diff --git a/examples/hooks/reproducible/2011-reproducible-ca-certificates-java.hook.chroot b/examples/hooks/reproducible/2011-reproducible-ca-certificates-java.hook.chroot index 9f068b7e4..f19e0bd0e 100755 --- a/examples/hooks/reproducible/2011-reproducible-ca-certificates-java.hook.chroot +++ b/examples/hooks/reproducible/2011-reproducible-ca-certificates-java.hook.chroot @@ -2,37 +2,63 @@ set -e # /etc/ssl/certs/java/cacerts is a keystore -# When (re)generated, it embeds 'now' timestamps +# Due to cryptographic requirements, it will be non-reproducible +# as it embeds timestamps +# It can be re-generated with low overhead # Don't run if ca-certificates-java is not installed if [ ! -e /etc/ssl/certs/java/cacerts ]; then - exit 0 -fi - -# Use faketime to enforce a timestamp -# NB: hooks don't know about the apt/aptitude selection, so use 'apt-get' -export FAKETIME_ALREADY_INSTALLED=1 -if [ ! -e /usr/bin/faketime ]; -then - FAKETIME_ALREADY_INSTALLED=0 - apt-get install faketime --yes -o Acquire::Check-Valid-Until=false + exit 0 fi # Remove the file rm -f /etc/ssl/certs/java/cacerts -# Generate it again -touch /var/lib/ca-certificates-java/fresh -# Java uses timestamps with millisecond resolution -# -f is required, otherwise the milliseconds are non-zero (due to relative timestamps) -faketime -f "$(date --utc -d@${SOURCE_DATE_EPOCH} +'%Y-%m-%d %H:%M:%SZ')" dpkg-reconfigure ca-certificates-java +# Add a hook to live-config to recreate it +cat << EOF > /usr/lib/live/config/5000-ca-certificates-java +#!/bin/sh -if [ ${FAKETIME_ALREADY_INSTALLED} -eq 0 ]; -then - apt-get remove --purge --yes faketime - apt-get autoremove --yes -fi +. /lib/live/config.sh + +## live-config(7) - System Configuration Components +## Copyright (C) 2024 The Debian Live team +## +## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING. +## This is free software, and you are welcome to redistribute it +## under certain conditions; see COPYING for details. + +Init () +{ + # Checking if package is installed + if ! pkg_is_installed "ca-certificates-java" || \\ + component_was_executed "ca-certificates-java" + then + exit 0 + fi + # If the keystore is embedded in the image, don't touch it + if [ -e /etc/ssl/certs/java/cacerts ] + then + exit 0 + fi + + echo -n " ca-certificates-java" +} + +Config () +{ + # Re-generate the keystore + touch /var/lib/ca-certificates-java/fresh + dpkg-reconfigure ca-certificates-java + + # Creating state file + touch /var/lib/live/config/ca-certificates-java +} + +Init +Config +EOF +chmod u=rwx,go=rx /usr/lib/live/config/5000-ca-certificates-java echo "P: $(basename $0) Reproducible hook has been applied" diff --git a/scripts/build/chroot_archives b/scripts/build/chroot_archives index 952fbea22..a4890155a 100755 --- a/scripts/build/chroot_archives +++ b/scripts/build/chroot_archives @@ -134,11 +134,11 @@ case "${_ACTION}" in # Configure local package repository if Find_files config/packages.chroot/*.deb || Find_files config/packages/*.deb then - rm -rf chroot/root/packages - mkdir -p chroot/root/packages + rm -rf chroot/packages + mkdir -p chroot/packages - if [ "$(stat --printf %d config/packages.chroot/)" = "$(stat --printf %d chroot/root/packages/)" ] || - [ "$(stat --printf %d config/packages/)" = "$(stat --printf %d chroot/root/packages/)" ] + if [ "$(stat --printf %d config/packages.chroot/)" = "$(stat --printf %d chroot/packages/)" ] || + [ "$(stat --printf %d config/packages/)" = "$(stat --printf %d chroot/packages/)" ] then CP_OPTIONS="-l" fi @@ -150,10 +150,10 @@ case "${_ACTION}" in do if [ -L "${FILE}" ] then - cp -L "${FILE}" chroot/root/packages + cp -L "${FILE}" chroot/packages elif [ -e "${FILE}" ] then - cp ${CP_OPTIONS} "${FILE}" chroot/root/packages + cp ${CP_OPTIONS} "${FILE}" chroot/packages fi done fi @@ -164,15 +164,15 @@ case "${_ACTION}" in do if [ -L "${FILE}" ] then - cp -L "${FILE}" chroot/root/packages + cp -L "${FILE}" chroot/packages elif [ -e "${FILE}" ] then - cp ${CP_OPTIONS} "${FILE}" chroot/root/packages + cp ${CP_OPTIONS} "${FILE}" chroot/packages fi done fi - if Find_files chroot/root/packages/*.deb + if Find_files chroot/packages/*.deb then # If we bootstrapped a minimal chroot, we need # to install apt-utils before we have @@ -189,16 +189,16 @@ case "${_ACTION}" in Install_packages # Generate Packages and Packages.gz - echo "cd /root/packages && apt-ftparchive packages . > Packages" | Chroot chroot sh - gzip -9 -c chroot/root/packages/Packages > chroot/root/packages/Packages.gz + echo "cd /packages && apt-ftparchive packages . > Packages" | Chroot chroot sh + gzip -9 -c chroot/packages/Packages > chroot/packages/Packages.gz # Generate Release - echo "cd /root/packages && apt-ftparchive \ + echo "cd /packages && apt-ftparchive \ -o APT::FTPArchive::Release::Origin=config/packages.chroot \ release . > Release" | Chroot chroot sh # Add to sources.list.d - echo "deb [ trusted=yes ] file:/root/packages ./" > chroot/etc/apt/sources.list.d/packages.list + echo "deb [ trusted=yes ] file:/packages ./" > chroot/etc/apt/sources.list.d/packages.list # Move top-level sources away, otherwise apt always preferes it (#644148) if [ -e chroot/etc/apt/sources.list ] @@ -213,9 +213,9 @@ case "${_ACTION}" in fi fi - if Find_files chroot/root/packages/*.deb + if Find_files chroot/packages/*.deb then - gunzip < chroot/root/packages/Packages.gz | awk '/^Package: / { print $2 }' \ + gunzip < chroot/packages/Packages.gz | awk '/^Package: / { print $2 }' \ >> chroot/root/packages.chroot fi @@ -477,8 +477,8 @@ case "${_ACTION}" in # Remove local package repository rm -f chroot/etc/apt/sources.list.d/packages.list - rm -rf chroot/root/packages - rm -f chroot/var/lib/apt/lists/_root_packages_._* + rm -rf chroot/packages + rm -f chroot/var/lib/apt/lists/_packages_._* # Ensure package list is removed rm -f chroot/root/packages.chroot diff --git a/scripts/build/installer_debian-installer b/scripts/build/installer_debian-installer index 96ee4a4c5..6e47246d1 100755 --- a/scripts/build/installer_debian-installer +++ b/scripts/build/installer_debian-installer @@ -587,6 +587,21 @@ then done fi + # The path to the package pool when running inside the live environment + case "${LB_INITRAMFS}" in + live-boot) + PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT="/run/live/medium" + ;; + + dracut-live) + PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT="/run/initramfs/live" + ;; + + *) + PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT="" + ;; + esac + # Generating deb indices Echo_debug "Generating deb indices" for _ARCHIVE_AREA in $(cd binary/pool && ls); do @@ -604,6 +619,12 @@ EOF mv chroot/root/binary ./ touch "binary/${INDICE_DIR}/Packages" -d@${SOURCE_DATE_EPOCH} + if [ -n "${PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT}" ] + then + # Make the pool available without 'apt-get update' + VAR_LIB_APT_LISTS_FILENAME=$(echo "${PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT}/${INDICE_DIR}/Packages" | sed 's|/|_|g') + cp -a "binary/${INDICE_DIR}/Packages" "chroot/chroot/var/lib/apt/lists/${VAR_LIB_APT_LISTS_FILENAME}" + fi gzip -9 -c "binary/${INDICE_DIR}/Packages" > "binary/${INDICE_DIR}/Packages.gz" # Fetching release @@ -861,10 +882,10 @@ cd /root/binary && apt-ftparchive \ -o APT::FTPArchive::Release::Suite="${_SUITE}" \ ${_LB_APT_VERSION_OPT} \ -o APT::FTPArchive::Release::Codename="${LB_PARENT_DISTRIBUTION_BINARY}" \ - -o APT::FTPArchive::Release::Date="$(date -R ${DATE_UTC_OPTION} -d@${SOURCE_DATE_EPOCH})" \ + -o APT::FTPArchive::Release::Date="$(date -R --utc -d@${SOURCE_DATE_EPOCH})" \ -o APT::FTPArchive::Release::Architectures="${LB_ARCHITECTURE}" \ -o APT::FTPArchive::Release::Components="${LB_PARENT_ARCHIVE_AREAS}" \ - -o APT::FTPArchive::Release::Description="Last updated: $(date -R ${DATE_UTC_OPTION} -d@${SOURCE_DATE_EPOCH})" \ + -o APT::FTPArchive::Release::Description="Last updated: $(date -R --utc -d@${SOURCE_DATE_EPOCH})" \ release dists/${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION} > dists/${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION}/Release EOF @@ -872,16 +893,16 @@ EOF rm -f chroot/binary.sh mv chroot/root/binary ./ - # Add to sources.list with the path that is used inside the live environment - case "${LB_INITRAMFS}" in - live-boot) - echo "deb [trusted=yes] file:/run/live/medium ${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION} ${LB_PARENT_ARCHIVE_AREAS}" >> chroot/chroot/etc/apt/sources.list - ;; - - dracut-live) - echo "deb [trusted=yes] file:/run/initramfs/live ${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION} ${LB_PARENT_ARCHIVE_AREAS}" >> chroot/chroot/etc/apt/sources.list - ;; - esac + if [ -n "${PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT}" ] + then + # Add to sources.list with the path that is used inside the live environment + # Add in the first line, to give it precedence over the online versions of the same package + echo "deb [trusted=yes] file:${PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT} ${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION} ${LB_PARENT_ARCHIVE_AREAS}" > sources.list + cat chroot/chroot/etc/apt/sources.list >> sources.list + cp sources.list chroot/chroot/etc/apt/sources.list + VAR_LIB_APT_LISTS_FILENAME=$(echo "${PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT}/dists/${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION}/Release" | sed 's|/|_|g') + cp -a binary/dists/${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION}/Release chroot/chroot/var/lib/apt/lists/${VAR_LIB_APT_LISTS_FILENAME} + fi Echo_debug "Creating distribution directories/symlinks" diff --git a/test/test_external_deb_sources.sh b/test/test_external_deb_sources.sh new file mode 100755 index 000000000..44bf296b3 --- /dev/null +++ b/test/test_external_deb_sources.sh @@ -0,0 +1,366 @@ +#!/bin/bash + +if ! command -v equivs-build > /dev/null; then + echo "Install equivs" + exit 1 +fi +if ! command -v reprepro > /dev/null; then + echo "Install reprepro" + exit 1 +fi + +if ! command -v shunit2 > /dev/null; then + echo "Install shunit2" + exit 1 +fi + +function create_packages () { + # Create package generator files + cat << EOF > package +Source: live-testpackage-$1-main +Section: misc +Priority: optional +Standards-Version: 4.7.0 + +Package: live-testpackage-$1-main +Version: 1.0 +Maintainer: Debian Live +Depends: live-testpackage-$1-dependency +Architecture: all +File: /etc/live-testpackage/testpackage-$1-main-file 644 + live-testpackage-$1-main has been installed +Description: Test package for testing the inclusion in live images + Tests dependency chain + Package live-testpackage-$1-dependency should be automatically installed and removed too +EOF + equivs-build package + + cat << EOF > package +Source: live-testpackage-$1-dependency +Section: misc +Priority: optional +Standards-Version: 4.7.0 + +Package: live-testpackage-$1-dependency +Version: 1.0 +Maintainer: Debian Live +Architecture: all +File: /etc/live-testpackage/testpackage-$1-dependency-file 644 + The dependency for live-testpackage-$1-main has been installed +Description: Test package for testing the inclusion in live images + Tests dependency chain + This package should be automatically installed and removed too +EOF + equivs-build package + rm package +} + +function create_repository () { + # See https://wiki.debian.org/DebianRepository/SetupWithReprepro + # Collect in a repository + rm -fr testrepository-$1 + mkdir -p testrepository-$1/conf + touch testrepository-$1/conf/options + cat << EOF > testrepository-$1/conf/distributions +Origin: Test_repository_for_testing_external_sources +Label: Test_repository_for_testing_external_sources +Codename: nondebian +Architectures: amd64 source +Components: mymain +Description: Test repository for testing external sources +EOF + create_packages $1 + reprepro -b testrepository-$1 includedeb nondebian live-testpackage-$1-main_1.0_all.deb + reprepro -b testrepository-$1 includedeb nondebian live-testpackage-$1-dependency_1.0_all.deb +} + +function mountSquashfs() { + assertTrue "ISO image has been generated" "[ -e live-image-amd64.hybrid.iso ]" + mkdir iso squashfs + mount live-image-amd64.hybrid.iso iso -oro + mount iso/live/filesystem.squashfs squashfs -oro +} + +function unmountSquashfs() { + umount squashfs + umount iso + rmdir iso squashfs +} + +function oneTimeSetUp() { + # Speed up, because there is no compression of the ISO file + export MKSQUASHFS_OPTIONS=-no-compression +} + +function setUp() { + # Create a test configuration + lb clean --purge + rm -fr config + # Slight speedup: --zsync, --firmware-chroot + lb config --distribution unstable --zsync false --firmware-chroot false +} + +function build_image() { + # Speed up + export MKSQUASHFS_OPTIONS=-no-compression + # Perform the build + lb build +} + +function test_snapshot_with_mirror_bootstrap() { + # Rebuild the configuration, as many mirror settings depend on eachother + lb clean --purge + rm -fr config + # Slight speedup: --zsync, --firmware-chroot + lb config --distribution unstable --zsync false --firmware-chroot false --mirror-bootstrap http://snapshot.debian.org/archive/debian/20240701T000000Z/ --mirror-binary http://deb.debian.org/debian/ + # Insider knowledge of live-build: + # Add '-o Acquire::Check-Valid-Until=false', to allow for rebuilds of older timestamps + sed -i -e '/^APT_OPTIONS=/s/--yes/--yes -o Acquire::Check-Valid-Until=false/' config/common + build_image + mountSquashfs + assertTrue "Sources.list mentions deb.d.o" "grep -q 'http://deb.debian.org/debian' squashfs/etc/apt/sources.list" + assertTrue "Sources list meta info should be present" "[ -e squashfs/var/lib/apt/lists/deb\.debian\.org_debian_dists_unstable_main_binary-amd64_Packages ]" + assertTrue "The kernel from the snapshot is used" "grep -q '^linux-image-6\.9\.7-amd64' chroot.packages.install" + assertTrue "The kernel from the snapshot will be booted" "[ -e squashfs/boot/vmlinuz-6.9.7-amd64 ]" + unmountSquashfs +} + +function test_direct_inclusion_of_deb_unspecified_chroot_or_binary() { + create_packages config-packages + cp live-testpackage-config-packages-main_1.0_all.deb config/packages + cp live-testpackage-config-packages-dependency_1.0_all.deb config/packages + build_image + assertTrue "Packaged file for main package should be present" "grep -q '^-rw-r--r--.* testpackage-config-packages-main-file$' chroot.files" + assertTrue "Packaged file for dependency package should be present" "grep -q '^-rw-r--r--.* testpackage-config-packages-dependency-file$' chroot.files" + assertTrue "Main package is installed (install)" "grep -q '^live-testpackage-config-packages-main' chroot.packages.install" + assertTrue "Dependency package is installed (install)" "grep -q '^live-testpackage-config-packages-dependency' chroot.packages.install" + assertTrue "Main package is installed (live)" "grep -q '^live-testpackage-config-packages-main' chroot.packages.live" + assertTrue "Dependency package is installed (live)" "grep -q '^live-testpackage-config-packages-dependency' chroot.packages.live" +} + +function test_direct_inclusion_of_deb_binary() { + create_packages config-packages-binary + cp live-testpackage-config-packages-binary-main_1.0_all.deb config/packages.binary + cp live-testpackage-config-packages-binary-dependency_1.0_all.deb config/packages.binary + # config/packages.binary is only used when an installer is requested + lb config --debian-installer live + build_image + assertFalse "Packaged file for main package should not be present" "grep -q '^-rw-r--r--.* testpackage-config-packages-binary-main-file$' chroot.files" + assertFalse "Packaged file for dependency package should not be present" "grep -q '^-rw-r--r--.* testpackage-config-packages-binary-dependency-file$' chroot.files" + assertFalse "Main package is not installed (install)" "grep -q '^live-testpackage-config-packages-binary-main' chroot.packages.install" + assertFalse "Dependency package is not installed (install)" "grep -q '^live-testpackage-config-packages-binary-dependency' chroot.packages.install" + assertFalse "Main package is not installed (live)" "grep -q '^live-testpackage-config-packages-binary-main' chroot.packages.live" + assertFalse "Dependency package is not installed (live)" "grep -q '^live-testpackage-config-packages-binary-dependency' chroot.packages.live" + mountSquashfs + assertTrue "Main package should be in the pool" "[ -e iso/pool/main/l/live-testpackage-config-packages-binary-main/live-testpackage-config-packages-binary-main_1.0_all.deb ]" + assertTrue "Dependency package should be in the pool" "[ -e iso/pool/main/l/live-testpackage-config-packages-binary-dependency/live-testpackage-config-packages-binary-dependency_1.0_all.deb ]" + assertTrue "Package pool is listed in /etc/apt/sources.list" "grep -q 'file:/run/live/medium' squashfs/etc/apt/sources.list" + assertTrue "Sources list meta info should be present" "[ -e squashfs/var/lib/apt/lists/_run_live_medium_dists_unstable_Release ]" + assertTrue "Sources list meta info should be present" "[ -e squashfs/var/lib/apt/lists/_run_live_medium_dists_unstable_main_binary-amd64_Packages ]" + unmountSquashfs +} + +function test_direct_inclusion_of_deb_chroot() { + create_packages config-packages-chroot + cp live-testpackage-config-packages-chroot-main_1.0_all.deb config/packages.chroot + cp live-testpackage-config-packages-chroot-dependency_1.0_all.deb config/packages.chroot + build_image + assertTrue "Packaged file for main package should be present" "grep -q '^-rw-r--r--.* testpackage-config-packages-chroot-main-file$' chroot.files" + assertTrue "Packaged file for dependency package should be present" "grep -q '^-rw-r--r--.* testpackage-config-packages-chroot-dependency-file$' chroot.files" + assertTrue "Main package is installed (install)" "grep -q '^live-testpackage-config-packages-chroot-main' chroot.packages.install" + assertTrue "Dependency package is installed (install)" "grep -q '^live-testpackage-config-packages-chroot-dependency' chroot.packages.install" + assertTrue "Main package is installed (live)" "grep -q '^live-testpackage-config-packages-chroot-main' chroot.packages.live" + assertTrue "Dependency package is installed (live)" "grep -q '^live-testpackage-config-packages-chroot-dependency' chroot.packages.live" +} + +function test_remote_repository_unspecified_choot_or_binary() { + cat << EOF > config/archives/remote-config-archives-list.list +deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-archive-keyring.gpg.key.gpg] http://archive.ubuntu.com/ubuntu noble main +EOF + # We need something that is not in Debian. + # Let's use the live image building tool from Ubuntu ;-) + echo "casper" > config/package-lists/remote-config-archives-list.list + + # Manually fetch the key for Ubuntu + wget --quiet https://salsa.debian.org/debian/ubuntu-keyring/-/raw/master/keyrings/ubuntu-archive-keyring.gpg?ref_type=heads -O config/archives/ubuntu-archive-keyring.gpg.key + + build_image + assertTrue "Package is installed (install)" "grep -q '^casper' chroot.packages.install" + assertTrue "Package is installed (live)" "grep -q '^casper' chroot.packages.live" + + mountSquashfs + assertTrue "Sources list should be present" "[ -e squashfs/etc/apt/sources.list.d/remote-config-archives-list.list ]" + assertTrue "Sources list meta info should be present" "[ -e squashfs/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_noble_main_binary-amd64_Packages ]" + unmountSquashfs +} + +function test_remote_repository_chroot() { + cat << EOF > config/archives/remote-config-archives-list-chroot.list +deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-archive-keyring.gpg.key.chroot.gpg] http://archive.ubuntu.com/ubuntu noble main +EOF + # We need something that is not in Debian. + # Let's use the live image building tool from Ubuntu ;-) + echo "casper" > config/package-lists/remote-config-archives-list-chroot.list.chroot + + # Manually fetch the key for Ubuntu + wget --quiet https://salsa.debian.org/debian/ubuntu-keyring/-/raw/master/keyrings/ubuntu-archive-keyring.gpg?ref_type=heads -O config/archives/ubuntu-archive-keyring.gpg.key.chroot + + build_image + assertTrue "Package is installed (install)" "grep -q '^casper' chroot.packages.install" + assertTrue "Package is installed (live)" "grep -q '^casper' chroot.packages.live" + + mountSquashfs + assertTrue "Sources list should be present" "[ -e squashfs/etc/apt/sources.list.d/remote-config-archives-list-chroot.list ]" + assertTrue "Sources list meta info should be present" "[ -e squashfs/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_noble_main_binary-amd64_Packages ]" + unmountSquashfs +} + +function test_remote_repository_binary() { + cat << EOF > config/archives/remote-config-archives-list-binary.list.binary +deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-archive-keyring.gpg.key.binary.gpg] http://archive.ubuntu.com/ubuntu noble main +EOF + # We need something that is not in Debian. + # Let's use the live image building tool from Ubuntu ;-) + echo "casper" > config/package-lists/remote-config-archives-list-binary.list.binary + + # Manually fetch the key for Ubuntu + wget --quiet https://salsa.debian.org/debian/ubuntu-keyring/-/raw/master/keyrings/ubuntu-archive-keyring.gpg?ref_type=heads -O config/archives/ubuntu-archive-keyring.gpg.key.binary + + build_image + assertFalse "Package is not installed (install)" "grep -q '^casper' chroot.packages.install" + assertFalse "Package is not installed (live)" "grep -q '^casper' chroot.packages.live" + + mountSquashfs + assertTrue "Sources list should be present" "[ -e squashfs/etc/apt/sources.list.d/remote-config-archives-list-binary.list ]" + assertTrue "Sources list meta info should be present" "[ -e squashfs/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_noble_main_binary-amd64_Packages ]" + assertTrue "Package should be in the pool" "find iso | grep 'iso/pool/main/c/casper/casper_.*_amd64\.deb'" + unmountSquashfs +} + +function test_local_repository_unspecified_chroot_or_binary() { + create_repository config-archives-list + cat << EOF > config/archives/my_repro-config-archives-list.list +deb [trusted=yes] file://$(pwd)/testrepository-config-archives-list nondebian mymain +EOF + echo "live-testpackage-config-archives-list-main" > config/package-lists/my_repro-config-archives-list.list + + build_image + assertNotNull "Not implemented yet: fails at bootstrap_archives at the moment" "" + assertTrue "Packaged file for main package should be present" "grep -q '^-rw-r--r--.* testpackage-config-archives-list-main-file$' chroot.files" + assertTrue "Packaged file for dependency package should be present" "grep -q '^-rw-r--r--.* testpackage-config-archives-list-dependency-file$' chroot.files" + assertTrue "Main package is installed (install)" "grep -q '^live-testpackage-config-archives-list-main' chroot.packages.install" + assertTrue "Dependency package is installed (install)" "grep -q '^live-testpackage-config-archives-list-dependency' chroot.packages.install" + assertTrue "Main package is installed (live)" "grep -q '^live-testpackage-config-archives-list-main' chroot.packages.live" + assertTrue "Dependency package is installed (live)" "grep -q '^live-testpackage-config-archives-list-dependency' chroot.packages.live" + + mountSquashfs + # The following files should not be present + # -> however, they currently are, because there is not detection whether the repo is reachable from within the running live environment + # -> this will result in an error message when 'apt-get update' is run in the live environment + # /etc/apt/sources.list.d/my_repro-config-archives-list.list + # /var/lib/apt/lists/_*_testrepository-config-archives-list-*_Release + # /var/lib/apt/lists/_*_testrepository-config-archives-list-*_Packages + assertFalse "Sources list should not be present" "[ -e squashfs/etc/apt/sources.list.d/my_repro-config-archives-list.list ]" + assertFalse "Sources list meta info should not be present" "find squashfs/var/lib/apt/lists | grep -q 'squashfs/var/lib/apt/lists/_*_testrepository-config-archives-list-'" + unmountSquashfs +} + +function test_local_repository_chroot() { + create_repository config-archives-list-chroot + cat << EOF > config/archives/my_repro-config-archives-list-chroot.list.chroot +deb [trusted=yes] file://$(pwd)/testrepository-config-archives-list-chroot nondebian mymain +EOF + echo "live-testpackage-config-archives-list-chroot-main" > config/package-lists/my_repro-config-archives-list-chroot.list.chroot + + build_image + assertNotNull "Not implemented yet: fails at bootstrap_archives at the moment" "" + assertTrue "Packaged file for main package should be present" "grep -q '^-rw-r--r--.* testpackage-config-archives-list-chroot-main-file$' chroot.files" + assertTrue "Packaged file for dependency package should be present" "grep -q '^-rw-r--r--.* testpackage-config-archives-list-chroot-dependency-file$' chroot.files" + assertTrue "Main package is installed (install)" "grep -q '^live-testpackage-config-archives-list-chroot-main' chroot.packages.install" + assertTrue "Dependency package is installed (install)" "grep -q '^live-testpackage-config-archives-list-chroot-dependency' chroot.packages.install" + assertTrue "Main package is installed (live)" "grep -q '^live-testpackage-config-archives-list-chroot-main' chroot.packages.live" + assertTrue "Dependency package is installed (live)" "grep -q '^live-testpackage-config-archives-list-chroot-dependency' chroot.packages.live" + + mountSquashfs + # The following files should not be present + # -> however, they currently are, because there is not detection whether the repo is reachable from within the running live environment + # -> this will result in an error message when 'apt-get update' is run in the live environment + # /etc/apt/sources.list.d/my_repro-config-archives-list-chroot.list + # /var/lib/apt/lists/_*_testrepository-config-archives-list-chroot-*_Release + # /var/lib/apt/lists/_*_testrepository-config-archives-list-chroot-*_Packages + assertFalse "Sources list should not be present" "[ -e squashfs/etc/apt/sources.list.d/my_repro-config-archives-list-chroot.list ]" + assertFalse "Sources list meta info should not be present" "find squashfs/var/lib/apt/lists | grep -q 'squashfs/var/lib/apt/lists/_*_testrepository-config-archives-list-chroot-'" + unmountSquashfs +} + +function test_local_repository_binary() { + # Skip the .list.binary scenario for now + # -> the bind mount is not activated properly + create_repository config-archives-list-binary + cat << EOF > config/archives/my_repro-config-archives.list-binary.list.binary +deb [trusted=yes] file://$(pwd)/testrepository-config-archives-list-binary nondebian mymain +EOF + echo "live-testpackage-config-archives-list-binary-main" > config/package-lists/my_repro-config-archives-list-binary.list.binary + + build_image + assertNotNull "Not implemented yet: fails at lb chroot_prep remove all mode-archives-chroot with step lb chroot_archives chroot remove at the moment" "" + assertFalse "Packaged file for main package should not be present" "grep -q '^-rw-r--r--.* testpackage-config-archives-list-binary-main-file$' chroot.files" + assertFalse "Packaged file for dependency package should not be present" "grep -q '^-rw-r--r--.* testpackage-config-archives-list-binary-dependency-file$' chroot.files" + assertFalse "Main package is not installed (install)" "grep -q '^live-testpackage-config-archives-list-binary-main' chroot.packages.install" + assertFalse "Dependency package is not installed (install)" "grep -q '^live-testpackage-config-archives-list-binary-dependency' chroot.packages.install" + assertFalse "Main package is not installed (live)" "grep -q '^live-testpackage-config-archives-list-binary-main' chroot.packages.live" + assertFalse "Dependency package is not installed (live)" "grep -q '^live-testpackage-config-archives-list-binary-dependency' chroot.packages.live" + mountSquashfs + assertTrue "Main package should be in the pool" "[ -e iso/pool/main/l/live-testpackage-config-archives-list-binary-main/live-testpackage-config-archives-list-binary-main_1.0_all.deb ]" + assertTrue "Dependency package should be in the pool" "[ -e iso/pool/main/l/live-testpackage-config-archives-list-binary-dependency/live-testpackage-config-archives-list-binary-dependency_1.0_all.deb ]" + assertTrue "Package pool is listed in /etc/apt/sources.list" "grep -q 'file:/run/live/medium' squashfs/etc/apt/sources.list" + assertTrue "Sources list meta info should be present" "[ -e squashfs/var/lib/apt/lists/_run_live_medium_dists_unstable_Release ]" + assertTrue "Sources list meta info should be present" "[ -e squashfs/var/lib/apt/lists/_run_live_medium_dists_unstable_main_binary-amd64_Packages ]" + unmountSquashfs +} + +function test_embedded_repository() { + # An embedded repository scenario + # -> it fails in the bootstrap phase, because the files are copied later in the chroot step! + + create_repository config-opt-extra-repo + + mkdir -p config/includes.chroot_before_packages/opt/extrarepo/dists + mkdir -p config/includes.chroot_before_packages/opt/extrarepo/pool + cp -a testrepository-config-opt-extra-repo/dists/* config/includes.chroot_before_packages/opt/extrarepo/dists + cp -a testrepository-config-opt-extra-repo/pool/* config/includes.chroot_before_packages/opt/extrarepo/pool + + # Note it uses '.list', because the repository should be functional after the chroot is sealed + cat << EOF > config/archives/my_repro-config-opt-extra-repo.list +deb [trusted=yes] file:///opt/extrarepo nondebian mymain +EOF + echo "live-testpackage-config-opt-extra-repo-main" > config/package-lists/my_repro-config-opt-extra-repo.list + + build_image + assertNotNull "Not implemented yet: fails at bootstrap_archives at the moment" "" + # Current issue: the /etc/apt/sources.list.d entry gets removed, but the index files and the packages are installed in the chroot + assertTrue "Packaged file for main package should be present" "grep -q '^-rw-r--r--.* testpackage-config-opt-extra-repo-main-file$' chroot.files" + assertTrue "Packaged file for dependency package should be present" "grep -q '^-rw-r--r--.* testpackage-config-opt-extra-repo-dependency-file$' chroot.files" + assertTrue "Main package is installed (install)" "grep -q '^live-testpackage-config-opt-extra-repo-main' chroot.packages.install" + assertTrue "Dependency package is installed (install)" "grep -q '^live-testpackage-config-opt-extra-repo-dependency' chroot.packages.install" + assertTrue "Main package is installed (live)" "grep -q '^live-testpackage-config-opt-extra-repo-main' chroot.packages.live" + assertTrue "Dependency package is installed (live)" "grep -q '^live-testpackage-config-opt-extra-repo-dependency' chroot.packages.live" +} + +function test_derivatives() { + # Rebuild the configuration, as many mirror settings depend on eachother + #lb clean --purge + #rm -fr config + # Slight speedup: --zsync, --firmware-chroot + #lb config --distribution unstable --zsync false --firmware-chroot false + # Let's not test --parent-distribution-chroot at the moment: + # --apt-secure false --parent-mirror-chroot file://localhost$(pwd)/testrepository --parent-distribution-chroot nondebian --parent-archive-areas mymain --mirror-chroot http://deb.debian.org/debian --distribution-chroot debian --archive-areas main --parent-mirror-bootstrap file://localhost$(pwd)/testrepository + # --apt-secure false --mirror-chroot file://localhost$(pwd)/testrepository-mirror-chroot --distribution-chroot nondebian --archive-areas mymain --parent-mirror-chroot http://deb.debian.org/debian --parent-distribution-chroot unstable --parent-archive-areas main + + #build_image + #mountSquashfs + assertNotNull "Not implemented (yet): this can be quite complicated" "" + #unmountSquashfs +} + +. shunit2