Stop using sandbox tree to shovel out list of essential packages

We don't want to persist changes to the sandbox tree so in preparation
for that let's stop using the sandbox tree as a channel to shovel out
the list of essential packages when building debian images.

diff --git a/mkosi/distributions/debian.py b/mkosi/distributions/debian.py
index a90455e2d1c709a179fd5ba498eda9ada9c373d2..4b1d029e1a30e5da0565879de9498710c3d4cb9c 100644 (file)
--- a/mkosi/distributions/debian.py
+++ b/mkosi/distributions/debian.py
@@ -134,21 +134,21 @@ class Installer(DistributionInstaller):
         # By configuring Debug::pkgDpkgPm=1, apt-get install will not actually execute any dpkg commands, so
         # all it does is download the essential debs and tell us their full in the apt cache without actually
         # installing them.
-        Apt.invoke(
-            context,
-            "install",
-            [
-                "-oDebug::pkgDPkgPm=1",
-                # context.sandbox_tree is always mounted writable to /etc so let's use that as a channel to get the
-                # list of essential packages out of the sandbox.
-                "-oDPkg::Pre-Install-Pkgs::=cat >/etc/apt/essential",
-                "?essential",
-                "?exact-name(usr-is-merged)",
-                "base-files",
-            ],
-        )
+        with tempfile.NamedTemporaryFile(mode="r") as f:
+            Apt.invoke(
+                context,
+                "install",
+                [
+                    "-oDebug::pkgDPkgPm=1",
+                    f"-oDPkg::Pre-Install-Pkgs::=cat >{f.name}",
+                    "?essential",
+                    "?exact-name(usr-is-merged)",
+                    "base-files",
+                ],
+                options=["--bind", f.name, f.name],
+            )
 
-        essential = (context.sandbox_tree / "etc/apt/essential").read_text().strip().splitlines()
+            essential = f.read().strip().splitlines()
 
         # Now, extract the debs to the chroot by first extracting the sources tar file out of the deb and
         # then extracting the tar file into the chroot.

diff --git a/mkosi/installer/__init__.py b/mkosi/installer/__init__.py
index fca89e20ac9572b7449c3c846b72fd858423e6ed..47914ddae3b65e2bd22fb2510758b0f00dbe8ff0 100644 (file)
--- a/mkosi/installer/__init__.py
+++ b/mkosi/installer/__init__.py
@@ -1,5 +1,6 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
+from collections.abc import Sequence
 from contextlib import AbstractContextManager
 from pathlib import Path
 
@@ -125,7 +126,13 @@ class PackageManager:
         ]
 
     @classmethod
-    def sandbox(cls, context: Context, *, apivfs: bool) -> AbstractContextManager[list[PathString]]:
+    def sandbox(
+        cls,
+        context: Context,
+        *,
+        apivfs: bool,
+        options: Sequence[PathString] = (),
+    ) -> AbstractContextManager[list[PathString]]:
         return context.sandbox(
             binary=cls.executable(context.config),
             network=True,
@@ -133,6 +140,7 @@ class PackageManager:
                 "--bind", context.root, "/buildroot",
                 *cls.mounts(context),
                 *cls.options(root=context.root, apivfs=apivfs),
+                *options,
             ],
         )
 

diff --git a/mkosi/installer/apt.py b/mkosi/installer/apt.py
index a111dd25bc538494911e4441e8c73192a0013826..c7c983f993f8bdcf648713f35e5904bddb3bc6de 100644 (file)
--- a/mkosi/installer/apt.py
+++ b/mkosi/installer/apt.py
@@ -209,11 +209,12 @@ class Apt(PackageManager):
         arguments: Sequence[str] = (),
         *,
         apivfs: bool = False,
+        options: Sequence[PathString] = (),
         stdout: _FILE = None,
     ) -> CompletedProcess:
         return run(
             cls.cmd(context) + [operation, *arguments],
-            sandbox=cls.sandbox(context, apivfs=apivfs),
+            sandbox=cls.sandbox(context, apivfs=apivfs, options=options),
             env=cls.finalize_environment(context),
             stdout=stdout,
         )