@ -23,7 +23,7 @@
use strict;
use strict;
use warnings;
use warnings;
our $VERSION = '0.8.3 ';
our $VERSION = '0.8.4 ';
use English;
use English;
use Getopt::Long;
use Getopt::Long;
@ -2722,13 +2722,18 @@ sub run_install() {
any { $_ eq $options->{variant} }
any { $_ eq $options->{variant} }
('required', 'important', 'standard', 'buildd')
('required', 'important', 'standard', 'buildd')
) {
) {
# Many of the priority:required packages are also essential:yes. We
# make sure not to select those here to avoid useless "xxx is already
# the newest version" messages.
my $priority;
my $priority;
if (any { $_ eq $options->{variant} } ('required', 'buildd')) {
if (any { $_ eq $options->{variant} } ('required', 'buildd')) {
$priority = '?priority(required)';
$priority = '?and(? priority(required),?not(?essential) )';
} elsif ($options->{variant} eq 'important') {
} elsif ($options->{variant} eq 'important') {
$priority = '?or(?priority(required),?priority(important))';
$priority = '?and(?or(?priority(required),?priority(important)),'
. '?not(?essential))';
} elsif ($options->{variant} eq 'standard') {
} elsif ($options->{variant} eq 'standard') {
$priority = '?or(~prequired,~pimportant,~pstandard)';
$priority = '?and(?or(~prequired,~pimportant,~pstandard),'
. '?not(?essential))';
}
}
$pkgs_to_install{
$pkgs_to_install{
"?narrow("
"?narrow("
@ -2780,6 +2785,9 @@ sub run_install() {
#
#
# - we can make use of file:// and copy://
# - we can make use of file:// and copy://
#
#
# - we can use EDSP solvers without installing apt-utils or other
# solvers inside the chroot
#
# The DPkg::Install::Recursive::force=true workaround can be
# The DPkg::Install::Recursive::force=true workaround can be
# dropped after this issue is fixed:
# dropped after this issue is fixed:
# https://salsa.debian.org/apt-team/apt/-/merge_requests/189
# https://salsa.debian.org/apt-team/apt/-/merge_requests/189
@ -2915,7 +2923,8 @@ sub run_cleanup() {
foreach my $fname (
foreach my $fname (
'/var/log/dpkg.log', '/var/log/apt/history.log',
'/var/log/dpkg.log', '/var/log/apt/history.log',
'/var/log/apt/term.log', '/var/log/alternatives.log',
'/var/log/apt/term.log', '/var/log/alternatives.log',
'/var/cache/ldconfig/aux-cache', '/var/log/apt/eipp.log.xz'
'/var/cache/ldconfig/aux-cache', '/var/log/apt/eipp.log.xz',
'/var/lib/dbus/machine-id'
) {
) {
my $path = "$options->{root}$fname";
my $path = "$options->{root}$fname";
if (!-e $path) {
if (!-e $path) {
@ -6288,11 +6297,7 @@ needs to be able to mount and thus requires C<SYS_CAP_ADMIN>.
This mode uses Linux user namespaces to allow unprivileged use of chroot and
This mode uses Linux user namespaces to allow unprivileged use of chroot and
creation of files that appear to be owned by the superuser inside the unshared
creation of files that appear to be owned by the superuser inside the unshared
namespace. A tarball created in this mode should be bit-by-bit identical to a
namespace. A tarball created in this mode should be bit-by-bit identical to a
tarball created with the B<root> mode. In Debian, this mode requires the sysctl
tarball created with the B<root> mode.
C<kernel.unprivileged_userns_clone> being set to C<1>. The default used to be
C<0> but was changed to C<1> with linux 5.10.1 or Debian 11 (Bullseye).
B<SETTING THIS OPTION TO 1 HAS SECURITY IMPLICATIONS>. Refer to
L<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898446>
A directory chroot created with this mode will end up with wrong ownership
A directory chroot created with this mode will end up with wrong ownership
information. For correct ownership information, the directory must be accessed
information. For correct ownership information, the directory must be accessed
@ -6716,7 +6721,7 @@ Performs cleanup tasks, unless B<--skip=cleanup> is used:
=item * Remove all files that were put into the chroot for setup purposes, like F</etc/apt/apt.conf.d/00mmdebstrap>, the temporary apt config and the qemu-user-static binary. This can be disabled using B<--skip=cleanup/mmdebstrap>.
=item * Remove all files that were put into the chroot for setup purposes, like F</etc/apt/apt.conf.d/00mmdebstrap>, the temporary apt config and the qemu-user-static binary. This can be disabled using B<--skip=cleanup/mmdebstrap>.
=item * Remove all files that make the result unreproducible, like apt and dpkg logs and caches or F</etc/machine-id>. This can be disabled using B<--skip=cleanup/reproducible>
=item * Remove all files that make the result unreproducible, like apt and dpkg logs and caches or F</etc/machine-id> and F</var/lib/dbus/machine-id> . This can be disabled using B<--skip=cleanup/reproducible>
=item * Remove everything in F</tmp> inside the chroot. This can be disabled using B<--skip=cleanup/tmp>.
=item * Remove everything in F</tmp> inside the chroot. This can be disabled using B<--skip=cleanup/tmp>.
@ -6812,12 +6817,14 @@ Create a bootable USB Stick that boots into a full Debian desktop:
END
END
# You can use $(sudo blockdev --getsize64 /dev/sdXXX) to get the right
# You can use $(sudo blockdev --getsize64 /dev/sdXXX) to get the right
# image size for the target medium in bytes
# image size for the target medium in bytes
$ guestfish -N debian-unstable.img=disk:8G -- part-disk /dev/sda mbr : \
$ guestfish -N debian-unstable.img=disk:8G -- \
part-set-bootable /dev/sda 1 true : mkfs ext2 /dev/sda1 : \
part-disk /dev/sda mbr : \
set-label /dev/sda1 rootfs : mount /dev/sda1 / : \
part-set-bootable /dev/sda 1 true : \
set-label /dev/sda1 rootfs : \
mkfs ext4 /dev/sda1 : mount /dev/sda1 / : \
tar-in debian-unstable.tar / xattrs:true : \
tar-in debian-unstable.tar / xattrs:true : \
upload /usr/lib/SYSLINUX/mbr.bin /mbr.bin : \
upload /usr/lib/EXTLINUX/mbr.bin /boot /mbr.bin : \
copy-file-to-device /mbr.bin /dev/sda size:440 : rm /mbr.bin : \
copy-file-to-device /boot/ mbr.bin /dev/sda size:440 : \
extlinux / : copy-in extlinux.conf / : sync : umount / : shutdown
extlinux / : copy-in extlinux.conf / : sync : umount / : shutdown
$ qemu-system-x86_64 -m 1G -enable-kvm debian-unstable.img
$ qemu-system-x86_64 -m 1G -enable-kvm debian-unstable.img
$ sudo dd if=debian-unstable.img of=/dev/sdXXX status=progress
$ sudo dd if=debian-unstable.img of=/dev/sdXXX status=progress
@ -6852,10 +6859,11 @@ Use as replacement for autopkgtest-build-qemu and vmdb2:
$ guestfish -N debian-unstable.img=disk:8G -- \
$ guestfish -N debian-unstable.img=disk:8G -- \
part-disk /dev/sda mbr : \
part-disk /dev/sda mbr : \
part-set-bootable /dev/sda 1 true : \
part-set-bootable /dev/sda 1 true : \
mkfs ext2 /dev/sda1 : mount /dev/sda1 / : \
mkfs ext4 /dev/sda1 : mount /dev/sda1 / : \
tar-in debian-unstable.tar / xattrs:true : \
tar-in debian-unstable.tar / xattrs:true : \
extlinux / : copy-in extlinux.conf / : \
upload /usr/lib/EXTLINUX/mbr.bin /boot/mbr.bin : \
sync : umount / : shutdown
copy-file-to-device /boot/mbr.bin /dev/sda size:440 : \
extlinux / : copy-in extlinux.conf / : sync : umount / : shutdown
$ qemu-img convert -O qcow2 debian-unstable.img debian-unstable.qcow2
$ qemu-img convert -O qcow2 debian-unstable.img debian-unstable.qcow2
As a debootstrap wrapper to run it without superuser privileges but using Linux
As a debootstrap wrapper to run it without superuser privileges but using Linux