Hello Arszilla, On 02/02/2024 08:58, Arszilla wrote:
When users install `.deb` packages that are not available in Debian via a `.chroot` hook (such as `1password`), the `./live/filesystem.packages-remove` file in the generated ISO uninstalls the packages installed via `.chroot` after the system is installed. This was not the case until this action (which was added 12 years ago) became active a year ago: - https://salsa.debian.org/installer-team/live-installer/-/commit/ad0ebaad - https://salsa.debian.org/installer-team/live-installer/-/commit/ca1e1706757ecc9a4cf1fa5c637d5a9b513acee6
I still think that removing all live-related packages in the installer is a good idea. The processing of 'live/filesystem.packages-remove' shows where the package management system has been circumvented.
Because certain packages cannot be installed without `.chroot` hooks, I recommend reverting this change. It was discussed that users should drop their `.deb` packages to the `packages.chroot` directory instead, as that is the intended way. However, certain programs such as `1Password`, `docker` (from Docker's repositories), ProtonVPN, etc. only use the `.deb` packages to add their repos to the system and not install packages, which require users to `sudo apt update && sudo apt install -y <package(s)>`.
I've tried to reproduce the case with 1Password (on Debian sid).When the .deb file is provided in either config/packages.chroot or config/packages, it will not be installed per default, because the name '1password' is not a package name that is known.
I then ran live-build with '--interactive=true' (which has a similar effect as writing a hook for config/hooks/normal) and installed the package with 'dpkg -i 1password-latest.deb' and 'apt --fix-broken install'
This indeed resulted in the file 'binary/live/filesystem.packages-remove', which will remove 1password after installation.
But a proper registration of the foreign repository will result in 1password to be installed in the chroot, and not to be removed by the installer.
The commands below were taken from the 1password website: https://support.1password.com/install-linux/ --- lb config --keyring-packages ca-certificates mkdir -p config/includes.chroot_before_packages/etc/apt/sources.list.dmkdir -p config/includes.chroot_before_packages/etc/debsig/policies/AC2D62742012EA22
mkdir -p config/includes.chroot_before_packages/usr/share/keyringsecho 'deb [arch=amd64 signed-by=/usr/share/keyrings/1password-archive-keyring.gpg] https://downloads.1password.com/linux/debian/amd64 stable main' > config/includes.chroot_before_packages/etc/apt/sources.list.d/1password.list curl -sS https://downloads.1password.com/linux/debian/debsig/1password.pol > config/includes.chroot_before_packages/etc/debsig/policies/AC2D62742012EA22/1password.pol curl -sS https://downloads.1password.com/linux/keys/1password.asc | gpg --dearmor --output config/includes.chroot_before_packages/usr/share/keyrings/1password-archive-keyring.gpg
echo "1password" > config/package-lists/1password.list.chroot ---While preparing this mail, I had to make a local hack to ensure that live-build would continue (adding 'apt-get update' in chroot_install-packages, but this seems to be a proper way to handle the foreign .deb file
Since the 1password.deb file properly registers within the package management system, this ticket becomes a 'works for me'.
With kind regards, Roland Clobus
Attachment:
OpenPGP_signature.asc
Description: OpenPGP digital signature