systemd-resolved not functioning in Bookworm containers

[twrightsman]

@ximion I don't think the workaround in 222dadb for #26 works for using debos in Debian Bookworm containers:

$ debspawn create bookworm
$ debspawn run --allow=kvm,read-kmods --cachekey=bookworm-resolved --external-command --init-command=prepare_container.sh --build-dir="$PWD" --artifacts-out="$PWD" bookworm build_image.sh

I get the following error while preparing the container:

┌─────────────────────────────┐
│  Preparing container        │
└─────────────────────────────┘
Ign:1 http://deb.debian.org/debian bookworm InRelease
Ign:1 http://deb.debian.org/debian bookworm InRelease
Ign:1 http://deb.debian.org/debian bookworm InRelease
Err:1 http://deb.debian.org/debian bookworm InRelease
  Temporary failure resolving 'deb.debian.org'
Reading package lists...
W: Download is performed unsandboxed as root as file '/var/lib/apt/lists/partial/deb.debian.org_debian_dists_bookworm_InRelease' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
E: Failed to fetch http://deb.debian.org/debian/dists/bookworm/InRelease  Temporary failure resolving 'deb.debian.org'
E: Some index files failed to download. They have been ignored, or old ones used instead.
Command `apt-get -uyq -o Dpkg::Options::="--force-confnew" update` failed.
ERROR: Container setup failed.

I was able to get the container to build by following the suggestion in #26 and removing /etc/resolv.conf at the end of prepare_container.sh.

prepare_container.sh

#!/bin/sh

set \
    -o errexit \
    -o nounset

export DEBIAN_FRONTEND=noninteractive

apt-get install --yes --quiet \
        debos \
        kmod \
        udev \
        parted \
        cryptsetup \
        binfmt-support \
        systemd-resolved \
        ca-certificates

build_image.sh

#!/bin/bash

set \
  -o errexit \
  -o nounset \
  -o pipefail

debos \
  --fakemachine-backend=kvm \
  rootfs.yml

rootfs.yml

architecture: amd64

actions:
  - action: debootstrap
    suite: bookworm
    components:
      - main
    mirror: https://deb.debian.org

[ximion]

Just to be sure: Which OS is debspawn running on, and what version of it are you running (debspawn --version)?

[twrightsman]

D'oh! Sorry about that.

debspawn --version is 0.6.2, with Debian Bookworm as the host OS.

[ximion]

Can you try the Git master version? There was an odd DNS issue with containers of this type (bookworm-on-bookworm) where /etc/hosts was missing but required. That could cause the issue you are seeing.

[twrightsman]

Unfortunately, the error is the same using the Git master branch.

Side note: ./debspawn.py ls doesn't seem to find any container base images even though I ran ./debspawn.py create bookworm. Neither does the system-installed debspawn.

[ximion]

Side note: ./debspawn.py ls doesn't seem to find any container base images even though I ran ./debspawn.py create bookworm. Neither does the system-installed debspawn.

That can't be, something must be wrong with your system... You would have to recreate the image for the changes in master to work, so using update --recreate or just create was right.
What does ls /var/lib/debspawn/images/ and cat /etc/debspawn/global.toml give you? Is there anything unusual about the setup?

[twrightsman]

In my test I made sure to delete then create a bookworm image using the Git master version before trying ./debspawn.py run.

$ ./debspawn.py create bookworm
$ sudo ls -alh /var/lib/debspawn/images
total 158M
drwxr-x--- 3 root root 4.0K Jul 12 21:45 .
drwxr-x--- 5 root root 4.0K Oct 14  2022 ..
-rw-r----- 1 root root  202 Jul 12 21:45 bookworm-buildd-amd64.json
-rw-r----- 1 root root 158M Jul 12 21:45 bookworm-buildd-amd64.tar.zst
drwxr-x--- 2 root root 4.0K Jul 12 21:41 dcache
$ ./debspawn.py list
No container base images have been found!
$ sudo cat /etc/debspawn/global.toml
AllowUnsafePermissions=true

As for something wrong/unusual with my system/setup? Maybe. The umask 027 in my bashrc tends to cause package building surprises. Maybe debspawn list doesn't find anything because without gaining root it doesn't have permission to read the image directory.

[ximion]

Odd... I thought I really fixed it with e455894 and can't reproduce it here anymore - I will leave this bug open though, and conduct a bit more edge-case and automated testing, especially since there are a few other issues that also have to be dealt with.