GitLab

 Fakemachine is subject to panic and causes Debos to exit success due to
 the current logic of the exitcode. For example, the fakemachine function
 CopyFileTo() panics if the file is missing.

 In the case of a panic, the function never returns. Thus, the exitcode
 cannot be set to 1 and Debos exits with 0.

 This commit reverses the logic of the exitcode: it is initialized to 1
 (i.e. failure), and it is set to 0 (i.e. success) only if Debos has
 reached the end of the things it has to do (or for the help message).
Signed-off-by: Gaël PORTAY <gael.portay@collabora.com>

Arnaud Rebillout authored Oct 08, 2019 and Santosh Mahto committed Jul 15, 2021

The timeout is fixed at 10 seconds, and I see it quite often.

The man page for pacman.conf(5) reads:

 DisableDownloadTimeout

    Disable defaults for low speed limit and timeout on downloads. Use
    this if you have issues downloading files with proxy and/or security
    gateway.
Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>

Arnaud Rebillout authored Oct 01, 2019 and Santosh Mahto committed Jul 15, 2021

Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>

Arnaud Rebillout authored Sep 04, 2019 and Santosh Mahto committed Jul 15, 2021

Before this commit, we hard-coded the 3 repositories 'core', 'extra',
and 'community', and we only allowed the user define the mirror and
mirror layout for those.

This is not really a good idea, as none of these repositories are
required to exist, or even to be named that way. These are just
conventions. An Archlinux derivative could as well decide to have their
repositories named 'main', 'contrib' and 'non-free', for example.

Hence it seems more flexible to have a 'repositories' property instead,
and let user define the repository name and the repository server. This
way, there's no need for a mirror and mirror-layout properties.

With this change, a basic recipe to build an Archlinux OS can be:

    architecture: amd64

    actions:
      - action: pacstrap
        repositories:
          - name: core
            server: http://mirrors.kernel.org/archlinux/$repo/os/$arch
          - name: extra
            server: http://mirrors.kernel.org/archlinux/$repo/os/$arch

      - action: pack
        compression: gz
        file: recipe.tar.gz

More complicated, a recipe that allows to build both ArchLinux or
Manjaro can be defined like that:

    {{  $arch := or .arch "amd64" -}}
    {{- $distrib := or .distrib "archlinux" -}}
    {{- $mirror := or .mirror "http://mirrors.kernel.org/archlinux

" -}}
    {{- $layout := or .layout "$repo/os/$arch" -}}

    {{- if eq $distrib "manjaro" -}}
    {{- $mirror = or .mirror "http://repo.manjaro.org.uk" -}}
    {{- $layout = or .layout "stable/$repo/$arch" -}}
    {{- end -}}

    architecture: {{ $arch }}

    actions:
      - action: pacstrap
        repositories:
          - name: core
            server: {{ $mirror }}/{{ $layout }}
          - name: extra
            server: {{ $mirror }}/{{ $layout }}
          - name: community
            server: {{ $mirror }}/{{ $layout }}

      - action: pack
        compression: gz
        file: {{ $distrib }}-base.tar.gz

And it can be invoked in the following ways:

    # build archlinux:
    debos recipe.yaml

    # build manjaro:
    debos -t distrib:manjaro recipe.yaml

Introducing the 'repository' property has the consequence of removing
the 'mirror' property, which can't make anymore. It means that debos
doesn't try to handle the mirror list anymore, it's left to the user.

By default, ArchLinux leaves you with no mirror configured, so pacman
fails until you manually enable a mirror in /etc/pacman.d/mirrolist.

Manjaro, on the other hand, leaves you with a mirrorlist where all the
mirrors are enabled, and possibly NOT sorted. Watch the pacstrap logs
for the messages:

    Pacstrap | ::INFO Internet connection appears to be down
    Pacstrap | ::INFO Mirror ranking is not available
    Pacstrap | ::INFO Mirror list is generated using random method
    Pacstrap | ::INFO Writing mirror list

One last word.

Remember that these repositories are only used to create the pacman.conf
file used during the pacstrap action. pacstrap itself will install a
default pacman config and a default mirror list in the bootstrapped
system, hence subsequent calls to the `pacman` action will use those.

So if you want to use a particular mirror, defining it in the pacstrap
action is not enough, you will also need to enable it in the
bootstrapped system.
Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>

Arnaud Rebillout authored Aug 01, 2019 and Santosh Mahto committed Jul 15, 2021

With this change, pacman-key will populate the pacman keyring in the
chroot with EVERY keyring found in /usr/share/pacman/keyrings on the
host.

For example, assuming you're building a Manjaro image, you need to
populate the chroot with the two keyrings 'archlinux' and 'manjaro'.
Assuming that both keyrings are installed on the host, then you have two
ways to achieve that
- run `pacman-key --populate archlinux manjaro`, which install exactly
  these two keyrings in the chroot.
- run `pacman-key --populate`, which installs every keyring found in
  /usr/share/pacman/keyrings.

This commit makes the assumption that the host has already all the
keyrings needed in /usr/share/pacman/keyrings, and that it's desirable
to install them all in the chroot.
Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>

Arnaud Rebillout authored Aug 01, 2019 and Santosh Mahto committed Jul 15, 2021

ArchLinux's default mirror layout is $repo/os/$arch, however in
ArchLinux world the mirror layout doesn't seem to be enforced by
anything, so there's some variety out there.

Within ArchLinux itself, it seems that there are at least two different
existing layouts, as seen in mkosi sources:

    if platform.machine() == "aarch64":
        server = f"Server = {args.mirror}/$arch/$repo"
    else:
        server = f"Server = {args.mirror}/$repo/os/$arch"

Additionally, Manjaro mirrors also do it differently:

    {args.mirror}/$branch/$repo/$arch

So we can't hardcode the mirror layout in debos anymore.

This commit let user enter a string that defines the mirror layout. If
not set, debos defaults to ArchLinux's default layout '$repo/os/$arch'.
Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>

Arnaud Rebillout authored Jul 31, 2019 and Santosh Mahto committed Jul 15, 2021

I experience regular failures due to timeout, for example:

  error: failed retrieving file 'libssh2-1.8.2-1-x86_64.pkg.tar.xz' from http://mirrors.kernel.org/archlinux :
  Connection timed out after 10001 milliseconds

The pacman manual mentions:

  --disable-download-timeout
    Disable defaults for low speed limit and timeout on downloads. Use this
    if you have issues downloading files with proxy and/or security gateway.

I do run a proxy most of the time, but even when I don't I still see
this issue. So let's disable this timeout.

Ref: <https://www.archlinux.org/pacman/pacman.8.html

>
Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>

Arnaud Rebillout authored Jul 30, 2019 and Santosh Mahto committed Jul 15, 2021

Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>

Arnaud Rebillout authored Jul 30, 2019 and Santosh Mahto committed Jul 15, 2021

Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>

Running the tests on the host is a good first step; to test Debos
properly we should run inside a Fakemachine. Since GitHub actions
do not support creating nested virtual machines, use the
user-mode-linux backend in Fakemachine to create a user process
to run the tests inside of.

Since Docker autobuild does not support UML the docker-compose
file purposely does not have a suffix of `.test.yml` so that the
test will not be picked up to run on Docker autobuild.
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

UML has some issues in some environments when stdin isn't set to
/dev/null, let's just set stdin to /dev/null for all tests.
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

Currently we assume all of the tests are run without fakemachine;
since we are looking to run the tests with fakemachine as well,
let's allow arguments to be passed to the test script which are
then passed to debos.
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

Add a CI pipeline which tests the following on every push and PR:

 * builds debos docker container
 * runs the debos unit tests inside the container
 * runs the debos test recipes inside the container

Unfortunately GitHub actions do not allow nested virtualization (see
https://github.com/actions/virtual-environments/issues/183

) so as a
first step, the tests are run on the host without fakemachine.
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

The tests are first-class citizens; they should be present in the
directory as such.
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

Currently only the unit-tests under the actions directory are ran. This
patch runs all of the available unit tests in the project.
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

The unit tests require the unzip package to be installed.
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

Local variables should be stylized using camelCase.
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

The variable hasn't been defined yet so ends up producing
a build failure:

    actions/image_partition_action.go:371:2: undefined: ImagePath
    actions/image_partition_action.go:372:26: undefined: ImagePath
    actions/image_partition_action.go:384:34: undefined: ImagePath

Fix the syntax used to initialise this variable.

Fixes: a7afc015

 ("actions/image-partition: Consistently use artifactdir")
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

The "image-partition" action uses artifactdir in the
PostMachineCleanup() step but not during the PreMachine() and
PreNoMachine() steps. Also, other debos actions such as pack, unpack
are relative to the specified "artifactdir" when invoking debos.

Fix this inconsistency by bringing image-partition action to the
fold. Also update the documentation to clarify this.
Signed-off-by: Punit Agrawal <punit1.agrawal@toshiba.co.jp>

Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

This patch adds support for XFS, including the ability
to specify the UUID through the fsuuid property of the
image-partition action.
Signed-off-by: Nguyen Thi Huong <huong4.nguyenthi@toshiba.co.jp>
Signed-off-by: Daniel Sangorrin <daniel.sangorrin@toshiba.co.jp>

This patch adds functionality that allows you to specify
the UUID of your file system instead of getting a random one.
Some use cases include reproducible builds and software updates.

Currently, only btrfs, xfs, ext2, ext3, and ext4 are supported.

The uuid library is used for verifying the input value of
the FSUUID property (specified by the user on the
image-partition action). The verification is based on RFC 4122
and DCE 1.1: Authentication and Security Services. Check
https://github.com/google/uuid

 for more details.
Signed-off-by: Nguyen Thi Huong <huong4.nguyenthi@toshiba.co.jp>
Signed-off-by: Daniel Sangorrin <daniel.sangorrin@toshiba.co.jp>

The documentation suggests that offset should be optional; in practice
offset isn't optional and the action will return an error out if unset:

    Action `` failed at stage Run, error: Couldn't parse offset strconv.ParseInt: parsing "": invalid syntax

So set the offset by default to 0 then only attempt to parse the parameter
from the YAML if it is explicitly set.

Fixes: b792b472

 ("Add a raw action")
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

Debian's qemu-user-static package no longer registers binfmts on postinst
when running inside a virtualmachine; dockerhub builds are now built inside
a vm so the binfmts are not generated inside the docker container.

Fixes: 91af617b

 ("docker: Install qemu-user-static 6.0 to fix segfault")
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

There are issues with qemu-user-static 5.2 crashing when attempting
to allocate guest memory when compiled as a proper statically-linked
binary.

From testing, qemu 6.0 fixes the bug but it's not yet clear which
patch fixes the bug. So until the correct patch is backported to
bullseye, let's install qemu from experimental to pickup the bugfix.

See: #245
See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988174

Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

Add the git package to the docker image.
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

Expose the environment variables $ARTIFACTDIR and $RECIPEDIR
to the postprocess commands to allow the postprocess commands
to be more flexible.
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

Add the zip package to allow the cration of compressed zip archives.
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

After debootstrap the call of "debos" fails with message "Failed to register machine: Unit machine-root.scope already exists".
With the option "--register=no" this works fine. This change is derived from smcv/flatdeb!6

Signed-off-by: mtt2hi <thomas.mittelstaedt@de.bosch.com>

Since we have the support for the new user-mode-linux backend in the
docker container, Debos defaults to attempting to use that.
Unfortunately that isn't possible to run inside the Docker Hub where the
test suite runs, so let's explicitly disable the fakemachine library
when running the Docker Hub test suite.
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

The fakemachine uml backend uses user-mode-linux and libslirp-helper
packages available from bullseye, let's include those inside the container.
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

The equivs package is used to create dummy Debian packages which can
be useful in development to satisfy dependencies without installing the
real package. Note that this package is not the recommended way of
dealing with broken dependencies: a bug report should be filed instead.
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>

Match the same compression options as unpack and allow to have an uncompressed
tar when removing the `compression` parameter.
Signed-off-by: Corentin Noël <corentin.noel@collabora.com>