| Age | Commit message (Collapse) | Author |
|---|
|
Fixes: 6f2a356ca10a ("add a new family of wrappers for EFI based images")
|
|
debefivm-create is based on mmdebstrap-autopkgtest-build-qemu, which is
is co-authored with Johannes Schauer Marin Rodrigues. Also thanks to
Jochen Sprickerhof for suggesting the --rootsize option for use in
Debusine.
|
|
|
|
This is close to what the debian installer sets up.
|
|
Fixes: 1c98a5b3b36f ("qemu-system-${debarch} as well as qemu-system-any")
|
|
Unless passwd is installed, shadow is not enabled. That is, shadow being
enabled is not a boolean. It can be enabled per user and systemd enables
it for its own users, so shadow exists, but may not contain the root
user. Thus the password deletion logic need a bit more fancyness for
covering systems that lack the passwd package.
|
|
|
|
While using the --prefix option is great, it's only available in trixie.
Hence, revert back to sed, this time getting the quoting right (by
avoiding backslashes using character sequences) and also apply to all
lines of the file as systemd seems to be adding users to the front.
Reported-by: Vasyl Vavrychuk
Fixes: 984a1155456d ("debvm-create: revert back to passwd for deleting the root password")
Closes: #17
|
|
We should avoid --root as that will chroot and load libraries. The sed
solution somehow didn't work due to a quoting issue. What we can use is
passed --prefix as that avoids loading libraries and explicitly does not
support NIS and LDAP, which we don't need here.
Reported-by: Vasyl Vavrychuk
Thanks: Johannes Schauer Marin Rodrigues <josch@mister-muffin.de>
Fixes: e4ecc7f745c5 ("debvm-create: avoid using passwd --delete")
Closes: #17
|
|
passwd will chroot() into the target tree and then load shared
libraries. This tends to work badly for old releases and for foreign
architectures or combinations thereof. As a result, it sometimes fails
with
Cannot determine your user name.
In practice, it removes a single asterisk from the first line of
/etc/shadow (at least for jessie to trixie). This is something, we can
also do via sed.
Reported-by: Sylvain Beucler <beuc@debian.org>
Fixes: d2d8b9965d39 ("debvm-create: avoid failing when we install no passwd")
|
|
The --transport option was added in the middle of the --skip
documentation.
Fixes: d927a5e0cee2 ("debvm-run: add --transport option")
|
|
login has become non-essential and autologin simply respawns
indefinitely when login is not installed. We better install it
explicitly and that works on all releases. If we are only interested in
logging in via ssh (and thus --skip=autologin), no login package is
needed.
|
|
The Ubuntu 24.04 (noble) image is 1.1G in size and an image size of 1 GB
does not fit it.
```
$ du -ht 50M /
77M /boot
56M /usr/lib/x86_64-linux-gnu
106M /usr/lib/modules/6.8.0-31-generic/kernel/drivers
147M /usr/lib/modules/6.8.0-31-generic/kernel
154M /usr/lib/modules/6.8.0-31-generic
154M /usr/lib/modules
78M /usr/lib/firmware/mellanox
72M /usr/lib/firmware/mrvl/prestera
78M /usr/lib/firmware/mrvl
59M /usr/lib/firmware/qcom
481M /usr/lib/firmware
721M /usr/lib
780M /usr
86M /var/lib/dpkg
170M /var/lib/apt/lists
170M /var/lib/apt
257M /var/lib
266M /var
1.1G /
```
Increase the default VM size to 2G.
LP: #2064921
|
|
|
|
|
|
|
|
What was named bus earlier is called transport in qemu and we should
name it the same way when exposing it.
|
|
Depending on the machine type, devices reside on different buses. For
most vms, we use the pci bus, but m68k uses the virtio ("device") bus.
Also if we were to use an x86 microvm, we'd also use virtio. This is
common to all devices and we can abstract it into a $BUS.
|
|
|
|
Reported-by: Johannes Schauer Marin Rodrigues <josch@mister-muffin.de>
|
|
With the change from genext2fs to mkfs.ext4, we no longer create an
intermediate tar archive and thus no longer create device nodes if using
unshare. Thus our output is slightly unreproducible. At the same time,
we never need devices, because /dev is mounted as devtmpfs. Hence, we
unconditionally skip them and thus improve reproducibility.
Reported-by: Johannes Schauer Marin Rodrigues <josch@mister-muffin.de>
|
|
We were truncating the output file after generating it. Instead, split
the logic and create the file prior to running mmdebstrap to make
permission failures fail early.
|
|
In a CI-environment such as salsa-ci, we tend to run as root and want
--mode=root rather than --mode=unshare.
|
|
Why?
genext2fs is slow. It has O(n^2) behaviour, which becomes annoying with
larger filesystems. It also creates an ext2 image and we have to upgrade
it to ext4 in multiple steps. Even then, the image has an inode size of
128, which is incompatible with 2038 and does not allow storing
sub-second precision time stamps.
How?
We use mkfs.ext4 from e2fsprogs (which is required anyway) instead.
Running this from within a --customize-hook does not work, because the
user namespace used for the hook often has no privileges to write to the
output image. Instead, we now ask mmdebstrap to output to a directory
and create the filesystem separately. We construct a special namespace
that has both access to the tree and to the output image and perform the
mkfs.ext4 there. As a consequence, we no longer support any mode but
unshare and since mkfs.ext4 consumes the size parameter, the size syntax
is reduced a bit.
|
|
When kvm works, passing "max" will get us "host" as before. When it does
not, "host" doesn't work at all, but "max" will somewhat.
Suggested-by: Michael Tokarev <mjt@tls.msk.ru>
|
|
Since recent qemu, a non-lpae kernel cannot boot a highmem-enabled
virtual machine. A typical failure is:
pci-host-generic 4010000000.pcie: can't claim ECAM area [mem 0x10000000-0x1fffffff]: address conflict with pcie@10000000 [mem 0x10000000-0x3efeffff]
Since the default kernel image is non-lpae, we disable highmem by
default.
Link: https://lists.nongnu.org/archive/html/qemu-devel/2024-01/msg01444.html
Thanks: Michael Tokarev <mjt@tls.msk.ru>
|
|
Reported-by: Johannes Schauer Marin Rodrigues <josch@mister-muffin.de>
|
|
|
|
|
|
|
|
|
|
When issuing multiple --sshport options, the last one should win.
Fixes: a2db07766257 ("debvm-run: add a --netopt option to customize the -netdev")
|
|
|
|
|
|
|
|
|
|
As with debvm-create, this option allows skipping default configuration
to let a user override things in their way.
Link: https://bugs.debian.org/1036918
|
|
Should be using stderr.
Fixes: 7d0b160531d6 ("debvm-run: replace shell process with qemu process")
|
|
This way we loose unnecessary detail such as libc, kernel and abi. For
one thing this simplifies the arm* match. For another, this makes us
stop think about arm64ilp32 or x32.
|
|
Fixes: 1c98a5b3b36f ("bin/debvm-run: qemu (>> 1:8.0) provides symlinks for qemu-system-${debarch} as well as qemu-system-any")
|
|
as well as qemu-system-any
|
|
qemu makes heavy use of fd passing, so we better avoid user-passed fds.
|
|
We need the intermediate shell process to clean the temporary files with
the kernel and the initrd - unless we delete them before running qemu.
This method should help with killing a qemu e.g. using a timeout.
|
|
|
|
Unlike qemu's -append, it has append semantics both to repeated use and
to internal defaults.
|
|
|
|
I really should have tested this part, but CI did.
Fixes: 954ba600ffb7 ("debvm-run: massively speed up tcg emulation of arm cpus")
|
|
pauth emulation is very intensive on the CPU and thus there is a
non-cryptographic alternative that provides a speedup of 3 to 4.
https://qemu-project.gitlab.io/qemu/system/arm/cpu-features.html#tcg-vcpu-features
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Reported-by: Emanuele Rocca <ema@debian.org>
Tested-by: Emanuele Rocca <ema@debian.org>
Closes: #1033643
|
|
Reported-by: Jakub Wilk <jwilk@debian.org>
|
|
|
