Bug#1070109: fakechroot: apt crashes inside fakechroot

2024-04-30 Thread Johannes Schauer Marin Rodrigues 
Control: tag -1 + unreproducible

Hi,

Quoting Richard Ulrich (2024-04-30 10:44:46)
> We use fakechroot for building a live OS that starts out with debootstrap.
> This worked fine for a while, but started to fail last week. Now apt crashes
> when it ties to download anything:
> [...]
> I am reporting this from my trixie system, but the same happens on bookworm
> systems, and bookworm is used inside the relevant Docker container.

read the section LIMITATIONS of the fakechroot man page. You have to use the
exact system on the outside of the chroot as you are using inside of the
chroot. I have CI systems testing fakechroot daily on a fresh Debian unstable
setup and it works fine. So if it doesn't work for you, then it is very likely
due to the limitations of fakechroot itself. Thus, tagging this bug as
unreproducible.

Now... I had a look at your Dockerfile and at your project livedeb. I think you
can do a number of improvements which in the end will allow you to completely
get rid of fakechroot.

Firstly, you are are using docker for isolation. Why do you even bother with
fakechroot? Can you not just use normal chroot inside of docker?

Secondly, you can completely get rid of docker if you replace debootstrap and
fakechroot with mmdebstrap in unshare mode. Using mmdebstrap has several
advantages for your use-case:

 1. it does not require superuser privileges, so you do not need to run
everything inside a docker container anymore

 2. its native output format is a tarball so you can just run:

mmdebstrap [...] | mksquashfs - filesystem.squashfs

 3. even better, squashfs is one of the native output formats of mmdebstrap so
if you don't need any special squashfs options you could even just call

mmdebstrap [..] filesystem.squashfs

 4. you want the result to be bit-by-bit reproducible. The output of mmdebstrap
is reproducible by default with the same SOURCE_DATE_EPOCH

The only reason I'm still maintaining fakechroot is because it's a fun hacking
project but given that unshared user namespaces provide far superior
functionality I heavily recommend against using fakechroot in production.

Write me if you need any help converting your dockerfile into mmdebstrap calls.

Thanks!

cheers, josch

signature.asc
Description: signature

Bug#1070109: fakechroot: apt crashes inside fakechroot

2024-04-30 Thread Richard Ulrich 
Package: fakechroot
Version: 2.20.1+ds-17
Severity: important
X-Debbugs-Cc: ri...@paraeasy.ch

Dear Maintainer,

We use fakechroot for building a live OS that starts out with debootstrap. This 
worked fine for a while, but started to fail last week. Now apt crashes when it 
ties to download anything:
https://github.com/AminaBank/livedeb/blob/master/Dockerfile#L85
 => ERROR [stage-8  4/30] RUN fakechroot chroot ROOTFS apt-get update  && 
fakechroot chroot ROOTFS a  1.2s 
--  
   
 > [stage-8  4/30] RUN fakechroot chroot ROOTFS apt-get update  && fakechroot 
 > chroot ROOTFS apt-get -y dist-upgrade  && fakechroot chroot ROOTFS apt-get 
 > install -y --no-install-recommends curldosfstools electrum fdisk 
 >   firefox-esr fonts-freefont-ttf  fonts-noto-mono keepassxc  
 >  libgl1  libglib2.0-0libykpiv2   minicom mousepad
 > mtools  openssh-client  p7zip-full pcscdpython3-pyqt5   
 > systemd-resolvedsystemd-timesyncd   thunar-archive-plugin   
 > xarchiver xfce4 xfce4-terminal  xinit   xserver-xorg
 > yubikey-manager:
#9 0.613 Reading package lists...
#9 1.059 E: Method http has died unexpectedly!
#9 1.059 E: Sub-process http received a segmentation fault.
#9 1.059 E: Method /usr/lib/apt/methods/http did not start correctly
#9 1.059 E: Failed to fetch 
http://deb.debian.org/debian/dists/bookworm/InRelease  
#9 1.059 E: Some index files failed to download. They have been ignored, or old 
ones used instead.

I don't know where the problem really lies, but when I buil an older version, 
where fakechroot was not used, then it builds just fine:
https://github.com/AminaBank/livedeb/blob/b38de278e45f0175f5d9c5fc39716a4e31eda6c3/Dockerfile#L37
 

The first version that uses fakechroot generates a slightly different error 
messages, but also at about the same place:
https://github.com/AminaBank/livedeb/blob/e22eda84c67643da13d46cb56a24e1eb47fdbfcd/Dockerfile#L57
Step 11/50 : RUN fakechroot chroot ROOTFS apt-get update
 ---> Running in 9f203eea9b98
*** stack smashing detected ***: terminated
Aborted (core dumped)
The command '/bin/sh -c fakechroot chroot ROOTFS apt-get update' returned a 
non-zero code: 134

I am reporting this from my trixie system, but the same happens on bookworm 
systems, and bookworm is used inside the relevant Docker container.

-- System Information:
Debian Release: bookworm/trixie/sid
  APT prefers testing
  APT policy: (500, 'testing'), (100, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.6.15-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_CH:de
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages fakechroot depends on:
ii  binutils   2.42-4
ii  libfakechroot  2.20.1+ds-17

fakechroot recommends no packages.

fakechroot suggests no packages.

-- no debconf information