+ echo "Dir::Bin::Methods \"${TMPWORKINGDIRECTORY}/rootdir/usr/lib/apt/methods\";" >> aptconfig.conf
+ # either store apt-key were we can access it, even if we run it as a different user
+ #cp "${BUILDDIRECTORY}/apt-key" "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/"
+ #chmod o+rx "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/apt-key"
+ #echo "Dir::Bin::apt-key \"${TMPWORKINGDIRECTORY}/rootdir/usr/bin/apt-key\";" >> aptconfig.conf
+ # destroys coverage reporting though, so we disable changing user for the calling gpgv
+ echo "Dir::Bin::apt-key \"${BUILDDIRECTORY}/apt-key\";" >> aptconfig.conf
+ if [ "$(id -u)" = '0' ]; then
+ echo 'Binary::gpgv::APT::Sandbox::User "root";' >> aptconfig.conf
+ # same for the solver executables
+ echo 'APT::Solver::RunAsUser "root";' >> aptconfig.conf
+ fi
+
+ cat > "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/dpkg" <<EOF
+#!/bin/sh
+set -e
+if [ -r '${TMPWORKINGDIRECTORY}/noopchroot.so' ]; then
+ if [ -n "\$LD_LIBRARY_PATH" ]; then
+ export LD_LIBRARY_PATH='${TMPWORKINGDIRECTORY}:'"\${LD_LIBRARY_PATH}"
+ else
+ export LD_LIBRARY_PATH='${TMPWORKINGDIRECTORY}'
+ fi
+ if [ -n "\$LD_PRELOAD" ]; then
+ export LD_PRELOAD="noopchroot.so \${LD_PRELOAD}"
+ else
+ export LD_PRELOAD="noopchroot.so"
+ fi
+fi
+EOF
+ cp "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/dpkg" "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/gdb-dpkg"
+ cat >> "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/dpkg" <<EOF
+exec fakeroot '${DPKG:-dpkg}' --root='${TMPWORKINGDIRECTORY}/rootdir' \\
+ --log='${TMPWORKINGDIRECTORY}/rootdir/var/log/dpkg.log' \\
+ --force-not-root --force-bad-path "\$@"
+EOF
+ cat >> "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/gdb-dpkg" <<EOF
+exec fakeroot gdb --quiet -ex run '${DPKG:-dpkg}' --args '${DPKG:-dpkg}' --root='${TMPWORKINGDIRECTORY}/rootdir' \\
+ --log='${TMPWORKINGDIRECTORY}/rootdir/var/log/dpkg.log' \\
+ --force-not-root --force-bad-path "\$@"
+EOF
+ chmod +x "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/dpkg" "${TMPWORKINGDIRECTORY}/rootdir/usr/bin/gdb-dpkg"
+ echo "Dir::Bin::dpkg \"${TMPWORKINGDIRECTORY}/rootdir/usr/bin/dpkg\";" > rootdir/etc/apt/apt.conf.d/99dpkg
+
+ {
+ if ! command dpkg --assert-multi-arch >/dev/null 2>&1; then
+ echo "DPKG::options:: \"--force-architecture\";" # Added to test multiarch before dpkg is ready for it…
+ fi
+ echo 'quiet "0";'
+ echo 'quiet::NoUpdate "true";'
+ echo 'quiet::NoStatistic "true";'
+ # too distracting for users, but helpful to detect changes
+ echo 'Acquire::Progress::Ignore::ShowErrorText "true";'
+ echo 'Acquire::Progress::Diffpercent "true";'
+ # in testcases, it can appear as if localhost has a rotation setup,
+ # hide this as we can't really deal with it properly
+ echo 'Acquire::Failure::ShowIP "false";'
+ # fakeroot can't fake everything, so disabled in production but good for tests
+ echo 'APT::Sandbox::Verify "true";'
+ } >> aptconfig.conf
+
+ cp "${TESTDIRECTORY}/apt.pem" "${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem"
+ if [ "$(id -u)" = '0' ]; then
+ chown _apt:root "${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem"
+ fi
+ echo "Acquire::https::CaInfo \"${TMPWORKINGDIRECTORY}/rootdir/etc/webserver.pem\";" > rootdir/etc/apt/apt.conf.d/99https
+ echo "Apt::Cmd::Disable-Script-Warning \"1\";" > rootdir/etc/apt/apt.conf.d/apt-binary
+ echo 'Acquire::Connect::AddrConfig "false";' > rootdir/etc/apt/apt.conf.d/connect-addrconfig
+
+ configcompression '.' 'gz' #'bz2' 'lzma' 'xz'
+ confighashes 'SHA256' # these are tests, not security best-practices
+
+ # create some files in /tmp and look at user/group to get what this means
+ TEST_DEFAULT_USER="$(id -un)"
+ if [ "$(uname)" = 'GNU/kFreeBSD' ]; then
+ TEST_DEFAULT_GROUP='root'
+ else
+ TEST_DEFAULT_GROUP="$(id -gn)"
+ fi
+
+ # cleanup the environment a bit
+ # prefer our apt binaries over the system apt binaries
+ export PATH="${BUILDDIRECTORY}:${PATH}:/usr/local/sbin:/usr/sbin:/sbin"
+ export LC_ALL=C.UTF-8
+ unset LANGUAGE APT_CONFIG
+ unset GREP_OPTIONS DEB_BUILD_PROFILES
+ unset http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy
+
+ # If gpgv supports --weak-digest, pass it to make sure we can disable SHA1
+ if aptkey verify --weak-digest SHA1 --help 2>/dev/null >/dev/null; then
+ echo 'Acquire::gpgv::Options { "--weak-digest"; "sha1"; };' > rootdir/etc/apt/apt.conf.d/no-sha1
+ fi
+
+ # most tests just need one signed Release file, not both
+ export APT_DONT_SIGN='Release.gpg'
+