Get rid of debootstrap dependency#1442
Conversation
9ae2ad5 to
df4cd83
Compare
|
I'm not sure I like the idea of not using debootstrap, it does complicated crap that I'm pretty sure we don't want to have to reinvent and maintain here forever, what's the advantage? |
Much smaller images by default, since we have much larger control over what's installed. Also, we get to use apt's dependency resolution and caching for everything, we don't have to configure both tools to do the right thing, can use more than one mirror which debootstrap doesn't support, it's faster, ... . The core limitation with debootstrap is that it's built around apt not being available on the host system, which means it has to (usually poorly) re-implement apt. Luckily, we're very much OK with running apt on the host system, and because of that, we're mostly hindered by debootstrap poorly re-implementing apt. We can get much more reliable behavior by just using apt instead of debootstrap. The only things we have to take care of is setting up merged usr and extracting the essential debs so maintainer scripts can run properly. After that, we delegate everything to apt. |
|
I tried the branch, something is getting lost along the way as there are no apt repos configured anymore |
b26e103 to
9b169e5
Compare
So I still really think we shouldn't configure repos by default. We don't do it for any other distro, and to keep things consistent we shouldn't do it for Debian/Ubuntu either. mkosi is an image builder, and I'm sure we should focus on image based workflows, including image based updates, for which configured package manager repositories in the image aren't needed. With these changes, we don't even install apt by default anymore in the produced Ubuntu and Debian images (which finally makes them consistent with the other distros where we don't install a package manager either), so putting repositories in the image just doesn't make sense anymore if you ask me. Or think about other use cases like building an initrd, having apt or configured repositories in such an image doesn't make sense at all, so we shouldn't put them in there by default. |
|
IIRC the others can initialize themselves, apt cannot. It's not good UX, and it's not how other image builders work so the result is surprising. Maybe add them only if |
Can we please make an effort to get a package in Debian that installs the repositories then? e.g. a package debian-release that writes to /etc/apt/sources.list.d/xxx.list what we write in mkosi. We can do it in mkosi for now but we should have a plan to get rid of it. |
|
Reworked to add the repositories if apt was installed. |
|
Added some NEWS updates |
I don't think that's possible, as everything is uploaded to unstable, then migrates to testing, and eventually is promoted to stable, same identical binary package, so you cannot have a fixed configuration for one suite |
keszybz
left a comment
There was a problem hiding this comment.
This is a bit … involved, but not too horrible.
This shouldn't be too hard. Have some concept of "distro version" and insert it into a template? |
Nope, the only official way to differentiate between testing and unstable is the apt repositories configuration. Without it, you cannot tell which is which, hence you cannot install the right one. |
We now make sure paths are absolute when parsing them so no need to do so anymore in debian.py
For other distributions, we don't install the repositories at all but because Debian and Ubuntu do not have an easy way to install the repositories via a package we give them some leeway and install the repositories if apt was installed. We also rework repository handling to accomodate this. When running apt ourselves on the host, we now use the apt directory in the workspace as the config directory for apt instead of using etc/apt in the image. Additionally, we also use the keyring from the host instead of the one from the image when running apt. Finally, we switch to the http mirror for debian security updates to avoid having to install ca-certificates in the image for apt to work properly.
Current Debian stable boots fine in qemu with systemd-boot with this workaround removed, so let's drop it.
Let's continue to stop mucking around with distro defaults and leave the ignore * preset for users to apply in a postinst script.
|
|
Let's get rid of our dependency on debootstrap by replicating its core functionality ourselves. To make sure the necessary tools for maintainer scripts to run are available in the chroot, we have to extract the essential debs manually first before installing all the essential debs. This also allows us to get rid of our skeleton tree hack we added for debootstrap.
The thing is, apt wants this user on the host system, so this would be something to fix in the packages providing apt. Instead, I modified the apt config to use |
Yeah, this is exactly the problem to fix. Add |
I had this failure when testing systemd#1442. But it would happen whenever the installed system has no /etc/shadow and we want to set the password, so it's worth fixing regardless.
Nope, the VERSION_ID is |
Let's get rid of our dependency on debootstrap by replicating its
core functionality ourselves. To make sure the necessary tools for
maintainer scripts to run are available in the chroot, we have to
extract the essential debs manually first before installing all the
essential debs.
Additionally, we use the keyring from the host now instead of the one
from the chroot, similar to how we do it for other distros.
This also allows us to get rid of our skeleton tree hack we added for
debootstrap.