| Commit message (Collapse) | Author | Files | Lines |
|
This fixes debootstrap on Fedora host, with unified /usr and PATH
lacking /bin and /sbin.
|
|
|
|
|
|
It is not mandatory in POSIX and tus not implemented by posh. Use the
in_path function instead which is taylored for this need.
|
|
The preliminary fix in 1.0.67 wasn't sufficient, and was extended in
1.0.72 in a different manner. Let's standardize all for loops.
|
|
In a plain chroot or on real hardware, it is preferable to use mknod
to create /dev/ptmx. This works as intended with older chroot managers
such as sbuild and pbuilder, which were designed for the semantics of
"legacy" /dev/pts (a single non-virtualized pty subsystem per kernel)
and so mount /dev/pts without the newinstance option. It also works
in newer kernels where /dev/pts always behaves as though the
newinstance option was given, because on those kernels, opening a
(c,5,2) device node automatically looks for an adjacent pts directory
and uses its ptmx device node instead.
However, if we are running debootstrap inside a restricted container
such as lxc or systemd-nspawn, mknod ptmx c 5 2 might not be allowed.
If so, fall back to a symlink with a warning. This mode is fine if
the debootstrap will be used with systemd-nspawn or lxc, or if a
devtmpfs will be mounted over its /dev, but will not work for older
chroot managers like sbuild or pbuilder, because those chroot
managers leave the ptmxmode mount option at its default 000, causing
permission to open the pts/ptmx device node to be denied.
Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817236
Signed-off-by: Simon McVittie <smcv@debian.org>
|
|
|
|
The initial tr|sed|tr looked nice on paper but doesn't work within a d-i
context, so let's switch to a shell-only implementation supplied by
Ansgar Burchardt.
|
|
- make a separate split_inline_sig function
- move downloading all three files to download_release_sig
- don't check InRelease signature if signature checking is disabled
Thanks to Ansgar Burchardt for the suggestions.
Signed-off-by: Julien Cristau <jcristau@debian.org>
|
|
Thanks, David Schneider!
|
|
Split up detached signature from signed data, in effect re-creating a
Release and Release.gpg pair that we can verify with gpgv.
|
|
In old releases, notably in Debian 6 (Squeeze), multiple packages ship
the same files using diversions (e.g. bash/dash). As debootstrap
naively extracts packages without implementing diversions itself, it
relies on tar replacing the files without an error.
Ideally we could use `tar --keep-directory-symlink`, but this is
likely not portable enough. So continue to use `tar -k`, but only for
future releases. Note that this requires no file conflicts among
packages debootstrap installs (which is a good idea anyway as they
might be extracted in the wrong order).
Bug: https://bugs.debian.org/838388
|
|
Bug: https://bugs.debian.org/837649
|
|
When installing with a merged /usr, the symlinks in / should not be
replaced with real directories when extracting the packages.
|
|
|
|
Bug: https://bugs.debian.org/837075
|
|
Since bug #571136 was fixed the --second-stage doesn't even use the
devices tarball so we can remove all its related cruft. The README has
been updated to show when real root access is required and give an
example of a foreign debootstrap which works with fakeroot.
|
|
Also firmlink proc there.
Thanks Gabriele Giacone for all the investigation!
|
|
(setup_devices now only deals with static device nodes) and move the calls
to setup_devices from the beginning of the second stage to the end of the
first stage. setup_dynamic_devices mounts the appropriate filesystems
which provide dynamic device nodes for the architectures which need one
in debootstrap (kfreebsd and hurd). This fixes a bug in --second-stage
introduced in 1.0.34 and exposed by the devices-related changes of 1.0.76:
the second stage debootstrap runs "dpkg --print-architecture >/dev/null" at
the very beginning of the program when /dev is still empty, so it creates an
empty regular file in place of /dev/null and this will cause mknod to fail
later. (Closes: #813232)
|
|
Use -m instead - fixes the broken fix for #812811. Closes: #813124.
Uploading with urgency high to get this fix propagated quickly - it's
breaking d-i installs right now.
|
|
|
|
Thanks to Marco d'Itri.
|
|
It is similar to the existing debpaths.
Signed-off-by: Cyril Brulebois <cyril@debamax.com>
|
|
#757819, LP: #1450980).
|
|
|
|
Schauder!
|
|
With this option, one can programmatically make sure keyring checks are
used and that no fallback to an https mirror happens.
|
|
#768445, #785276).
Do so to avoid issues while counting downloaded packages. The failure
path could lead to printing some strange integer.
This was reported to mostly happen whenever --no-resolve-deps is used.
|
|
#773867).
Update setup_apt_sources to look at USE_COMPONENTS if COMPONENTS is
empty, so that some iteration over defined components happens.
|
|
with epochs.
|
|
error output in dpkg 1.17.2.
|
|
These are currently not accepted by the Debian archive, but are
supported since dpkg 1.17.6, and they do not incur any additional
dependency from the host system. This is mostly for completeness'
sake, as Debian base packages with uncompressed or xz control.tar
members are probably not going to be used at all.
|
|
These are currently not accepted by the Debian archive, but have been
supported since dpkg 1.10.24, and they do not incur any additional
dependency from the host system. This is mostly for completeness' sake,
as Debian base packages with uncompressed data.tar members are probably
not going to be used at all.
|
|
with GNU wget outputting the local file name (which may contain "%" due to URL-encoding) after it finishes the download (LP: #1172101).
|
|
When a https url is used, fall back to the default mirror for sources.list.
|
|
When deboostrapping Debian, and the debian-archive-keyring is not
available, switch the default mirror to a https url. This way at least the
CA level of security is available even for users who have no way to check
gpg keys in the WoT. The https mirror is currently
https://mirrors.kernel.org/debian.
When the keyring is available, the default mirror remains non-https,
for several reasons:
a) to avoid overloading mirrors.kernel.org
b) because http.us.debian.org lacks https support
c) because mirrors.kernel.org is not currently in the
http.us.debian.org rotation
d) because mirrors.kernel.org lacks IPv6 support
|
|
them (closes: #702861, #703037, #704744).
|
|
Closes: #697675
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
|
|
Suggested by Ansgar Burchardt.
|
|
gpgv won't give us back the signed data, and full gpg is not available
inside d-i (closes: #703889).
|
|
where InRelease is used. This longstanding bug was masked by former
APT behaviour and was revealed only with recent APT versions
Closes: #703146
Thanks to Michael Vogt for the analysis and patch
|
|
which is only if /bin/sh does not exist
|
|
the latter not being available in d-i.
|
|
|
|
|
|
message. For now, debootstrap can cope fine without, and it's possible there are Debian mirrors that don't have InRelease; Ubuntu doesn't quite have InRelease support yet either (LP: #1017398).
|
|
|
|
|
|
When installation or configuration of a package fails, output a message
that points the user to the log file[1]. Attempt to grep out the first
package that dpkg failed on and show its name too. Closes: #472704
Sample:
W: Failure while configuring base packages. This will be re-attempted up to five times.
W: See sid/debootstrap.log for details (possibly the package libept1 is at fault)
This relies on the LANG=C currently set for the debootstrap run.
Changes to the "dpkg: error processing $PACKAGE" message would break
the package name extractor, but it'd fall back to not showing a
package name.
This adds cut to the set of utilities debootstrap uses, which shouldn't
be a problem.
[1] In d-i, debootstrap doesn't know where the log file is, but then
this message goes to the same syslog file, so I didn't add any special
handling for this case.
|
|
|