| Age | Commit message (Collapse) | Author |
|---|
|
This is close to what the debian installer sets up.
|
|
Unless passwd is installed, shadow is not enabled. That is, shadow being
enabled is not a boolean. It can be enabled per user and systemd enables
it for its own users, so shadow exists, but may not contain the root
user. Thus the password deletion logic need a bit more fancyness for
covering systems that lack the passwd package.
|
|
While using the --prefix option is great, it's only available in trixie.
Hence, revert back to sed, this time getting the quoting right (by
avoiding backslashes using character sequences) and also apply to all
lines of the file as systemd seems to be adding users to the front.
Reported-by: Vasyl Vavrychuk
Fixes: 984a1155456d ("debvm-create: revert back to passwd for deleting the root password")
Closes: #17
|
|
We should avoid --root as that will chroot and load libraries. The sed
solution somehow didn't work due to a quoting issue. What we can use is
passed --prefix as that avoids loading libraries and explicitly does not
support NIS and LDAP, which we don't need here.
Reported-by: Vasyl Vavrychuk
Thanks: Johannes Schauer Marin Rodrigues <josch@mister-muffin.de>
Fixes: e4ecc7f745c5 ("debvm-create: avoid using passwd --delete")
Closes: #17
|
|
passwd will chroot() into the target tree and then load shared
libraries. This tends to work badly for old releases and for foreign
architectures or combinations thereof. As a result, it sometimes fails
with
Cannot determine your user name.
In practice, it removes a single asterisk from the first line of
/etc/shadow (at least for jessie to trixie). This is something, we can
also do via sed.
Reported-by: Sylvain Beucler <beuc@debian.org>
Fixes: d2d8b9965d39 ("debvm-create: avoid failing when we install no passwd")
|
|
login has become non-essential and autologin simply respawns
indefinitely when login is not installed. We better install it
explicitly and that works on all releases. If we are only interested in
logging in via ssh (and thus --skip=autologin), no login package is
needed.
|
|
The Ubuntu 24.04 (noble) image is 1.1G in size and an image size of 1 GB
does not fit it.
```
$ du -ht 50M /
77M /boot
56M /usr/lib/x86_64-linux-gnu
106M /usr/lib/modules/6.8.0-31-generic/kernel/drivers
147M /usr/lib/modules/6.8.0-31-generic/kernel
154M /usr/lib/modules/6.8.0-31-generic
154M /usr/lib/modules
78M /usr/lib/firmware/mellanox
72M /usr/lib/firmware/mrvl/prestera
78M /usr/lib/firmware/mrvl
59M /usr/lib/firmware/qcom
481M /usr/lib/firmware
721M /usr/lib
780M /usr
86M /var/lib/dpkg
170M /var/lib/apt/lists
170M /var/lib/apt
257M /var/lib
266M /var
1.1G /
```
Increase the default VM size to 2G.
LP: #2064921
|
|
|
|
|
|
Reported-by: Johannes Schauer Marin Rodrigues <josch@mister-muffin.de>
|
|
With the change from genext2fs to mkfs.ext4, we no longer create an
intermediate tar archive and thus no longer create device nodes if using
unshare. Thus our output is slightly unreproducible. At the same time,
we never need devices, because /dev is mounted as devtmpfs. Hence, we
unconditionally skip them and thus improve reproducibility.
Reported-by: Johannes Schauer Marin Rodrigues <josch@mister-muffin.de>
|
|
We were truncating the output file after generating it. Instead, split
the logic and create the file prior to running mmdebstrap to make
permission failures fail early.
|
|
In a CI-environment such as salsa-ci, we tend to run as root and want
--mode=root rather than --mode=unshare.
|
|
Why?
genext2fs is slow. It has O(n^2) behaviour, which becomes annoying with
larger filesystems. It also creates an ext2 image and we have to upgrade
it to ext4 in multiple steps. Even then, the image has an inode size of
128, which is incompatible with 2038 and does not allow storing
sub-second precision time stamps.
How?
We use mkfs.ext4 from e2fsprogs (which is required anyway) instead.
Running this from within a --customize-hook does not work, because the
user namespace used for the hook often has no privileges to write to the
output image. Instead, we now ask mmdebstrap to output to a directory
and create the filesystem separately. We construct a special namespace
that has both access to the tree and to the output image and perform the
mkfs.ext4 there. As a consequence, we no longer support any mode but
unshare and since mkfs.ext4 consumes the size parameter, the size syntax
is reduced a bit.
|
|
|
|
At this point, we only forward -a to mmdebstrap. It's not actually that
helpful to have this option on both levels, so just keep it on the
mmdebstrap level.
|
|
|
|
Reported-by: Johannes Schauer Marin Rodrigues <josch@debian.org>
|
|
|
|
Asking for a fsck pass in fstab is not what we want. Requiring fsck
makes sysvinit fail when fsck.ext4 is missing. Without that pass, it
happily boots without e2fsprogs.
Link: https://bugs.debian.org/1028267
Thanks: Thorsten Glaster <t.glaser@tarent.de>
|
|
This option allows changing the init system. The notable addition is
sysv.
|
|
|
|
resize2fs -b will not actually perform a resize. Rather, it will
truncate the file to the filesystem length, reversing the earlier
truncate call. Thus we need second resize2fs call to change the size of
the filesystem.
Fixes: 09bcaa8fe901 ("debvm-create: make the ext4 look more like ext4")
|
|
Closes: #1030254
|
|
We actually expect systemd in the network configuration. Be more honest
about this.
|
|
|
|
Outputting the image in tar format breaks interoperability with
`debvm-run`, but makes it easier to inspect, convert or perform
additional modifications of the generated image.
|
|
One notable difference remains. metadata_csum keeps missing as tune2fs
insists on doing this interactively only.
Reported-by: Gioele Barabucci <gioele@svario.it>
Closes: #1030252
|
|
The apt pattern ?or does not short-circuit. It installs any pattern
matching one of the arguments. On amd64, we thus get both the cloud and
the non-cloud variant.
There aren't that many good options to fix this, so the next best way is
using a hook and running apt again, which is suboptimal in terms of
repeated triggers, but likely the best we can do at present.
|
|
Cleanup
See merge request helmutg/debvm!25
|
|
|
|
|
|
Give an example of how to use it with ports and add a few
architecture-specific cases. Note that m68k and sparc64 do not actually
work, because they lack PCI.
|
|
When apt encounters a package that does not exist, but is referenced via
Recommends, Suggests, Breaks or otherwise, it errors out with a missing
installation candidate. This happens for linux-image-generic on buster.
To avoid this situation, we specifically ask apt to not consider virtual
packages whenever we use ?exact-name.
|
|
|
|
|
|
The only DEBVER check left checks for jessie. We can just compare the
name instead. Thus we no longer reject Ubuntu suites such as jammy. This
helps with !20, but not yet with #10.
|
|
This is used on Ubuntu and thus helps with !20.
|
|
Requires mmdebstrap >= 1.3.0
Closes: #8
|
|
This requires mmdebstrap >= 1.3.0.
Closes: #9
|
|
|
|
Fixes: 7a2b46697659 ("Drop mirror option")
|
|
|
|
|
|
It is not needed and can also be done with:
debvm-create -- "deb http://ftp.de.debian.org/debian/ unstable main"
|
|
This option was meant to make it convenient to add packages, but
mmdebstrap's --include provides the same convenience at more
flexibility. You can provide apt patterns there provided that you use
multiple --include options. So rather than duplicate this functionality
under a different name, just refer to mmdebstrap thus reinforcing the
notion of being a thin wrapper.
This also removes the convenience of overriding the kernel image. You
need to use --skip=kernel when passing --include=linux-image-something
to mmdebstrap now. This implements "explicit is better than implicit".
|
|
Resolve conflicts in debvm-create arising from adding --skip and moving
the functionality to be skipped to share/customize-*.sh.
|
|
Rather than check the DEBVER, let apt figure out whether it knows about
a package called libnss-resolve and install it when available.
|
|
|
|
The benefit of this change is that we don't have to escape that much. As
a consequence, it becomes easier to put more code into the customization
hooks, which have access to installed package versions. Thus we can
reduce the use of DEBVER and thus improve working with snapshot.d.o.
|
