| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
- make a separate split_inline_sig function
- move downloading all three files to download_release_sig
- don't check InRelease signature if signature checking is disabled
Thanks to Ansgar Burchardt for the suggestions.
Signed-off-by: Julien Cristau <jcristau@debian.org>
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In old releases, notably in Debian 6 (Squeeze), multiple packages ship
the same files using diversions (e.g. bash/dash). As debootstrap
naively extracts packages without implementing diversions itself, it
relies on tar replacing the files without an error.
Ideally we could use `tar --keep-directory-symlink`, but this is
likely not portable enough. So continue to use `tar -k`, but only for
future releases. Note that this requires no file conflicts among
packages debootstrap installs (which is a good idea anyway as they
might be extracted in the wrong order).
Bug: https://bugs.debian.org/838388
|
| |
| |
| |
| | |
Thanks, David Schneider!
|
|/
|
|
|
| |
Split up detached signature from signed data, in effect re-creating a
Release and Release.gpg pair that we can verify with gpgv.
|
|
|
|
| |
Bug: https://bugs.debian.org/837649
|
|
|
|
|
| |
When installing with a merged /usr, the symlinks in / should not be
replaced with real directories when extracting the packages.
|
| |
|
|
|
|
| |
Bug: https://bugs.debian.org/837075
|
|
|
|
|
|
|
| |
Since bug #571136 was fixed the --second-stage doesn't even use the
devices tarball so we can remove all its related cruft. The README has
been updated to show when real root access is required and give an
example of a foreign debootstrap which works with fakeroot.
|
|
|
|
|
| |
Also firmlink proc there.
Thanks Gabriele Giacone for all the investigation!
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(setup_devices now only deals with static device nodes) and move the calls
to setup_devices from the beginning of the second stage to the end of the
first stage. setup_dynamic_devices mounts the appropriate filesystems
which provide dynamic device nodes for the architectures which need one
in debootstrap (kfreebsd and hurd). This fixes a bug in --second-stage
introduced in 1.0.34 and exposed by the devices-related changes of 1.0.76:
the second stage debootstrap runs "dpkg --print-architecture >/dev/null" at
the very beginning of the program when /dev is still empty, so it creates an
empty regular file in place of /dev/null and this will cause mknod to fail
later. (Closes: #813232)
|
|
|
|
|
|
|
| |
Use -m instead - fixes the broken fix for #812811. Closes: #813124.
Uploading with urgency high to get this fix propagated quickly - it's
breaking d-i installs right now.
|
| |
|
|
|
|
| |
Thanks to Marco d'Itri.
|
|
|
|
|
|
| |
It is similar to the existing debpaths.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
|
|
|
|
| |
#757819, LP: #1450980).
|
| |
|
|
|
|
| |
Schauder!
|
|
|
|
|
| |
With this option, one can programmatically make sure keyring checks are
used and that no fallback to an https mirror happens.
|
|
|
|
|
|
|
|
|
| |
#768445, #785276).
Do so to avoid issues while counting downloaded packages. The failure
path could lead to printing some strange integer.
This was reported to mostly happen whenever --no-resolve-deps is used.
|
|
|
|
|
|
|
| |
#773867).
Update setup_apt_sources to look at USE_COMPONENTS if COMPONENTS is
empty, so that some iteration over defined components happens.
|
|
|
|
| |
with epochs.
|
|
|
|
| |
error output in dpkg 1.17.2.
|
|
|
|
|
|
|
|
| |
These are currently not accepted by the Debian archive, but are
supported since dpkg 1.17.6, and they do not incur any additional
dependency from the host system. This is mostly for completeness'
sake, as Debian base packages with uncompressed or xz control.tar
members are probably not going to be used at all.
|
|
|
|
|
|
|
|
| |
These are currently not accepted by the Debian archive, but have been
supported since dpkg 1.10.24, and they do not incur any additional
dependency from the host system. This is mostly for completeness' sake,
as Debian base packages with uncompressed data.tar members are probably
not going to be used at all.
|
|
|
|
| |
with GNU wget outputting the local file name (which may contain "%" due to URL-encoding) after it finishes the download (LP: #1172101).
|
|
|
|
| |
When a https url is used, fall back to the default mirror for sources.list.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When deboostrapping Debian, and the debian-archive-keyring is not
available, switch the default mirror to a https url. This way at least the
CA level of security is available even for users who have no way to check
gpg keys in the WoT. The https mirror is currently
https://mirrors.kernel.org/debian.
When the keyring is available, the default mirror remains non-https,
for several reasons:
a) to avoid overloading mirrors.kernel.org
b) because http.us.debian.org lacks https support
c) because mirrors.kernel.org is not currently in the
http.us.debian.org rotation
d) because mirrors.kernel.org lacks IPv6 support
|
|
|
|
| |
them (closes: #702861, #703037, #704744).
|
|
|
|
|
|
| |
Closes: #697675
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
|
|
|
|
| |
Suggested by Ansgar Burchardt.
|
|
|
|
|
| |
gpgv won't give us back the signed data, and full gpg is not available
inside d-i (closes: #703889).
|
|
|
|
|
|
|
| |
where InRelease is used. This longstanding bug was masked by former
APT behaviour and was revealed only with recent APT versions
Closes: #703146
Thanks to Michael Vogt for the analysis and patch
|
|
|
|
| |
which is only if /bin/sh does not exist
|
|
|
|
| |
the latter not being available in d-i.
|
| |
|
| |
|
|
|
|
| |
message. For now, debootstrap can cope fine without, and it's possible there are Debian mirrors that don't have InRelease; Ubuntu doesn't quite have InRelease support yet either (LP: #1017398).
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When installation or configuration of a package fails, output a message
that points the user to the log file[1]. Attempt to grep out the first
package that dpkg failed on and show its name too. Closes: #472704
Sample:
W: Failure while configuring base packages. This will be re-attempted up to five times.
W: See sid/debootstrap.log for details (possibly the package libept1 is at fault)
This relies on the LANG=C currently set for the debootstrap run.
Changes to the "dpkg: error processing $PACKAGE" message would break
the package name extractor, but it'd fall back to not showing a
package name.
This adds cut to the set of utilities debootstrap uses, which shouldn't
be a problem.
[1] In d-i, debootstrap doesn't know where the log file is, but then
this message goes to the same syslog file, so I didn't add any special
handling for this case.
|
| |
|
|
|
|
| |
mostly due to Michael Gilbert, rearranged somewhat by me (closes: #618920).
|
|
|
|
| |
name, rather than the first (closes: #649319).
|
|
|
|
| |
which package has been built with bzip today. Closes: #644719
|
|
|
|
|
|
|
| |
umount /path/to/foo fails when run in in /path/to/.
Work around this nasty bug with a chdir /.
Note that TARGET is an absolute path, so chdiring away is safe.
|
|
|
|
|
|
|
|
|
|
|
| |
filesystems.
That fails for reasons that I don't know, but part of this patch avoids
the chroot.
http://www.freebsd.org/cgi/cvsweb.cgi/ports/sysutils/debootstrap/files/patch-functions?rev=1.3;content-type=text%2Fplain
With this patch, deamonkeeper has confirmed a successful debootstrap from a
FreeBSD host.
|
|
|
|
|
|
|
|
|
| |
md5sum and shaNsum.
Based on the patch used for the FreeBSD port of debootstrap:
http://www.freebsd.org/cgi/cvsweb.cgi/ports/sysutils/debootstrap/files/patch-functions?rev=1.3;content-type=text%2Fplain
That entire patch should now be unnecessary.
|
|
|
|
|
|
| |
This is not because of too much haskell programming. It's because using
IFS in shell is always followed by chasing down IFS clobbering portability
bugs in shell, no matter how careful you are.
|