Try to support debootstrapping from https sources on debian.org infra

[mirror/dsa-puppet.git] / modules / schroot / files / setup-dchroot
diff --git a/modules/schroot/files/setup-dchroot b/modules/schroot/files/setup-dchroot

index d015c03..7f372fe 100755 (executable)
--- a/modules/schroot/files/setup-dchroot
+++ b/modules/schroot/files/setup-dchroot
@@ -72,26 +72,47 @@ do_cleanup() {
      done
  }
  
+genname() {
+    local suite="$1"; shift
+    local arch="$1"; shift
+
+    if [ -n "$sbuildnames" ]; then
+        local name="${suite}-${arch}-sbuild"
+    else
+        local name="${suite}_${arch}-dchroot"
+    fi
+
+    echo "$name"
+}
+
+
  genschrootconf() {
      local suite="$1"; shift
      local arch="$1"; shift
      local target="$1"; shift
      local extra="${1:-}"; shift || true
+    local aliases=""
  
      if [ -n "$extra" ]; then
          local suite="${suite}-${extra}"
      fi
  
-    if [ -n "$sbuildnames" ]; then
-        local name="${suite}-${arch}-sbuild"
-    else
-        local name="${suite}_${arch}-dchroot"
-    fi
+    local name="$(genname "$suite" "$arch")"
  
+    local fullname="$name"
+    case "$arch" in
+        kfreebsd-*)
+            aliases="$name"
+            # FreeBSD only allows relatively short paths to mountpoints
+            # therefore saving a few charakters making the chroot dir fit
+            name=${name/kfreebsd-amd64/k-a}
+            name=${name/kfreebsd-i386/k-i}
+        ;;
+    esac
  
  cat << EOF
  [${name}]
-description=[${name}] Debian $suite chroot for $arch
+description=[${fullname}] Debian $suite chroot for $arch
  type=file
  file=$target
  EOF
@@ -103,7 +124,14 @@ EOF
      echo "profile=$personality"
  
      if [ "$THISARCH" = "$arch" ] && [ -z "$buildd" ]; then
-        echo "aliases=$suite"
+        if [ -z "$aliases" ] ; then
+            aliases="$suite"
+        else
+            aliases="$aliases,$suite"
+        fi
+    fi
+    if [ -n "$aliases" ] ; then
+        echo "aliases=$aliases"
      fi
      case "$arch" in
          armel|armhf|i386|mips|mipsel|powerpc|s390|sparc)
@@ -124,7 +152,6 @@ EOF
                  genschrootconf "$suite" "$arch" "$target" "backports"
                  if [ -n "$buildd" ] ; then
                      genschrootconf "$suite" "$arch" "$target" "backports-sloppy"
-                    genschrootconf "$suite" "$arch" "$target" "lts"
                      genschrootconf "$suite" "$arch" "$target" "proposed-updates"
                      genschrootconf "$suite" "$arch" "$target" "security"
                      case "$arch" in
@@ -157,7 +184,8 @@ arch="$THISARCH"
  if [ -e /etc/schroot/dsa/default-mirror ]; then
      mirror=$(cat /etc/schroot/dsa/default-mirror )
  fi
-mirror="${mirror:-http://ftp.debian.org/debian}"
+mirror="${mirror:-https://deb.debian.org/debian}"
+smirror="https://deb.debian.org/debian-security"
  configonly=""
  force=""
  basedir="/srv/chroot"
@@ -168,7 +196,7 @@ sbuildnames=""
  ubuntu=""
  groupuser="Debian,guest,d-i"
  grouproot=""
-include="apt,fakeroot"
+include="apt,fakeroot,ca-certificates"
  users=""
  usersroot=""
  bare=""
@@ -319,12 +347,28 @@ if ! [ -e "$script" ]; then
      fi
  fi
  
+case "$suite" in
+  stretch|jessie|precise|trusty|xenial)
+    include="$include,apt-transport-https"
+    ;;
+esac
+
+bindir=$(mktemp -d)
+cleanup+=("rm -r $bindir")
+cat > "$bindir/wget" << 'EOF'
+#!/bin/sh
+exec /usr/bin/wget --ca-directory=/etc/ssl/ca-global "$@"
+EOF
+chmod +x "$bindir/wget"
+
  set -x
-debootstrap \
+PATH="$bindir:$PATH" \
+  debootstrap \
      --keyring "$keyring" \
      --include="$include" \
      --variant=buildd \
      --arch="$arch" \
+    --no-merged-usr \
      "$suite_alias" "$rootdir" "$mirror" "$script"
  echo "$tuple" > "$rootdir/etc/debian_chroot"
  echo "force-unsafe-io" > "$rootdir/etc/dpkg/dpkg.cfg.d/force-unsafe-io"
@@ -363,6 +407,21 @@ while true; do
  done
  EOF
  chmod +x "$rootdir/usr/local/sbin/policy-rc.d"
+
+case "$suite" in
+  jessie) # LTS updates
+    echo "deb ${smirror} ${suite}/updates main" >> "$rootdir/etc/apt/sources.list"
+    chroot "$rootdir" apt-get update
+    chroot "$rootdir" apt-get dist-upgrade -y
+    ;;
+esac
+if [ -n "$ubuntu" ]; then
+  echo "deb $mirror ${suite}-updates main" >> "$rootdir/etc/apt/sources.list"
+  echo "deb $mirror ${suite}-security main" >> "$rootdir/etc/apt/sources.list"
+  chroot "$rootdir" apt-get update
+  chroot "$rootdir" apt-get dist-upgrade -y
+fi
+
  [ -z "$bare" ] && [ -z "$ubuntu" ] && chroot "$rootdir" apt-get install -y --no-install-recommends locales-all
  chroot "$rootdir" apt-get install -y --no-install-recommends build-essential
  [ -z "$bare" ] && chroot "$rootdir" apt-get install -y --no-install-recommends zsh less vim fakeroot devscripts gdb
@@ -375,9 +434,10 @@ tartmp=$(tempfile --directory "$basedir" --suffix=".tar.gz")
  cleanup+=("rm -f $tartmp")
  (
    cd "$rootdir"
+  chmod 0755 "$rootdir"
    tar caf "$tartmp" .
    if ! [ -z "$keep" ]; then
-    savelog -l -c 4 "$target"
+    savelog -l -c 2 "$target"
    fi
    mv "$tartmp" "$target"
  )