[elbe-devel] [PATCH 1/3] Extend debootstrap configuration
Daniel Braunwarth
daniel.braunwarth at kuka.com
Tue Jan 4 08:13:36 CET 2022
This patch improves the debootstrap configuration. The currently used
configuration has two drawbacks:
1. One can only inlcude additional packages into debootstrap, if a
variant is used.
2. There is no possibility to exclude packages from debootstrap.
This patch eliminates these drawbacks.
A possible new configuration looks like:
<debootstrap>
<variant>minbase</variant>
<include>ca-certificates</inlcude>
<exlucde>systemd-timesyncd</exclude>
</debootstrap>
Signed-off-by: Daniel Braunwarth <daniel.braunwarth at kuka.com>
---
elbepack/rfs.py | 29 ++++++++-------
elbepack/validate.py | 48 ++++++++++++------------
schema/dbsfed.xsd | 80 +++++++++++++++++++++-------------------
tests/pbuilder-amd64.xml | 4 +-
4 files changed, 85 insertions(+), 76 deletions(-)
diff --git a/elbepack/rfs.py b/elbepack/rfs.py
index c4d44d4e0..96ab97fde 100644
--- a/elbepack/rfs.py
+++ b/elbepack/rfs.py
@@ -185,19 +185,22 @@ class BuildEnv:
host_arch = get_command_out("dpkg --print-architecture").strip().decode()
- includepkgs = None
- strapcmd = 'debootstrap '
- if self.xml.has("target/debootstrapvariant"):
- bootstrapvariant = self.xml.text("target/debootstrapvariant")
- includepkgs = self.xml.node("target/debootstrapvariant").et.get("includepkgs")
- strapcmd += '--variant="%s" ' % bootstrapvariant
-
- if includepkgs and not "gnupg" in includepkgs.split(','):
- includepkgs += ",gnupg"
- if not includepkgs:
- includepkgs = "gnupg"
-
- strapcmd += ' --include="%s"' % includepkgs
+ strapcmd = "debootstrap"
+
+ # Should we use a special bootstrap variant?
+ if self.xml.has("target/debootstrap/variant"):
+ strapcmd += " --variant=%s" % self.xml.text("target/debootstrap/variant")
+
+ # Should we include additional packages into bootstrap?
+ includepkgs = "gnupg" # These are the packages which are included in any case
+ if self.xml.has("target/debootstrap/include"):
+ includepkgs += ", %s" % self.xml.text("target/debootstrap/include")
+ strapcmd += " --include=\"%s\"" % includepkgs
+
+ # Should we exclude some packages from bootstrap?
+ if self.xml.has("target/debootstrap/exclude"):
+ strapcmd += " --exclude=\"%s\"" % self.xml.text("target/debootstrap/exclude")
+
keyring = ''
if not self.xml.is_cross(host_arch):
diff --git a/elbepack/validate.py b/elbepack/validate.py
index e4dc7e7a2..366432c7e 100644
--- a/elbepack/validate.py
+++ b/elbepack/validate.py
@@ -62,32 +62,32 @@ def validate_xml(fname):
def validate_xml_content(xml):
errors = []
- dbsv = xml.find("/target/debootstrapvariant")
-
- if (dbsv is not None and "minbase" in dbsv.text
- and "gnupg" not in dbsv.get("includepkgs", "")
- and xml.find("/project/mirror/url-list/url/key") is not None):
-
- errors.append("\nThe XML contains a custom mirror key. "
- "Use debootstrapvariant's attribute includepkgs "
- "to make gnupg available in debootstrap.\n")
-
- primary_proto = xml.findtext("/project/mirror/primary_proto", "")
- https = (primary_proto.lower() == "https")
-
- if (not https
- and (dbsv is None
- or ("apt-transport-https" not in dbsv.get("includepkgs", "")
- and "ca-certificates" not in dbsv.get("includepkgs", "")))):
+ # Check if https can be safely used
+ #
+ # If apt-transport-https or ca-certificates is included in bootstrap,
+ # we are probably fine
+ bootstrap_include = xml.findtext("/target/debootstrap/include", "")
+ if ("apt-transport-https" not in bootstrap_include
+ and "ca-certificates" not in bootstrap_include):
+
+ # Check if primary mirror is using https
+ primary_proto = xml.findtext("/project/mirror/primary_proto", "")
+ is_primary_proto_https = (primary_proto.lower() == "https")
+
+ # Check if any additional mirror is using https
+ has_https_urls = False
for url in xml.findall("/project/mirror/url-list/url"):
- b = url.findtext("binary", "")
- s = url.findtext("source", "")
+ b = url.findtext("binary", "").lower()
+ s = url.findtext("source", "").lower()
if b.startswith("https") or s.startswith("https"):
- errors.append("\nThe XML contains an HTTPS mirror. "
- "Use debootstrapvariant's attribute includepkgs "
- "to make apt-transport-https (stretch and older) "
- "or ca-certificates (buster and newer) available "
- "in debootstrap.\n")
+ has_https_urls = True
break
+ if is_primary_proto_https or has_https_urls:
+ errors.append("\nThe XML contains an HTTPS mirror. "
+ "Use debootstrap/include "
+ "to make apt-transport-https (stretch and older) "
+ "or ca-certificates (buster and newer) available "
+ "in debootstrap.\n")
+
return errors
diff --git a/schema/dbsfed.xsd b/schema/dbsfed.xsd
index 440b39e35..26c43dbe8 100644
--- a/schema/dbsfed.xsd
+++ b/schema/dbsfed.xsd
@@ -979,18 +979,10 @@
</documentation>
</annotation>
</element>
- <element name="debootstrapvariant" type="rfs:debootstrapvarianttype" minOccurs="0" maxOccurs="1">
+ <element name="debootstrap" type="rfs:debootstrap" minOccurs="0" maxOccurs="1">
<annotation>
<documentation>
- Name of the bootstrap script variant to use. Currently, the
- variants supported are minbase, which only includes essential
- packages and apt; buildd, which installs the buildessential
- packages into TARGET; and fakechroot, which installs the packages
- without root privileges. The default, with no --variant=X
- argument, is to create a base Debian installation in TARGET.
- Some documentation mentioned the variant scratchbox too, but this
- variant is not supported by the debootstrap used and therefore
- not allowed.
+ Bootstrap configuration
</documentation>
</annotation>
</element>
@@ -1099,40 +1091,52 @@
<attribute ref="xml:base"/>
</complexType>
- <complexType name="debootstrapvarianttype">
+ <complexType name="debootstrap">
<annotation>
<documentation>
- Enhanced restriction type specifying debootstrap variants.
+ Container for debootstrap configuration.
</documentation>
</annotation>
- <simpleContent>
- <extension base="rfs:debootstrapvarianttype_restriction">
- <attribute name="includepkgs" type="string" use="optional">
- <annotation>
- <documentation>
- A comma-separated list of additional packages at debootstrap runtime.
- </documentation>
- </annotation>
- </attribute>
- </extension>
- </simpleContent>
+ <all>
+ <element name="variant" minOccurs="0" maxOccurs="1">
+ <annotation>
+ <documentation>
+ Name of the bootstrap script variant to use.
+ The following variants are supported:
+ * minbase: required packages and apt.
+ * buildd: build-essential packages.
+ * fakechroot: installs the packages without root privileges.
+ </documentation>
+ </annotation>
+ <simpleType>
+ <restriction base="string">
+ <enumeration value="minbase" />
+ <enumeration value="buildd" />
+ <enumeration value="fakechroot" />
+ </restriction>
+ </simpleType>
+ </element>
+ <element name="include" type="string" minOccurs="0" maxOccurs="1">
+ <annotation>
+ <documentation>
+ Comma separated list of packages which will be added to download and
+ extract lists.
+ </documentation>
+ </annotation>
+ </element>
+ <element name="exclude" type="string" minOccurs="0" maxOccurs="1">
+ <annotation>
+ <documentation>
+ Comma separated list of packages which will be removed from download
+ and extract lists.
+ WARNING: you can and probably will exclude essential packages, be
+ careful using this option.
+ </documentation>
+ </annotation>
+ </element>
+ </all>
</complexType>
- <simpleType name="debootstrapvarianttype_restriction">
- <annotation>
- <documentation>
- Restriction type specifying debootstrap variants.
- Supported debootstrap variants are minbase, buildd and fakechroot.
- The variant scratchbox is not supported by th used debootstrap.
- </documentation>
- </annotation>
- <restriction base="string">
- <enumeration value="minbase" />
- <enumeration value="buildd" />
- <enumeration value="fakechroot" />
- </restriction>
- </simpleType>
-
<complexType name="ubi_type">
<annotation>
<documentation>
diff --git a/tests/pbuilder-amd64.xml b/tests/pbuilder-amd64.xml
index 6008b0199..aa602b38b 100644
--- a/tests/pbuilder-amd64.xml
+++ b/tests/pbuilder-amd64.xml
@@ -25,7 +25,9 @@
<hostname>amd64-buster</hostname>
<domain>elbe-ci</domain>
<console>ttyO0,115200</console>
- <debootstrapvariant>minbase</debootstrapvariant>
+ <debootstrap>
+ <variant>minbase</variant>
+ </debootstrap>
<passwd>foo</passwd>
<!-- generate a pbuilder environment (before image will be built) -->
--
2.32.0
More information about the elbe-devel
mailing list