WIP: attempt to fix pr comments; needs properly splitting

obbardc · obbardc · commit ae1e5caed5d8 · 2025-12-07T23:23:38.000Z
Signed-off-by: Christopher Obbard &lt;christopher.obbard@linaro.org&gt;
diff --git a/actions/debootstrap_action.go b/actions/debootstrap_action.go
@@ -48,13 +48,16 @@ Example:
 
 - private-key -- provide the client's private key in a file separate from the certificate.
 
-  - parent-suite -- release code name which this suite is based on. Useful for downstreams which do
-    not use debian codenames for their suite names (e.g. "stable").
+  - debootstrap-suite -- name of the suite to use for debootstrap itself. This usually
+    selects the builtin debootstrap script and is typically the direct parent of a
+    downstream (e.g. "buster" for an old Apertis release, "jammy" for Ubuntu derivatives).
 
-  - script -- the full path of the script to use to build the target rootfs. (e.g. `/usr/share/debootstrap/scripts/kali`)
-    If unspecified, the property will be automatically determined in the following order,
-    with the path "/usr/share/debootstrap/scripts/" prepended:
-    `suite` property, `parent-suite` property then `unstable`.
+  - debootstrap-script -- path (inside the recipe origin) to a custom debootstrap
+    script to use instead of the builtin ones.
+
+If neither debootstrap-suite nor debootstrap-script is set, debos will use the
+builtin script for the `suite` if one exists, otherwise it falls back to the
+"unstable" debootstrap script (preserving the historic behaviour).
 */
 package actions
 
@@ -73,19 +76,19 @@ import (
 )
 
 type DebootstrapAction struct {
-	debos.BaseAction `yaml:",inline"`
-	ParentSuite      string `yaml:"parent-suite"`
-	Suite            string
-	Mirror           string
-	Variant          string
-	KeyringPackage   string `yaml:"keyring-package"`
-	KeyringFile      string `yaml:"keyring-file"`
-	Certificate      string
-	PrivateKey       string `yaml:"private-key"`
-	Components       []string
-	MergedUsr        bool `yaml:"merged-usr"`
-	CheckGpg         bool `yaml:"check-gpg"`
-	Script           string
+	debos.BaseAction  `yaml:",inline"`
+	DebootstrapSuite  string `yaml:"debootstrap-suite"`
+	Suite             string
+	Mirror            string
+	Variant           string
+	KeyringPackage    string `yaml:"keyring-package"`
+	KeyringFile       string `yaml:"keyring-file"`
+	Certificate       string
+	PrivateKey        string `yaml:"private-key"`
+	Components        []string
+	MergedUsr         bool   `yaml:"merged-usr"`
+	CheckGpg          bool   `yaml:"check-gpg"`
+	DebootstrapScript string `yaml:"debootstrap-script"`
 }
 
 func NewDebootstrapAction() *DebootstrapAction {
@@ -119,6 +122,11 @@ func (d *DebootstrapAction) listOptionFiles(context *debos.Context) []string {
 		files = append(files, d.KeyringFile)
 	}
 
+	if d.DebootstrapScript != "" {
+		d.DebootstrapScript = debos.CleanPathAt(d.DebootstrapScript, context.RecipeDir)
+		files = append(files, d.DebootstrapScript)
+	}
+
 	return files
 }
 
@@ -127,18 +135,35 @@ func (d *DebootstrapAction) Verify(context *debos.Context) error {
 		return fmt.Errorf("suite property not specified")
 	}
 
-	if len(d.ParentSuite) == 0 {
-		d.ParentSuite = d.Suite
+	// You can't sensibly specify both.
+	if d.DebootstrapSuite != "" && d.DebootstrapScript != "" {
+		return fmt.Errorf("only one of debootstrap-suite or debootstrap-script may be set")
 	}
 
 	files := d.listOptionFiles(context)
 
-	// Check if all needed files exists
+	// Check if all needed files exist
 	for _, f := range files {
 		if _, err := os.Stat(f); os.IsNotExist(err) {
 			return err
 		}
 	}
+
+	// If debootstrap-suite is set, require that a script for it exists.
+	if d.DebootstrapSuite != "" {
+		// If the suite already has a builtin script, using debootstrap-suite is
+		// confusing - error out
+		suiteScript := getDebootstrapScriptPath(d.Suite)
+		if _, err := os.Stat(suiteScript); err == nil {
+			return fmt.Errorf("suite %q already has a builtin debootstrap script; debootstrap-suite should not be set", d.Suite)
+		}
+
+		parentScript := getDebootstrapScriptPath(d.DebootstrapSuite)
+		if _, err := os.Stat(parentScript); err != nil {
+			return fmt.Errorf("cannot find debootstrap script for debootstrap-suite %q", d.DebootstrapSuite)
+		}
+	}
+
 	return nil
 }
 
@@ -178,21 +203,23 @@ func (d *DebootstrapAction) RunSecondStage(context debos.Context) error {
 	return err
 }
 
-// Check if suite is something before usr-is-merged was introduced
+// shouldExcludeUsrIsMerged returns true for Debian suites where usr-is-merged
+// is not available and the old debos workaround is still needed.
 func shouldExcludeUsrIsMerged(suite string) bool {
 	switch strings.ToLower(suite) {
-	case "sid", "unstable":
-		return false
-	case "testing":
-		return false
-	case "bookworm":
-		return false
-	case "trixie":
-		return false
-	case "forky":
-		return false
-	default:
+	case "etch",
+		"lenny",
+		"squeeze",
+		"wheezy",
+		"jessie",
+		"stretch",
+		"buster",
+		"bullseye":
 		return true
+	default:
+		// Default to "no workaround" for anything unknown/new (Debian >= bookworm
+		// and derivatives)
+		return false
 	}
 }
 
@@ -244,41 +271,49 @@ func (d *DebootstrapAction) Run(context *debos.Context) error {
 		cmdline = append(cmdline, fmt.Sprintf("--variant=%s", d.Variant))
 	}
 
-	if shouldExcludeUsrIsMerged(d.ParentSuite) {
-		log.Printf("excluding usr-is-merged as package is not in parent suite %s\n", d.ParentSuite)
-		cmdline = append(cmdline, "--exclude=usr-is-merged")
-	}
-
-	cmdline = append(cmdline, d.Suite)
-	cmdline = append(cmdline, context.Rootdir)
-	cmdline = append(cmdline, d.Mirror)
-
-	if len(d.Script) > 0 {
-		if _, err := os.Stat(d.Script); err != nil {
-			return fmt.Errorf("cannot find debootstrap script %s", d.Script)
-		}
+	// Determine which debootstrap script to use and which suite we apply the
+	// usr-is-merged workaround for.
+	var scriptPath string
+	var suiteForWorkaround string
+
+	if d.DebootstrapScript != "" {
+		// Custom script specified by the user; Verify() already ensured it exists.
+		scriptPath = d.DebootstrapScript
+
+		// When using a custom script we assume any distro-specific workarounds
+		// are handled there and do not apply the usr-is-merged workaround here.
+		suiteForWorkaround = ""
+	} else if d.DebootstrapSuite != "" {
+		// Explicit parent/debootstrap suite – must exist, checked in Verify().
+		suiteForWorkaround = d.DebootstrapSuite
+		scriptPath = getDebootstrapScriptPath(suiteForWorkaround)
 	} else {
-		/* Auto determine debootstrap script to use from d.Suite, falling back to
-		   d.ParentSuite if it doesn't exist. Finally, fallback to unstable if a
-		   script for the parent suite does not exist. */
-		for _, s := range []string{d.Suite, d.ParentSuite, "unstable"} {
-			d.Script = getDebootstrapScriptPath(s)
-			if _, err := os.Stat(d.Script); err == nil {
-				break
-			}
-
-			log.Printf("cannot find debootstrap script %s\n", d.Script)
-
-			/* Unstable should always be available so error out if not found */
-			if s == "unstable" {
+		// Automatic behaviour: use suite's builtin script if available, otherwise
+		// fall back to unstable (current behaviour), and suggest debootstrap-suite.
+		suiteForWorkaround = d.Suite
+		scriptPath = getDebootstrapScriptPath(suiteForWorkaround)
+		if _, err := os.Stat(scriptPath); err != nil {
+			log.Printf("cannot find debootstrap script %s, falling back to unstable\n", scriptPath)
+			suiteForWorkaround = "unstable"
+			scriptPath = getDebootstrapScriptPath(suiteForWorkaround)
+			if _, err := os.Stat(scriptPath); err != nil {
 				return errors.New("cannot find debootstrap script for unstable")
 			}
+			log.Printf("using fallback debootstrap script %s; consider setting debootstrap-suite", scriptPath)
 		}
+	}
 
-		log.Printf("using debootstrap script %s\n", d.Script)
+	// workaround for https://github.com/go-debos/debos/issues/361
+	// Apply the workaround only for known-old suites
+	if suiteForWorkaround != "" && shouldExcludeUsrIsMerged(suiteForWorkaround) {
+		log.Printf("excluding usr-is-merged as package is not in suite %s\n", suiteForWorkaround)
+		cmdline = append(cmdline, "--exclude=usr-is-merged")
 	}
 
-	cmdline = append(cmdline, d.Script)
+	cmdline = append(cmdline, d.Suite)
+	cmdline = append(cmdline, context.Rootdir)
+	cmdline = append(cmdline, d.Mirror)
+	cmdline = append(cmdline, scriptPath)
 
 	/* Make sure /etc/apt/apt.conf.d exists inside the fakemachine otherwise
 	   debootstrap prints a warning about the path not existing. */
