Bug #12374: vagrant build fails when chroot_local-packages contains packages

Bug #12374

vagrant build fails when chroot_local-packages contains packages

Added by alant 2017-03-18 23:25:46 . Updated 2017-04-19 17:25:04 .

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Build system

Target version:

Tails_2.12

Start date:

2017-03-18

Due date:

% Done:

100%

Feature Branch:

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

Build without custom package works fine. But with a package, it fails with:

P: Configuring file /etc/apt/sources.list
gpg: WARNING: unsafe permissions on homedir '/root/.gnupg'
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: agent_genkey failed: Inappropriate ioctl for device
gpg: key generation failed: Inappropriate ioctl for device
cp: cannot create regular file 'cache/': Not a directory
P: Begin unmounting filesystems...

Files

0001-hooks-be-more-flexible-when-matching-local-packages-.patch (2282 B)

arnaud, 2017-03-31 13:58:08

Subtasks

History

#1 Updated by arnaud 2017-03-31 13:59:25

File 0001-hooks-be-more-flexible-when-matching-local-packages-.patch added

I reproduce the issue as well. It’s related to GPG version 2, and it’s been fixed upstream in live-build. Here is my step-by-step to workaround this.

live-build fix

The live-build patch to apply is available at <https://anonscm.debian.org/cgit/debian-live/live-build.git/commit/?id=e92dbc3696008b33700c7c033b9556bd75415a64>.

I applied it manually within the VM. The file to modify in the VM is `/usr/share/live/build/scripts/build/lb_chroot_sources`.

tails build system fix

After this patch is applied, some hooks in the build system will fail, because the syntax in the apt list file changed from `deb file:/` to `deb [ trusted=yes ] file:/`. So you have to “loosen” some hooks a bit. The patch for that is attached.

#2 Updated by arnaud 2017-03-31 14:00:18

arnaud wrote:
> I reproduce the issue as well. It’s related to GPG version 2, and it’s been fixed upstream in live-build. Here is my step-by-step to workaround this.
>
> live-build fix
>
> The live-build patch to apply is available at https://anonscm.debian.org/cgit/debian-live/live-build.git/commit/?id=e92dbc3696008b33700c7c033b9556bd75415a64.
>
> I applied it manually within the VM. The file to modify in the VM is `/usr/share/live/build/scripts/build/lb_chroot_sources`.
>
> tails build system fix
>
> After this patch is applied, some hooks in the build system will fail, because the syntax in the apt list file changed from `deb file:/` to `deb [ trusted=yes ] file:/`. So you have to “loosen” some hooks a bit. The patch for that is attached.

#3 Updated by intrigeri 2017-04-01 06:51:52

Status changed from Confirmed to In Progress
Assignee set to anonym
Target version set to Tails_2.12
% Done changed from 0 to 10
QA Check set to Ready for QA

(The problem at hand is one of your Foundations Team duties + reviewing is on your RM plate :)

#4 Updated by anonym 2017-04-03 18:15:32

Status changed from In Progress to Fix committed
Assignee deleted (~~anonym~~)
% Done changed from 10 to 100
QA Check changed from Ready for QA to Pass

Thanks a lot for the patch, arnaud! I just fixed it up with commit:abf0a12bb0dfcda8ebb4b4f7eac6029f863d47e2 just to tighten the regex a bit. :)

Do you want to be credited in the changelog?

#5 Updated by arnaud 2017-04-17 07:41:51

No need to bother for the changelog, thx for applying the patch :)

#6 Updated by arnaud 2017-04-17 08:28:28

Oh, are you sure for the patch abf0a12bb0dfcda8ebb4b4f7eac6029f863d47e2 ? Did you test it ?

The whole idea of my patch is to match this particular line from the live-build patch:

echo “deb [ trusted=yes ] file:/root/packages ./” > chroot/etc/apt/sources.list.d/packages.list

See the ‘[ trusted=yes ]’ ? That’s the addition from the live-build patch, and we want the regexp to deal with it.

Your patch is something like:

grep —extended-regexp —invert-match \
‘^deb\s+file:/root/local-packages’ \

I think it won’t do because \s is only for whitespace characters, right ? If you want to keep the hook tight, then I’d suggest something like:

grep —extended-regexp —invert-match \
‘^deb\s+.*file:/root/local-packages’ \

My regex skills being very basic, I need your ack :)

#7 Updated by intrigeri 2017-04-17 08:34:31

> Oh, are you sure for the patch abf0a12bb0dfcda8ebb4b4f7eac6029f863d47e2 ? Did you test it ?

If anonym’s adjustments break things for you, please set this ticket back to “In Progress”. Thanks :)

#8 Updated by arnaud 2017-04-17 09:15:32

OK, I’m doing more test to be sure whether it breaks anything. Thx !

#9 Updated by anonym 2017-04-17 09:43:09

You are completely correct arnaud! I thought I tested my style “fix”, but I must not have. I’ve reverted it, and I tested your patch for sure so we should be good now. Thanks again!

#10 Updated by arnaud 2017-04-18 02:06:48

I tested the two regexps, my original, loose one ‘file:/root/local-packages’, and the tight one I mentioned above ‘deb\s+.*file:/root/local-packages’. Both work, pick up your favorite :)

Additionally, please notice that live-build also needs to be patched, as I mentioned up there. I setup a repo where you can find the patch:

https://gitlab.com/arnaud-preevio/live-build/commits/arnaud/debian-old-2.0

Cheers.

#11 Updated by anonym 2017-04-19 17:25:04

Status changed from Fix committed to Resolved