debian/ubuntu: Configure apt chroot with APT_CONFIG

When invoking apt switched from running inside the container to running
on the host, apt stopped reading the configuration files present in the
container. Because of this, it is not possible anymore to configure apt
by dropping a file in `mkosi.skeleton/etc/apt/apt.conf.d/`.

apt first loads its configuration files and then parse the command-line
options (so that they can override the options set in the files). While
setting `-o Dir=<container-root>` on the command-line has some impact on
the configuration of apt, it will not read the files in
`<container-root>/etc/apt/apt.conf.d/`, as apt has already read its
configuration files from the host with the configuration `Dir "/"`.

Rather than using the command-line, the APT_CONFIG environment variable
should be used to point to a file with the chroot configuration. When
set, that file is processed before anything else. By setting `Dir` this
way, apt will read the configuration files from the container and not
from the host.

As the host configuration is not read anymore, there is no more need to
mask `/etc/apt` on the host by bind-mounting an empty directory over it.

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index aaf7bc80315ffa5731dfddb2d29be5a090041ce0..7cc4d89c9d49fc05ce32ce7e4e20590d8e0e4d4f 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -2480,26 +2480,34 @@ def invoke_apt(
     **kwargs: Any,
 ) -> CompletedProcess:
 
+    config_file = state.workspace / "apt.conf"
     debarch = DEBIAN_ARCHITECTURES[state.config.architecture]
 
+    if not config_file.exists():
+        config_file.write_text(
+            dedent(
+                f"""\
+                Dir "{state.root}";
+                DPkg::Chroot-Directory "{state.root}";
+                """
+            )
+        )
+
     cmdline = [
         f"/usr/bin/apt-{subcommand}",
-        "-o", f"Dir={state.root}",
-        "-o", f"DPkg::Chroot-Directory={state.root}",
         "-o", f"APT::Architecture={debarch}",
         "-o", "dpkg::install::recursive::minimum=1000",
         operation,
         *extra,
     ]
     env = dict(
+        APT_CONFIG=f"{config_file}",
         DEBIAN_FRONTEND="noninteractive",
         DEBCONF_NONINTERACTIVE_SEEN="true",
         INITRD="No",
     )
 
-    # Overmount /etc/apt on the host with an empty directory, so that apt doesn't parse any configuration
-    # from it.
-    with mount_bind(state.workspace / "apt", Path("/") / "etc/apt"), mount_apt_local_mirror(state), mount_api_vfs(state.root):
+    with mount_apt_local_mirror(state), mount_api_vfs(state.root):
         return run(cmdline, env=env, text=True, **kwargs)