Compare commits

..

No commits in common. "632a9187804858e95b34aca5fe6b162b5aebaf9a" and "5d8943b7396d5e82abc91066788775adb480a58f" have entirely different histories.

4 changed files with 58 additions and 178 deletions

View file

@ -1,10 +1,3 @@
0.8.3 (2022-01-08)
------------------
- allow codenames with apt patterns (requires apt >= 2.3.14)
- don't overwrite existing files in setup code
- don't copy in qemu-user-static binary if it's not needed
0.8.2 (2021-12-14) 0.8.2 (2021-12-14)
------------------ ------------------

View file

@ -127,7 +127,7 @@ if [ ! -e shared/hooks/eatmydata/customize.sh ] || [ hooks/eatmydata/customize.s
fi fi
fi fi
starttime= starttime=
total=182 total=177
skipped=0 skipped=0
runtests=0 runtests=0
i=1 i=1
@ -533,34 +533,6 @@ else
runtests=$((runtests+1)) runtests=$((runtests+1))
fi fi
# make sure that using codenames works https://bugs.debian.org/cgi-bin/1003191
for dist in oldstable stable testing unstable; do
print_header "mode=$defaultmode,variant=apt: test $dist using codename"
cat << END > shared/test.sh
#!/bin/sh
set -eu
export LC_ALL=C.UTF-8
/usr/lib/apt/apt-helper download-file "$mirror/dists/$dist/Release" Release
codename=\$(awk '/^Codename: / { print \$2; }' Release)
rm Release
$CMD --mode=$defaultmode --variant=apt \$codename /tmp/debian-chroot.tar $mirror
if [ "$dist" = "$DEFAULT_DIST" ]; then
tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -
fi
rm /tmp/debian-chroot.tar
END
if [ "$HAVE_QEMU" = "yes" ]; then
./run_qemu.sh
runtests=$((runtests+1))
elif [ "$defaultmode" = "root" ]; then
./run_null.sh SUDO
runtests=$((runtests+1))
else
./run_null.sh
runtests=$((runtests+1))
fi
done
print_header "mode=unshare,variant=apt: fail without /etc/subuid" print_header "mode=unshare,variant=apt: fail without /etc/subuid"
cat << END > shared/test.sh cat << END > shared/test.sh
#!/bin/sh #!/bin/sh
@ -2016,35 +1988,6 @@ else
skipped=$((skipped+1)) skipped=$((skipped+1))
fi fi
print_header "mode=root,variant=apt: test ascii armored keys"
cat << END > shared/test.sh
#!/bin/sh
set -eu
export LC_ALL=C.UTF-8
if [ ! -e /mmdebstrap-testenv ]; then
echo "this test modifies the system and should only be run inside a container" >&2
exit 1
fi
for f in /usr/share/keyrings/*.gpg; do
name=\$(basename "\$f" .gpg)
gpg --enarmor < /usr/share/keyrings/\$name.gpg \
| sed 's/ PGP ARMORED FILE/ PGP PUBLIC KEY BLOCK/;/^Comment: /d' \
> /etc/apt/trusted.gpg.d/\$name.asc
done
rm /etc/apt/trusted.gpg.d/*.gpg
rm /usr/share/keyrings/*.gpg
$CMD --mode=root --variant=apt $DEFAULT_DIST /tmp/debian-chroot.tar $mirror
tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -
rm -r /tmp/debian-chroot.tar
END
if [ "$HAVE_QEMU" = "yes" ]; then
./run_qemu.sh
runtests=$((runtests+1))
else
echo "HAVE_QEMU != yes -- Skipping test..." >&2
skipped=$((skipped+1))
fi
print_header "mode=root,variant=apt: test signed-by with host keys" print_header "mode=root,variant=apt: test signed-by with host keys"
cat << END > shared/test.sh cat << END > shared/test.sh
#!/bin/sh #!/bin/sh

View file

@ -80,9 +80,6 @@ deletecache() {
rm "$dir/debian$i" rm "$dir/debian$i"
done done
rm "$dir/mmdebstrapcache" rm "$dir/mmdebstrapcache"
# remove all symlinks
find "$dir" -type l -delete
# now the rest should only be empty directories # now the rest should only be empty directories
if [ -e "$dir" ]; then if [ -e "$dir" ]; then
find "$dir" -depth -print0 | xargs -0 --no-run-if-empty rmdir find "$dir" -depth -print0 | xargs -0 --no-run-if-empty rmdir
@ -273,14 +270,11 @@ END
curl --location "$mirror/dists/$dist/Release" > "$newmirrordir/dists/$dist/Release" curl --location "$mirror/dists/$dist/Release" > "$newmirrordir/dists/$dist/Release"
curl --location "$mirror/dists/$dist/Release.gpg" > "$newmirrordir/dists/$dist/Release.gpg" curl --location "$mirror/dists/$dist/Release.gpg" > "$newmirrordir/dists/$dist/Release.gpg"
curl --location "$mirror/dists/$dist/main/binary-$nativearch/Packages.xz" > "$newmirrordir/dists/$dist/main/binary-$nativearch/Packages.xz" curl --location "$mirror/dists/$dist/main/binary-$nativearch/Packages.xz" > "$newmirrordir/dists/$dist/main/binary-$nativearch/Packages.xz"
codename=$(awk '/^Codename: / { print $2; }' < "$newmirrordir/dists/$dist/Release")
[ -L "$newmirrordir/dists/$codename" ] || ln -s "$dist" "$newmirrordir/dists/$codename"
case "$dist" in oldstable|stable) case "$dist" in oldstable|stable)
mkdir -p "$newmirrordir/dists/$dist-updates/main/binary-$nativearch/" mkdir -p "$newmirrordir/dists/$dist-updates/main/binary-$nativearch/"
curl --location "$mirror/dists/$dist-updates/Release" > "$newmirrordir/dists/$dist-updates/Release" curl --location "$mirror/dists/$dist-updates/Release" > "$newmirrordir/dists/$dist-updates/Release"
curl --location "$mirror/dists/$dist-updates/Release.gpg" > "$newmirrordir/dists/$dist-updates/Release.gpg" curl --location "$mirror/dists/$dist-updates/Release.gpg" > "$newmirrordir/dists/$dist-updates/Release.gpg"
curl --location "$mirror/dists/$dist-updates/main/binary-$nativearch/Packages.xz" > "$newmirrordir/dists/$dist-updates/main/binary-$nativearch/Packages.xz" curl --location "$mirror/dists/$dist-updates/main/binary-$nativearch/Packages.xz" > "$newmirrordir/dists/$dist-updates/main/binary-$nativearch/Packages.xz"
[ -L "$newmirrordir/dists/$codename-updates" ] || ln -s "$dist-updates" "$newmirrordir/dists/$codename-updates"
;; ;;
esac esac
case "$dist" in case "$dist" in
@ -295,7 +289,6 @@ END
curl --location "$security_mirror/dists/$dist-security/Release" > "$newcachedir/debian-security/dists/$dist-security/Release" curl --location "$security_mirror/dists/$dist-security/Release" > "$newcachedir/debian-security/dists/$dist-security/Release"
curl --location "$security_mirror/dists/$dist-security/Release.gpg" > "$newcachedir/debian-security/dists/$dist-security/Release.gpg" curl --location "$security_mirror/dists/$dist-security/Release.gpg" > "$newcachedir/debian-security/dists/$dist-security/Release.gpg"
curl --location "$security_mirror/dists/$dist-security/main/binary-$nativearch/Packages.xz" > "$newcachedir/debian-security/dists/$dist-security/main/binary-$nativearch/Packages.xz" curl --location "$security_mirror/dists/$dist-security/main/binary-$nativearch/Packages.xz" > "$newcachedir/debian-security/dists/$dist-security/main/binary-$nativearch/Packages.xz"
[ -L "$newcachedir/debian-security/dists/$codename-security" ] || ln -s "$dist-security" "$newcachedir/debian-security/dists/$codename-security"
;; ;;
esac esac

View file

@ -23,7 +23,7 @@
use strict; use strict;
use warnings; use warnings;
our $VERSION = '0.8.3'; our $VERSION = '0.8.2';
use English; use English;
use Getopt::Long; use Getopt::Long;
@ -102,13 +102,7 @@ my @devfiles = (
# 3 -> debug output # 3 -> debug output
my $verbosity_level = 1; my $verbosity_level = 1;
my $is_covering = 0; my $is_covering = !!(eval { Devel::Cover::get_coverage() });
{
# make $@ local, so we don't print "Undefined subroutine called"
# in other parts where we evaluate $@
local $@ = '';
$is_covering = !!(eval { Devel::Cover::get_coverage() });
}
# the reason why Perl::Critic warns about this is, that it suspects that the # the reason why Perl::Critic warns about this is, that it suspects that the
# programmer wants to implement a test whether the terminal is interactive or # programmer wants to implement a test whether the terminal is interactive or
@ -1663,7 +1657,7 @@ sub run_setup() {
# from inside the chroot. # from inside the chroot.
# The config filename is chosen such that any settings in it will be # The config filename is chosen such that any settings in it will be
# overridden by what the user specified with --aptopt. # overridden by what the user specified with --aptopt.
if (!-e "$options->{root}/etc/apt/apt.conf.d/00mmdebstrap") { {
open my $fh, '>', "$options->{root}/etc/apt/apt.conf.d/00mmdebstrap" open my $fh, '>', "$options->{root}/etc/apt/apt.conf.d/00mmdebstrap"
or error "cannot open /etc/apt/apt.conf.d/00mmdebstrap: $!"; or error "cannot open /etc/apt/apt.conf.d/00mmdebstrap: $!";
print $fh "Apt::Install-Recommends false;\n"; print $fh "Apt::Install-Recommends false;\n";
@ -1672,7 +1666,7 @@ sub run_setup() {
} }
# apt-get update requires this # apt-get update requires this
if (!-e "$options->{root}/var/lib/dpkg/status") { {
open my $fh, '>', "$options->{root}/var/lib/dpkg/status" open my $fh, '>', "$options->{root}/var/lib/dpkg/status"
or error "failed to open(): $!"; or error "failed to open(): $!";
close $fh; close $fh;
@ -1684,11 +1678,9 @@ sub run_setup() {
# architecture outside the chroot. # architecture outside the chroot.
chomp(my $hostarch = `dpkg --print-architecture`); chomp(my $hostarch = `dpkg --print-architecture`);
if ( if (
(!-e "$options->{root}/var/lib/dpkg/arch")
and (
scalar @{ $options->{foreignarchs} } > 0 scalar @{ $options->{foreignarchs} } > 0
or ( $options->{mode} eq 'chrootless' or ( $options->{mode} eq 'chrootless'
and $hostarch ne $options->{nativearch})) and $hostarch ne $options->{nativearch})
) { ) {
open my $fh, '>', "$options->{root}/var/lib/dpkg/arch" open my $fh, '>', "$options->{root}/var/lib/dpkg/arch"
or error "cannot open /var/lib/dpkg/arch: $!"; or error "cannot open /var/lib/dpkg/arch: $!";
@ -1699,8 +1691,7 @@ sub run_setup() {
close $fh; close $fh;
} }
if (scalar @{ $options->{aptopts} } > 0 if (scalar @{ $options->{aptopts} } > 0) {
and (!-e "$options->{root}/etc/apt/apt.conf.d/99mmdebstrap")) {
open my $fh, '>', "$options->{root}/etc/apt/apt.conf.d/99mmdebstrap" open my $fh, '>', "$options->{root}/etc/apt/apt.conf.d/99mmdebstrap"
or error "cannot open /etc/apt/apt.conf.d/99mmdebstrap: $!"; or error "cannot open /etc/apt/apt.conf.d/99mmdebstrap: $!";
foreach my $opt (@{ $options->{aptopts} }) { foreach my $opt (@{ $options->{aptopts} }) {
@ -1726,8 +1717,7 @@ sub run_setup() {
} }
} }
if (scalar @{ $options->{dpkgopts} } > 0 if (scalar @{ $options->{dpkgopts} } > 0) {
and (!-e "$options->{root}/etc/dpkg/dpkg.cfg.d/99mmdebstrap")) {
# FIXME: in chrootless mode, dpkg will only read the configuration # FIXME: in chrootless mode, dpkg will only read the configuration
# from the host -- see #808203 # from the host -- see #808203
if ($options->{mode} eq 'chrootless') { if ($options->{mode} eq 'chrootless') {
@ -1757,7 +1747,7 @@ sub run_setup() {
} }
} }
if (!-e "$options->{root}/etc/fstab") { {
open my $fh, '>', "$options->{root}/etc/fstab" open my $fh, '>', "$options->{root}/etc/fstab"
or error "cannot open fstab: $!"; or error "cannot open fstab: $!";
print $fh "# UNCONFIGURED FSTAB FOR BASE SYSTEM\n"; print $fh "# UNCONFIGURED FSTAB FOR BASE SYSTEM\n";
@ -1797,11 +1787,9 @@ sub run_setup() {
$fname .= 'main.sources'; $fname .= 'main.sources';
} }
} }
if (!-e $fname) {
open my $fh, '>', "$fname" or error "cannot open $fname: $!"; open my $fh, '>', "$fname" or error "cannot open $fname: $!";
print $fh $firstentry->{content}; print $fh $firstentry->{content};
close $fh; close $fh;
}
# everything else goes into /etc/apt/sources.list.d/ # everything else goes into /etc/apt/sources.list.d/
for (my $i = 1 ; $i < scalar @{ $options->{sourceslists} } ; $i++) { for (my $i = 1 ; $i < scalar @{ $options->{sourceslists} } ; $i++) {
my $entry = $options->{sourceslists}->[$i]; my $entry = $options->{sourceslists}->[$i];
@ -1828,17 +1816,15 @@ sub run_setup() {
error "invalid type: $entry->{type}"; error "invalid type: $entry->{type}";
} }
} }
if (!-e $fname) {
open my $fh, '>', "$fname" or error "cannot open $fname: $!"; open my $fh, '>', "$fname" or error "cannot open $fname: $!";
print $fh $entry->{content}; print $fh $entry->{content};
close $fh; close $fh;
} }
} }
}
# allow network access from within # allow network access from within
foreach my $file ("/etc/resolv.conf", "/etc/hostname") { foreach my $file ("/etc/resolv.conf", "/etc/hostname") {
if (-e $file && !-e "$options->{root}/$file") { if (-e $file) {
# this will create a new file with 644 permissions and copy # this will create a new file with 644 permissions and copy
# contents only even if $file was a symlink # contents only even if $file was a symlink
copy($file, "$options->{root}/$file") copy($file, "$options->{root}/$file")
@ -1959,6 +1945,15 @@ sub run_setup() {
} }
} }
# setting PATH for chroot, ldconfig, start-stop-daemon...
if (length $ENV{PATH}) {
## no critic (Variables::RequireLocalizedPunctuationVars)
$ENV{PATH} = "$ENV{PATH}:/usr/sbin:/usr/bin:/sbin:/bin";
} else {
## no critic (Variables::RequireLocalizedPunctuationVars)
$ENV{PATH} = "/usr/sbin:/usr/bin:/sbin:/bin";
}
return; return;
} }
@ -2155,10 +2150,7 @@ sub run_download() {
'?narrow(' '?narrow('
. ( . (
length($options->{suite}) length($options->{suite})
? '?or(?archive(^' ? '?archive(' . $options->{suite} . '),'
. $options->{suite}
. '$),?codename(^'
. $options->{suite} . '$)),'
: '' : ''
) )
. '?architecture(' . '?architecture('
@ -2514,27 +2506,6 @@ sub run_prepare {
$ENV{QEMU_LD_PREFIX} = $options->{root}; $ENV{QEMU_LD_PREFIX} = $options->{root};
} }
} elsif (any { $_ eq $options->{mode} } ('root', 'unshare')) { } elsif (any { $_ eq $options->{mode} } ('root', 'unshare')) {
my $require_qemu_static = 1;
# make $@ local, so we don't print an eventual error
# in other parts where we evaluate $@
local $@ = '';
eval {
# Check for the F flag which makes the kernel open the binfmt
# binary at configuration time instead of lazily at startup
# time. If the flag is set, then the qemu-static binary is not
# required inside the chroot.
open my $fh, '<',
"/proc/sys/fs/binfmt_misc/qemu-$options->{qemu}";
while (my $line = <$fh>) {
chomp($line);
if ($line =~ /^flags: [A-Z]*F[A-Z]*$/) {
$require_qemu_static = 0;
last;
}
}
close $fh;
};
if ($require_qemu_static) {
# other modes require a static qemu-user binary # other modes require a static qemu-user binary
my $qemubin = "/usr/bin/qemu-$options->{qemu}-static"; my $qemubin = "/usr/bin/qemu-$options->{qemu}-static";
if (!-e $qemubin) { if (!-e $qemubin) {
@ -2548,7 +2519,6 @@ sub run_prepare {
# fail with EACCES # fail with EACCES
chmod 0755, "$options->{root}/$qemubin" chmod 0755, "$options->{root}/$qemubin"
or error "cannot chmod $qemubin: $!"; or error "cannot chmod $qemubin: $!";
}
} else { } else {
error "unknown mode: $options->{mode}"; error "unknown mode: $options->{mode}";
} }
@ -2734,10 +2704,7 @@ sub run_install() {
"?narrow(" "?narrow("
. ( . (
length($options->{suite}) length($options->{suite})
? '?or(?archive(^' ? '?archive(' . $options->{suite} . '),'
. $options->{suite}
. '$),?codename(^'
. $options->{suite} . '$)),'
: '' : ''
) )
. "?architecture($options->{nativearch})," . "?architecture($options->{nativearch}),"
@ -2897,11 +2864,8 @@ sub run_cleanup() {
or error "failed to unlink $ENV{APT_CONFIG}: $!"; or error "failed to unlink $ENV{APT_CONFIG}: $!";
} }
if (any { $_ eq 'cleanup/mmdebstrap/qemu' } @{ $options->{skip} }) { if (defined $options->{qemu}
info "skipping cleanup/mmdebstrap/qume as requested"; and any { $_ eq $options->{mode} } ('root', 'unshare')) {
} elsif (defined $options->{qemu}
and any { $_ eq $options->{mode} } ('root', 'unshare')
and -e "$options->{root}/usr/bin/qemu-$options->{qemu}-static") {
unlink "$options->{root}/usr/bin/qemu-$options->{qemu}-static" unlink "$options->{root}/usr/bin/qemu-$options->{qemu}-static"
or error or error
"cannot unlink /usr/bin/qemu-$options->{qemu}-static: $!"; "cannot unlink /usr/bin/qemu-$options->{qemu}-static: $!";
@ -3951,25 +3915,19 @@ sub get_sourceslist_by_suite {
# the security mirror changes, starting with bullseye # the security mirror changes, starting with bullseye
# https://lists.debian.org/87r26wqr2a.fsf@43-1.org # https://lists.debian.org/87r26wqr2a.fsf@43-1.org
my $bullseye_or_later = 0; my $bullseye_or_later = 0;
if (
any { $_ eq $suite }
('stable', 'bullseye', 'bookworm', 'trixie')
) {
$bullseye_or_later = 1;
}
my $distro_info = '/usr/share/distro-info/debian.csv'; my $distro_info = '/usr/share/distro-info/debian.csv';
# make $@ local, so we don't print "Can't locate Debian/DistroInfo.pm" # make $@ local, so we don't print "Can't locate Debian/DistroInfo.pm"
# in other parts where we evaluate $@ # in other parts where we evaluate $@
local $@ = ''; local $@ = '';
eval { require Debian::DistroInfo; }; eval { require Debian::DistroInfo; };
if (!$@) { if (!$@) {
debug "libdistro-info-perl is installed"; # libdistro-info-perl is installed
my $debinfo = DebianDistroInfo->new(); my $debinfo = DebianDistroInfo->new();
if ($debinfo->version($suite, 0) >= 11) { if ($debinfo->version($suite, 0) >= 11) {
$bullseye_or_later = 1; $bullseye_or_later = 1;
} }
} elsif (-f $distro_info) { } elsif (-f $distro_info) {
debug "distro-info-data is installed"; # distro-info-data is installed
open my $fh, '<', $distro_info open my $fh, '<', $distro_info
or error "cannot open $distro_info: $!"; or error "cannot open $distro_info: $!";
my $i = 0; my $i = 0;
@ -4016,7 +3974,13 @@ sub get_sourceslist_by_suite {
$bullseye_or_later = 1; $bullseye_or_later = 1;
} }
} else { } else {
debug "neither libdistro-info-perl nor distro-info-data installed"; # neither libdistro-info-perl nor distro-info-data is installed
if (
any { $_ eq $suite }
('stable', 'bullseye', 'bookworm', 'trixie')
) {
$bullseye_or_later = 1;
}
} }
if ($bullseye_or_later) { if ($bullseye_or_later) {
# starting from bullseye use # starting from bullseye use
@ -4350,11 +4314,7 @@ sub main() {
error "invalid format. Choose from " . (join ', ', @valid_formats); error "invalid format. Choose from " . (join ', ', @valid_formats);
} }
# setting PATH for chroot, ldconfig, start-stop-daemon... if (!defined $ENV{PATH} || $ENV{PATH} eq "") {
if (length $ENV{PATH}) {
## no critic (Variables::RequireLocalizedPunctuationVars)
$ENV{PATH} = "$ENV{PATH}:/usr/sbin:/usr/bin:/sbin:/bin";
} else {
## no critic (Variables::RequireLocalizedPunctuationVars) ## no critic (Variables::RequireLocalizedPunctuationVars)
$ENV{PATH} = "/usr/sbin:/usr/bin:/sbin:/bin"; $ENV{PATH} = "/usr/sbin:/usr/bin:/sbin:/bin";
} }
@ -4414,8 +4374,8 @@ sub main() {
and $content =~ /^apt ([0-9]+\.[0-9]+\.[0-9]+) \([a-z0-9-]+\)$/m) { and $content =~ /^apt ([0-9]+\.[0-9]+\.[0-9]+) \([a-z0-9-]+\)$/m) {
$aptversion = version->new($1); $aptversion = version->new($1);
} }
if ($aptversion < "2.3.14") { if ($aptversion < "2.3.10") {
error "need apt >= 2.3.14 but have $aptversion"; error "need apt >= 2.3.10 but have $aptversion";
} }
} }
@ -5763,12 +5723,7 @@ sub main() {
if ($@) { if ($@) {
# we cannot die here because that would leave the other thread # we cannot die here because that would leave the other thread
# running without a parent # running without a parent
# We send SIGHUP to all our processes (including eventually
# running tar and this process itself) to reliably tear down
# all running child processes. The main process is not affected
# because we are ignoring SIGHUP.
warning "creating tarball failed: $@"; warning "creating tarball failed: $@";
kill HUP => -getpgrp();
$exitstatus = 1; $exitstatus = 1;
} }
} else { } else {
@ -5849,11 +5804,9 @@ sub main() {
if ($exitstatus == 0) { if ($exitstatus == 0) {
my $duration = Time::HiRes::time - $before; my $duration = Time::HiRes::time - $before;
info "success in " . (sprintf "%.04f", $duration) . " seconds"; info "success in " . (sprintf "%.04f", $duration) . " seconds";
exit 0;
} }
error "mmdebstrap failed to run"; exit $exitstatus;
return 1;
} }
main(); main();
@ -6593,9 +6546,7 @@ chroot as I<fileinside>. In contrast to B<copy-in>, this command only
handles files and not directories. To copy a directory recursively into the handles files and not directories. To copy a directory recursively into the
chroot, use B<copy-in> or B<tar-in>. Its advantage is, that by being able to chroot, use B<copy-in> or B<tar-in>. Its advantage is, that by being able to
specify the full path on the inside, including the filename, the file on the specify the full path on the inside, including the filename, the file on the
inside can have a different name from the file on the outside. In contrast to inside can have a different name from the file on the outside.
B<copy-in> and B<tar-in>, permission and ownership information will not be
retained.
=back =back