cmd: /usr/share/debusine-worker/debefivm-create --architecture=amd64 --mirror=http://deb.debian.org/debian --release=bookworm --rootsize=2G system.img -- --verbose --hook-dir=/usr/share/mmdebstrap/hooks/maybe-jessie-or-older '--customize-hook=cd "$1" && find etc/apt/sources.list.d -type f -delete' '--customize-hook=upload /tmp/debusine-fetch-exec-upload-03eeu781/chroot.sources /etc/apt/sources.list.d/file.sources' '--customize-hook=mkdir "$1/etc/apt/keyrings-debusine"' --keyring=/tmp/debusine-fetch-exec-upload-spn5wfn3/keyrings/keyring-repo-0x7lppfh.asc '--customize-hook=download /etc/os-release os-release' '--customize-hook=tar-out /var/lib/dpkg var_lib_dpkg.tar' '--customize-hook=upload /tmp/debusine-fetch-exec-upload-03eeu781/customization_script /customization_script' '--customize-hook=chmod 555 "$1/customization_script"' '--customize-hook=chroot "$1" /customization_script' '--customize-hook=rm "$1/customization_script"' '--customize-hook=copy-in /usr/lib/python3/dist-packages/debusine/tasks/data/overlays/incus-agent/ /' '--customize-hook=copy-in /usr/lib/python3/dist-packages/debusine/tasks/data/overlays/systemd-boot/ /' --variant=minbase /tmp/debusine-fetch-exec-upload-03eeu781/host.sources output (contains stdout and stderr): + unshare --user --mount --ipc --pid --uts --fork --kill-child=TERM --map-user=65536 --map-users=auto --map-group=65536 --map-groups=auto --propagation=private --mount-proc --setuid=0 --setgid=0 mmdebstrap --customize-hook=mkdir "$1/boot/efi" --customize-hook=printf '[Unit] Description=EFI System Partition [Mount] What=LABEL=%s Where=/boot/efi Type=vfat Options=umask=0077,rw,nodev,nosuid,noexec,nosymfollow [Install] WantedBy=local-fs.target ' 'efisys' >"$1/etc/systemd/system/boot-efi.mount" --customize-hook=systemctl --root "$1" enable boot-efi.mount --customize-hook=echo 'host' >"$1/etc/hostname" --customize-hook=printf '127.0.0.1 localhost 127.0.1.1 %s ::1 ip6-localhost ip6-loopback ' 'host' >"$1/etc/hosts" --include=libnss-resolve --customize-hook=/usr/share/debvm/customize-resolved.sh --customize-hook=/usr/share/debvm/customize-networkd.sh --customize-hook=/usr/share/debvm/customize-kernel.sh --customize-hook=printf 'LABEL=%s / ext4 defaults 0 0' 'rootfs' >"$1/etc/fstab" --include=?exact-name(systemd-boot) --include=systemd-sysv --customize-hook=passwd --root "$1" --delete root bookworm /dev/null http://deb.debian.org/debian --mode=root --variant=important --architecture=amd64 --skip=chroot/start-stop-daemon --verbose --hook-dir=/usr/share/mmdebstrap/hooks/maybe-jessie-or-older --customize-hook=cd "$1" && find etc/apt/sources.list.d -type f -delete --customize-hook=upload /tmp/debusine-fetch-exec-upload-03eeu781/chroot.sources /etc/apt/sources.list.d/file.sources --customize-hook=mkdir "$1/etc/apt/keyrings-debusine" --keyring=/tmp/debusine-fetch-exec-upload-spn5wfn3/keyrings/keyring-repo-0x7lppfh.asc --customize-hook=download /etc/os-release os-release --customize-hook=tar-out /var/lib/dpkg var_lib_dpkg.tar --customize-hook=upload /tmp/debusine-fetch-exec-upload-03eeu781/customization_script /customization_script --customize-hook=chmod 555 "$1/customization_script" --customize-hook=chroot "$1" /customization_script --customize-hook=rm "$1/customization_script" --customize-hook=copy-in /usr/lib/python3/dist-packages/debusine/tasks/data/overlays/incus-agent/ / --customize-hook=copy-in /usr/lib/python3/dist-packages/debusine/tasks/data/overlays/systemd-boot/ / --variant=minbase /tmp/debusine-fetch-exec-upload-03eeu781/host.sources --customize-hook=download vmlinuz '/tmp/tmp.rSA1PHdwTk/kernel' --customize-hook=download initrd.img '/tmp/tmp.rSA1PHdwTk/initrd' --customize-hook=download '/usr/lib/systemd/boot/efi/linuxx64.efi.stub' '/tmp/tmp.rSA1PHdwTk/stub' --customize-hook=mount --bind "$1" "$1/mnt" --customize-hook=mount --bind "$1/mnt/mnt" "$1/mnt/dev" --customize-hook=rm "$1/usr/sbin/policy-rc.d" --customize-hook=/sbin/mkfs.ext4 -d "$1/mnt" -L 'rootfs' -E 'offset=133169152,assume_storage_prezeroed=1' 'system.img' '2097152K' --customize-hook=umount --lazy "$1/mnt" E: keyring "/tmp/debusine-fetch-exec-upload-spn5wfn3/keyrings/keyring-repo-0x7lppfh.asc" does not exist Usage: mmdebstrap [OPTION...] [SUITE [TARGET [MIRROR...]]] Options: Options are case insensitive. Short options may be bundled. Long options require a double dash and may be abbreviated to uniqueness. Options can be placed anywhere on the command line, even before or mixed with the SUITE, TARGET, and MIRROR arguments. A double dash "--" can be used to stop interpreting command line arguments as options to allow SUITE, TARGET and MIRROR arguments that start with a single or double dash. Option order only matters for options that can be passed multiple times as documented below. -h,--help Print synopsis and options of this man page and exit. --man Show the full man page as generated from Perl POD in a pager. This requires the perldoc program from the perl-doc package. This is the same as running: pod2man /usr/bin/mmdebstrap | man -l - --version Print the mmdebstrap version and exit. --variant=name Choose which package set to install. Valid variant names are extract, custom, essential, apt, required, minbase, buildd, important, debootstrap, -, and standard. The default variant is debootstrap. See the section VARIANTS for more information. --mode=name Choose how to perform the chroot operation and create a filesystem with ownership information different from the current user. Valid mode names are auto, sudo, root, unshare, fakeroot, fakechroot and chrootless. The default mode is auto. See the section MODES for more information. --format=name Choose the output format. Valid format names are auto, directory, tar, squashfs, ext2 and null. The default format is auto. See the section FORMATS for more information. --aptopt=option|file Pass arbitrary options to apt. Will be permamently added to /etc/apt/apt.conf.d/99mmdebstrap inside the chroot. Use hooks for temporary configuration options. Can be specified multiple times. Each option will be appended to 99mmdebstrap. A semicolon will be added at the end of the option if necessary. If the command line argument is an existing file, the content of the file will be appended to 99mmdebstrap verbatim. Example: This is necessary for allowing old timestamps from snapshot.debian.org --aptopt='Acquire::Check-Valid-Until "false"' --aptopt='Apt::Key::gpgvcommand "/usr/libexec/mmdebstrap/gpgvnoexpkeysig"' Example: Settings controlling download of package description translations --aptopt='Acquire::Languages { "environment"; "en"; }' --aptopt='Acquire::Languages "none"' Example: Enable installing Recommends (by default mmdebstrap doesn't) --aptopt='Apt::Install-Recommends "true"' Example: Configure apt-cacher or apt-cacher-ng as an apt proxy --aptopt='Acquire::http { Proxy "http://127.0.0.1:3142"; }' Example: For situations in which the apt sandbox user cannot access the chroot --aptopt='APT::Sandbox::User "root"' Example: Minimizing the number of packages installed from experimental --aptopt='APT::Solver "aspcud"' --aptopt='APT::Solver::aspcud::Preferences "-count(solution,APT-Release:=/a=experimental/),-removed,-changed,-new"' --keyring=file|directory Change the default keyring to use by apt during the initial setup. This is similar to setting Dir::Etc::Trusted and Dir::Etc::TrustedParts using --aptopt except that the latter setting will be permanently stored in the chroot while the keyrings passed via <--keyring> will only be visible to apt as run by mmdebstrap. Do not use --keyring if apt inside the chroot needs to know about your keys after the initial chroot creation by mmdebstrap. This option is mainly intended for users who use mmdebstrap as a deboostrap drop-in replacement. As such, it is probably not what you want to use if you use mmdebstrap with more than a single mirror unless you pass it a directory containing all the keyrings you need. By default, the local setting of Dir::Etc::Trusted and Dir::Etc::TrustedParts are used to choose the keyring used by apt as run by mmdebstrap. These two locations are set to /etc/apt/trusted.gpg and /etc/apt/trusted.gpg.d by default. Depending on whether a file or directory is passed to this option, the former and latter default can be changed, respectively. Since apt only supports a single keyring file and directory, respectively, you can not use this option to pass multiple files and/or directories. Using the "--keyring" argument in the following way is equal to keeping the default: --keyring=/etc/apt/trusted.gpg --keyring=/etc/apt/trusted.gpg.d If you need to pass multiple keyrings, use the "signed-by" option when specifying the mirror like this: mmdebstrap mysuite out.tar "deb [signed-by=/path/to/key.gpg] http://..." Another reason to use "signed-by" instead of --keyring is if apt inside the chroot needs to know by what key the repository is signed even after the initial chroot creation. The "signed-by" option will automatically be added to the final "sources.list" if the keyring required for the selected SUITE is not yet trusted by apt. Automatically adding the "signed-by" option in these cases requires "gpg" to be installed. If "gpg" and "ubuntu-archive-keyring" are installed, then you can create a Ubuntu Bionic chroot on Debian like this: mmdebstrap bionic ubuntu-bionic.tar The resulting chroot will have a "source.list" with a "signed-by" option pointing to /usr/share/keyrings/ubuntu-archive-keyring.gpg. You do not need to use --keyring or "signed-by" if you placed the keys that apt needs to know about into /etc/apt/trusted.gpg.d in the --setup-hook (which is before "apt update" runs), for example by using the special hook. You also need to copy your keys into the chroot explicitly if the key you passed via "signed-by" points to a location that is not otherwise populated during chroot creation (for example by installing a keyring package). --dpkgopt=option|file Pass arbitrary options to dpkg. Will be permanently added to /etc/dpkg/dpkg.cfg.d/99mmdebstrap inside the chroot. Use hooks for temporary configuration options. Can be specified multiple times. Each option will be appended to 99mmdebstrap. If the command line argument is an existing file, the content of the file will be appended to 99mmdebstrap verbatim. Example: Exclude paths to reduce chroot size --dpkgopt='path-exclude=/usr/share/man/*' --dpkgopt='path-include=/usr/share/man/man[1-9]/*' --dpkgopt='path-exclude=/usr/share/locale/*' --dpkgopt='path-include=/usr/share/locale/locale.alias' --dpkgopt='path-exclude=/usr/share/doc/*' --dpkgopt='path-include=/usr/share/doc/*/copyright' --dpkgopt='path-include=/usr/share/doc/*/changelog.Debian.*' --include=pkg1[,pkg2,...] Comma or whitespace separated list of packages which will be installed in addition to the packages installed by the specified variant. The direct and indirect hard dependencies will also be installed. The behaviour of this option depends on the selected variant. The extract and custom variants install no packages by default, so for these variants, the packages specified by this option will be the only ones that get either extracted or installed by dpkg, respectively. For all other variants, apt is used to install the additional packages. Package names are directly passed to apt and thus, you can use apt features like "pkg/suite", "pkg=version", "pkg-", use a glob or regex for "pkg", use apt patterns or pass a path to a .deb package file (see below for notes concerning passing the path to a .deb package file in unshare mode). See apt(8) for the supported syntax. The option can be specified multiple times and the packages are concatenated in the order in which they are given on the command line. If later list items are repeated, then they get dropped so that the resulting package list is free of duplicates. So the following are equivalent: --include="pkg1/stable pkg2=1.0 pkg3-" --include=pkg1/stable,pkg2=1.0,pkg3-,,, --incl=pkg1/stable --incl="pkg2=1.0 pkg3-" --incl=pkg2=1.0,pkg3- Since the list of packages is separated by comma or whitespace, it is not possible to mix apt patterns or .deb package file paths containing either commas or whitespace with normal package names. If you do, your patterns and paths will be split by comma and whitespace as well and become useless. To pass such a pattern or package file path, put them into their own --include option. If the argument to --include starts with an apt pattern or with a file path, then it will not be split: --include="?or(?priority(required), ?priority(important))" --include="./path/to/deb with spaces/and,commas/foo.deb" Specifically, all arguments to --include that start with a "?", "!", "~", "(", "/", "./" or "../" are not split and treated as single arguments to apt. To add more packages, use multiple --include options. To disable this detection of patterns and paths, start the argument to --include with a comma or whitespace. If you pass the path to a .deb package file using --include, mmdebstrap will ensure that the path exists. If the path is a relative path, it will internally by converted to an absolute path. Since apt (outside the chroot) passes paths to dpkg (on the inside) verbatim, you have to make the .deb package available under the same path inside the chroot as well or otherwise dpkg inside the chroot will be unable to access it. This can be achieved using a setup-hook. A hook that automatically makes the contents of "file://" mirrors as well as .deb packages given with --include available inside the chroot is provided by mmdebstrap as --hook-dir=/usr/share/mmdebstrap/hooks/file-mirror-automount. This hook takes care of copying all relevant file to their correct locations and cleans up those files at the end. In unshare mode, the .deb package paths have to be accessible by the unshared user as well. This means that the package itself likely must be made world-readable and all directory components on the path to it world-executable. --components=comp1[,comp2,...] Comma or whitespace separated list of components like main, contrib, non-free and non-free-firmware which will be used for all URI-only MIRROR arguments. The option can be specified multiple times and the components are concatenated in the order in which they are given on the command line. If later list items are repeated, then they get dropped so that the resulting component list is free of duplicates. So the following are equivalent: --components="main contrib non-free non-free-firmware" --components=main,contrib,non-free,non-free-firmware --comp=main --comp="contrib non-free" --comp="main,non-free-firmware" --architectures=native[,foreign1,...] Comma or whitespace separated list of architectures. The first architecture is the native architecture inside the chroot. The remaining architectures will be added to the foreign dpkg architectures. Without this option, the native architecture of the chroot defaults to the native architecture of the system running mmdebstrap. The option can be specified multiple times and values are concatenated. If later list items are repeated, then they get dropped so that the resulting list is free of duplicates. So the following are equivalent: --architectures="amd64 armhf mipsel" --architectures=amd64,armhf,mipsel --arch=amd64 --arch="armhf mipsel" --arch=armhf,mipsel --simulate, --dry-run Run apt-get with --simulate. Only the package cache is initialized but no binary packages are downloaded or installed. Use this option to quickly check whether a package selection within a certain suite and variant can in principle be installed as far as their dependencies go. If the output is a tarball, then no output is produced. If the output is a directory, then the directory will be left populated with the skeleton files and directories necessary for apt to run in it. No hooks are executed in with --simulate or --dry-run. --setup-hook=command Execute arbitrary commands right after initial setup (directory creation, configuration of apt and dpkg, ...) but before any packages are downloaded or installed. At that point, the chroot directory does not contain any executables and thus cannot be chroot-ed into. See section HOOKS for more information. Example: Setup chroot for installing a sub-essential busybox-based chroot with --variant=custom --include=dpkg,busybox,libc-bin,base-files,base-passwd,debianuti ls --setup-hook='mkdir -p "$1/bin"' --setup-hook='for p in awk cat chmod chown cp diff echo env grep less ln mkdir mount rm rmdir sed sh sleep sort touch uname mktemp; do ln -s busybox "$1/bin/$p"; done' --setup-hook='echo root:x:0:0:root:/root:/bin/sh > "$1/etc/passwd"' --setup-hook='printf "root:x:0:\nmail:x:8:\nutmp:x:43:\n" > "$1/etc/group"' For a more elegant way for setting up a sub-essential busybox-based chroot, see the --hook-dir option below. --extract-hook=command Execute arbitrary commands after the Essential:yes packages have been extracted but before installing them. See section HOOKS for more information. Example: Install busybox symlinks --extract-hook='chroot "$1" /bin/busybox --install -s' --essential-hook=command Execute arbitrary commands after the Essential:yes packages have been installed but before installing the remaining packages. The hook is not executed for the extract and custom variants. See section HOOKS for more information. Example: Enable unattended upgrades --essential-hook='echo unattended-upgrades unattended-upgrades/enable_auto_updates boolean true | chroot "$1" debconf-set-selections' Example: Select Europe/Berlin as the timezone --essential-hook='echo tzdata tzdata/Areas select Europe | chroot "$1" debconf-set-selections' --essential-hook='echo tzdata tzdata/Zones/Europe select Berlin | chroot "$1" debconf-set-selections' --customize-hook=command Execute arbitrary commands after the chroot is set up and all packages got installed but before final cleanup actions are carried out. See section HOOKS for more information. Example: Preparing a chroot for use with autopkgtest --customize-hook='chroot "$1" passwd --delete root' --customize-hook='chroot "$1" useradd --home-dir /home/user --create-home user' --customize-hook='chroot "$1" passwd --delete user' --customize-hook='echo host > "$1/etc/hostname"' --customize-hook='echo "127.0.0.1 localhost host" > "$1/etc/hosts"' --customize-hook=/usr/share/autopkgtest/setup-commands/setup-testbed --hook-directory=directory Execute scripts in directory with filenames starting with "setup", "extract", "essential" or "customize", at the respective stages during an mmdebstrap run. The files must be marked executable. Their extension is ignored. Subdirectories are not traversed. This option is a short-hand for specifying the remaining four hook options individually for each file in the directory. If there are more than one script for a stage, then they are added alphabetically. This is useful in cases, where a user wants to run the same hooks frequently. For example, given a directory "./hooks" with two scripts "setup01-foo.sh" and "setup02-bar.sh", this call: mmdebstrap --customize=./scriptA --hook-dir=./hooks --setup=./scriptB is equivalent to this call: mmdebstrap --customize=./scriptA --setup=./hooks/setup01-foo.sh \ --setup=./hooks/setup02-bar.sh --setup=./scriptB The option can be specified multiple times and scripts are added to the respective hooks in the order the options are given on the command line. Thus, if the scripts in two directories depend upon each other, the scripts must be placed into a common directory and be named such that they get added in the correct order. Example 1: Run mmdebstrap with eatmydata --hook-dir=/usr/share/mmdebstrap/hooks/eatmydata Example 2: Setup chroot for installing a sub-essential busybox-based chroot --hook-dir=/usr/share/mmdebstrap/hooks/busybox Example 3: Automatically mount all directories referenced by "file://" mirrors into the chroot --hook-dir=/usr/share/mmdebstrap/hooks/file-mirror-automount --skip=stage[,stage,...] mmdebstrap tries hard to implement sensible defaults and will try to stop you before shooting yourself in the foot. This option is for when you are sure you know what you are doing and allows one to skip certain actions and safety checks. See section OPERATION for a list of possible arguments and their context. The option can be specified multiple times or you can separate multiple values by comma or whitespace. -q,--quiet, -s,--silent Do not write anything to standard error. If used together with --verbose or --debug, only the last option will take effect. -v,--verbose Instead of progress bars, write the dpkg and apt output directly to standard error. If used together with --quiet or --debug, only the last option will take effect. -d,--debug In addition to the output produced by --verbose, write detailed debugging information to standard error. Errors will print a backtrace. If used together with --quiet or --verbose, only the last option will take effect. --logfile=filename Instead of writing status information to standard error, write it into the file given by filename. mmdebstrap failed aborted: False returncode: 1 Files in working directory: system.img --------------------