On Mon, Oct 14, 2024 at 8:22 PM Aaron Rainbolt <arraybo...@gmail.com> wrote: > > On Mon, 14 Oct 2024 19:40:19 -0500 > Aaron Rainbolt <arraybo...@gmail.com> wrote: > > > I'm currently banging my head against a proverbial wall trying to > > figure out why there are some packages being incorrectly pulled into > > an ISO I'm building. I assume all of the packages are being pulled in > > for a similar reason, so right now I just want to focus on one > > particular package. My live-build config is located > > at https://github.com/ArrayBolt3/kicksecure-live-build. I am using my > > own fork of live-build, however none of the code modifications I have > > made or integrated from other sources seem likely to cause this > > particular issue.
I think I was wrong about this being not specific to my fork. I studied the code and concluded that the issue is most likely specific to the fork I'm using, because one of the patches I pulled in causes packages to be installed one at a time rather than all at once, which causes the build failure issue. The actual inclusion of firmware files looks like it's the result of "Firmware_List_From_Contents", which is operating as intended most likely. > > Some notable parts of my config: > > > > * I'm using aptitude rather than apt for installing packages for > > debugging purposes. > > * I explicitly set '--apt-recommends false' in auto/config. > > * I have a list of packages at > > > > https://github.com/ArrayBolt3/kicksecure-live-build/blob/master/config/apt/preferences > > that I do NOT want to be installed on the live ISO. > > > > For some reason, when I build my ISO without the > > config/apt/preferences file in place, a package called > > jh7100-bootloader-recovery is installed. According to `apt-cache > > show`, this is apparently something intended to help fix some > > particular StarFive RISC-V SOC. I don't have any use for this > > package, and did not put anything in my config that would result in > > it being installed. If I `cd` into the root of the config tree and do > > a `grep -Ri jh7100`, I see nothing except a mention of it in my > > README (which is there because I was listing it as "I don't know how > > this got installed, figure out how to remove it) and a mention of it > > in config/apt/preferences, which is attempting to prevent it from > > being installed. I similarly see no mention of it in my live-build > > source tree. Running `apt-cache rdepends jh7100-bootloader-recovery` > > shows me that this package has no reverse dependencies, recommends, > > or suggests. Thus as far as I can tell, this should not be getting > > installed. > > > > Looking at the build log, it looks like the package is being installed > > explicitly for some reason, not that it's being pulled in by anything > > in particular: > > > > put logs here > > Ahem. As you can probably tell, I meant to put some logs here, and then > sent this email too early. Here are the logs I meant to put here: > > Reading package lists... > Building dependency tree... > Reading state information... > Reading extended state information... > Initializing package states... > Writing extended state information... > Building tag database... > Package live-tools is not installed, so it will not be removed > Package live-boot is not installed, so it will not be removed > Package live-tools is not installed, so it will not be removed > Package live-boot is not installed, so it will not be removed > The following NEW packages will be installed: > jh7100-bootloader-recovery > 0 packages upgraded, 1 newly installed, 0 to remove and 0 not upgraded. > Need to get 12.4 kB of archives. After unpacking 36.9 kB will be used. > Writing extended state information... > Get: 1 http://deb.debian.org/debian bookworm/main amd64 > jh7100-bootloader-recovery all 0~2021.07.14~git2b268a1c-2 [12.4 kB] > Fetched 12.4 kB in 0s (81.2 kB/s) > Selecting previously unselected package jh7100-bootloader-recovery. > (Reading database ... 58189 files and directories currently installed.) > Preparing to unpack > .../jh7100-bootloader-recovery_0~2021.07.14~git2b268a1c-2_all.deb ... > Unpacking jh7100-bootloader-recovery (0~2021.07.14~git2b268a1c-2) ... > Setting up jh7100-bootloader-recovery (0~2021.07.14~git2b268a1c-2) ... > > This is about 3690 lines down a 15913 line long log file from a > successful ISO build. Apologies for any typos, I typed this across > rather than copy-pasting. > > > In an attempt to prevent the package from being installed, I tried to > > blacklist it with config/apt/preferences as documented at the end of > > https://live-team.pages.debian.net/live-manual/html/live-manual/customizing-package-installation.en.html. > > Not only did this fail to fix the problem, it actually made it worse. > > Now the build fails entirely, with the following error shown at the > > end of the log: > > > > Reading package lists... > > Building dependency tree... > > Reading state information... > > Reading extended state information... > > Initializing package states... > > Writing extended state information... > > Building tag database... > > Unable to apply some actions, aborting > > Package live-tools is not installed, so it will not be removed > > Package live-boot is not installed, so it will not be removed > > No candidate version found for jh7100-bootloader-recovery > > xargs: aptitude: exited with status 255; aborting > > E: An unexpected failure occurred, exiting... > > P: Begin unmounting filesystems... > > P: Saving caches... > > Reading package lists... > > Building dependency tree... > > Reading state information... > > > > (The messages about live-tools and live-boot are benign and are a > > result of me blacklisting them via a hacky patch to the live-build > > code, which I intend on getting rid of and replacing with a proper > > blacklisting mechanism.) > > > > At this point, I have two questions: > > > > * How in creation is this package getting pulled in, in the first > > place? > > * Failing that, or should it be infeasible to fix the root issue, how > > do I blacklist the package to get it to go away? Nothing depends on > > it, not in Debian's repos and not in any of the other repos I'm > > pulling in, and I don't need it. > > > > This is not the only package being incorrectly pulled in - the rest of > > the packages listed in the config/apt/preferences file are also ones > > that I want rid of, and while some of them seem like they're probably > > the result of the build system being "too helpful", at least two of > > the others (ixo-usb-jtag and hdmi2usb-fx2-firmware) are similarly > > unnecessary, unreferenced anywhere I can find, and aren't being pulled > > in due to dependencies. Is there some file that live-build pulls in > > over the network at build time that has a list of packages to install > > that might be the culprit here? >
