From 84ed74340d4d2705faeb6da9404da77d714cd0a3 Mon Sep 17 00:00:00 2001
From: Eicke Herbertz <wolletd@posteo.de>
Date: Wed, 15 Jun 2022 00:48:52 +0200
Subject: [PATCH] stage1: don't symlink /proc if in docker

When commit 5a0f1666 originally introduced docker support,
it symlinked /proc to the containers' /proc. In a privileged
container, this will result in stage1 unmounting the containers'
/proc through the symlink, which is obviously not good.

Then, commit 87cdebbc finally provided a fix for this by deleting
the symlink and recreating the /proc directory.
Related merge requests on salsa.gitlab.org are !26 and !27.

This broke reproducibility in debuerreotype when changing from
debootstrap 1.0.123 to 1.0.126, because /proc has a different
timestamp. Previously, the symlink got replaced when extracting
base-files (which makes the whole symlink thing questionable),
now it just already exists.

Anyway, we got a special case for docker that works around a
special case for docker. We can just remove both.
---
 functions             | 7 +------
 scripts/aequorea      | 2 +-
 scripts/debian-common | 2 +-
 scripts/edgy          | 2 +-
 scripts/feisty        | 2 +-
 scripts/gutsy         | 2 +-
 6 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/functions b/functions
index 8d60f55..9d10ac1 100644
--- a/functions
+++ b/functions
@@ -1199,12 +1199,7 @@ setup_proc () {
 		umount_on_exit /dev/shm
 		umount_on_exit /proc
 		umount_on_exit /proc/bus/usb
-		if [ -L "$TARGET/proc" ];then
-			rm -f $TARGET/proc
-			mkdir $TARGET/proc
-		else
-			umount "$TARGET/proc" 2>/dev/null || true
-		fi
+		umount "$TARGET/proc" 2>/dev/null || true
 
 		# some container environment are used at second-stage, it already treats /proc and so on
 		if [ -z "$(ls -A "$TARGET/proc")" ]; then
diff --git a/scripts/aequorea b/scripts/aequorea
index 8c68983..31411a0 100644
--- a/scripts/aequorea
+++ b/scripts/aequorea
@@ -89,7 +89,7 @@ second_stage_install () {
 		baseprog="$(($baseprog + ${1:-1}))"
 	}
 
-	if doing_variant fakechroot || [ "$CONTAINER" = "docker" ]; then
+	if doing_variant fakechroot; then
 		setup_proc_symlink
 	else
 		setup_proc
diff --git a/scripts/debian-common b/scripts/debian-common
index 6c3b579..71a6f8b 100644
--- a/scripts/debian-common
+++ b/scripts/debian-common
@@ -73,7 +73,7 @@ first_stage_install () {
 
 	setup_devices
 
-	if doing_variant fakechroot || [ "$CONTAINER" = "docker" ]; then
+	if doing_variant fakechroot; then
 		setup_proc_symlink
 	fi
 }
diff --git a/scripts/edgy b/scripts/edgy
index d3b1ca1..9a615fd 100644
--- a/scripts/edgy
+++ b/scripts/edgy
@@ -87,7 +87,7 @@ second_stage_install () {
 	baseprog="$(($baseprog + ${1:-1}))"
     }
 
-    if doing_variant fakechroot || [ "$CONTAINER" = "docker" ]; then
+    if doing_variant fakechroot; then
 	setup_proc_symlink
     else
 	setup_proc
diff --git a/scripts/feisty b/scripts/feisty
index f3b4031..b291829 100644
--- a/scripts/feisty
+++ b/scripts/feisty
@@ -86,7 +86,7 @@ second_stage_install () {
 	baseprog="$(($baseprog + ${1:-1}))"
     }
 
-    if doing_variant fakechroot || [ "$CONTAINER" = "docker" ]; then
+    if doing_variant fakechroot; then
 	setup_proc_symlink
     else
 	setup_proc
diff --git a/scripts/gutsy b/scripts/gutsy
index 187189f..923bdbf 100644
--- a/scripts/gutsy
+++ b/scripts/gutsy
@@ -153,7 +153,7 @@ first_stage_install () {
 
 	setup_devices
 
-        if doing_variant fakechroot || [ "$CONTAINER" = "docker" ]; then
+        if doing_variant fakechroot; then
 		setup_proc_symlink
 	fi
 }
-- 
GitLab