[elbe-devel] [PATCH 1/3] Extend debootstrap configuration

Daniel Braunwarth daniel.braunwarth at kuka.com
Tue Jan 4 08:13:36 CET 2022


This patch improves the debootstrap configuration. The currently used
configuration has two drawbacks:

1. One can only inlcude additional packages into debootstrap, if a
    variant is used.
2. There is no possibility to exclude packages from debootstrap.

This patch eliminates these drawbacks.

A possible new configuration looks like:

<debootstrap>
    <variant>minbase</variant>
    <include>ca-certificates</inlcude>
    <exlucde>systemd-timesyncd</exclude>
</debootstrap>

Signed-off-by: Daniel Braunwarth <daniel.braunwarth at kuka.com>
---
 elbepack/rfs.py          | 29 ++++++++-------
 elbepack/validate.py     | 48 ++++++++++++------------
 schema/dbsfed.xsd        | 80 +++++++++++++++++++++-------------------
 tests/pbuilder-amd64.xml |  4 +-
 4 files changed, 85 insertions(+), 76 deletions(-)

diff --git a/elbepack/rfs.py b/elbepack/rfs.py
index c4d44d4e0..96ab97fde 100644
--- a/elbepack/rfs.py
+++ b/elbepack/rfs.py
@@ -185,19 +185,22 @@ class BuildEnv:
 
         host_arch = get_command_out("dpkg --print-architecture").strip().decode()
 
-        includepkgs = None
-        strapcmd  = 'debootstrap '
-        if self.xml.has("target/debootstrapvariant"):
-            bootstrapvariant = self.xml.text("target/debootstrapvariant")
-            includepkgs = self.xml.node("target/debootstrapvariant").et.get("includepkgs")
-            strapcmd += '--variant="%s" ' % bootstrapvariant
-
-        if includepkgs and not "gnupg" in includepkgs.split(','):
-            includepkgs += ",gnupg"
-        if not includepkgs:
-            includepkgs = "gnupg"
-
-        strapcmd += ' --include="%s"' % includepkgs
+        strapcmd  = "debootstrap"
+
+        # Should we use a special bootstrap variant?
+        if self.xml.has("target/debootstrap/variant"):
+            strapcmd += " --variant=%s" % self.xml.text("target/debootstrap/variant")
+
+        # Should we include additional packages into bootstrap?
+        includepkgs = "gnupg"  # These are the packages which are included in any case
+        if self.xml.has("target/debootstrap/include"):
+            includepkgs += ", %s" % self.xml.text("target/debootstrap/include")
+        strapcmd += " --include=\"%s\"" % includepkgs
+
+        # Should we exclude some packages from bootstrap?
+        if self.xml.has("target/debootstrap/exclude"):
+            strapcmd += " --exclude=\"%s\"" % self.xml.text("target/debootstrap/exclude")
+
         keyring = ''
 
         if not self.xml.is_cross(host_arch):
diff --git a/elbepack/validate.py b/elbepack/validate.py
index e4dc7e7a2..366432c7e 100644
--- a/elbepack/validate.py
+++ b/elbepack/validate.py
@@ -62,32 +62,32 @@ def validate_xml(fname):
 def validate_xml_content(xml):
     errors = []
 
-    dbsv = xml.find("/target/debootstrapvariant")
-
-    if (dbsv is not None and "minbase" in dbsv.text
-            and "gnupg" not in dbsv.get("includepkgs", "")
-            and xml.find("/project/mirror/url-list/url/key") is not None):
-
-        errors.append("\nThe XML contains a custom mirror key. "
-                      "Use debootstrapvariant's attribute includepkgs "
-                      "to make gnupg available in debootstrap.\n")
-
-    primary_proto = xml.findtext("/project/mirror/primary_proto", "")
-    https = (primary_proto.lower() == "https")
-
-    if (not https
-        and (dbsv is None
-             or ("apt-transport-https" not in dbsv.get("includepkgs", "")
-             and "ca-certificates" not in dbsv.get("includepkgs", "")))):
+    # Check if https can be safely used
+    #
+    # If apt-transport-https or ca-certificates is included in bootstrap,
+    # we are probably fine
+    bootstrap_include = xml.findtext("/target/debootstrap/include", "")
+    if ("apt-transport-https" not in bootstrap_include
+        and "ca-certificates" not in bootstrap_include):
+
+        # Check if primary mirror is using https
+        primary_proto = xml.findtext("/project/mirror/primary_proto", "")
+        is_primary_proto_https = (primary_proto.lower() == "https")
+
+        # Check if any additional mirror is using https
+        has_https_urls = False
         for url in xml.findall("/project/mirror/url-list/url"):
-            b = url.findtext("binary", "")
-            s = url.findtext("source", "")
+            b = url.findtext("binary", "").lower()
+            s = url.findtext("source", "").lower()
             if b.startswith("https") or s.startswith("https"):
-                errors.append("\nThe XML contains an HTTPS mirror. "
-                              "Use debootstrapvariant's attribute includepkgs "
-                              "to make apt-transport-https (stretch and older) "
-                              "or ca-certificates (buster and newer) available "
-                              "in debootstrap.\n")
+                has_https_urls = True
                 break
 
+        if is_primary_proto_https or has_https_urls:
+            errors.append("\nThe XML contains an HTTPS mirror. "
+                         "Use debootstrap/include "
+                         "to make apt-transport-https (stretch and older) "
+                         "or ca-certificates (buster and newer) available "
+                         "in debootstrap.\n")
+
     return errors
diff --git a/schema/dbsfed.xsd b/schema/dbsfed.xsd
index 440b39e35..26c43dbe8 100644
--- a/schema/dbsfed.xsd
+++ b/schema/dbsfed.xsd
@@ -979,18 +979,10 @@
           </documentation>
         </annotation>
       </element>
-      <element name="debootstrapvariant" type="rfs:debootstrapvarianttype" minOccurs="0" maxOccurs="1">
+      <element name="debootstrap" type="rfs:debootstrap" minOccurs="0" maxOccurs="1">
         <annotation>
           <documentation>
-	    Name of the bootstrap script variant to use. Currently, the
-	    variants supported are minbase, which only includes essential
-	    packages and apt; buildd, which installs the buildessential
-	    packages into TARGET; and fakechroot, which installs the packages
-	    without root privileges. The default, with no --variant=X
-	    argument, is to create a base Debian installation in TARGET.
-            Some documentation mentioned the variant scratchbox too, but this
-	    variant is not supported by the debootstrap used and therefore
-	    not allowed.
+            Bootstrap configuration
           </documentation>
         </annotation>
       </element>
@@ -1099,40 +1091,52 @@
     <attribute ref="xml:base"/>
   </complexType>
 
-  <complexType name="debootstrapvarianttype">
+  <complexType name="debootstrap">
     <annotation>
       <documentation>
-        Enhanced restriction type specifying debootstrap variants.
+        Container for debootstrap configuration.
       </documentation>
     </annotation>
-    <simpleContent>
-      <extension base="rfs:debootstrapvarianttype_restriction">
-        <attribute name="includepkgs" type="string" use="optional">
-          <annotation>
-            <documentation>
-              A comma-separated list of additional packages at debootstrap runtime.
-            </documentation>
-          </annotation>
-        </attribute>
-      </extension>
-    </simpleContent>
+    <all>
+      <element name="variant" minOccurs="0" maxOccurs="1">
+        <annotation>
+          <documentation>
+            Name  of  the  bootstrap  script  variant to use.
+            The following variants are supported:
+            * minbase: required packages and apt.
+            * buildd: build-essential packages.
+            * fakechroot: installs the packages without root privileges.
+          </documentation>
+        </annotation>
+        <simpleType>
+          <restriction base="string">
+            <enumeration value="minbase" />
+            <enumeration value="buildd" />
+            <enumeration value="fakechroot" />
+          </restriction>
+        </simpleType>
+      </element>
+      <element name="include" type="string" minOccurs="0" maxOccurs="1">
+        <annotation>
+          <documentation>
+            Comma separated list of packages which will be added to download and
+            extract lists.
+          </documentation>
+        </annotation>
+      </element>
+      <element name="exclude" type="string" minOccurs="0" maxOccurs="1">
+        <annotation>
+          <documentation>
+            Comma separated list of packages which will be removed from download
+            and extract lists.
+            WARNING: you can and probably will exclude essential packages, be
+            careful using this option.
+          </documentation>
+        </annotation>
+      </element>
+    </all>
   </complexType>
 
-  <simpleType name="debootstrapvarianttype_restriction">
-    <annotation>
-      <documentation>
-	Restriction type specifying debootstrap variants.
-        Supported debootstrap variants are minbase, buildd and fakechroot.
-	The variant scratchbox is not supported by th used debootstrap.
-      </documentation>
-    </annotation>
-    <restriction base="string">
-      <enumeration value="minbase" />
-      <enumeration value="buildd" />
-      <enumeration value="fakechroot" />
-    </restriction>
-  </simpleType>
-
   <complexType name="ubi_type">
     <annotation>
       <documentation>
diff --git a/tests/pbuilder-amd64.xml b/tests/pbuilder-amd64.xml
index 6008b0199..aa602b38b 100644
--- a/tests/pbuilder-amd64.xml
+++ b/tests/pbuilder-amd64.xml
@@ -25,7 +25,9 @@
 		<hostname>amd64-buster</hostname>
 		<domain>elbe-ci</domain>
 		<console>ttyO0,115200</console>
-		<debootstrapvariant>minbase</debootstrapvariant>
+		<debootstrap>
+			<variant>minbase</variant>
+		</debootstrap>
 		<passwd>foo</passwd>
 
 		<!-- generate a pbuilder environment (before image will be built) -->
-- 
2.32.0



More information about the elbe-devel mailing list