Awesome! Great to know you're interested in this! Good question. I am not sure what I meant with that either. :) Will look into it again.
First thing: #### debootstrap: --arch=ARCH mmdebstrap: --architectures=native[,foreign1,...] #### In other words, grml-debootstrap calls debootstrap with --arch=ARCH. This will fail since mmdebstrap does not support --arch=ARCH but wants --architectures. #### cowbuilder (or pbuilder?) calls debootstrap with: + args='--include=apt --variant=buildd --force-check-gpg buster /var/cache/pbuilder/base.cow_amd64 http://HTTPS///deb.debian.org/debian' I.e. it is possible to pass an apt repository URI through command line (above last argument). However, I am translating that in the wrapper to: --verbose --architectures=amd64 --aptopt=/home/user/whonix_binary/aptgetopt.conf --include=apt,sudo,devscripts,debhelper,strip-nondeterminism,fakeroot,apt-transport-tor,apt-transport-https,python,eatmydata,aptitude,cowdancer buster /var/cache/pbuilder/base.cow_amd64 /home/user/Whonix/build_sources/debian_stable_current_clearnet.list Using a file /home/user/Whonix/build_sources/debian_stable_current_clearnet.list which contains both, Debian "standard" repository as well as Debian security repository. This is to make use of mmdebstrap excellent security feature to bootstrap from two repositories at once. If the APT version in Debian "standard" repository had a vulnerability, then the vulnerable version would be installed first before vulnerable APT would be used to upgrade in a later step from Debian security repository. "Incompatibility" is perhaps a far stretched term. How do we "teach" grml-debootstrap, cowbuilder (or pbuilder?) "use both, Debian "standard" repository and Debian security repository when using mmdebstrap"? It's like "the ecosystem does not take advantage of mmdebstrap" yet. Not sure anymore why I added: --include=apt,sudo,devscripts,debhelper,strip-nondeterminism,fakeroot,apt-transport-tor,apt-transport-https,python,eatmydata,aptitude,cowdancer apt-transport-https might be required to support https repositories in sources list. apt-transport-tor might be required to support tor+https and .onion in sources list. Johannes Schauer: > I added a no-op --force-check-gpg option. Where is the source code for that? git clones just now. git clone http://gitlab.mister-muffin.de/josch/mmdebstrap.git But cannot find any mention of "force-check-gpg". Once I have the new version, and can get past the "force-check-gpg" option, I will re-try these tools and see how far I get step by step. Cheers, Patrick
