debootstrap_plugin: add `include` and `install_keyring` keys

The "include" key maps to debootstrap's `--include` parameter, allowing additional packages to be installed. The `install_keyring` key is a Boolean that determines if the gpg keyring specified by the `keyring` key is installed in the disk image for use when installing packages from non-official Debian repositories, e.g. local mirrors created using aptly, etc.
author: Andy Piper <andy.piper@arcticwolf.com> 2021-11-22 20:31:29 -0500
committer: Andy Piper <andy.piper@arcticwolf.com> 2021-11-22 20:31:29 -0500
commit: 7092629b7eae91cb5130b672f46ec5002209c9ea (patch)
tree: 35c74865434d09616701be764cf6685e6f677153
parent: 788d4b1e920db40a0ad32361255e0d59cdbec829 (diff)
download: vmdb2-7092629b7eae91cb5130b672f46ec5002209c9ea.tar.gz
2 files changed, 55 insertions, 29 deletions
diff --git a/vmdb/plugins/debootstrap.mdwn b/vmdb/plugins/debootstrap.mdwn
index 67f13fb..6784096 100644
--- a/vmdb/plugins/debootstrap.mdwn
+++ b/vmdb/plugins/debootstrap.mdwn
@@ -18,10 +18,17 @@ Step keys:
   (e.g. Raspbian) as by default debootstrap will use the keys provided
   by the "debian-archive-keyring" package.
 
+* `install_keyring` &mdash; OPTIONAL; if set to `yes`, the gpg keyring
+  specified by the `keyring` key will be installed in the image for use when
+  installing packages from non-official Debian repositories.
+
 * `arch` &mdash; OPTIONAL; the foreign architecture to use.
 
 * `variant` &mdash; OPTIONAL; the variant for debootstrap.
 
+* `include` &mdash; OPTIONAL; a list of additional packages for
+  debootstrap to install.
+
 Example (in the .vmdb file):
 
     - debootstrap: buster
diff --git a/vmdb/plugins/debootstrap_plugin.py b/vmdb/plugins/debootstrap_plugin.py
index 92d23d4..3bfeff9 100644
--- a/vmdb/plugins/debootstrap_plugin.py
+++ b/vmdb/plugins/debootstrap_plugin.py
@@ -15,9 +15,11 @@
 #
 # =*= License: GPL-3+ =*=
 
+import os
+import shutil
+import subprocess
 
 import vmdb
-import subprocess
 
 
 class DebootstrapPlugin(vmdb.Plugin):
@@ -33,8 +35,10 @@ class DebootstrapStepRunner(vmdb.StepRunnerInterface):
             "mirror": str,
             "arch": "",
             "keyring": "",
+            "install_keyring": False,
             "variant": "-",
             "components": ["main"],
+            "include": [],
         }
 
     def run(self, values, settings, state):
@@ -43,6 +47,8 @@ class DebootstrapStepRunner(vmdb.StepRunnerInterface):
         target = state.tags.get_builder_mount_point(tag)
         mirror = values["mirror"]
         keyring = values["keyring"] or None
+        install_keyring = values["install_keyring"]
+        include = values["include"]
         arch = (
             values["arch"]
             or subprocess.check_output(["dpkg", "--print-architecture"]).strip()
@@ -52,36 +58,49 @@ class DebootstrapStepRunner(vmdb.StepRunnerInterface):
 
         if not (suite and tag and target and mirror):
             raise Exception("missing arg for debootstrap step")
+
+        cmd = [
+            "debootstrap",
+            "--arch",
+            arch,
+            "--variant",
+            variant,
+            "--components",
+            ",".join(components),
+        ]
+
+        remove_pkgs = []
         if keyring:
-            vmdb.runcmd(
-                [
-                    "debootstrap",
-                    "--keyring",
-                    keyring,
-                    "--arch",
-                    arch,
-                    "--variant",
-                    variant,
-                    "--components",
-                    ",".join(components),
-                    suite,
-                    target,
-                    mirror,
-                ]
-            )
-        else:
-            vmdb.runcmd(
+            cmd.extend(["--keyring", keyring])
+            if install_keyring and "gnupg" not in include:
+                include.append("gnupg")
+                # If gnupg needed to be installed it should be removed again to
+                # minimize the installation footprint
+                remove_pkgs.append("gnupg")
+
+        if include:
+            cmd.extend(["--include", ",".join(include)])
+
+        cmd.extend([suite, target, mirror])
+
+        vmdb.runcmd(cmd)
+
+        if keyring and install_keyring:
+            keyring_basename = os.path.basename(keyring)
+            chroot_keyring = os.path.join(target, keyring_basename)
+            shutil.copyfile(keyring, os.path.join(target, keyring_basename))
+            vmdb.runcmd_chroot(target, ["apt-key", "add", f"/{keyring_basename}"])
+            os.remove(chroot_keyring)
+
+        if remove_pkgs:
+            vmdb.runcmd_chroot(
+                target,
                 [
-                    "debootstrap",
-                    "--arch",
-                    arch,
-                    "--variant",
-                    variant,
-                    "--components",
-                    ",".join(components),
-                    suite,
-                    target,
-                    mirror,
+                    "apt-get",
+                    "remove",
+                    "--purge",
+                    "-y",
                 ]
+                + remove_pkgs,
             )
author	Andy Piper <andy.piper@arcticwolf.com>	2021-11-22 20:31:29 -0500
committer	Andy Piper <andy.piper@arcticwolf.com>	2021-11-22 20:31:29 -0500
commit	7092629b7eae91cb5130b672f46ec5002209c9ea (patch)
tree	35c74865434d09616701be764cf6685e6f677153
parent	788d4b1e920db40a0ad32361255e0d59cdbec829 (diff)
download	vmdb2-7092629b7eae91cb5130b672f46ec5002209c9ea.tar.gz