Hi, On 2025-01-02 10:40, Johannes Schauer Marin Rodrigues wrote: > Hi, > > Quoting Aurelien Jarno (2025-01-01 19:44:16) > > It is regularly claimed that mmdebstrap should be used instead of > > debootstrap. > > how are the regular claims of some relevant to this report?
This is to give some context about why I explored replacing debootstrap by mmdebstrap on the build daemons. It started with the removal of usrmerge from the archive (see #1088212), which broke the generation of the chroots on the build daemons using debootstrap. People on IRC just said that mmdebstrap should be used instead debootstrap. In the meantime an empty package has been reuploaded until debootstrap is fixed in stable. > > However contrary to debootstrap [1], it does not install ca-certificates > > when > > a https mirror is used. This makes the generated chroot unusable. > > How would your preferred solution look like? > > A proper solution would need to call "apt-get indextargets" on all invocations > to figure out whether a https mirror was used, slowing down even non-https > runs. From what I understand the only protocol supported by apt that need ca-certificates is the https case, so it should be enough to just check the URL like debootstrap is doing. > Are you using mmdebstrap from the terminal or from a script? In what use-case > do you come across this issue? I used it from a script, as said above to replace the one used by the buildds. The script can be changed easily to pass --include=ca-certificates, but I believe that users trying to reproduce the build daemon setup might encounter the same issue. This can be reproduced that way: | # mmdebstrap --variant=buildd sid sid.dir https://deb.debian.org/debian | I: automatically chosen mode: root | I: chroot architecture amd64 is equal to the host's architecture | I: finding correct signed-by value... | done | I: automatically chosen format: directory | I: running apt-get update... | done | I: downloading packages with apt... | done | I: extracting archives... | done | I: installing essential packages... | done | I: installing remaining packages inside the chroot... | done | done | I: cleaning package lists and apt cache... | done | done | I: success in 11.0252 seconds | # chroot sid.dir | # apt-get update | Ign:1 https://deb.debian.org/debian sid InRelease | Ign:1 https://deb.debian.org/debian sid InRelease | Ign:1 https://deb.debian.org/debian sid InRelease | Err:1 https://deb.debian.org/debian sid InRelease | SSL connection failed: error:80000002:system library::No such file or directory / Success [IP: 2a04:4e42:6a::644 443] | Reading package lists... Done | W: Failed to fetch https://deb.debian.org/debian/dists/sid/InRelease SSL connection failed: error:80000002:system library::No such file or directory / Success [IP: 2a04:4e42:6a::644 443] | W: Some index files failed to download. They have been ignored, or old ones used instead. | # Regards Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://aurel32.net
signature.asc
Description: PGP signature
