cmd: /usr/share/debusine-worker/debefivm-create --architecture=amd64 --mirror=http://deb.debian.org/debian --release=sid --rootsize=2G system.img -- --verbose --hook-dir=/usr/share/mmdebstrap/hooks/maybe-jessie-or-older '--customize-hook=cd "$1" && find etc/apt/sources.list.d -type f -delete' '--customize-hook=upload /tmp/debusine-fetch-exec-upload-afnsmd_d/chroot.sources /etc/apt/sources.list.d/file.sources' '--customize-hook=mkdir "$1/etc/apt/keyrings-debusine"' --keyring=/tmp/debusine-fetch-exec-upload-d6sds386/keyrings/keyring-repo-pz5fl367.asc '--customize-hook=download /etc/os-release os-release' '--customize-hook=tar-out /var/lib/dpkg var_lib_dpkg.tar' '--customize-hook=upload /tmp/debusine-fetch-exec-upload-afnsmd_d/customization_script /customization_script' '--customize-hook=chmod 555 "$1/customization_script"' '--customize-hook=chroot "$1" /customization_script' '--customize-hook=rm "$1/customization_script"' '--customize-hook=copy-in /usr/lib/python3/dist-packages/debusine/tasks/data/overlays/incus-agent/ /' '--customize-hook=copy-in /usr/lib/python3/dist-packages/debusine/tasks/data/overlays/systemd-boot/ /' --variant=minbase /tmp/debusine-fetch-exec-upload-afnsmd_d/host.sources
output (contains stdout and stderr):
+ unshare --user --mount --ipc --pid --uts --fork --kill-child=TERM --map-user=65536 --map-users=auto --map-group=65536 --map-groups=auto --propagation=private --mount-proc --setuid=0 --setgid=0 mmdebstrap --customize-hook=mkdir "$1/boot/efi" --customize-hook=printf '[Unit]
Description=EFI System Partition
[Mount]
What=LABEL=%s
Where=/boot/efi
Type=vfat
Options=umask=0077,rw,nodev,nosuid,noexec,nosymfollow
[Install]
WantedBy=local-fs.target
' 'efisys' >"$1/etc/systemd/system/boot-efi.mount" --customize-hook=systemctl --root "$1" enable boot-efi.mount --customize-hook=echo 'host' >"$1/etc/hostname" --customize-hook=printf '127.0.0.1 localhost
127.0.1.1 %s
::1 ip6-localhost ip6-loopback
' 'host' >"$1/etc/hosts" --include=libnss-resolve --customize-hook=/usr/share/debvm/customize-resolved.sh --customize-hook=/usr/share/debvm/customize-networkd.sh --customize-hook=/usr/share/debvm/customize-kernel.sh --customize-hook=printf 'LABEL=%s / ext4 defaults 0 0' 'rootfs' >"$1/etc/fstab" --include=?exact-name(systemd-boot) --include=systemd-sysv --customize-hook=passwd --root "$1" --delete root sid /dev/null http://deb.debian.org/debian --mode=root --variant=important --architecture=amd64 --skip=chroot/start-stop-daemon --verbose --hook-dir=/usr/share/mmdebstrap/hooks/maybe-jessie-or-older --customize-hook=cd "$1" && find etc/apt/sources.list.d -type f -delete --customize-hook=upload /tmp/debusine-fetch-exec-upload-afnsmd_d/chroot.sources /etc/apt/sources.list.d/file.sources --customize-hook=mkdir "$1/etc/apt/keyrings-debusine" --keyring=/tmp/debusine-fetch-exec-upload-d6sds386/keyrings/keyring-repo-pz5fl367.asc --customize-hook=download /etc/os-release os-release --customize-hook=tar-out /var/lib/dpkg var_lib_dpkg.tar --customize-hook=upload /tmp/debusine-fetch-exec-upload-afnsmd_d/customization_script /customization_script --customize-hook=chmod 555 "$1/customization_script" --customize-hook=chroot "$1" /customization_script --customize-hook=rm "$1/customization_script" --customize-hook=copy-in /usr/lib/python3/dist-packages/debusine/tasks/data/overlays/incus-agent/ / --customize-hook=copy-in /usr/lib/python3/dist-packages/debusine/tasks/data/overlays/systemd-boot/ / --variant=minbase /tmp/debusine-fetch-exec-upload-afnsmd_d/host.sources --customize-hook=download vmlinuz '/tmp/tmp.d7IxGAYkNq/kernel' --customize-hook=download initrd.img '/tmp/tmp.d7IxGAYkNq/initrd' --customize-hook=download '/usr/lib/systemd/boot/efi/linuxx64.efi.stub' '/tmp/tmp.d7IxGAYkNq/stub' --customize-hook=mount --bind "$1" "$1/mnt" --customize-hook=mount --bind "$1/mnt/mnt" "$1/mnt/dev" --customize-hook=rm "$1/usr/sbin/policy-rc.d" --customize-hook=/sbin/mkfs.ext4 -d "$1/mnt" -L 'rootfs' -E 'offset=133169152,assume_storage_prezeroed=1' 'system.img' '2097152K' --customize-hook=umount --lazy "$1/mnt"
E: keyring "/tmp/debusine-fetch-exec-upload-d6sds386/keyrings/keyring-repo-pz5fl367.asc" does not exist
Usage:
mmdebstrap [OPTION...] [SUITE [TARGET [MIRROR...]]]
Options:
Options are case insensitive. Short options may be bundled. Long options
require a double dash and may be abbreviated to uniqueness. Options can
be placed anywhere on the command line, even before or mixed with the
SUITE, TARGET, and MIRROR arguments. A double dash "--" can be used to
stop interpreting command line arguments as options to allow SUITE,
TARGET and MIRROR arguments that start with a single or double dash.
Option order only matters for options that can be passed multiple times
as documented below.
-h,--help
Print synopsis and options of this man page and exit.
--man Show the full man page as generated from Perl POD in a pager.
This requires the perldoc program from the perl-doc package.
This is the same as running:
pod2man /usr/bin/mmdebstrap | man -l -
--version
Print the mmdebstrap version and exit.
--variant=name
Choose which package set to install. Valid variant names are
extract, custom, essential, apt, required, minbase, buildd,
important, debootstrap, -, and standard. The default variant is
debootstrap. See the section VARIANTS for more information.
--mode=name
Choose how to perform the chroot operation and create a
filesystem with ownership information different from the current
user. Valid mode names are auto, sudo, root, unshare, fakeroot,
fakechroot and chrootless. The default mode is auto. See the
section MODES for more information.
--format=name
Choose the output format. Valid format names are auto,
directory, tar, squashfs, ext2 and null. The default format is
auto. See the section FORMATS for more information.
--aptopt=option|file
Pass arbitrary options to apt. Will be permamently added to
/etc/apt/apt.conf.d/99mmdebstrap inside the chroot. Use hooks
for temporary configuration options. Can be specified multiple
times. Each option will be appended to 99mmdebstrap. A semicolon
will be added at the end of the option if necessary. If the
command line argument is an existing file, the content of the
file will be appended to 99mmdebstrap verbatim.
Example: This is necessary for allowing old timestamps from
snapshot.debian.org
--aptopt='Acquire::Check-Valid-Until "false"'
--aptopt='Apt::Key::gpgvcommand "/usr/libexec/mmdebstrap/gpgvnoexpkeysig"'
Example: Settings controlling download of package description
translations
--aptopt='Acquire::Languages { "environment"; "en"; }'
--aptopt='Acquire::Languages "none"'
Example: Enable installing Recommends (by default mmdebstrap
doesn't)
--aptopt='Apt::Install-Recommends "true"'
Example: Configure apt-cacher or apt-cacher-ng as an apt proxy
--aptopt='Acquire::http { Proxy "http://127.0.0.1:3142"; }'
Example: For situations in which the apt sandbox user cannot
access the chroot
--aptopt='APT::Sandbox::User "root"'
Example: Minimizing the number of packages installed from
experimental
--aptopt='APT::Solver "aspcud"'
--aptopt='APT::Solver::aspcud::Preferences
"-count(solution,APT-Release:=/a=experimental/),-removed,-changed,-new"'
--keyring=file|directory
Change the default keyring to use by apt during the initial
setup. This is similar to setting Dir::Etc::Trusted and
Dir::Etc::TrustedParts using --aptopt except that the latter
setting will be permanently stored in the chroot while the
keyrings passed via <--keyring> will only be visible to apt as
run by mmdebstrap. Do not use --keyring if apt inside the chroot
needs to know about your keys after the initial chroot creation
by mmdebstrap. This option is mainly intended for users who use
mmdebstrap as a deboostrap drop-in replacement. As such, it is
probably not what you want to use if you use mmdebstrap with
more than a single mirror unless you pass it a directory
containing all the keyrings you need.
By default, the local setting of Dir::Etc::Trusted and
Dir::Etc::TrustedParts are used to choose the keyring used by
apt as run by mmdebstrap. These two locations are set to
/etc/apt/trusted.gpg and /etc/apt/trusted.gpg.d by default.
Depending on whether a file or directory is passed to this
option, the former and latter default can be changed,
respectively. Since apt only supports a single keyring file and
directory, respectively, you can not use this option to pass
multiple files and/or directories. Using the "--keyring"
argument in the following way is equal to keeping the default:
--keyring=/etc/apt/trusted.gpg --keyring=/etc/apt/trusted.gpg.d
If you need to pass multiple keyrings, use the "signed-by"
option when specifying the mirror like this:
mmdebstrap mysuite out.tar "deb [signed-by=/path/to/key.gpg] http://..."
Another reason to use "signed-by" instead of --keyring is if apt
inside the chroot needs to know by what key the repository is
signed even after the initial chroot creation.
The "signed-by" option will automatically be added to the final
"sources.list" if the keyring required for the selected SUITE is
not yet trusted by apt. Automatically adding the "signed-by"
option in these cases requires "gpg" to be installed. If "gpg"
and "ubuntu-archive-keyring" are installed, then you can create
a Ubuntu Bionic chroot on Debian like this:
mmdebstrap bionic ubuntu-bionic.tar
The resulting chroot will have a "source.list" with a
"signed-by" option pointing to
/usr/share/keyrings/ubuntu-archive-keyring.gpg.
You do not need to use --keyring or "signed-by" if you placed
the keys that apt needs to know about into
/etc/apt/trusted.gpg.d in the --setup-hook (which is before "apt
update" runs), for example by using the <copy-in> special hook.
You also need to copy your keys into the chroot explicitly if
the key you passed via "signed-by" points to a location that is
not otherwise populated during chroot creation (for example by
installing a keyring package).
--dpkgopt=option|file
Pass arbitrary options to dpkg. Will be permanently added to
/etc/dpkg/dpkg.cfg.d/99mmdebstrap inside the chroot. Use hooks
for temporary configuration options. Can be specified multiple
times. Each option will be appended to 99mmdebstrap. If the
command line argument is an existing file, the content of the
file will be appended to 99mmdebstrap verbatim.
Example: Exclude paths to reduce chroot size
--dpkgopt='path-exclude=/usr/share/man/*'
--dpkgopt='path-include=/usr/share/man/man[1-9]/*'
--dpkgopt='path-exclude=/usr/share/locale/*'
--dpkgopt='path-include=/usr/share/locale/locale.alias'
--dpkgopt='path-exclude=/usr/share/doc/*'
--dpkgopt='path-include=/usr/share/doc/*/copyright'
--dpkgopt='path-include=/usr/share/doc/*/changelog.Debian.*'
--include=pkg1[,pkg2,...]
Comma or whitespace separated list of packages which will be
installed in addition to the packages installed by the specified
variant. The direct and indirect hard dependencies will also be
installed. The behaviour of this option depends on the selected
variant. The extract and custom variants install no packages by
default, so for these variants, the packages specified by this
option will be the only ones that get either extracted or
installed by dpkg, respectively. For all other variants, apt is
used to install the additional packages. Package names are
directly passed to apt and thus, you can use apt features like
"pkg/suite", "pkg=version", "pkg-", use a glob or regex for
"pkg", use apt patterns or pass a path to a .deb package file
(see below for notes concerning passing the path to a .deb
package file in unshare mode). See apt(8) for the supported
syntax.
The option can be specified multiple times and the packages are
concatenated in the order in which they are given on the command
line. If later list items are repeated, then they get dropped so
that the resulting package list is free of duplicates. So the
following are equivalent:
--include="pkg1/stable pkg2=1.0 pkg3-"
--include=pkg1/stable,pkg2=1.0,pkg3-,,,
--incl=pkg1/stable --incl="pkg2=1.0 pkg3-" --incl=pkg2=1.0,pkg3-
Since the list of packages is separated by comma or whitespace,
it is not possible to mix apt patterns or .deb package file
paths containing either commas or whitespace with normal package
names. If you do, your patterns and paths will be split by comma
and whitespace as well and become useless. To pass such a
pattern or package file path, put them into their own --include
option. If the argument to --include starts with an apt pattern
or with a file path, then it will not be split:
--include="?or(?priority(required), ?priority(important))"
--include="./path/to/deb with spaces/and,commas/foo.deb"
Specifically, all arguments to --include that start with a "?",
"!", "~", "(", "/", "./" or "../" are not split and treated as
single arguments to apt. To add more packages, use multiple
--include options. To disable this detection of patterns and
paths, start the argument to --include with a comma or
whitespace.
If you pass the path to a .deb package file using --include,
mmdebstrap will ensure that the path exists. If the path is a
relative path, it will internally by converted to an absolute
path. Since apt (outside the chroot) passes paths to dpkg (on
the inside) verbatim, you have to make the .deb package
available under the same path inside the chroot as well or
otherwise dpkg inside the chroot will be unable to access it.
This can be achieved using a setup-hook. A hook that
automatically makes the contents of "file://" mirrors as well as
.deb packages given with --include available inside the chroot
is provided by mmdebstrap as
--hook-dir=/usr/share/mmdebstrap/hooks/file-mirror-automount.
This hook takes care of copying all relevant file to their
correct locations and cleans up those files at the end. In
unshare mode, the .deb package paths have to be accessible by
the unshared user as well. This means that the package itself
likely must be made world-readable and all directory components
on the path to it world-executable.
--components=comp1[,comp2,...]
Comma or whitespace separated list of components like main,
contrib, non-free and non-free-firmware which will be used for
all URI-only MIRROR arguments. The option can be specified
multiple times and the components are concatenated in the order
in which they are given on the command line. If later list items
are repeated, then they get dropped so that the resulting
component list is free of duplicates. So the following are
equivalent:
--components="main contrib non-free non-free-firmware"
--components=main,contrib,non-free,non-free-firmware
--comp=main --comp="contrib non-free" --comp="main,non-free-firmware"
--architectures=native[,foreign1,...]
Comma or whitespace separated list of architectures. The first
architecture is the native architecture inside the chroot. The
remaining architectures will be added to the foreign dpkg
architectures. Without this option, the native architecture of
the chroot defaults to the native architecture of the system
running mmdebstrap. The option can be specified multiple times
and values are concatenated. If later list items are repeated,
then they get dropped so that the resulting list is free of
duplicates. So the following are equivalent:
--architectures="amd64 armhf mipsel"
--architectures=amd64,armhf,mipsel
--arch=amd64 --arch="armhf mipsel" --arch=armhf,mipsel
--simulate, --dry-run
Run apt-get with --simulate. Only the package cache is
initialized but no binary packages are downloaded or installed.
Use this option to quickly check whether a package selection
within a certain suite and variant can in principle be installed
as far as their dependencies go. If the output is a tarball,
then no output is produced. If the output is a directory, then
the directory will be left populated with the skeleton files and
directories necessary for apt to run in it. No hooks are
executed in with --simulate or --dry-run.
--setup-hook=command
Execute arbitrary commands right after initial setup (directory
creation, configuration of apt and dpkg, ...) but before any
packages are downloaded or installed. At that point, the chroot
directory does not contain any executables and thus cannot be
chroot-ed into. See section HOOKS for more information.
Example: Setup chroot for installing a sub-essential
busybox-based chroot with --variant=custom
--include=dpkg,busybox,libc-bin,base-files,base-passwd,debianuti
ls
--setup-hook='mkdir -p "$1/bin"'
--setup-hook='for p in awk cat chmod chown cp diff echo env grep less ln
mkdir mount rm rmdir sed sh sleep sort touch uname mktemp; do
ln -s busybox "$1/bin/$p"; done'
--setup-hook='echo root:x:0:0:root:/root:/bin/sh > "$1/etc/passwd"'
--setup-hook='printf "root:x:0:\nmail:x:8:\nutmp:x:43:\n" > "$1/etc/group"'
For a more elegant way for setting up a sub-essential
busybox-based chroot, see the --hook-dir option below.
--extract-hook=command
Execute arbitrary commands after the Essential:yes packages have
been extracted but before installing them. See section HOOKS for
more information.
Example: Install busybox symlinks
--extract-hook='chroot "$1" /bin/busybox --install -s'
--essential-hook=command
Execute arbitrary commands after the Essential:yes packages have
been installed but before installing the remaining packages. The
hook is not executed for the extract and custom variants. See
section HOOKS for more information.
Example: Enable unattended upgrades
--essential-hook='echo unattended-upgrades
unattended-upgrades/enable_auto_updates boolean true
| chroot "$1" debconf-set-selections'
Example: Select Europe/Berlin as the timezone
--essential-hook='echo tzdata tzdata/Areas select Europe
| chroot "$1" debconf-set-selections'
--essential-hook='echo tzdata tzdata/Zones/Europe select Berlin
| chroot "$1" debconf-set-selections'
--customize-hook=command
Execute arbitrary commands after the chroot is set up and all
packages got installed but before final cleanup actions are
carried out. See section HOOKS for more information.
Example: Preparing a chroot for use with autopkgtest
--customize-hook='chroot "$1" passwd --delete root'
--customize-hook='chroot "$1" useradd --home-dir /home/user
--create-home user'
--customize-hook='chroot "$1" passwd --delete user'
--customize-hook='echo host > "$1/etc/hostname"'
--customize-hook='echo "127.0.0.1 localhost host" > "$1/etc/hosts"'
--customize-hook=/usr/share/autopkgtest/setup-commands/setup-testbed
--hook-directory=directory
Execute scripts in directory with filenames starting with
"setup", "extract", "essential" or "customize", at the
respective stages during an mmdebstrap run. The files must be
marked executable. Their extension is ignored. Subdirectories
are not traversed. This option is a short-hand for specifying
the remaining four hook options individually for each file in
the directory. If there are more than one script for a stage,
then they are added alphabetically. This is useful in cases,
where a user wants to run the same hooks frequently. For
example, given a directory "./hooks" with two scripts
"setup01-foo.sh" and "setup02-bar.sh", this call:
mmdebstrap --customize=./scriptA --hook-dir=./hooks --setup=./scriptB
is equivalent to this call:
mmdebstrap --customize=./scriptA --setup=./hooks/setup01-foo.sh \
--setup=./hooks/setup02-bar.sh --setup=./scriptB
The option can be specified multiple times and scripts are added
to the respective hooks in the order the options are given on
the command line. Thus, if the scripts in two directories depend
upon each other, the scripts must be placed into a common
directory and be named such that they get added in the correct
order.
Example 1: Run mmdebstrap with eatmydata
--hook-dir=/usr/share/mmdebstrap/hooks/eatmydata
Example 2: Setup chroot for installing a sub-essential
busybox-based chroot
--hook-dir=/usr/share/mmdebstrap/hooks/busybox
Example 3: Automatically mount all directories referenced by
"file://" mirrors into the chroot
--hook-dir=/usr/share/mmdebstrap/hooks/file-mirror-automount
--skip=stage[,stage,...]
mmdebstrap tries hard to implement sensible defaults and will
try to stop you before shooting yourself in the foot. This
option is for when you are sure you know what you are doing and
allows one to skip certain actions and safety checks. See
section OPERATION for a list of possible arguments and their
context. The option can be specified multiple times or you can
separate multiple values by comma or whitespace.
-q,--quiet, -s,--silent
Do not write anything to standard error. If used together with
--verbose or --debug, only the last option will take effect.
-v,--verbose
Instead of progress bars, write the dpkg and apt output directly
to standard error. If used together with --quiet or --debug,
only the last option will take effect.
-d,--debug
In addition to the output produced by --verbose, write detailed
debugging information to standard error. Errors will print a
backtrace. If used together with --quiet or --verbose, only the
last option will take effect.
--logfile=filename
Instead of writing status information to standard error, write
it into the file given by filename.
mmdebstrap failed
aborted: False
returncode: 1
Files in working directory:
system.img
--------------------