Hi,
Quoting Patrick Schleizer (2023-03-13 12:19:00)
> However, all the options I suggested could be considered "accept these
> option, do not bail out, and simply do nothing about these options". In other
> words, if --foreign is set, simply ignore it. That is, if that seems
> appropriate.
>
> --foreign
> "INFO: --foreign option not needed by mmdebstrap and ignored"
okay. In the mmdebstrap codebase you see lines like these:
'force-check-gpg' => sub { push @{ $options->{noop} }, 'force-check-gpg'; },
The above example adds the --force-check-gpg as a no-op option to mmdebstrap.
How about you try adding more of these as appropriate and try out how far you
get?
> >> * --second-stage - Similar to above.
> >
> > Why should I add this extra complexity of what debootstrap does in its
> > second
> > stage to mmdebstrap if mmdebstrap doesn't even need it because it does the
> > right thing already?
>
> Towards debootstrap drop-in comparability only.
For me this is backwards. Why should not instead debootstrap learn to do the
right thing instead of this two-stage process?
> Kinda, if it appropriate do everything in the first stage, do it. And later
> if mmdebstrap is called with --second-stage is run, simply say "not needed,
> mmdebstrap doesn't need a second stage, all done" exit 0 and do nothing. (Or
> the other way around.)
This would require mmdebstrap to write out a script into the chroot that can
then be later called with --second-stage. This seems overkill just for
compatibility with an inferior piece of software.
Would it not be a much better investment of your or my time to teach lb how to
call mmdebstrap properly instead of forcing something onto mmdebstrap that
makes it worse?
> >> * --no-check-gpg - Not sure worth bothering or if you would like to
> >> support that for compatibility's sake.
> >
> > This is not really possible with mmdebstrap in all cases because mmdebstrap
> > is
> > using apt to create the chroot and even with [trusted=yes], apt will still
> > run
> > gpgv and do checks that cannot be disabled as of today. For this to work
> > reliably, more code needs to be added to apt. I've talked with apt
> > maintainers
> > about this in the past about this but they (understandably) say, that the
> > risk
> > of doing something wrong in such important code paths (security-wise) is too
> > high to allow for completely disabling gpg checks.
> >
> > In which situation would --no-check-gpg be useful?
>
> I don't know any where --no-check-gpg is currently useful except for
> completeness sake of supporting the same (or as many as possible)
> options as debootstrap. In case --no-check-gpg is given, simply ignore
> it and don't bail out due to unknown option.
>
> Yeah. That's the general theme of my reply. Accept the option in
> mmdebstrap option parser but don't implement/change any actual functionality.
> Just the options parser giving it a pass and then ignored.
Maybe you can provide a patch that shows that what you propose works?
Thanks!
cheers, josch
