From 2e083f6a18e809bc0371cef55bf7e3eef3297060 Mon Sep 17 00:00:00 2001 From: matt335672 <30179339+matt335672@users.noreply.github.com> Date: Fri, 6 Sep 2024 14:33:18 +0100 Subject: [PATCH 1/2] Support wrapper script on Debian 12 Cloud image - Support *.source files in /etc/apt/sources - Copy over /etc/apt/mirrors - Install ca-certificates package for https repositories - Don't rely on the local /etc/groups file being complete enough for the chroot --- .../install_pulseaudio_sources_apt_wrapper.sh | 24 +++++++++++++------ 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/scripts/install_pulseaudio_sources_apt_wrapper.sh b/scripts/install_pulseaudio_sources_apt_wrapper.sh index c5b4e1de..8840614d 100755 --- a/scripts/install_pulseaudio_sources_apt_wrapper.sh +++ b/scripts/install_pulseaudio_sources_apt_wrapper.sh @@ -51,7 +51,11 @@ BUILDROOT=/var/lib/pa-build/$USER # Extra packages to install in the build root which the wrapped script # may be using. These are packages available by default when using # GitHub actions -WRAPPED_SCRIPT_DEPS="sudo lsb-release" +# +# ca-certificates are needed to fetch updates over https +# +# This list is comma-separated +WRAPPED_SCRIPT_DEPS="ca-certificates,sudo,lsb-release" # ----------------------------------------------------------------------------- # S U I T E E X I S T S @@ -113,11 +117,12 @@ RunWrappedScript() # -d : Directory to switch to before running command schroot="schroot -c pa-build-$USER -d /build" - # Install extra dependencies + # Update the buildroot $schroot -u root -- apt-get update - $schroot -u root -- apt-get install -y $WRAPPED_SCRIPT_DEPS - # Allow normal user to sudo without a password + # Allow normal user to sudo without a password. We may need to add the + # normal user, as it probably isn't created by debootstrap + $schroot -u root -- useradd -m $USER || : $schroot -u root -- \ /bin/sh -c "echo '$USER ALL=(ALL) NOPASSWD:ALL'>/etc/sudoers.d/nopasswd-$USER" $schroot -u root -- chmod 400 /etc/sudoers.d/nopasswd-$USER @@ -130,7 +135,7 @@ RunWrappedScript() # M A I N # ----------------------------------------------------------------------------- debootstrap_mirror="" -debootstrap_switches="" +debootstrap_switches="--include=$WRAPPED_SCRIPT_DEPS" debootstrap_suite="" # Parse command line switches @@ -214,12 +219,17 @@ echo "- Creating schroot config file $schroot_conf" echo "root-users=$USER" echo "users=$USER" echo "type=directory" + # Make sure we don't clobber /etc/passwd, /etc/group (etc) which + # have been created by debootstrap + echo "setup.nssdatabases=" } | sudo tee $schroot_conf >/dev/null || exit $? # Copy some files to the build root -for file in $(find /etc/apt/ /etc/apt/sources.list.d -maxdepth 1 -type f -name '*.list'); do +for file in $(find /etc/apt/ /etc/apt/sources.list.d/ /etc/apt/mirrors/ \ + -maxdepth 1 \ + -type f \( -name '*.list' -o -name '*.sources' \) ); do echo "- Copying $file to the root" - sudo install -m 0644 $file $BUILDROOT/$file || exit $? + sudo install -Dm 0644 $file $BUILDROOT/$file || exit $? done # Create a separate directory in $BUILDROOT to hold the build From f3d8f98893851248a9ec3c98a91fb828fb482ce0 Mon Sep 17 00:00:00 2001 From: matt335672 <30179339+matt335672@users.noreply.github.com> Date: Mon, 9 Sep 2024 11:32:23 +0100 Subject: [PATCH 2/2] Copy trusted keys to chroot If the user has installed additional sources (for example dbgsym sources), and the trusted keys are not available in the chroot, the updates in the chroot can fail as some keys aren't available. --- scripts/install_pulseaudio_sources_apt_wrapper.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/scripts/install_pulseaudio_sources_apt_wrapper.sh b/scripts/install_pulseaudio_sources_apt_wrapper.sh index 8840614d..213b9245 100755 --- a/scripts/install_pulseaudio_sources_apt_wrapper.sh +++ b/scripts/install_pulseaudio_sources_apt_wrapper.sh @@ -232,6 +232,15 @@ for file in $(find /etc/apt/ /etc/apt/sources.list.d/ /etc/apt/mirrors/ \ sudo install -Dm 0644 $file $BUILDROOT/$file || exit $? done +for file in $(find /etc/apt/trusted.gpg.d/ \ + -maxdepth 1 \ + -type f -name '*.gpg' ); do + if [ ! -f "$BUILDROOT/$file" ]; then + echo "- Copying $file to the root" + sudo install -Dm 0644 $file $BUILDROOT/$file || exit $? + fi +done + # Create a separate directory in $BUILDROOT to hold the build # artefacts. #