Merge branch 'master' into arraybolt3/mmdebstrap

2024-11-28 19:24:55 -06:00 · 2024-11-28 19:24:55 -06:00 · 094d3e260c
commit 094d3e260c
parent 58c49b0436 4a8b01df80
4 changed files with 463 additions and 50 deletions
--- a/examples/hooks/reproducible/2011-reproducible-ca-certificates-java.hook.chroot
+++ b/examples/hooks/reproducible/2011-reproducible-ca-certificates-java.hook.chroot
@ -2,37 +2,63 @@
 set -e

 # /etc/ssl/certs/java/cacerts is a keystore
-# When (re)generated, it embeds 'now' timestamps
+# Due to cryptographic requirements, it will be non-reproducible
+# as it embeds timestamps
+# It can be re-generated with low overhead

 # Don't run if ca-certificates-java is not installed
 if [ ! -e /etc/ssl/certs/java/cacerts ];
 then
-  exit 0
-fi
-
-# Use faketime to enforce a timestamp
-# NB: hooks don't know about the apt/aptitude selection, so use 'apt-get'
-export FAKETIME_ALREADY_INSTALLED=1
-if [ ! -e /usr/bin/faketime ];
-then
-  FAKETIME_ALREADY_INSTALLED=0
-  apt-get install faketime --yes -o Acquire::Check-Valid-Until=false
+	exit 0
 fi

 # Remove the file
 rm -f /etc/ssl/certs/java/cacerts

-# Generate it again
-touch /var/lib/ca-certificates-java/fresh
-# Java uses timestamps with millisecond resolution
-# -f is required, otherwise the milliseconds are non-zero (due to relative timestamps)
-faketime -f "$(date --utc -d@${SOURCE_DATE_EPOCH} +'%Y-%m-%d %H:%M:%SZ')" dpkg-reconfigure ca-certificates-java
+# Add a hook to live-config to recreate it
+cat << EOF > /usr/lib/live/config/5000-ca-certificates-java
+#!/bin/sh

-if [ ${FAKETIME_ALREADY_INSTALLED} -eq 0 ];
-then
-  apt-get remove --purge --yes faketime
-  apt-get autoremove --yes
-fi
+. /lib/live/config.sh
+
+## live-config(7) - System Configuration Components
+## Copyright (C) 2024 The Debian Live team
+##
+## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
+## This is free software, and you are welcome to redistribute it
+## under certain conditions; see COPYING for details.
+
+Init ()
+{
+	# Checking if package is installed
+	if ! pkg_is_installed "ca-certificates-java" || \\
+		component_was_executed "ca-certificates-java"
+	then
+		exit 0
+	fi
+	# If the keystore is embedded in the image, don't touch it
+	if [ -e /etc/ssl/certs/java/cacerts ]
+	then
+		exit 0
+	fi
+
+	echo -n " ca-certificates-java"
+}
+
+Config ()
+{
+	# Re-generate the keystore
+	touch /var/lib/ca-certificates-java/fresh
+	dpkg-reconfigure ca-certificates-java
+
+	# Creating state file
+	touch /var/lib/live/config/ca-certificates-java
+}
+
+Init
+Config
+EOF
+chmod u=rwx,go=rx /usr/lib/live/config/5000-ca-certificates-java

 echo "P: $(basename $0) Reproducible hook has been applied"

--- a/scripts/build/chroot_archives
+++ b/scripts/build/chroot_archives
@ -134,11 +134,11 @@ case "${_ACTION}" in
 		# Configure local package repository
 		if Find_files config/packages.chroot/*.deb || Find_files config/packages/*.deb
 		then
-			rm -rf chroot/root/packages
-			mkdir -p chroot/root/packages
+			rm -rf chroot/packages
+			mkdir -p chroot/packages

-			if [ "$(stat --printf %d config/packages.chroot/)" = "$(stat --printf %d chroot/root/packages/)" ] ||
-			   [ "$(stat --printf %d config/packages/)" = "$(stat --printf %d chroot/root/packages/)" ]
+			if [ "$(stat --printf %d config/packages.chroot/)" = "$(stat --printf %d chroot/packages/)" ] ||
+			   [ "$(stat --printf %d config/packages/)" = "$(stat --printf %d chroot/packages/)" ]
 			then
 				CP_OPTIONS="-l"
 			fi
@ -150,10 +150,10 @@ case "${_ACTION}" in
 				do
 					if [ -L "${FILE}" ]
 					then
-						cp -L "${FILE}" chroot/root/packages
+						cp -L "${FILE}" chroot/packages
 					elif [ -e "${FILE}" ]
 					then
-						cp ${CP_OPTIONS} "${FILE}" chroot/root/packages
+						cp ${CP_OPTIONS} "${FILE}" chroot/packages
 					fi
 				done
 			fi
@ -164,15 +164,15 @@ case "${_ACTION}" in
 				do
 					if [ -L "${FILE}" ]
 					then
-						cp -L "${FILE}" chroot/root/packages
+						cp -L "${FILE}" chroot/packages
 					elif [ -e "${FILE}" ]
 					then
-						cp ${CP_OPTIONS} "${FILE}" chroot/root/packages
+						cp ${CP_OPTIONS} "${FILE}" chroot/packages
 					fi
 				done
 			fi

-			if Find_files chroot/root/packages/*.deb
+			if Find_files chroot/packages/*.deb
 			then
 				# If we bootstrapped a minimal chroot, we need
 				# to install apt-utils before we have
@ -189,16 +189,16 @@ case "${_ACTION}" in
 				Install_packages

 				# Generate Packages and Packages.gz
-				echo "cd /root/packages && apt-ftparchive packages . > Packages" | Chroot chroot sh
-				gzip -9 -c chroot/root/packages/Packages > chroot/root/packages/Packages.gz
+				echo "cd /packages && apt-ftparchive packages . > Packages" | Chroot chroot sh
+				gzip -9 -c chroot/packages/Packages > chroot/packages/Packages.gz

 				# Generate Release
-				echo "cd /root/packages && apt-ftparchive \
+				echo "cd /packages && apt-ftparchive \
 					-o APT::FTPArchive::Release::Origin=config/packages.chroot \
 					release . > Release" | Chroot chroot sh

 				# Add to sources.list.d
-				echo "deb [ trusted=yes ] file:/root/packages ./" > chroot/etc/apt/sources.list.d/packages.list
+				echo "deb [ trusted=yes ] file:/packages ./" > chroot/etc/apt/sources.list.d/packages.list

 				# Move top-level sources away, otherwise apt always preferes it (#644148)
 				if [ -e chroot/etc/apt/sources.list ]
@ -213,9 +213,9 @@ case "${_ACTION}" in
 			fi
 		fi

-		if Find_files chroot/root/packages/*.deb
+		if Find_files chroot/packages/*.deb
 		then
-			gunzip < chroot/root/packages/Packages.gz | awk '/^Package: / { print $2 }' \
+			gunzip < chroot/packages/Packages.gz | awk '/^Package: / { print $2 }' \
 			>> chroot/root/packages.chroot
 		fi

@ -477,8 +477,8 @@ case "${_ACTION}" in

 		# Remove local package repository
 		rm -f chroot/etc/apt/sources.list.d/packages.list
-		rm -rf chroot/root/packages
-		rm -f chroot/var/lib/apt/lists/_root_packages_._*
+		rm -rf chroot/packages
+		rm -f chroot/var/lib/apt/lists/_packages_._*

 		# Ensure package list is removed
 		rm -f chroot/root/packages.chroot
--- a/scripts/build/installer_debian-installer
+++ b/scripts/build/installer_debian-installer
@ -587,6 +587,21 @@ then
 		done
 	fi

+	# The path to the package pool when running inside the live environment
+	case "${LB_INITRAMFS}" in
+		live-boot)
+			PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT="/run/live/medium"
+			;;
+
+		dracut-live)
+			PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT="/run/initramfs/live"
+			;;
+
+		*)
+			PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT=""
+			;;
+	esac
+
 	# Generating deb indices
 	Echo_debug "Generating deb indices"
 	for _ARCHIVE_AREA in $(cd binary/pool && ls); do
@ -604,6 +619,12 @@ EOF
 		mv chroot/root/binary ./

 		touch "binary/${INDICE_DIR}/Packages" -d@${SOURCE_DATE_EPOCH}
+		if [ -n "${PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT}" ]
+		then
+			# Make the pool available without 'apt-get update'
+			VAR_LIB_APT_LISTS_FILENAME=$(echo "${PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT}/${INDICE_DIR}/Packages" | sed 's|/|_|g')
+			cp -a "binary/${INDICE_DIR}/Packages" "chroot/chroot/var/lib/apt/lists/${VAR_LIB_APT_LISTS_FILENAME}"
+		fi
 		gzip -9 -c "binary/${INDICE_DIR}/Packages" > "binary/${INDICE_DIR}/Packages.gz"

 		# Fetching release
@ -861,10 +882,10 @@ cd /root/binary && apt-ftparchive \
 	-o APT::FTPArchive::Release::Suite="${_SUITE}" \
 	${_LB_APT_VERSION_OPT} \
 	-o APT::FTPArchive::Release::Codename="${LB_PARENT_DISTRIBUTION_BINARY}" \
-	-o APT::FTPArchive::Release::Date="$(date -R ${DATE_UTC_OPTION} -d@${SOURCE_DATE_EPOCH})" \
+	-o APT::FTPArchive::Release::Date="$(date -R --utc -d@${SOURCE_DATE_EPOCH})" \
 	-o APT::FTPArchive::Release::Architectures="${LB_ARCHITECTURE}" \
 	-o APT::FTPArchive::Release::Components="${LB_PARENT_ARCHIVE_AREAS}" \
-	-o APT::FTPArchive::Release::Description="Last updated: $(date -R ${DATE_UTC_OPTION} -d@${SOURCE_DATE_EPOCH})" \
+	-o APT::FTPArchive::Release::Description="Last updated: $(date -R --utc -d@${SOURCE_DATE_EPOCH})" \
 	release dists/${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION} > dists/${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION}/Release
 EOF

@ -872,16 +893,16 @@ EOF
 	rm -f chroot/binary.sh
 	mv chroot/root/binary ./

-	# Add to sources.list with the path that is used inside the live environment
-	case "${LB_INITRAMFS}" in
-		live-boot)
-			echo "deb [trusted=yes] file:/run/live/medium ${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION} ${LB_PARENT_ARCHIVE_AREAS}" >> chroot/chroot/etc/apt/sources.list
-			;;
-
-		dracut-live)
-			echo "deb [trusted=yes] file:/run/initramfs/live ${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION} ${LB_PARENT_ARCHIVE_AREAS}" >> chroot/chroot/etc/apt/sources.list
-			;;
-	esac
+	if [ -n "${PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT}" ]
+	then
+		# Add to sources.list with the path that is used inside the live environment
+		# Add in the first line, to give it precedence over the online versions of the same package
+		echo "deb [trusted=yes] file:${PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT} ${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION} ${LB_PARENT_ARCHIVE_AREAS}" > sources.list
+		cat chroot/chroot/etc/apt/sources.list >> sources.list
+		cp sources.list chroot/chroot/etc/apt/sources.list
+		VAR_LIB_APT_LISTS_FILENAME=$(echo "${PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT}/dists/${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION}/Release" | sed 's|/|_|g')
+		cp -a binary/dists/${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION}/Release chroot/chroot/var/lib/apt/lists/${VAR_LIB_APT_LISTS_FILENAME}
+	fi

 	Echo_debug "Creating distribution directories/symlinks"

--- a/test/test_external_deb_sources.sh
+++ b/test/test_external_deb_sources.sh
@ -0,0 +1,366 @@
+#!/bin/bash
+
+if ! command -v equivs-build > /dev/null; then
+	echo "Install equivs"
+	exit 1
+fi
+if ! command -v reprepro > /dev/null; then
+	echo "Install reprepro"
+	exit 1
+fi
+
+if ! command -v shunit2 > /dev/null; then
+	echo "Install shunit2"
+	exit 1
+fi
+
+function create_packages () {
+	# Create package generator files
+	cat << EOF > package
+Source: live-testpackage-$1-main
+Section: misc
+Priority: optional
+Standards-Version: 4.7.0
+
+Package: live-testpackage-$1-main
+Version: 1.0
+Maintainer: Debian Live <debian-live@lists.debian.org>
+Depends: live-testpackage-$1-dependency
+Architecture: all
+File: /etc/live-testpackage/testpackage-$1-main-file 644
+ live-testpackage-$1-main has been installed
+Description: Test package for testing the inclusion in live images
+ Tests dependency chain
+ Package live-testpackage-$1-dependency should be automatically installed and removed too
+EOF
+	equivs-build package
+
+	cat << EOF > package
+Source: live-testpackage-$1-dependency
+Section: misc
+Priority: optional
+Standards-Version: 4.7.0
+
+Package: live-testpackage-$1-dependency
+Version: 1.0
+Maintainer: Debian Live <debian-live@lists.debian.org>
+Architecture: all
+File: /etc/live-testpackage/testpackage-$1-dependency-file 644
+ The dependency for live-testpackage-$1-main has been installed
+Description: Test package for testing the inclusion in live images
+ Tests dependency chain
+ This package should be automatically installed and removed too
+EOF
+	equivs-build package
+	rm package
+}
+
+function create_repository () {
+	# See https://wiki.debian.org/DebianRepository/SetupWithReprepro
+	# Collect in a repository
+	rm -fr testrepository-$1
+	mkdir -p testrepository-$1/conf
+	touch testrepository-$1/conf/options
+	cat << EOF > testrepository-$1/conf/distributions
+Origin: Test_repository_for_testing_external_sources
+Label: Test_repository_for_testing_external_sources
+Codename: nondebian
+Architectures: amd64 source
+Components: mymain
+Description: Test repository for testing external sources
+EOF
+	create_packages $1
+	reprepro -b testrepository-$1 includedeb nondebian live-testpackage-$1-main_1.0_all.deb
+	reprepro -b testrepository-$1 includedeb nondebian live-testpackage-$1-dependency_1.0_all.deb
+}
+
+function mountSquashfs() {
+	assertTrue "ISO image has been generated" "[ -e live-image-amd64.hybrid.iso ]"
+	mkdir iso squashfs
+	mount live-image-amd64.hybrid.iso iso -oro
+	mount iso/live/filesystem.squashfs squashfs -oro
+}
+
+function unmountSquashfs() {
+	umount squashfs
+	umount iso
+	rmdir iso squashfs
+}
+
+function oneTimeSetUp() {
+	# Speed up, because there is no compression of the ISO file
+	export MKSQUASHFS_OPTIONS=-no-compression
+}
+
+function setUp() {
+	# Create a test configuration
+	lb clean --purge
+	rm -fr config
+	# Slight speedup: --zsync, --firmware-chroot
+	lb config --distribution unstable --zsync false --firmware-chroot false
+}
+
+function build_image() {
+	# Speed up
+	export MKSQUASHFS_OPTIONS=-no-compression
+	# Perform the build
+	lb build
+}
+
+function test_snapshot_with_mirror_bootstrap() {
+	# Rebuild the configuration, as many mirror settings depend on eachother
+	lb clean --purge
+	rm -fr config
+	# Slight speedup: --zsync, --firmware-chroot
+	lb config --distribution unstable --zsync false --firmware-chroot false --mirror-bootstrap http://snapshot.debian.org/archive/debian/20240701T000000Z/ --mirror-binary http://deb.debian.org/debian/
+	# Insider knowledge of live-build:
+	#   Add '-o Acquire::Check-Valid-Until=false', to allow for rebuilds of older timestamps 
+	sed -i -e '/^APT_OPTIONS=/s/--yes/--yes -o Acquire::Check-Valid-Until=false/' config/common
+	build_image
+	mountSquashfs
+	assertTrue "Sources.list mentions deb.d.o" "grep -q 'http://deb.debian.org/debian' squashfs/etc/apt/sources.list"
+	assertTrue "Sources list meta info should be present" "[ -e squashfs/var/lib/apt/lists/deb\.debian\.org_debian_dists_unstable_main_binary-amd64_Packages ]"
+	assertTrue "The kernel from the snapshot is used" "grep -q '^linux-image-6\.9\.7-amd64' chroot.packages.install"
+	assertTrue "The kernel from the snapshot will be booted" "[ -e squashfs/boot/vmlinuz-6.9.7-amd64 ]"
+	unmountSquashfs
+}
+
+function test_direct_inclusion_of_deb_unspecified_chroot_or_binary() {
+	create_packages config-packages
+	cp live-testpackage-config-packages-main_1.0_all.deb config/packages
+	cp live-testpackage-config-packages-dependency_1.0_all.deb config/packages
+	build_image
+	assertTrue "Packaged file for main package should be present" "grep -q '^-rw-r--r--.* testpackage-config-packages-main-file$' chroot.files"
+	assertTrue "Packaged file for dependency package should be present" "grep -q '^-rw-r--r--.* testpackage-config-packages-dependency-file$' chroot.files"
+	assertTrue "Main package is installed (install)" "grep -q '^live-testpackage-config-packages-main' chroot.packages.install"
+	assertTrue "Dependency package is installed (install)" "grep -q '^live-testpackage-config-packages-dependency' chroot.packages.install"
+	assertTrue "Main package is installed (live)" "grep -q '^live-testpackage-config-packages-main' chroot.packages.live"
+	assertTrue "Dependency package is installed (live)" "grep -q '^live-testpackage-config-packages-dependency' chroot.packages.live"
+}
+
+function test_direct_inclusion_of_deb_binary() {
+	create_packages config-packages-binary
+	cp live-testpackage-config-packages-binary-main_1.0_all.deb config/packages.binary
+	cp live-testpackage-config-packages-binary-dependency_1.0_all.deb config/packages.binary
+	# config/packages.binary is only used when an installer is requested
+	lb config --debian-installer live
+	build_image
+	assertFalse "Packaged file for main package should not be present" "grep -q '^-rw-r--r--.* testpackage-config-packages-binary-main-file$' chroot.files"
+	assertFalse "Packaged file for dependency package should not be present" "grep -q '^-rw-r--r--.* testpackage-config-packages-binary-dependency-file$' chroot.files"
+	assertFalse "Main package is not installed (install)" "grep -q '^live-testpackage-config-packages-binary-main' chroot.packages.install"
+	assertFalse "Dependency package is not installed (install)" "grep -q '^live-testpackage-config-packages-binary-dependency' chroot.packages.install"
+	assertFalse "Main package is not installed (live)" "grep -q '^live-testpackage-config-packages-binary-main' chroot.packages.live"
+	assertFalse "Dependency package is not installed (live)" "grep -q '^live-testpackage-config-packages-binary-dependency' chroot.packages.live"
+	mountSquashfs
+	assertTrue "Main package should be in the pool" "[ -e iso/pool/main/l/live-testpackage-config-packages-binary-main/live-testpackage-config-packages-binary-main_1.0_all.deb ]"
+	assertTrue "Dependency package should be in the pool" "[ -e iso/pool/main/l/live-testpackage-config-packages-binary-dependency/live-testpackage-config-packages-binary-dependency_1.0_all.deb ]"
+	assertTrue "Package pool is listed in /etc/apt/sources.list" "grep -q 'file:/run/live/medium' squashfs/etc/apt/sources.list"
+	assertTrue "Sources list meta info should be present" "[ -e squashfs/var/lib/apt/lists/_run_live_medium_dists_unstable_Release ]"
+	assertTrue "Sources list meta info should be present" "[ -e squashfs/var/lib/apt/lists/_run_live_medium_dists_unstable_main_binary-amd64_Packages ]"
+	unmountSquashfs
+}
+
+function test_direct_inclusion_of_deb_chroot() {
+	create_packages config-packages-chroot
+	cp live-testpackage-config-packages-chroot-main_1.0_all.deb config/packages.chroot
+	cp live-testpackage-config-packages-chroot-dependency_1.0_all.deb config/packages.chroot
+	build_image
+	assertTrue "Packaged file for main package should be present" "grep -q '^-rw-r--r--.* testpackage-config-packages-chroot-main-file$' chroot.files"
+	assertTrue "Packaged file for dependency package should be present" "grep -q '^-rw-r--r--.* testpackage-config-packages-chroot-dependency-file$' chroot.files"
+	assertTrue "Main package is installed (install)" "grep -q '^live-testpackage-config-packages-chroot-main' chroot.packages.install"
+	assertTrue "Dependency package is installed (install)" "grep -q '^live-testpackage-config-packages-chroot-dependency' chroot.packages.install"
+	assertTrue "Main package is installed (live)" "grep -q '^live-testpackage-config-packages-chroot-main' chroot.packages.live"
+	assertTrue "Dependency package is installed (live)" "grep -q '^live-testpackage-config-packages-chroot-dependency' chroot.packages.live"
+}
+
+function test_remote_repository_unspecified_choot_or_binary() {
+	cat << EOF > config/archives/remote-config-archives-list.list
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-archive-keyring.gpg.key.gpg] http://archive.ubuntu.com/ubuntu noble main
+EOF
+	# We need something that is not in Debian.
+	# Let's use the live image building tool from Ubuntu ;-)
+	echo "casper" > config/package-lists/remote-config-archives-list.list
+
+	# Manually fetch the key for Ubuntu
+	wget --quiet https://salsa.debian.org/debian/ubuntu-keyring/-/raw/master/keyrings/ubuntu-archive-keyring.gpg?ref_type=heads -O config/archives/ubuntu-archive-keyring.gpg.key
+
+	build_image
+	assertTrue "Package is installed (install)" "grep -q '^casper' chroot.packages.install"
+	assertTrue "Package is installed (live)" "grep -q '^casper' chroot.packages.live"
+
+	mountSquashfs
+	assertTrue "Sources list should be present" "[ -e squashfs/etc/apt/sources.list.d/remote-config-archives-list.list ]"
+	assertTrue "Sources list meta info should be present" "[ -e squashfs/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_noble_main_binary-amd64_Packages ]"
+	unmountSquashfs
+}
+
+function test_remote_repository_chroot() {
+	cat << EOF > config/archives/remote-config-archives-list-chroot.list
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-archive-keyring.gpg.key.chroot.gpg] http://archive.ubuntu.com/ubuntu noble main
+EOF
+	# We need something that is not in Debian.
+	# Let's use the live image building tool from Ubuntu ;-)
+	echo "casper" > config/package-lists/remote-config-archives-list-chroot.list.chroot
+
+	# Manually fetch the key for Ubuntu
+	wget --quiet https://salsa.debian.org/debian/ubuntu-keyring/-/raw/master/keyrings/ubuntu-archive-keyring.gpg?ref_type=heads -O config/archives/ubuntu-archive-keyring.gpg.key.chroot
+
+	build_image
+	assertTrue "Package is installed (install)" "grep -q '^casper' chroot.packages.install"
+	assertTrue "Package is installed (live)" "grep -q '^casper' chroot.packages.live"
+
+	mountSquashfs
+	assertTrue "Sources list should be present" "[ -e squashfs/etc/apt/sources.list.d/remote-config-archives-list-chroot.list ]"
+	assertTrue "Sources list meta info should be present" "[ -e squashfs/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_noble_main_binary-amd64_Packages ]"
+	unmountSquashfs
+}
+
+function test_remote_repository_binary() {
+	cat << EOF > config/archives/remote-config-archives-list-binary.list.binary
+deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-archive-keyring.gpg.key.binary.gpg] http://archive.ubuntu.com/ubuntu noble main
+EOF
+	# We need something that is not in Debian.
+	# Let's use the live image building tool from Ubuntu ;-)
+	echo "casper" > config/package-lists/remote-config-archives-list-binary.list.binary
+
+	# Manually fetch the key for Ubuntu
+	wget --quiet https://salsa.debian.org/debian/ubuntu-keyring/-/raw/master/keyrings/ubuntu-archive-keyring.gpg?ref_type=heads -O config/archives/ubuntu-archive-keyring.gpg.key.binary
+
+	build_image
+	assertFalse "Package is not installed (install)" "grep -q '^casper' chroot.packages.install"
+	assertFalse "Package is not installed (live)" "grep -q '^casper' chroot.packages.live"
+
+	mountSquashfs
+	assertTrue "Sources list should be present" "[ -e squashfs/etc/apt/sources.list.d/remote-config-archives-list-binary.list ]"
+	assertTrue "Sources list meta info should be present" "[ -e squashfs/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_noble_main_binary-amd64_Packages ]"
+	assertTrue "Package should be in the pool" "find iso | grep 'iso/pool/main/c/casper/casper_.*_amd64\.deb'"
+	unmountSquashfs
+}
+
+function test_local_repository_unspecified_chroot_or_binary() {
+	create_repository config-archives-list
+	cat << EOF > config/archives/my_repro-config-archives-list.list
+deb [trusted=yes] file://$(pwd)/testrepository-config-archives-list nondebian mymain
+EOF
+	echo "live-testpackage-config-archives-list-main" > config/package-lists/my_repro-config-archives-list.list
+
+	build_image
+	assertNotNull "Not implemented yet: fails at bootstrap_archives at the moment" ""
+	assertTrue "Packaged file for main package should be present" "grep -q '^-rw-r--r--.* testpackage-config-archives-list-main-file$' chroot.files"
+	assertTrue "Packaged file for dependency package should be present" "grep -q '^-rw-r--r--.* testpackage-config-archives-list-dependency-file$' chroot.files"
+	assertTrue "Main package is installed (install)" "grep -q '^live-testpackage-config-archives-list-main' chroot.packages.install"
+	assertTrue "Dependency package is installed (install)" "grep -q '^live-testpackage-config-archives-list-dependency' chroot.packages.install"
+	assertTrue "Main package is installed (live)" "grep -q '^live-testpackage-config-archives-list-main' chroot.packages.live"
+	assertTrue "Dependency package is installed (live)" "grep -q '^live-testpackage-config-archives-list-dependency' chroot.packages.live"
+
+	mountSquashfs
+	# The following files should not be present
+	# -> however, they currently are, because there is not detection whether the repo is reachable from within the running live environment
+	# -> this will result in an error message when 'apt-get update' is run in the live environment
+	#  /etc/apt/sources.list.d/my_repro-config-archives-list.list
+	#  /var/lib/apt/lists/_*_testrepository-config-archives-list-*_Release
+	#  /var/lib/apt/lists/_*_testrepository-config-archives-list-*_Packages
+	assertFalse "Sources list should not be present" "[ -e squashfs/etc/apt/sources.list.d/my_repro-config-archives-list.list ]"
+	assertFalse "Sources list meta info should not be present" "find squashfs/var/lib/apt/lists | grep -q 'squashfs/var/lib/apt/lists/_*_testrepository-config-archives-list-'"
+	unmountSquashfs
+}
+
+function test_local_repository_chroot() {
+	create_repository config-archives-list-chroot
+	cat << EOF > config/archives/my_repro-config-archives-list-chroot.list.chroot
+deb [trusted=yes] file://$(pwd)/testrepository-config-archives-list-chroot nondebian mymain
+EOF
+	echo "live-testpackage-config-archives-list-chroot-main" > config/package-lists/my_repro-config-archives-list-chroot.list.chroot
+
+	build_image
+	assertNotNull "Not implemented yet: fails at bootstrap_archives at the moment" ""
+	assertTrue "Packaged file for main package should be present" "grep -q '^-rw-r--r--.* testpackage-config-archives-list-chroot-main-file$' chroot.files"
+	assertTrue "Packaged file for dependency package should be present" "grep -q '^-rw-r--r--.* testpackage-config-archives-list-chroot-dependency-file$' chroot.files"
+	assertTrue "Main package is installed (install)" "grep -q '^live-testpackage-config-archives-list-chroot-main' chroot.packages.install"
+	assertTrue "Dependency package is installed (install)" "grep -q '^live-testpackage-config-archives-list-chroot-dependency' chroot.packages.install"
+	assertTrue "Main package is installed (live)" "grep -q '^live-testpackage-config-archives-list-chroot-main' chroot.packages.live"
+	assertTrue "Dependency package is installed (live)" "grep -q '^live-testpackage-config-archives-list-chroot-dependency' chroot.packages.live"
+
+	mountSquashfs
+	# The following files should not be present
+	# -> however, they currently are, because there is not detection whether the repo is reachable from within the running live environment
+	# -> this will result in an error message when 'apt-get update' is run in the live environment
+	#  /etc/apt/sources.list.d/my_repro-config-archives-list-chroot.list
+	#  /var/lib/apt/lists/_*_testrepository-config-archives-list-chroot-*_Release
+	#  /var/lib/apt/lists/_*_testrepository-config-archives-list-chroot-*_Packages
+	assertFalse "Sources list should not be present" "[ -e squashfs/etc/apt/sources.list.d/my_repro-config-archives-list-chroot.list ]"
+	assertFalse "Sources list meta info should not be present" "find squashfs/var/lib/apt/lists | grep -q 'squashfs/var/lib/apt/lists/_*_testrepository-config-archives-list-chroot-'"
+	unmountSquashfs
+}
+
+function test_local_repository_binary() {
+	# Skip the .list.binary scenario for now
+	# -> the bind mount is not activated properly
+	create_repository config-archives-list-binary
+	cat << EOF > config/archives/my_repro-config-archives.list-binary.list.binary
+deb [trusted=yes] file://$(pwd)/testrepository-config-archives-list-binary nondebian mymain
+EOF
+	echo "live-testpackage-config-archives-list-binary-main" > config/package-lists/my_repro-config-archives-list-binary.list.binary
+
+	build_image
+	assertNotNull "Not implemented yet: fails at lb chroot_prep remove all mode-archives-chroot with step lb chroot_archives chroot remove at the moment" ""
+	assertFalse "Packaged file for main package should not be present" "grep -q '^-rw-r--r--.* testpackage-config-archives-list-binary-main-file$' chroot.files"
+	assertFalse "Packaged file for dependency package should not be present" "grep -q '^-rw-r--r--.* testpackage-config-archives-list-binary-dependency-file$' chroot.files"
+	assertFalse "Main package is not installed (install)" "grep -q '^live-testpackage-config-archives-list-binary-main' chroot.packages.install"
+	assertFalse "Dependency package is not installed (install)" "grep -q '^live-testpackage-config-archives-list-binary-dependency' chroot.packages.install"
+	assertFalse "Main package is not installed (live)" "grep -q '^live-testpackage-config-archives-list-binary-main' chroot.packages.live"
+	assertFalse "Dependency package is not installed (live)" "grep -q '^live-testpackage-config-archives-list-binary-dependency' chroot.packages.live"
+	mountSquashfs
+	assertTrue "Main package should be in the pool" "[ -e iso/pool/main/l/live-testpackage-config-archives-list-binary-main/live-testpackage-config-archives-list-binary-main_1.0_all.deb ]"
+	assertTrue "Dependency package should be in the pool" "[ -e iso/pool/main/l/live-testpackage-config-archives-list-binary-dependency/live-testpackage-config-archives-list-binary-dependency_1.0_all.deb ]"
+	assertTrue "Package pool is listed in /etc/apt/sources.list" "grep -q 'file:/run/live/medium' squashfs/etc/apt/sources.list"
+	assertTrue "Sources list meta info should be present" "[ -e squashfs/var/lib/apt/lists/_run_live_medium_dists_unstable_Release ]"
+	assertTrue "Sources list meta info should be present" "[ -e squashfs/var/lib/apt/lists/_run_live_medium_dists_unstable_main_binary-amd64_Packages ]"
+	unmountSquashfs
+}
+
+function test_embedded_repository() {
+	# An embedded repository scenario
+	# -> it fails in the bootstrap phase, because the files are copied later in the chroot step!
+
+	create_repository config-opt-extra-repo
+
+	mkdir -p config/includes.chroot_before_packages/opt/extrarepo/dists
+	mkdir -p config/includes.chroot_before_packages/opt/extrarepo/pool
+	cp -a testrepository-config-opt-extra-repo/dists/* config/includes.chroot_before_packages/opt/extrarepo/dists
+	cp -a testrepository-config-opt-extra-repo/pool/* config/includes.chroot_before_packages/opt/extrarepo/pool
+
+	# Note it uses '.list', because the repository should be functional after the chroot is sealed
+	cat << EOF > config/archives/my_repro-config-opt-extra-repo.list
+deb [trusted=yes] file:///opt/extrarepo nondebian mymain
+EOF
+	echo "live-testpackage-config-opt-extra-repo-main" > config/package-lists/my_repro-config-opt-extra-repo.list
+
+	build_image
+	assertNotNull "Not implemented yet: fails at bootstrap_archives at the moment" ""
+	# Current issue: the /etc/apt/sources.list.d entry gets removed, but the index files and the packages are installed in the chroot
+	assertTrue "Packaged file for main package should be present" "grep -q '^-rw-r--r--.* testpackage-config-opt-extra-repo-main-file$' chroot.files"
+	assertTrue "Packaged file for dependency package should be present" "grep -q '^-rw-r--r--.* testpackage-config-opt-extra-repo-dependency-file$' chroot.files"
+	assertTrue "Main package is installed (install)" "grep -q '^live-testpackage-config-opt-extra-repo-main' chroot.packages.install"
+	assertTrue "Dependency package is installed (install)" "grep -q '^live-testpackage-config-opt-extra-repo-dependency' chroot.packages.install"
+	assertTrue "Main package is installed (live)" "grep -q '^live-testpackage-config-opt-extra-repo-main' chroot.packages.live"
+	assertTrue "Dependency package is installed (live)" "grep -q '^live-testpackage-config-opt-extra-repo-dependency' chroot.packages.live"
+}
+
+function test_derivatives() {
+	# Rebuild the configuration, as many mirror settings depend on eachother
+	#lb clean --purge
+	#rm -fr config
+	# Slight speedup: --zsync, --firmware-chroot
+	#lb config --distribution unstable --zsync false --firmware-chroot false
+	# Let's not test --parent-distribution-chroot at the moment:
+	# --apt-secure false --parent-mirror-chroot file://localhost$(pwd)/testrepository --parent-distribution-chroot nondebian --parent-archive-areas mymain --mirror-chroot http://deb.debian.org/debian --distribution-chroot debian --archive-areas main --parent-mirror-bootstrap file://localhost$(pwd)/testrepository
+	# --apt-secure false --mirror-chroot file://localhost$(pwd)/testrepository-mirror-chroot --distribution-chroot nondebian --archive-areas mymain --parent-mirror-chroot http://deb.debian.org/debian --parent-distribution-chroot unstable --parent-archive-areas main
+
+	#build_image
+	#mountSquashfs
+	assertNotNull "Not implemented (yet): this can be quite complicated" ""
+	#unmountSquashfs
+}
+
+. shunit2