Package: mmdebstrap
Version: 0.5.0-1
Severity: wishlist
File: /usr/bin/mmdebstrap
It would cool if I could do an unprivileged mmdebstrap and get a .squashfs
instead of a tarball.
Sales pitch:
squashfs is a file format that can act both like an archive (replaces
.tar.xz):
unsquashfs -d foo/ foo.sq
and like a block device (replaces .iso):
sudo mount -o loop foo.sq foo/
squashfs-tools 4.4 understands SOURCE_DATE_EPOCH (reproducible builds).
Unlike .tar.xz, it is possible to list of extract a subtree without
decompressing the whole thing.
Unlike (some versions of) tar, it has sensible defaults, so you do
not get burned by forgetting --numeric-owner.
Debian Live images are squashfs-based for about a decade.
I can't read perl very well anymore, so it's not clear to me how to actually
patch this support in.
Looking at references to "@taropts", it seems like tar gets called about 4
times, and
you'd need an equivalent "mksquashfs" in each one of those cases? Yuk.
For reference, a basic usage is:
mksquashfs foo/ foo.squashfs
And a complicated horrible usage is (in bash):
# NB: with -regex, each path component is matched as a separate,
*unanchored* ERE.
# If you just pass 'usr/share/info/', it will also exclude
usr/share/zoneinfo.
exclusions=(
# Since boot/* is needed outside the squashfs, don't duplicate it
inside.
'^boot$/.'
# Filesystems created at boot time.
'^(dev|tmp|run)$/.'
'^var$/^(lock|run|tmp)$/.'
# Cryptographic keys MUST NOT be baked in.
'^etc$/^dropbear$/^dropbear_.*_host_key$'
'^etc$/^ssh$/^ssh_host_.*_key(.pub)?$'
'^etc$/^ssl$/^certs$/^ssl-cert-snakeoil.pem$'
'^etc$/^ssl$/^private$/^ssl-cert-snakeoil.key$'
# Build-time configuration and cache.
'^etc$/^machine-id$'
'^etc$/^(debian_chroot|hostname|hosts|motd(\.tail)?|resolv.conf)$'
'^etc$/^apt$/^apt.conf.d$/^10bootstrap$'
'^etc$/^network$/^interfaces$'
'^usr$/^sbin$/^policy-rc\.d$'
'^var$/^cache$/^apt$/^(src)?pkgcache\.bin$'
'^var$/^cache$/^apt$/^archives$/\.deb$'
'^var$/^cache$/^bootstrap$'
'^var$/^lib$/^apt$/^lists$/.'
'^var$/^log$/.'
# No documentation (safety net for dpkg.cfg.d/75no-docs).
'^usr$/^share$/^(doc|info|man|omf|help)$/.'
'^usr$/^share$/^gnome$/^help$/.'
)
mksquashfs target/ target/boot/filesystem.squashfs -b 1M -comp xz -Xbcj x86
-Xdict-size 100% -no-recovery -regex -e "${exclusions[@]}"
-- System Information:
Debian Release: 10.1
APT prefers stable
APT policy: (990, 'stable'), (500, 'stable-updates'), (500,
'proposed-updates'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-6-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8),
LANGUAGE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages mmdebstrap depends on:
ii apt 1.8.2
ii perl 5.28.1-6
ii perl-doc 5.28.1-6
Versions of packages mmdebstrap recommends:
ii arch-test 0.15-2
ii fakechroot 2.19-3.2
ii fakeroot 1.23-1
ii mount 2.33.1-0.1
ii pseudo [fakeroot] 1.9.0+git20180920-1
ii uidmap 1:4.5-1.1
Versions of packages mmdebstrap suggests:
pn binfmt-support <none>
ii dpkg-dev 1.19.7
ii proot 5.1.0-1.3
pn qemu-user <none>
pn qemu-user-static <none>
-- no debconf information
