Re: [PATCH v11 2/8] meta: Add mmdebstrap recipe

[Anton Mikanovich <amikan@ilbers.de>]

07/11/2024 08:24, MOESSBAUER, Felix wrote:
> On Wed, 2024-11-06 at 10:21 +0200, Anton Mikanovich wrote:
>> +
>> +    deb_dl_dir_import "${ROOTFSDIR}" "${BOOTSTRAP_BASE_DISTRO}-
>> ${BASE_DISTRO_CODENAME}"
>> +    sudo rm -rf --one-file-system "${ROOTFSDIR}"
>> +    mkdir -p "${ROOTFSDIR}"
>> +
>> +    arch_param="--arch=${BOOTSTRAP_DISTRO_ARCH},${DISTRO_ARCH}"
>> +
>> +    sudo TMPDIR="${BOOTSTRAP_TMPDIR}" mmdebstrap $bootstrap_args \
> Hi, why does this need to run as root? mmdebstrap with the unshare
> backend can also run unprivileged.
Removing sudo here will be the next step (addressed in other patchset after
merging mmdebstrap) because this requires few more changes to make it work
(like removing sudo from deb_dl_dir_import/export). There is also uidmap
package missing in the latest kas container for this step.
>> +                   $arch_param \
>> +                   --mode=unshare \
>> +                   ${@get_distro_components_argument(d)} \
>> +                   "${@get_distro_suite(d)}" \
>> +                   "${WORKDIR}/rootfs.tar.zst" \
>> +                   "${@get_distro_source(d)}"
> The apt options are missing. This is especially relevant when running
> against the snapshot mirrors. In debootstrap this was not possible, but
> as mmdepstrap uses the host apt, options can be passed (with --aptopt
> <file>).
>
> Felix

Thanks for pointing on it, but I would like to keep the same 
functionality like
debootstrap implementation had in this first splitting patchset, so will 
keep
it for the separate patch.

>> +
>> +    sudo -E -s <<'EOSUDO'
>> +        set -e
>> +
>> +        tar -xf "${WORKDIR}/rootfs.tar.zst" -C "${ROOTFSDIR}" --
>> exclude="./dev/console"
>> +
>> +        # Install apt config
>> +        mkdir -p "${ROOTFSDIR}/etc/apt/preferences.d"
>> +        install -v -m644 "${APTPREFS}" \
>> +
>> "${ROOTFSDIR}/etc/apt/preferences.d/bootstrap"
>> +        mkdir -p "${ROOTFSDIR}/etc/apt/sources.list.d"
>> +        if [ "${ISAR_USE_CACHED_BASE_REPO}" = "1" ]; then
>> +            line="file:///base-
>> apt/${BOOTSTRAP_BASE_DISTRO} ${BASE_DISTRO_CODENAME} main"
>> +            if [ -z "${BASE_REPO_KEY}" ]; then
>> +                line="[trusted=yes] ${line}"
>> +            fi
>> +            echo "deb ${line}" >
>> "${ROOTFSDIR}/etc/apt/sources.list.d/base-apt.list"
>> +            line="file:///base-
>> apt/${BASE_DISTRO} ${BASE_DISTRO_CODENAME} main"
>> +            if [ -z "${BASE_REPO_KEY}" ]; then
>> +                line="[trusted=yes] ${line}"
>> +            fi
>> +            echo "deb-src ${line}" >>
>> "${ROOTFSDIR}/etc/apt/sources.list.d/base-apt.list"
>> +
>> +            mkdir -p ${ROOTFSDIR}/base-apt
>> +            mount -o bind,private ${REPO_BASE_DIR}
>> ${ROOTFSDIR}/base-apt
>> +        else
>> +            install -v -m644 "${APTSRCS}" \
>> +
>> "${ROOTFSDIR}/etc/apt/sources.list.d/bootstrap.list"
>> +        fi
>> +        install -v -m644 "${APTSRCS_INIT}"
>> "${ROOTFSDIR}/etc/apt/sources-list"
>> +        rm -f "${ROOTFSDIR}/etc/apt/sources.list"
>> +        rm -rf "${ROOTFSDIR}/var/lib/apt/lists/"*
>> +        find ${APT_KEYS_DIR}/ -type f | while read keyfile
>> +        do
>> +            MY_GPGHOME="$(chroot "${ROOTFSDIR}" mktemp -d
>> /tmp/gpghomeXXXXXXXXXX)"
>> +            echo "Created temporary directory ${MY_GPGHOME} for gpg-
>> agent"
>> +            export GNUPGHOME="${MY_GPGHOME}"
>> +            APT_KEY_APPEND="--homedir ${MY_GPGHOME}"
>> +
>> +            kfn="$(basename $keyfile)"
>> +            cp $keyfile "${ROOTFSDIR}/tmp/$kfn"
>> +            chroot "${ROOTFSDIR}" /usr/bin/gpg-agent --daemon --
>> /usr/bin/apt-key \
>> +                --keyring ${THIRD_PARTY_APT_KEYRING}
>> ${APT_KEY_APPEND} add "/tmp/$kfn"
>> +            rm "${ROOTFSDIR}/tmp/$kfn"
>> +
>> +            echo "Removing ${MY_GPGHOME}"
>> +            rm -rf "${ROOTFSDIR}${MY_GPGHOME}"
>> +        done
>> +
>> +        # Set locale
>> +        install -v -m644 "${WORKDIR}/locale"
>> "${ROOTFSDIR}/etc/locale"
>> +
>> +        sed -i '/en_US.UTF-8 UTF-8/s/^#//g'
>> "${ROOTFSDIR}/etc/locale.gen"
>> +        chroot "${ROOTFSDIR}" /usr/sbin/locale-gen
>> +
>> +        # update APT
>> +        mount -o bind,private /dev ${ROOTFSDIR}/dev
>> +        mount -o bind,private /dev/pts ${ROOTFSDIR}/dev/pts
>> +        mount -t tmpfs none "${ROOTFSDIR}/dev/shm"
>> +        mount -t proc none ${ROOTFSDIR}/proc
>> +        mount -o bind,private /sys ${ROOTFSDIR}/sys
>> +        mount --make-rslave ${ROOTFSDIR}/sys
>> +
>> +        export DEBIAN_FRONTEND=noninteractive
>> +
>> +        if [ "${BOOTSTRAP_FOR_HOST}" = "1" ]; then
>> +            chroot "${ROOTFSDIR}" /usr/bin/dpkg --add-architecture
>> ${DISTRO_ARCH}
>> +        fi
>> +
>> +        if [ "${ISAR_ENABLE_COMPAT_ARCH}" = "1" ]; then
>> +            chroot "${ROOTFSDIR}" /usr/bin/dpkg --add-architecture
>> ${COMPAT_DISTRO_ARCH}
>> +        fi
>> +
>> +        chroot "${ROOTFSDIR}" /usr/bin/apt-get update -y \
>> +                                -o APT::Update::Error-Mode=any
>> +
>> +        chroot "${ROOTFSDIR}" /usr/bin/apt-get install -y dpkg
>> +
>> +        # setup chroot
>> +        install -v -m755 "${WORKDIR}/chroot-setup.sh"
>> "${ROOTFSDIR}/chroot-setup.sh"
>> +        "${ROOTFSDIR}/chroot-setup.sh" "setup" "${ROOTFSDIR}"
>> +
>> +        chroot "${ROOTFSDIR}" /usr/bin/apt-get install -y -f
>> +        chroot "${ROOTFSDIR}" /usr/bin/apt-get dist-upgrade -y \
>> +                                -o Debug::pkgProblemResolver=yes
>> +
>> +        umount "${ROOTFSDIR}/dev/shm"
>> +        umount "${ROOTFSDIR}/dev/pts"
>> +        umount "${ROOTFSDIR}/dev"
>> +        umount "${ROOTFSDIR}/proc"
>> +        umount "${ROOTFSDIR}/sys"
>> +        if mountpoint -q "${ROOTFSDIR}/base-apt"; then
>> +            umount "${ROOTFSDIR}/base-apt"
>> +        fi
>> +
>> +        # Finalize bootstrap by setting the link in deploy
>> +        ln -Tfsr "${ROOTFSDIR}" "${DEPLOY_ISAR_BOOTSTRAP}"
>> +EOSUDO
>> +    deb_dl_dir_export "${ROOTFSDIR}" "${BOOTSTRAP_BASE_DISTRO}-
>> ${BASE_DISTRO_CODENAME}"
>> +
>> +    # Cleanup apt cache
>> +    sudo -Es chroot "${ROOTFSDIR}" /usr/bin/apt-get -y clean
>> +}
>> +addtask bootstrap before do_build after do_generate_keyrings
>> +
>> +SSTATETASKS += "do_bootstrap"
>> +SSTATECREATEFUNCS += "bootstrap_sstate_prepare"
>> +SSTATEPOSTINSTFUNCS += "bootstrap_sstate_finalize"
>> +
>> +bootstrap_sstate_prepare() {
>> +    # this runs in SSTATE_BUILDDIR, which will be deleted
>> automatically
>> +    sudo cp -a "$(dirname "${ROOTFSDIR}")/rootfs.tar.zst"
>> ./bootstrap.tar.zst
>> +    sudo chown $(id -u):$(id -g) bootstrap.tar.zst
>> +}
>> +
>> +bootstrap_sstate_finalize() {
>> +    # this runs in SSTATE_INSTDIR
>> +    # we should restore symlinks after using tar
>> +    if [ -f bootstrap.tar.zst ]; then
>> +        mv bootstrap.tar.zst "$(dirname
>> "${ROOTFSDIR}")/rootfs.tar.zst"
>> +        sudo ln -Tfsr "$(dirname "${ROOTFSDIR}")/rootfs.tar.zst" \
>> +                      "${DEPLOY_ISAR_BOOTSTRAP}.tar.zst"
>> +    fi
>> +}
>> +
>> +python do_bootstrap_setscene() {
>> +    sstate_setscene(d)
>> +}
>> +
>> +addtask do_bootstrap_setscene
>> +do_bootstrap_setscene[dirs] = "${DEPLOY_DIR_BOOTSTRAP}"
>> -- 
>> 2.34.1
>>

-- 
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/e2853ca1-9cf9-49d5-8230-eb4d53118f3b%40ilbers.de.