apt update fails on debian

Question

apt update fails on debian

Closed this issue 4 years ago · 6 comments

Hello,

when I try to run ./cryptmypi.sh examples/debian-encrypted-basic-dropbear/ it fails at this point:

Calling 2300-stage1-locale.hook ..
...
+ apt-get -y install locales
...
E: Package 'locales' has no installation candidate
+ exit 1
ERROR: Could not install locales correctly... Exiting.

But I think that the root error is that apt update fails before that because /etc/resolv.conf has the wrong permissions:

- Calling 2200-stage1-setup-chroot.hook ...
...
/tmp/cryptmypi/examples/debian-encrypted-basic-dropbear//build/root/etc/resolv.conf does not exists or is empty.
Setting nameserver to 1.1.1.1 and 8.8.8.8 in /tmp/cryptmypi/examples/debian-encrypted-basic-dropbear//build/root/etc/resolv.conf
Updating apt-get
Err:1 http://deb.debian.org/debian bullseye InRelease
  Temporary failure resolving 'deb.debian.org'
Reading package lists... Done
W: Failed to fetch http://deb.debian.org/debian/dists/bullseye/InRelease  Temporary failure resolving 'deb.debian.org'

When I look in the RPi chroot I find this:

ls -lah /etc/resolv.conf 
-rw------- 1 root root 38 2021-04-07 19:45 /etc/resolv.conf

And inside the chroot "apt update" fails.

When I change /etc/resolv.conf to the imho correct 644 permission "apt update" works inside the chroot.

It also works again if I add this line in functions/chroot.fns (after the resolv.conf is created)
chmod 644 "${CHROOTDIR}/etc/resolv.conf"

Btw, thanks for this great project!

Answer 1 · 2021-04-16T18:10:05.000Z

Greetings,
Can you share with me what version you are running? I think this is an old bug that has since been addressed. Version in master branch is 4.7-beta and next-4.x is 4.8-next,

Answer 2 · 2021-04-16T23:22:02.000Z

I am on commit 64c2a4b (HEAD -> master, tag: v4.7-beta, origin/master, origin/HEAD)

Answer 3 · 2021-04-17T00:49:43.000Z

Greetings,
Interesting, can you share your distro and build environment?
Also can you try next-4.x branch to see if it behaves the same?
I tested for the issue on a latest pristine Kali vm with next-4.x branch and could not reproduce the issue.

Answer 4 · 2021-04-17T07:24:41.000Z

I am running Debian sid.
Linux silverweed 5.10.0-2-amd64 #1 SMP Debian 5.10.9-1 (2021-01-20) x86_64 GNU/Linux
GNU bash, version 5.1.4(1)-release (x86_64-pc-linux-gnu)

What would you define as my build environment? I am happy to give more information.
Can you reproduce this with the debian-encrypted-basic-dropbear example?

I will try the next-4.x branch hopefully this weekend.

Answer 5 · 2021-04-17T14:19:58.000Z

Greetings,
Your info sufficient on build environment. Also I work to support Debian so all good to report issue. I run tests in pristine vm's so I try to avoid missing simple things. I tested next-4.x branch on pristine Debian Bullseye vm and could not reproduce issue. If next-4.x not work for you I build a sid vm and try to reproduce. Just let me know.

Answer 6 · 2021-04-19T10:12:28.000Z

The error is still there:

/tmp/newcrypt/cryptmypi# git log | head -1 && git branch
commit e153f05cdd68e4751d75e02ce5f0059b0112e481
  master
* next-4.x

./cryptmypi.sh examples/debian-encrypted-basic-dropbear/

###############################################################################
                               C R Y P T M Y P I
###############################################################################

Loading functions...
- Loading chroot.fns ...
  ... chroot.fns loaded!
- Loading echo.fns ...
  ... echo.fns loaded!
- Loading files.fns ...
  ... files.fns loaded!
- Loading hooks.fns ...
  ... hooks.fns loaded!
- Loading misc.fns ...
  ... misc.fns loaded!
- Loading ssh.fns ...
  ... ssh.fns loaded!
- Loading stage1profiles.fns ...
  ... stage1profiles.fns loaded!

Attempting to run preconditions hooks ...
- Calling 0000-preconditions-root.hook ...
    ... 0000-preconditions-root.hook completed!

- Calling 0200-preconditions-rsync.hook ...
    ... 0200-preconditions-rsync.hook completed!

- Calling 0300-preconditions-dns.hook ...
Primary DNS server _DNS1 is not set on config: Setting default value 1.1.1.1
Secondary DNS server _DNS2 is not set on config: Setting default value 8.8.8.8
    ... 0300-preconditions-dns.hook completed!

- Calling 0400-preconditions-cryptsetup.hook ...
    ... 0400-preconditions-cryptsetup.hook completed!

# Executing both stages #######################################################
###############################################################################
                               C R Y P T M Y P I
                               ---- Stage 1 ----
v4.8-next
###############################################################################

--- Custom STAGE1 SELECTED
    stage1profile_complete

--- Executing:

Attempting to run stage1 hooks ...
- Calling 1100-stage1-sanity-qemu.hook ...
    ... 1100-stage1-sanity-qemu.hook completed!

- Calling 2000-stage1-image-download.hook ...
Downloading ARM image from https://raspi.debian.net/verified/20210408_raspi_4_bullseye.img.xz ...
--2021-04-19 11:26:52--  https://raspi.debian.net/verified/20210408_raspi_4_bullseye.img.xz
Resolving raspi.debian.net (raspi.debian.net)... 208.97.148.173
Connecting to raspi.debian.net (raspi.debian.net)|208.97.148.173|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 353290740 (337M) [application/x-xz]
Saving to: ‘/tmp/newcrypt/cryptmypi/files/images/20210408_raspi_4_bullseye.img.xz’

/tmp/newcrypt/cryptmypi/files/images/20210408_raspi_4_bullseye.img. 100%[=================================================================================================================================================================>] 336.92M  6.44MB/s    in 56s     

2021-04-19 11:27:48 (6.00 MB/s) - ‘/tmp/newcrypt/cryptmypi/files/images/20210408_raspi_4_bullseye.img.xz’ saved [353290740/353290740]

Validating image checksum...
Done: Image is valid!
    ... 2000-stage1-image-download.hook completed!

- Calling 2100-stage1-image-extract.hook ...
Extracting image: 20210408_raspi_4_bullseye.img.xz ...
Mounting loopback ...
Syncing image/root to /tmp/newcrypt/cryptmypi/examples/debian-encrypted-basic-dropbear//build/root ...
Syncing image/root/boot to /tmp/newcrypt/cryptmypi/examples/debian-encrypted-basic-dropbear//build/root/boot ...
Cleaning loopback ...
    ... 2100-stage1-image-extract.hook completed!

- Calling 2200-stage1-setup-chroot.hook ...
- Copying qemu emulator to chroot ...
Preparing RPi chroot mount structure at '/tmp/newcrypt/cryptmypi/examples/debian-encrypted-basic-dropbear//build/root'.
Mounting '/tmp/newcrypt/cryptmypi/examples/debian-encrypted-basic-dropbear//build/root/dev/' ...
Mounting '/tmp/newcrypt/cryptmypi/examples/debian-encrypted-basic-dropbear//build/root/dev/pts' ...
Mounting '/tmp/newcrypt/cryptmypi/examples/debian-encrypted-basic-dropbear//build/root/sys/' ...
Mounting '/tmp/newcrypt/cryptmypi/examples/debian-encrypted-basic-dropbear//build/root/proc/' ...
/tmp/newcrypt/cryptmypi/examples/debian-encrypted-basic-dropbear//build/root/etc/resolv.conf does not exists or is empty.
Setting nameserver to 1.1.1.1 and 8.8.8.8 in /tmp/newcrypt/cryptmypi/examples/debian-encrypted-basic-dropbear//build/root/etc/resolv.conf
Updating apt-get
Err:1 http://deb.debian.org/debian bullseye InRelease
  Temporary failure resolving 'deb.debian.org'
Reading package lists... Done
W: Failed to fetch http://deb.debian.org/debian/dists/bullseye/InRelease  Temporary failure resolving 'deb.debian.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.
    ... 2200-stage1-setup-chroot.hook completed!

- Calling 2300-stage1-locale.hook ...
Configuring system locale...
_LOCALE not set, using default value 'en_US.UTF-8'
Uncommenting locale 'en_US.UTF-8' for inclusion in generation
sed: can't read /tmp/newcrypt/cryptmypi/examples/debian-encrypted-basic-dropbear//build/root/etc/locale.gen: No such file or directory
Updating /etc/default/locale
Installing locales
- Installing locales
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package locales is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'locales' has no installation candidate
apt-get failed: Trying to recover...
+ sleep 5
+ apt-get update
Err:1 http://deb.debian.org/debian bullseye InRelease
  Temporary failure resolving 'deb.debian.org'
Reading package lists... Done
W: Failed to fetch http://deb.debian.org/debian/dists/bullseye/InRelease  Temporary failure resolving 'deb.debian.org'
W: Some index files failed to download. They have been ignored, or old ones used instead.
+ apt-get -y install locales
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Package locales is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'locales' has no installation candidate
+ exit 1
ERROR: Could not install locales correctly... Exiting.
Tearing down RPi chroot mount structure at '/tmp/newcrypt/cryptmypi/examples/debian-encrypted-basic-dropbear//build/root'.
Unmounting binds
umount: /dev/sdb*: no mount point specified.
umount: /mnt/cryptmypi: no mount point specified.
umount: /mnt/cryptmypi: no mount point specified.
umount: /dev/mapper/crypt: no mount point specified.
Device crypt is not active.

/tmp/newcrypt/cryptmypi# chroot /tmp/newcrypt/cryptmypi/examples/debian-encrypted-basic-dropbear//build/root
root@silverweed:/# stat /etc/resolv.conf 
  File: /etc/resolv.conf
  Size: 38              Blocks: 8          IO Block: 4096   regular file
Device: fd01h/64769d    Inode: 24670733    Links: 1
Access: (0600/-rw-------)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2021-04-19 09:28:14.130947096 +0000
Modify: 2021-04-19 09:28:14.130947096 +0000
Change: 2021-04-19 09:28:14.130947096 +0000
 Birth: 2021-04-19 09:28:14.130947096 +0000