Control: tag -1 + unreproducible Hi,
Quoting Richard Ulrich (2024-04-30 10:44:46)
> We use fakechroot for building a live OS that starts out with debootstrap.
> This worked fine for a while, but started to fail last week. Now apt crashes
> when it ties to download anything:
> [...]
> I am reporting this from my trixie system, but the same happens on bookworm
> systems, and bookworm is used inside the relevant Docker container.
read the section LIMITATIONS of the fakechroot man page. You have to use the
exact system on the outside of the chroot as you are using inside of the
chroot. I have CI systems testing fakechroot daily on a fresh Debian unstable
setup and it works fine. So if it doesn't work for you, then it is very likely
due to the limitations of fakechroot itself. Thus, tagging this bug as
unreproducible.
Now... I had a look at your Dockerfile and at your project livedeb. I think you
can do a number of improvements which in the end will allow you to completely
get rid of fakechroot.
Firstly, you are are using docker for isolation. Why do you even bother with
fakechroot? Can you not just use normal chroot inside of docker?
Secondly, you can completely get rid of docker if you replace debootstrap and
fakechroot with mmdebstrap in unshare mode. Using mmdebstrap has several
advantages for your use-case:
1. it does not require superuser privileges, so you do not need to run
everything inside a docker container anymore
2. its native output format is a tarball so you can just run:
mmdebstrap [...] | mksquashfs - filesystem.squashfs
3. even better, squashfs is one of the native output formats of mmdebstrap so
if you don't need any special squashfs options you could even just call
mmdebstrap [..] filesystem.squashfs
4. you want the result to be bit-by-bit reproducible. The output of mmdebstrap
is reproducible by default with the same SOURCE_DATE_EPOCH
The only reason I'm still maintaining fakechroot is because it's a fun hacking
project but given that unshared user namespaces provide far superior
functionality I heavily recommend against using fakechroot in production.
Write me if you need any help converting your dockerfile into mmdebstrap calls.
Thanks!
cheers, josch
signature.asc
Description: signature
