release 0.8.3

closes: #21

CHANGELOG.md

@@ -1,3 +1,10 @@
+0.8.3 (2022-01-08)
+------------------
+
+ - allow codenames with apt patterns (requires apt >= 2.3.14)
+ - don't overwrite existing files in setup code
+ - don't copy in qemu-user-static binary if it's not needed
+
 0.8.2 (2021-12-14)
 ------------------
 

coverage.sh

@@ -127,7 +127,7 @@ if [ ! -e shared/hooks/eatmydata/customize.sh ] || [ hooks/eatmydata/customize.s
 	fi
 fi
 starttime=
-total=177
+total=182
 skipped=0
 runtests=0
 i=1
@@ -533,6 +533,34 @@ else
 	runtests=$((runtests+1))
 fi
 
+# make sure that using codenames works https://bugs.debian.org/cgi-bin/1003191
+for dist in oldstable stable testing unstable; do
+	print_header "mode=$defaultmode,variant=apt: test $dist using codename"
+cat << END > shared/test.sh
+#!/bin/sh
+set -eu
+export LC_ALL=C.UTF-8
+/usr/lib/apt/apt-helper download-file "$mirror/dists/$dist/Release" Release
+codename=\$(awk '/^Codename: / { print \$2; }' Release)
+rm Release
+$CMD --mode=$defaultmode --variant=apt \$codename /tmp/debian-chroot.tar $mirror
+if [ "$dist" = "$DEFAULT_DIST" ]; then
+	tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -
+fi
+rm /tmp/debian-chroot.tar
+END
+	if [ "$HAVE_QEMU" = "yes" ]; then
+		./run_qemu.sh
+		runtests=$((runtests+1))
+	elif [ "$defaultmode" = "root" ]; then
+		./run_null.sh SUDO
+		runtests=$((runtests+1))
+	else
+		./run_null.sh
+		runtests=$((runtests+1))
+	fi
+done
+
 print_header "mode=unshare,variant=apt: fail without /etc/subuid"
 cat << END > shared/test.sh
 #!/bin/sh
@@ -1988,6 +2016,35 @@ else
 	skipped=$((skipped+1))
 fi
 
+print_header "mode=root,variant=apt: test ascii armored keys"
+cat << END > shared/test.sh
+#!/bin/sh
+set -eu
+export LC_ALL=C.UTF-8
+if [ ! -e /mmdebstrap-testenv ]; then
+	echo "this test modifies the system and should only be run inside a container" >&2
+	exit 1
+fi
+for f in /usr/share/keyrings/*.gpg; do
+	name=\$(basename "\$f" .gpg)
+	gpg --enarmor < /usr/share/keyrings/\$name.gpg \
+		| sed 's/ PGP ARMORED FILE/ PGP PUBLIC KEY BLOCK/;/^Comment: /d' \
+		> /etc/apt/trusted.gpg.d/\$name.asc
+done
+rm /etc/apt/trusted.gpg.d/*.gpg
+rm /usr/share/keyrings/*.gpg
+$CMD --mode=root --variant=apt $DEFAULT_DIST /tmp/debian-chroot.tar $mirror
+tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -
+rm -r /tmp/debian-chroot.tar
+END
+if [ "$HAVE_QEMU" = "yes" ]; then
+	./run_qemu.sh
+	runtests=$((runtests+1))
+else
+	echo "HAVE_QEMU != yes -- Skipping test..." >&2
+	skipped=$((skipped+1))
+fi
+
 print_header "mode=root,variant=apt: test signed-by with host keys"
 cat << END > shared/test.sh
 #!/bin/sh

make_mirror.sh

@@ -80,6 +80,9 @@ deletecache() {
 		rm "$dir/debian$i"
 	done
 	rm "$dir/mmdebstrapcache"
+	# remove all symlinks
+	find "$dir" -type l -delete
+
 	# now the rest should only be empty directories
 	if [ -e "$dir" ]; then
 		find "$dir" -depth -print0 | xargs -0 --no-run-if-empty rmdir
@@ -270,11 +273,14 @@ END
 	curl --location "$mirror/dists/$dist/Release" > "$newmirrordir/dists/$dist/Release"
 	curl --location "$mirror/dists/$dist/Release.gpg" > "$newmirrordir/dists/$dist/Release.gpg"
 	curl --location "$mirror/dists/$dist/main/binary-$nativearch/Packages.xz" > "$newmirrordir/dists/$dist/main/binary-$nativearch/Packages.xz"
+	codename=$(awk '/^Codename: / { print $2; }' < "$newmirrordir/dists/$dist/Release")
+	[ -L "$newmirrordir/dists/$codename" ] || ln -s "$dist" "$newmirrordir/dists/$codename"
 	case "$dist" in oldstable|stable)
 		mkdir -p "$newmirrordir/dists/$dist-updates/main/binary-$nativearch/"
 		curl --location "$mirror/dists/$dist-updates/Release" > "$newmirrordir/dists/$dist-updates/Release"
 		curl --location "$mirror/dists/$dist-updates/Release.gpg" > "$newmirrordir/dists/$dist-updates/Release.gpg"
 		curl --location "$mirror/dists/$dist-updates/main/binary-$nativearch/Packages.xz" > "$newmirrordir/dists/$dist-updates/main/binary-$nativearch/Packages.xz"
+		[ -L "$newmirrordir/dists/$codename-updates" ] || ln -s "$dist-updates" "$newmirrordir/dists/$codename-updates"
 		;;
 	esac
 	case "$dist" in
@@ -289,6 +295,7 @@ END
 			curl --location "$security_mirror/dists/$dist-security/Release" > "$newcachedir/debian-security/dists/$dist-security/Release"
 			curl --location "$security_mirror/dists/$dist-security/Release.gpg" > "$newcachedir/debian-security/dists/$dist-security/Release.gpg"
 			curl --location "$security_mirror/dists/$dist-security/main/binary-$nativearch/Packages.xz" > "$newcachedir/debian-security/dists/$dist-security/main/binary-$nativearch/Packages.xz"
+			[ -L "$newcachedir/debian-security/dists/$codename-security" ] || ln -s "$dist-security" "$newcachedir/debian-security/dists/$codename-security"
 			;;
 	esac
 

mmdebstrap

@@ -23,7 +23,7 @@
 use strict;
 use warnings;
 
-our $VERSION = '0.8.2';
+our $VERSION = '0.8.3';
 
 use English;
 use Getopt::Long;
@@ -102,7 +102,13 @@ my @devfiles = (
 #   3 -> debug output
 my $verbosity_level = 1;
 
-my $is_covering = !!(eval { Devel::Cover::get_coverage() });
+my $is_covering = 0;
+{
+    # make $@ local, so we don't print "Undefined subroutine called"
+    # in other parts where we evaluate $@
+    local $@ = '';
+    $is_covering = !!(eval { Devel::Cover::get_coverage() });
+}
 
 # the reason why Perl::Critic warns about this is, that it suspects that the
 # programmer wants to implement a test whether the terminal is interactive or
@@ -1657,7 +1663,7 @@ sub run_setup() {
     # from inside the chroot.
     # The config filename is chosen such that any settings in it will be
     # overridden by what the user specified with --aptopt.
-    {
+    if (!-e "$options->{root}/etc/apt/apt.conf.d/00mmdebstrap") {
         open my $fh, '>', "$options->{root}/etc/apt/apt.conf.d/00mmdebstrap"
           or error "cannot open /etc/apt/apt.conf.d/00mmdebstrap: $!";
         print $fh "Apt::Install-Recommends false;\n";
@@ -1666,7 +1672,7 @@ sub run_setup() {
     }
 
     # apt-get update requires this
-    {
+    if (!-e "$options->{root}/var/lib/dpkg/status") {
         open my $fh, '>', "$options->{root}/var/lib/dpkg/status"
           or error "failed to open(): $!";
         close $fh;
@@ -1678,9 +1684,11 @@ sub run_setup() {
     # architecture outside the chroot.
     chomp(my $hostarch = `dpkg --print-architecture`);
     if (
-        scalar @{ $options->{foreignarchs} } > 0
+        (!-e "$options->{root}/var/lib/dpkg/arch")
-        or (    $options->{mode} eq 'chrootless'
+        and (
-            and $hostarch ne $options->{nativearch})
+            scalar @{ $options->{foreignarchs} } > 0
+            or (    $options->{mode} eq 'chrootless'
+                and $hostarch ne $options->{nativearch}))
     ) {
         open my $fh, '>', "$options->{root}/var/lib/dpkg/arch"
           or error "cannot open /var/lib/dpkg/arch: $!";
@@ -1691,7 +1699,8 @@ sub run_setup() {
         close $fh;
     }
 
-    if (scalar @{ $options->{aptopts} } > 0) {
+    if (scalar @{ $options->{aptopts} } > 0
+        and (!-e "$options->{root}/etc/apt/apt.conf.d/99mmdebstrap")) {
         open my $fh, '>', "$options->{root}/etc/apt/apt.conf.d/99mmdebstrap"
           or error "cannot open /etc/apt/apt.conf.d/99mmdebstrap: $!";
         foreach my $opt (@{ $options->{aptopts} }) {
@@ -1717,7 +1726,8 @@ sub run_setup() {
         }
     }
 
-    if (scalar @{ $options->{dpkgopts} } > 0) {
+    if (scalar @{ $options->{dpkgopts} } > 0
+        and (!-e "$options->{root}/etc/dpkg/dpkg.cfg.d/99mmdebstrap")) {
         # FIXME: in chrootless mode, dpkg will only read the configuration
         # from the host -- see #808203
         if ($options->{mode} eq 'chrootless') {
@@ -1747,7 +1757,7 @@ sub run_setup() {
         }
     }
 
-    {
+    if (!-e "$options->{root}/etc/fstab") {
         open my $fh, '>', "$options->{root}/etc/fstab"
           or error "cannot open fstab: $!";
         print $fh "# UNCONFIGURED FSTAB FOR BASE SYSTEM\n";
@@ -1787,9 +1797,11 @@ sub run_setup() {
                 $fname .= 'main.sources';
             }
         }
-        open my $fh, '>', "$fname" or error "cannot open $fname: $!";
+        if (!-e $fname) {
-        print $fh $firstentry->{content};
+            open my $fh, '>', "$fname" or error "cannot open $fname: $!";
-        close $fh;
+            print $fh $firstentry->{content};
+            close $fh;
+        }
         # everything else goes into /etc/apt/sources.list.d/
         for (my $i = 1 ; $i < scalar @{ $options->{sourceslists} } ; $i++) {
             my $entry = $options->{sourceslists}->[$i];
@@ -1816,15 +1828,17 @@ sub run_setup() {
                     error "invalid type: $entry->{type}";
                 }
             }
-            open my $fh, '>', "$fname" or error "cannot open $fname: $!";
+            if (!-e $fname) {
-            print $fh $entry->{content};
+                open my $fh, '>', "$fname" or error "cannot open $fname: $!";
-            close $fh;
+                print $fh $entry->{content};
+                close $fh;
+            }
         }
     }
 
     # allow network access from within
     foreach my $file ("/etc/resolv.conf", "/etc/hostname") {
-        if (-e $file) {
+        if (-e $file && !-e "$options->{root}/$file") {
             # this will create a new file with 644 permissions and copy
             # contents only even if $file was a symlink
             copy($file, "$options->{root}/$file")
@@ -1945,15 +1959,6 @@ sub run_setup() {
         }
     }
 
-    # setting PATH for chroot, ldconfig, start-stop-daemon...
-    if (length $ENV{PATH}) {
-        ## no critic (Variables::RequireLocalizedPunctuationVars)
-        $ENV{PATH} = "$ENV{PATH}:/usr/sbin:/usr/bin:/sbin:/bin";
-    } else {
-        ## no critic (Variables::RequireLocalizedPunctuationVars)
-        $ENV{PATH} = "/usr/sbin:/usr/bin:/sbin:/bin";
-    }
-
     return;
 }
 
@@ -2150,7 +2155,10 @@ sub run_download() {
                     '?narrow('
                       . (
                         length($options->{suite})
-                        ? '?archive(' . $options->{suite} . '),'
+                        ? '?or(?archive(^'
+                          . $options->{suite}
+                          . '$),?codename(^'
+                          . $options->{suite} . '$)),'
                         : ''
                       )
                       . '?architecture('
@@ -2506,19 +2514,41 @@ sub run_prepare {
                 $ENV{QEMU_LD_PREFIX} = $options->{root};
             }
         } elsif (any { $_ eq $options->{mode} } ('root', 'unshare')) {
-            # other modes require a static qemu-user binary
+            my $require_qemu_static = 1;
-            my $qemubin = "/usr/bin/qemu-$options->{qemu}-static";
+            # make $@ local, so we don't print an eventual error
-            if (!-e $qemubin) {
+            # in other parts where we evaluate $@
-                error "cannot find $qemubin";
+            local $@ = '';
+            eval {
+                # Check for the F flag which makes the kernel open the binfmt
+                # binary at configuration time instead of lazily at startup
+                # time. If the flag is set, then the qemu-static binary is not
+                # required inside the chroot.
+                open my $fh, '<',
+                  "/proc/sys/fs/binfmt_misc/qemu-$options->{qemu}";
+                while (my $line = <$fh>) {
+                    chomp($line);
+                    if ($line =~ /^flags: [A-Z]*F[A-Z]*$/) {
+                        $require_qemu_static = 0;
+                        last;
+                    }
+                }
+                close $fh;
+            };
+            if ($require_qemu_static) {
+                # other modes require a static qemu-user binary
+                my $qemubin = "/usr/bin/qemu-$options->{qemu}-static";
+                if (!-e $qemubin) {
+                    error "cannot find $qemubin";
+                }
+                copy $qemubin, "$options->{root}/$qemubin"
+                  or error "cannot copy $qemubin: $!";
+                # File::Copy does not retain permissions but on some
+                # platforms (like Travis CI) the binfmt interpreter must
+                # have the executable bit set or otherwise execve will
+                # fail with EACCES
+                chmod 0755, "$options->{root}/$qemubin"
+                  or error "cannot chmod $qemubin: $!";
             }
-            copy $qemubin, "$options->{root}/$qemubin"
-              or error "cannot copy $qemubin: $!";
-            # File::Copy does not retain permissions but on some
-            # platforms (like Travis CI) the binfmt interpreter must
-            # have the executable bit set or otherwise execve will
-            # fail with EACCES
-            chmod 0755, "$options->{root}/$qemubin"
-              or error "cannot chmod $qemubin: $!";
         } else {
             error "unknown mode: $options->{mode}";
         }
@@ -2704,7 +2734,10 @@ sub run_install() {
             "?narrow("
               . (
                 length($options->{suite})
-                ? '?archive(' . $options->{suite} . '),'
+                ? '?or(?archive(^'
+                  . $options->{suite}
+                  . '$),?codename(^'
+                  . $options->{suite} . '$)),'
                 : ''
               )
               . "?architecture($options->{nativearch}),"
@@ -2864,8 +2897,11 @@ sub run_cleanup() {
               or error "failed to unlink $ENV{APT_CONFIG}: $!";
         }
 
-        if (defined $options->{qemu}
+        if (any { $_ eq 'cleanup/mmdebstrap/qemu' } @{ $options->{skip} }) {
-            and any { $_ eq $options->{mode} } ('root', 'unshare')) {
+            info "skipping cleanup/mmdebstrap/qume as requested";
+        } elsif (defined $options->{qemu}
+            and any { $_ eq $options->{mode} } ('root', 'unshare')
+              and -e "$options->{root}/usr/bin/qemu-$options->{qemu}-static") {
             unlink "$options->{root}/usr/bin/qemu-$options->{qemu}-static"
               or error
               "cannot unlink /usr/bin/qemu-$options->{qemu}-static: $!";
@@ -3915,19 +3951,25 @@ sub get_sourceslist_by_suite {
         # the security mirror changes, starting with bullseye
         # https://lists.debian.org/87r26wqr2a.fsf@43-1.org
         my $bullseye_or_later = 0;
-        my $distro_info       = '/usr/share/distro-info/debian.csv';
+        if (
+            any { $_ eq $suite }
+            ('stable', 'bullseye', 'bookworm', 'trixie')
+        ) {
+            $bullseye_or_later = 1;
+        }
+        my $distro_info = '/usr/share/distro-info/debian.csv';
         # make $@ local, so we don't print "Can't locate Debian/DistroInfo.pm"
         # in other parts where we evaluate $@
         local $@ = '';
         eval { require Debian::DistroInfo; };
         if (!$@) {
-            # libdistro-info-perl is installed
+            debug "libdistro-info-perl is installed";
             my $debinfo = DebianDistroInfo->new();
             if ($debinfo->version($suite, 0) >= 11) {
                 $bullseye_or_later = 1;
             }
         } elsif (-f $distro_info) {
-            # distro-info-data is installed
+            debug "distro-info-data is installed";
             open my $fh, '<', $distro_info
               or error "cannot open $distro_info: $!";
             my $i = 0;
@@ -3974,13 +4016,7 @@ sub get_sourceslist_by_suite {
                 $bullseye_or_later = 1;
             }
         } else {
-            # neither libdistro-info-perl nor distro-info-data is installed
+            debug "neither libdistro-info-perl nor distro-info-data installed";
-            if (
-                any { $_ eq $suite }
-                ('stable', 'bullseye', 'bookworm', 'trixie')
-            ) {
-                $bullseye_or_later = 1;
-            }
         }
         if ($bullseye_or_later) {
             # starting from bullseye use
@@ -4314,7 +4350,11 @@ sub main() {
         error "invalid format. Choose from " . (join ', ', @valid_formats);
     }
 
-    if (!defined $ENV{PATH} || $ENV{PATH} eq "") {
+    # setting PATH for chroot, ldconfig, start-stop-daemon...
+    if (length $ENV{PATH}) {
+        ## no critic (Variables::RequireLocalizedPunctuationVars)
+        $ENV{PATH} = "$ENV{PATH}:/usr/sbin:/usr/bin:/sbin:/bin";
+    } else {
         ## no critic (Variables::RequireLocalizedPunctuationVars)
         $ENV{PATH} = "/usr/sbin:/usr/bin:/sbin:/bin";
     }
@@ -4374,8 +4414,8 @@ sub main() {
             and $content =~ /^apt ([0-9]+\.[0-9]+\.[0-9]+) \([a-z0-9-]+\)$/m) {
             $aptversion = version->new($1);
         }
-        if ($aptversion < "2.3.10") {
+        if ($aptversion < "2.3.14") {
-            error "need apt >= 2.3.10 but have $aptversion";
+            error "need apt >= 2.3.14 but have $aptversion";
         }
     }
 
@@ -5723,7 +5763,12 @@ sub main() {
         if ($@) {
             # we cannot die here because that would leave the other thread
             # running without a parent
+            # We send SIGHUP to all our processes (including eventually
+            # running tar and this process itself) to reliably tear down
+            # all running child processes. The main process is not affected
+            # because we are ignoring SIGHUP.
             warning "creating tarball failed: $@";
+            kill HUP => -getpgrp();
             $exitstatus = 1;
         }
     } else {
@@ -5804,9 +5849,11 @@ sub main() {
     if ($exitstatus == 0) {
         my $duration = Time::HiRes::time - $before;
         info "success in " . (sprintf "%.04f", $duration) . " seconds";
+        exit 0;
     }
 
-    exit $exitstatus;
+    error "mmdebstrap failed to run";
+    return 1;
 }
 
 main();
@@ -6546,7 +6593,9 @@ chroot as I<fileinside>. In contrast to B<copy-in>, this command only
 handles files and not directories. To copy a directory recursively into the
 chroot, use B<copy-in> or B<tar-in>. Its advantage is, that by being able to
 specify the full path on the inside, including the filename, the file on the
-inside can have a different name from the file on the outside.
+inside can have a different name from the file on the outside. In contrast to
+B<copy-in> and B<tar-in>, permission and ownership information will not be
+retained.
 
 =back