020-11-28 14:30:50 +01:00
Johannes 'josch' Schauer	da449be3fe	fix missing I in front of <>	2020-11-28 00:49:46 +01:00
Johannes 'josch' Schauer	2e19a8bda4	remove nonsense code comment	2020-11-28 00:48:38 +01:00
Johannes 'josch' Schauer	96f45ec2e7	info messages start with lower case character	2020-11-28 00:48:18 +01:00
Johannes 'josch' Schauer	b7e257871d	use Debian::DistroInfo if available	2020-11-28 00:46:48 +01:00
Johannes 'josch' Schauer	b2ea7b230f	remove no-op if statement	2020-11-28 00:45:54 +01:00
Johannes 'josch' Schauer	1e7e002eb1	print explicit info message about installing essential packages	2020-11-28 00:45:32 +01:00
Johannes 'josch' Schauer	ad56754a2a	pkgs_to_install might contain duplicates when multiple suites are used -- avoid that by using a hash instead of an array	2020-11-15 22:58:26 +01:00
Johannes 'josch' Schauer	0c990abc48	coverage.sh: only consider non-POD parts for maximum line length check	2020-11-15 11:30:04 +01:00
Johannes 'josch' Schauer	534798dbd2	add example for how to use a cache directory	2020-11-15 11:27:51 +01:00
Johannes 'josch' Schauer	12b26a8817	use /usr/share/distro-info/debian.csv to figure out the security mirror for bullseye and beyond	2020-11-15 10:14:03 +01:00
Johannes 'josch' Schauer	9d32dee3f5	if a suite name was specified, use the matching apt index to figure out the package set to install	2020-11-14 23:25:07 +01:00
Johannes 'josch' Schauer	21a26b5dac	pass verbosity to hook-listener	2020-11-13 22:37:53 +01:00
Johannes 'josch' Schauer	e71487af5e	improve hook-helper and hook-listener debug output	2020-11-13 22:36:58 +01:00
Johannes 'josch' Schauer	bf87e83bdb	make it possible to seed /var/cache/apt/archives with deb packages	2020-11-13 19:02:41 +01:00
Johannes 'josch' Schauer	50d8d5edae	check whether dpkg, apt and others are installed (closes: #18 )	2020-11-12 22:36:10 +01:00
Johannes 'josch' Schauer	0a985948cf	create temporary test ext2 image in TMPDIR and not in CWD	2020-11-12 15:49:10 +01:00
Johannes 'josch' Schauer	1000a033e8	release 0.7.1	2020-09-18 13:43:42 +02:00
Johannes 'josch' Schauer	259a188e06	fix typo: 3030 -> 2020 (thanks Trent W. Buck!)	2020-09-02 22:58:50 +02:00
Johannes 'josch' Schauer	65e40c8c34	redirect stderr of dpkg --version to /dev/null to prevent error output if dpkg is too old (thanks Trent W. Buck!)	2020-09-02 22:58:20 +02:00
Johannes 'josch' Schauer	58925dc493	add two more debug messages	2020-08-28 14:36:14 +02:00
Johannes 'josch' Schauer	400b51ad7b	release 0.7.0	2020-08-27 20:52:47 +02:00
Johannes 'josch' Schauer	3713735240	document non-functional --variant=standard due to bug #968217	2020-08-25 18:08:35 +02:00
Johannes 'josch' Schauer	7c752fa8a0	print elapsed time after successful run	2020-08-25 18:08:31 +02:00
Johannes 'josch' Schauer	74725ac451	coverage.sh: test eatmydata and merged-usr hooks	2020-08-25 16:05:10 +02:00
Johannes 'josch' Schauer	465c056434	no longer needs to install twice when --depkgopt=path-exclude is given by filtering the tarball with new tarfilter utility	2020-08-25 13:02:33 +02:00
Johannes 'josch' Schauer	8f09c3e02f	unless in chrootless mode, omitting stuff in /var/lib/dpkg does not depend on the dpkg version outside, but on the version inside the chroot (and we don't know that one yet)	2020-08-24 18:45:22 +02:00
Johannes 'josch' Schauer	dd64e8220d	use distro-info-data and debootstrap to help with suite name and keyring discovery	2020-08-24 18:45:22 +02:00
Johannes 'josch' Schauer	87d383d754	replace -t STDERR with a common function that explains the 'no critic' annotation	2020-08-24 18:45:18 +02:00
Johannes 'josch' Schauer	307cbf5a41	prefix certain progress bars with what is being done (closes: #16 )	2020-08-18 14:31:38 +02:00
Johannes 'josch' Schauer	df18304449	add a new pipe to communicate the number of blocks to the parent instead of abusing the hookhelper/listener	2020-08-18 12:08:55 +02:00
Johannes 'josch' Schauer	a5ea38cbad	fix docs: there are four hooks, not three	2020-08-18 09:38:22 +02:00
Johannes 'josch' Schauer	0451d5f004	do not suggest using --dpkgopt=force-unsafe-io because it barely brings any speedups, see Debian bug #613428	2020-08-18 09:37:53 +02:00
Johannes 'josch' Schauer	614ef0e43d	make it clear that --aptopt and --dpkgopt add their content permamently	2020-08-18 09:37:08 +02:00
Johannes 'josch' Schauer	23fb2055e4	fix error message to specify the right command	2020-08-18 09:36:27 +02:00
Johannes 'josch' Schauer	501e29fdeb	fix closedir calls	2020-08-18 09:35:56 +02:00
Johannes 'josch' Schauer	12f41ad33f	fix syntax for perltidy	2020-08-17 18:57:36 +02:00
Johannes 'josch' Schauer	075645289f	add --hook-directory option and a directory with hooks	2020-08-16 00:50:46 +02:00
Johannes 'josch' Schauer	e2a759967f	put hook listener into its own function and expose it to the CLI via --hook-listener	2020-08-15 22:36:13 +02:00
Johannes 'josch' Schauer	c2c270390b	implement dpkg-realpath in perl so that we don't need to run tar inside the chroot anymore for modes other than fakechroot and proot	2020-08-15 18:29:17 +02:00
Johannes 'josch' Schauer	dc67c1f4be	if we got dpkg >= 1.20.0, then we don't have to create certain files and directories ourselves	2020-08-15 18:09:06 +02:00
Johannes 'josch' Schauer	904274b9f4	adjust genext2fs (>= 1.5.0) interface	2020-07-09 07:34:03 +02:00
Johannes 'josch' Schauer	112c0a5a6d	add documentation about --{setup,extract,essential,customize}-hooks and --skip option, making them an official interface	2020-06-23 23:14:37 +02:00
Johannes 'josch' Schauer	40b6155967	add another --dpkgopt example	2020-06-23 23:12:16 +02:00

1 2 3 4 5 ...

442 commits