Dev/chroot-scripts
Chroot Scripts[edit]
What are Chroot Scripts?[edit]
Some operations for building Whonix ™ cannot run as part Debian maintainer scripts (preinst, postinst, prerm, postrm). Those are installed by whonix-initializer
to /usr/lib/anon-dist/chroot-scripts-post.d. When those scripts are just installed, they do nothing. Those scripts are run in lexical order after package installation by a later build step of Whonix ™ build script (see #Introduction for overview).
How many chroot-scripts are there and what are they used for?[edit]
Introduction[edit]
To get an always up to date list of packages that do ship chroot-scripts, you could run find from within Whonix ™ source code folder.
find . -type f -ipath *chroot-script* | sort
Here is the result that has been written at time of Whonix ™ git tag 13.0.0.1.1.
./build-steps.d/2300_run-chroot-scripts-post-d ./packages/whonix-initializer/usr/lib/anon-dist/chroot-scripts-post.d/20_sanity_checks ./packages/whonix-initializer/usr/lib/anon-dist/chroot-scripts-post.d/75_sources ./packages/whonix-initializer/usr/lib/anon-dist/chroot-scripts-post.d/80_cleanup
So let's go through them one by one.
run-chroot-scripts-post-d[edit]
./build-steps.d/2300_run-chroot-scripts-post-d
This is actually not a chroot-script, it is the build-steps.d/2300_run-chroot-scripts-post-d build step, which is responsible of running all these chroot-scripts at Whonix ™ build time.
[edit]
./packages/whonix-initializer/usr/lib/anon-dist/chroot-scripts-post.d/20_sanity_checks
- Details: Sanity tests that check the integrity of the build.
- Used by default in Whonix ™ build script: Yes.
- Negligible for Whonix ™ installations from repository: Up to you.
- Convertible into postinst script: Probably not, because some tests such as checking if apt/dpkg are in sane states cannot run inside a postinst script because apt/dpkg would be still working at that time.
- package: https://github.com/Whonix/whonix-initializer
- script: https://github.com/Whonix/whonix-initializer/blob/master/usr/lib/anon-dist/chroot-scripts-post.d/20_sanity_checks
[edit]
./packages/whonix-initializer/usr/lib/anon-dist/chroot-scripts-post.d/75_sources
- Details: Logs GPL sources during build - for better obeying legal requirements.
- Used by default in Whonix ™ build script: Yes.
- Negligible for Whonix ™ installations from repository: Up to you.
- Convertible into postinst script: Probably not, because for this script to have a chance of being effective, it must run after installation of all packages has finished.
- package: https://github.com/Whonix/whonix-initializer
- script: https://github.com/Whonix/whonix-initializer/blob/master/usr/lib/anon-dist/chroot-scripts-post.d/75_sources
whonix-initializer[edit]
./packages/whonix-initializer/usr/lib/anon-dist/chroot-scripts-post.d/80_cleanup
- Details: Cleanup, and required for Verifiable Builds, therefore only useful for vm image builds.
- Used by default in Whonix ™ build script: Yes.
- Negligible for Whonix ™ installations from repository: Yes.
- Convertible into postinst script: Probably not and probably not required. If the image is not supposed to be redistributed, there is no need to clean up. If the image is supposed to be redistributed, it should be cleaned up beforehand.
- package: https://github.com/Whonix/whonix-initializer
- script: https://github.com/Whonix/whonix-initializer/blob/master/usr/lib/anon-dist/chroot-scripts-post.d/80_cleanup