Hi, Quoting Santiago Vila (2024-04-04 15:24:13) > > how did you create that tarball? > > debootstrap to a directory > cd /chroot/directory > tar czvf /srv/whatever.tar.gz * > > Yes, I know what using "." instead of "*" would solve the problem, but as I > said, > sbuild already supports perfectly tarballs without ./ in the "file" backend, > so the consistent thing would be to support them for unshare as well.
you can do this in less commands by using
tar -C /chroot/directory -czvf /srv/whatever.tar.gz .
In that case, the "*" wildcard would of course not work which is why usually,
people use '.' instead of "*". Another reason against using the glob operator
with tar is, that it will exclude hidden files and then you will end up with a
tarball that does not contain everything in the current directory. Using '.' is
really the safer option independent on whether you use -C or not.
Also I'm curious: what is your motivation for using unshare mode if you are
creating your chroots using superuser privileges?
And are you really storing your chroots in /srv instead of letting them get
picked up automatically in ~/.cache/sbuild/unstable-arm64.tar?
> > Your addition of --anchored drops support for tarballs with members that
> > start with ././ or with ./././ and so on.
>
> Yes, but those tarballs are a lot more uncommon, so if we had to choose
> between
> supporting "" and "./" or supporting "./" and "././" and "./././" etc, I guess
> supporting "" and "./" would be preferred.
>
> So, well spotted, but I don't think that dropping support for ././
> would be a big deal.
I think those tarballs are even more uncommon than yours, yes. But then you are
also the first in six years that the unshare backend existed to have come
across that problem. :)
> > Your second patch is described as "Do not extract anything in /dev" but
> > what it actually excludes is the directory itself and not just everything
> > in it.
> That's why I said "untested" :-) The point was to convey the idea, not the
> implementation.
Unfortunately the idea cannot work. Because the point of the exclude patterns
is to exclude everything that is a character special file. The point is not to
exclude everything in /dev.
> > Maybe a better solution would be to pipe the tarballs through mmtarfilter
> > and just remove all the device nodes from them. This avoids requiring any
> > --exclude options for tar.
>
> Hmm, but if we get to such point, maybe we should really advocate for
> debootstrap and friends to stop including any /dev/* files at all.
I'd be very much in favour of doing that. With mmdebstrap you can create a
chroot without device nodes by running this:
mmdebstrap --variant=buildd --skip=output/mknod unstable
~/.cache/sbuild/unstable-arm64.tar
The reason they are created in debootstrap (I think) is so that you can easily
just chroot into them without having to think of bind-mounting /dev beforehand.
Thanks!
cheers, josch
signature.asc
Description: signature
