Docker Container that builds Whonix Images

Ok, just tested it and it works so far.

run.sh

• expects $PWD ./derivative-maker/docker (not sure how you wanna handle the path so just a temporary solution)
• $TAG is either a current tag name or master. (Edit: name of the clone folder is irrelevant)
• log dir will be in derivative-binary (gonna change that real quick)
• derivative-maker arguments are passed directly via docker run without --env variables

BUILDER_VOLUME="$(dirname $PWD)"
CACHER_VOLUME="$HOME/apt_cacher_mnt"
IMG="derivative-maker/derivative-docker"
USER="user"
LOG_DIR="$PWD/logs"
[ -d ${LOG_DIR} ] || mkdir -p ${LOG_DIR}

sudo modprobe -a loop dm_mod

sudo docker run --name derivative-docker -it --rm --privileged \
	--env "TAG=17.4.0.3-developers-only" \
 	--env 'flavor_meta_packages_to_install=' \
	--env 'install_package_list=' \
	--env ' DERIVATIVE_APT_REPOSITORY_OPTS=' \
	--volume ${BUILDER_VOLUME}:/home/user \
	--volume ${CACHER_VOLUME}:/var/cache/apt-cacher-ng ${IMG} \
	/bin/bash -c  "/usr/bin/su ${USER} --command '/usr/bin/start_build.sh \
	--flavor whonix-gateway-cli \
	--target qcow2 \
	--type vm \
	--arch amd64 \
	--connection clearnet \
	--repo false \
	--report false \
	--sanity-tests true \
	--freshness current \
	--allow-uncommitted true'"

start_build.sh (really cleaned up)

• I left the || out during the key check. Would it make sense to return 1 or do smth if [ -f ${KEY} ] fails because there is no key present? (this part actually has to run during derivative-maker execution, or at least after gpg-agent is installed – maybe during prepare-build-machine ?)
• git verify checks the tag if env TAG is set, otherwise it assumes master
• no more loops or functions needed; arguments passed directly to build command

#!/bin/bash

set -e

LOG_DIR="${HOME}/docker/logs"
KEY_LOG="${LOG_DIR}/key.log"
GIT_LOG="${LOG_DIR}/git.log"
BUILD_LOG="${LOG_DIR}/build.log"
KEY="${HOME}/packages/kicksecure/repository-dist/usr/share/keyrings/derivative.asc"

[ -f ${KEY} ] && { gpg --keyid-format long --import --import-options show-only --with-fingerprint ~/derivative.asc; \
gpg --import ~/derivative.asc; gpg --check-sigs 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA; } 2>&1 | tee ${KEY_LOG}

cd ~/

[ -n "${TAG}" ] || TAG="master"; \
{ git pull; [ ${TAG} = 'master' ] || { git describe; git verify-tag ${TAG}; }; \
git verify-commit ${TAG}^{commit}; git checkout --recurse-submodules ${TAG}; \
git status; } 2>&1 | tee -a ${GIT_LOG}

/home/user/derivative-maker ${@} 2>&1 | tee -a ${BUILD_LOG}; exec "$@"

Dockerfile

• added sudo to packages so nopasswd can be set up
• CMD only executes /bin/bash now → this is overwritten by the docker run command, meaning if the user does not pass a command with docker run, /bin/bash is automatically executed instead.

FROM debian:bookworm-slim AS baseimage

ENV USER=user \
HOME=/home/user

RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y dbus dbus-user-session \
	git time curl lsb-release fakeroot dpkg-dev fasttrack-archive-keyring safe-rm adduser sudo apt-cacher-ng && \
	### user account ###
	adduser --quiet --disabled-password --home ${HOME} --gecos '${USER},,,,' ${USER} && \
	echo "${USER} ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/passwordless_sudo && \
	chmod 440 /etc/sudoers.d/passwordless_sudo && \
	### clean up ###
	apt-get clean && \
	rm -rf /var/lib/apt/lists/* /var/cache/apt/*

FROM baseimage

LABEL maintainer="derivative-maker"
LABEL org.label-schema.description="Containerization of Whonix/derivative-maker"
LABEL org.label-schema.name="derivative-docker"
LABEL org.label-schema.schema-version="1.0"
LABEL org.label-schema.vcs-url="https://github.com/derivative-maker/derivative-maker"

COPY entrypoint.sh start_build.sh /usr/bin

ENTRYPOINT ["/usr/bin/entrypoint.sh"]

CMD ["/bin/bash"]

Hey Patrick, I just did a test run and wanted to report that your kpartx commit works.

Stray loop devices are still detected during sanity check from previous builds:

+ '[' '/dev/loop1: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop2: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop0: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop3: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)' = '' ']'
+ true 'INFO: Stray loop devices detected!

However, there are no errors, because this now successfully dismounts the loop devices.

+ true 'INFO: kpartx -d -s -v failed to unmount all loop devices, attempting to unmount...'
+ sudo --non-interactive --preserve-env=APTGETOPT kpartx -d -s -v /dev/loop4

sudo dmsetup info
No devices found

Effectively, what happens is that with each build, /dev/loop[0-9]+ will simply be incremented by +1, potentially creating a load of loop devices, but there won’t be any errors at least.

Thanks, man!

I updated my dirty fix with your --associated flag, that’s very nice.

LOOP_DEV=$(sudo losetup -nl --associated "$img" -O name)
[ -z "${LOOP_DEV}" ] || sudo losetup -d ${LOOP_DEV}

sudo losetup --all

I also fixed some minor things with the docker stuff.
For example this was necessary instead of -c to prevent another subshell, or gpg would error with /dev/tty0 No such file or directory:

/bin/bash -c  "/usr/bin/su ${USER} --preserve-environment --session-command '/usr/bin/start_build.sh

Anything else I can do here? (Then I’d clean the history and make a proper pull request)

That doesn’t sound perfect yet.

Does derivative-maker only runs kpartx -d -s -v /dev/loop4 but not for /dev/loop3 etc.? If so, that would probably be a bash code level bug that I’d be very much interested to fix

Could you provide that part of the debug output of unmount-raw step please?

Please remove any hacks. Consider leftover loop devices my task. Post merge I’ll unmount them in unmount-raw.

/home/user/derivative-maker ${@:1:$(($#-1))} 2>&1 | tee -a ${BUILD_LOG}; set – ${@: -1}; exec “$@”

This seems unnecessarily complex.

Full command should just be: home/user/derivative-maker "$@"

${@:1:$(($#-1))}

What’s that for? Simply "$@" should do?

| tee -a ${BUILD_LOG};

Not a job for docker?

For users, if someone wanted redirect output to the terminal, that is easy:

your-command &>/path/to/log/file

Bash feature. Redirects both stdout and stderr.

If log handling should be modified such as always creating a log file, then please post a derivative-maker feature request.

git checkout --recurse-submodules ${TAG};

Is this still needed? Should docker handle git tag checkout?

@arraybolt3 any comments on Adding derivative-docker by tabletseeker · Pull Request #19 · derivative-maker/derivative-maker · GitHub?

Would this be ok?

   loop_devices_output="$($SUDO_TO_ROOT losetup --associated "$img" --noheadings --output NAME)"

   mapfile -t loop_devices_list <<< "$loop_devices_output"

   for loop_devices_item in "${loop_devices_list[@]}" ; do

      ## Check if the block device still exists.

      if test -b "$loop_devices_item" ; then

         true "INFO: kpartx -d -s -v failed to unmount all loop devices, attempting to unmount..."

         ## Inside docker (and maybe other corner cases) 'kpartx -d -s -v "$img"' might fail to unmount loop devices.

         ## https://forums.whonix.org/t/docker-container-that-builds-whonix-images/17494/43

         $SUDO_TO_ROOT kpartx -d -s -v "$loop_devices_item"

         $SUDO_TO_ROOT losetup -nl -O name | grep -w "$loop_devices_item"  && \     

         $SUDO_TO_ROOT losetup -d "$loop_devices_item" || true

      fi

   done

No it catches every single one, that’s working fine.
Apparently, both kpartx -d and losetup -d are necessary in this scenario.
I’m gonna read up on some documentation to understand why.

+ true 'INFO: Start of unmount_raw. Running losetup --all for debugging before running kpartx.'
+ sudo --non-interactive --preserve-env=APTGETOPT_SERIALIZED,tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,https_proxy,ALL_PROXY,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD,HOMEVAR_VBOX_TEMP losetup --all
/dev/loop1: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop0: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
+ '[' '' = true ']'
+ /home/user/17.4.0.3-developers-only/help-steps/unmount-helper /home/user/derivative-binary/Whonix-Gateway-CLI_image
umount: /home/user/derivative-binary/Whonix-Gateway-CLI_image (/dev/mapper/loop1p3) unmounted
INFO: Script /home/user/17.4.0.3-developers-only/help-steps/unmount-helper completed. Exit Code: 0. Errors Detected: 0. Execution Time: 00:00:01
+ '[' '' = '' ']'
+ local img=/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw
+ wait 289323
+ sleep 2
+ sync
+ sudo --non-interactive --preserve-env=APTGETOPT_SERIALIZED,tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,https_proxy,ALL_PROXY,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD,HOMEVAR_VBOX_TEMP kpartx -d -s -v /home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw
+ sync
+ local loop_devices_output loop_devices_list loop_devices_item
++ sudo --non-interactive --preserve-env=APTGETOPT_SERIALIZED,tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,https_proxy,ALL_PROXY,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD,HOMEVAR_VBOX_TEMP losetup --associated /home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw --noheadings --output NAME
+ loop_devices_output='/dev/loop1
/dev/loop0'
+ mapfile -t loop_devices_list
+ for loop_devices_item in "${loop_devices_list[@]}"
+ test -b /dev/loop1
+ true 'INFO: kpartx -d -s -v failed to unmount all loop devices, attempting to unmount...'
+ sudo --non-interactive --preserve-env=APTGETOPT_SERIALIZED,tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,https_proxy,ALL_PROXY,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD,HOMEVAR_VBOX_TEMP kpartx -d -s -v /dev/loop1
del devmap : loop1p1
del devmap : loop1p2
del devmap : loop1p3
+ for loop_devices_item in "${loop_devices_list[@]}"
+ test -b /dev/loop0
+ true 'INFO: kpartx -d -s -v failed to unmount all loop devices, attempting to unmount...'
+ sudo --non-interactive --preserve-env=APTGETOPT_SERIALIZED,tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,https_proxy,ALL_PROXY,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD,HOMEVAR_VBOX_TEMP kpartx -d -s -v /dev/loop0
del devmap : loop0p1
del devmap : loop0p2
del devmap : loop0p3
+ true 'INFO: Middle of unmount_raw. Running losetup --all for debugging after kpartx -d (Delete partition mappings.)'
+ sudo --non-interactive --preserve-env=APTGETOPT_SERIALIZED,tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,https_proxy,ALL_PROXY,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD,HOMEVAR_VBOX_TEMP losetup --all
/dev/loop1: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop0: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
+ sync
+ '[' '' = true ']'
+ test -d /home/user/derivative-binary/Whonix-Gateway-CLI_image
+ ls -la /home/user/derivative-binary/Whonix-Gateway-CLI_image
total 8
drwxr-xr-x 2 user user 4096 May 28 13:03 .
drwxr-xr-x 8 user user 4096 May 28 13:09 ..
+ '[' '' = true ']'
+ sudo --non-interactive --preserve-env=APTGETOPT_SERIALIZED,tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,https_proxy,ALL_PROXY,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD,HOMEVAR_VBOX_TEMP rmdir /home/user/derivative-binary/Whonix-Gateway-CLI_image
+ sync
+ exithandler
+ local exit_code=0
+ '[' '!' 0 = 0 ']'
++ benchmarktimeend 1748437779
+++ date +%s
++ benchmarktimeend=1748437782
++ benchmark_took_seconds=3
+++ convertsecs 3
+++ local h m s
+++ (( h=3/3600 ))
+++ true
+++ (( m=(3%3600)/60 ))
+++ true
+++ (( s=3%60 ))
+++ printf '%02d:%02d:%02d\n' 0 0 3
++ echo 00:00:03
+ benchmark_took_time=00:00:03
+ output_cmd_set
+ '[' -o xtrace ']'
+ output_cmd=true
+ '[' 0 = 0 ']'
+ true 'INFO: Script /home/user/17.4.0.3-developers-only/help-steps/unmount-raw completed. Exit Code: 0. Errors Detected: 0. Execution Time: 00:00:03'
+ exit 0

Each round with stray from previous:

true 'INFO: Start of unmount_raw. Running losetup --all for debugging before running kpartx.'
+ sudo --non-interactive --preserve-env=APTGETOPT_SERIALIZED,tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,https_proxy,ALL_PROXY,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD,HOMEVAR_VBOX_TEMP losetup --all
/dev/loop1: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop2: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop0: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)

+ true 'INFO: Start of unmount_raw. Running losetup --all for debugging before running kpartx.'
+ sudo --non-interactive --preserve-env=APTGETOPT_SERIALIZED,tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,https_proxy,ALL_PROXY,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD,HOMEVAR_VBOX_TEMP losetup --all
/dev/loop1: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop2: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop0: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop3: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)

+ true 'INFO: Start of unmount_raw. Running losetup --all for debugging before running kpartx.'
+ sudo --non-interactive --preserve-env=APTGETOPT_SERIALIZED,tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,https_proxy,ALL_PROXY,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD,HOMEVAR_VBOX_TEMP losetup --all
/dev/loop1: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop4: [65027]:1217885 (/home/user/derivative-binary/17.4.0.3/Whonix-Workstation-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop2: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop0: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop5: [65027]:1217885 (/home/user/derivative-binary/17.4.0.3/Whonix-Workstation-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop3: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)

Here’s the last one

+ true 'INFO: Start of unmount_raw. Running losetup --all for debugging before running kpartx.'
+ sudo --non-interactive --preserve-env=APTGETOPT_SERIALIZED,tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,https_proxy,ALL_PROXY,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD,HOMEVAR_VBOX_TEMP losetup --all
/dev/loop1: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop6: [65027]:1217885 (/home/user/derivative-binary/17.4.0.3/Whonix-Workstation-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop4: [65027]:1217885 (/home/user/derivative-binary/17.4.0.3/Whonix-Workstation-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop2: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop0: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop7: [65027]:1217885 (/home/user/derivative-binary/17.4.0.3/Whonix-Workstation-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop5: [65027]:1217885 (/home/user/derivative-binary/17.4.0.3/Whonix-Workstation-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop3: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
+ '[' true = true ']'
+ true 'INFO: kpartx_only=true, skipping unmount /home/user/derivative-binary/Whonix-Workstation-CLI_image'
+ '[' '' = '' ']'
+ local img=/home/user/derivative-binary/17.4.0.3/Whonix-Workstation-CLI-17.4.0.3.Intel_AMD64.raw
+ wait 606524
+ sleep 2
+ sync
+ sudo --non-interactive --preserve-env=APTGETOPT_SERIALIZED,tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,https_proxy,ALL_PROXY,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD,HOMEVAR_VBOX_TEMP kpartx -d -s -v /home/user/derivative-binary/17.4.0.3/Whonix-Workstation-CLI-17.4.0.3.Intel_AMD64.raw
+ sync
+ local loop_devices_output loop_devices_list loop_devices_item
++ sudo --non-interactive --preserve-env=APTGETOPT_SERIALIZED,tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,https_proxy,ALL_PROXY,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD,HOMEVAR_VBOX_TEMP losetup --associated /home/user/derivative-binary/17.4.0.3/Whonix-Workstation-CLI-17.4.0.3.Intel_AMD64.raw --noheadings --output NAME
+ loop_devices_output='/dev/loop6
/dev/loop4
/dev/loop7
/dev/loop5'
+ mapfile -t loop_devices_list
+ for loop_devices_item in "${loop_devices_list[@]}"
+ test -b /dev/loop6
+ true 'INFO: kpartx -d -s -v failed to unmount all loop devices, attempting to unmount...'
+ sudo --non-interactive --preserve-env=APTGETOPT_SERIALIZED,tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,https_proxy,ALL_PROXY,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD,HOMEVAR_VBOX_TEMP kpartx -d -s -v /dev/loop6
+ for loop_devices_item in "${loop_devices_list[@]}"
+ test -b /dev/loop4
+ true 'INFO: kpartx -d -s -v failed to unmount all loop devices, attempting to unmount...'
+ sudo --non-interactive --preserve-env=APTGETOPT_SERIALIZED,tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,https_proxy,ALL_PROXY,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD,HOMEVAR_VBOX_TEMP kpartx -d -s -v /dev/loop4
+ for loop_devices_item in "${loop_devices_list[@]}"
+ test -b /dev/loop7
+ true 'INFO: kpartx -d -s -v failed to unmount all loop devices, attempting to unmount...'
+ sudo --non-interactive --preserve-env=APTGETOPT_SERIALIZED,tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,https_proxy,ALL_PROXY,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD,HOMEVAR_VBOX_TEMP kpartx -d -s -v /dev/loop7
del devmap : loop7p1
del devmap : loop7p2
del devmap : loop7p3
+ for loop_devices_item in "${loop_devices_list[@]}"
+ test -b /dev/loop5
+ true 'INFO: kpartx -d -s -v failed to unmount all loop devices, attempting to unmount...'
+ sudo --non-interactive --preserve-env=APTGETOPT_SERIALIZED,tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,https_proxy,ALL_PROXY,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD,HOMEVAR_VBOX_TEMP kpartx -d -s -v /dev/loop5
+ true 'INFO: Middle of unmount_raw. Running losetup --all for debugging after kpartx -d (Delete partition mappings.)'
+ sudo --non-interactive --preserve-env=APTGETOPT_SERIALIZED,tbb_version,tb_onion,tpo_downloader_debug,tb_disable_anon_ws_dnf_conf,anon_shared_inst_tb,SKIP_SCRIPTS,SOURCE_DATE_EPOCH,dist_aptgetopt_file,dist_build_sources_list_primary,dist_mmdebstrap_build_sources_list_primary,dist_build_sources_list_primary_contents,dist_build_apt_sources_mirror,dist_build_apt_stable_release,dist_build_target_arch,dist_grml_mount_point,dist_source_help_steps_folder,dist_build_multiarch_package_item,dist_build_unsafe_io,dist_build_version,derivative_maker,user_name,LD_PRELOAD,LC_ALL,TZ,DEBDEBUG,XZ_OPT,REPO_PROXY,apt_unattended_opts,DERIVATIVE_APT_REPOSITORY_OPTS,DEBOOTSTRAP,http_proxy,https_proxy,ALL_PROXY,DEBIAN_FRONTEND,DEBIAN_PRIORITY,DEBCONF_NOWARNINGS,APT_LISTCHANGES_FRONTEND,INITRD,HOMEVAR_VBOX_TEMP losetup --all
/dev/loop1: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop6: [65027]:1217885 (/home/user/derivative-binary/17.4.0.3/Whonix-Workstation-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop4: [65027]:1217885 (/home/user/derivative-binary/17.4.0.3/Whonix-Workstation-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop2: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop0: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop7: [65027]:1217885 (/home/user/derivative-binary/17.4.0.3/Whonix-Workstation-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop5: [65027]:1217885 (/home/user/derivative-binary/17.4.0.3/Whonix-Workstation-CLI-17.4.0.3.Intel_AMD64.raw)
/dev/loop3: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)
+ sync
+ '[' true = true ']'
+ true 'INFO: kpartx_only=true, skipping debugging: ls -la /home/user/derivative-binary/Whonix-Workstation-CLI_image'
+ '[' true = true ']'
+ true 'INFO: kpartx_only=true, skipping rmdir.'
+ exithandler
+ local exit_code=0
+ '[' '!' 0 = 0 ']'
++ benchmarktimeend 1748439458
+++ date +%s
++ benchmarktimeend=1748439460
++ benchmark_took_seconds=2
+++ convertsecs 2
+++ local h m s
+++ (( h=2/3600 ))
+++ true
+++ (( m=(2%3600)/60 ))
+++ true
+++ (( s=2%60 ))
+++ printf '%02d:%02d:%02d\n' 0 0 2
++ echo 00:00:02
+ benchmark_took_time=00:00:02
+ output_cmd_set
+ '[' -o xtrace ']'
+ output_cmd=true
+ '[' 0 = 0 ']'
+ true 'INFO: Script /home/user/17.4.0.3-developers-only/help-steps/unmount-raw completed. Exit Code: 0. Errors Detected: 0. Execution Time: 00:00:02'
+ exit 0

Oh no, I meant my own repo. Of course I’m not gonna touch your stuff with that lol.

Yeah, the idea was to give the user an option to run an additional command or script after derivative-maker exits.

${@:1:$(($#-1))} returns everything but the last argument
set – ${@: -1} sets last argument after derivative-maker exits

For example:

/bin/bash -c  "/usr/bin/su ${USER} --preserve-environment --session-command '/usr/bin/start_build.sh \
	--flavor whonix-gateway-cli \
	--target qcow2 \
	--type vm \
	--arch amd64 \
	--connection clearnet \
	--repo false \
	--report false \
	--sanity-tests true \
	--freshness current' /bin/bash"

Maybe just more elegant? Or scrappable… lol

Yeah sure, that’s a remnant from the other stuff.
Scrapping.

Nah that’s fine, just my own nonsense.
I wanted terminal output and simultaneous pipe to a log with stderr, because of constant errors (that I was causing). your-command &>/path/to/log/file leaves empty terminal output I believe.

Yeah you’re right. Most of the stuff like this that I am doing, is already done on derivative-maker level anyway, but way superior and more sophisticated.
Your code on key checking for example, is already perfect anyway but you don’t even mention it.

I like how you use silence as a way to educate, because when I find out after having to look myself the learning experience is twice as effective.

We don’t need any grep? This command:

losetup --associated "$img" --noheadings --output NAME)

works great? We are already looping through all /dev/loop0, /dev/loop1, etc.

So what you mean to say is,

• 1.: kpartx -d -s -v /dev/loop0
• 2.: losetup -d /dev/loop0

This is what I have implemented just now. There’s now also an additional sanity test to error out early in case unmount was incomplete.

This might be a kpartx bug. References:

• #891077 - kpartx -d doesn't cleanup - Debian Bug report logs
• Improve cleanup of loop devices by jkirk · Pull Request #112 · grml/grml-debootstrap · GitHub

The bug report says it’s fixed, but it might not be fully fixed. Asked grml-debootstrap about this just now.

Do you have leftover loop devices even if only running grml-debootstrap?

Could you try please to run build steps up to step ./build-steps.d/3200_create-raw-image and see if there are any leftover loop devices?

(Similar to how I descried the step based nature of derivative-maker before. Let me know if more detailed test instructions are required.)

	--env "TAG=17.4.0.3-developers-only" \
 	--env 'flavor_meta_packages_to_install=' \
	--env 'install_package_list=' \
	--env 'DERIVATIVE_APT_REPOSITORY_OPTS=' \

Needed?

	--flavor whonix-gateway-cli \
	--target qcow2 \
	--type vm \
	--arch amd64 \
	--connection clearnet \
	--repo false \
	--report false \
	--sanity-tests true \
	--freshness current'"

Can be avoided to avoid hardcoding?

Yeah, my thinking was that (lets assume /dev/loop0) if kpartx -d -s -v /dev/loop0 fails to remove only then losetup -d /dev/loop0 is executed.

       #attempts to remove loop device /dev/loop0
       $SUDO_TO_ROOT kpartx -d -s -v "$loop_devices_item"
       #checks if /dev/loop0 is still there
       $SUDO_TO_ROOT losetup -nl -O name | grep -w "$loop_devices_item"  && \     
       #executes losetup -d only if grep exit 0 or true so no exit 1 on fail
       $SUDO_TO_ROOT losetup -d "$loop_devices_item" || true

Awesome, thanks man!

That’s totally it, nice find.
You weren’t experiencing this at all though, right?
That’s why I thought it was exclusive to docker, but apparently not I guess.

Not really, I just thought it might be cool because those are some of the more useful env variables used by derivative-maker. Could be handy, no?

Yeah sure, was really just a placeholder anyway to check if it works.
But apart from that, should the user be expected to type in every single option? (including tag)
How would this be automated?
The pre-existing options_list files could be interesting. So for example a ‘KVM’ preset with default ramsize,vmsize,qcow2 etc. and same for the rest.

Yeah, leftovers.

sudo dmsetup info -c 
Name             Maj Min Stat Open Targ Event  UUID                            
loop0p1          252   0 L--w    0    1      0 part1-devnode_7:0_Wh5pYvM       
loop0p2          252   1 L--w    0    1      0 part2-devnode_7:0_Wh5pYvM       
loop0p3          252   2 L--w    0    1      0 part3-devnode_7:0_Wh5pYvM  

sudo losetup --all
/dev/loop0: [65027]:1217898 (/home/user/derivative-binary/17.4.0.3/Whonix-Gateway-CLI-17.4.0.3.Intel_AMD64.raw)

3200_create-raw.log

That’s something that needs to be reported to grml-debootstrap.

Could you please use grml-debootstrap in “standalone” mode? (Without any mention of derivative-maker.)

Not sure it’s easier,

• A) to learn grml-debootstrap directly, or
• B) use grml-debootstraptest using its ./createimg1 script.

Then report to grml-debootstrap?

(grml-debootstrap also has a docker folder.)

This very specific one, no.

But I experienced another. From help-steps/unmount-raw:

   ## Sleep to work around some obscure bug.
   ## https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734794
   sleep 2 &
   wait "$!"
   sync

I don’t know if that one fully fixed either.

Yes, of course. I know debootsrap from live-build but this looks like a different animal.
I’ll first read some docs, because I’m genuinely interested.

Will report back!

I’m only imagining how many bugs you’ve discovered and worked around or fixed lol. I love this project, there’s just an insane amount of work and the coolest parts of some many tools stuffed into it.

Glad to hear!

grml-debootstrap. Different thing.

Left a review at Adding derivative-docker by tabletseeker · Pull Request #19 · derivative-maker/derivative-maker · GitHub. I’m really liking where this is going!

Hey Patrick, I tested grml-deboostrap and made some interesting findings.

Command:

grml-debootstrap \
       --arch amd64 \
       --filesystem ext4 \
       --force \
       --hostname host \
       --mirror http://HTTPS///deb.debian.org/debian \
       --keep_src_list \
       --password changeme \
       --release bookworm \
       --verbose \
       --vmfile \
       --vmsize "2G" \
       --vmefi \
       --packages packages-custom \
       --target "/home/user/test.img"

Inside the docker container the same behavior occurs as described before. (ran 3 times)

/dev/loop1: [65027]:1217011 (/home/user/test.img)
/dev/loop2: [65027]:1217011 (/home/user/test.img)
/dev/loop0: [65027]:1217011 (/home/user/test.img)

sudo dmsetup info -c
Name             Maj Min Stat Open Targ Event  UUID                            
loop0p1          252   0 L--w    0    1      0 part1-devnode_7:0_Wh5pYvM       
loop0p2          252   1 L--w    0    1      0 part2-devnode_7:0_Wh5pYvM       
loop0p3          252   2 L--w    0    1      0 part3-devnode_7:0_Wh5pYvM       
loop1p1          252   3 L--w    0    1      0 part1-devnode_7:1_Wh5pYvM       
loop1p2          252   4 L--w    0    1      0 part2-devnode_7:1_Wh5pYvM       
loop1p3          252   5 L--w    0    1      0 part3-devnode_7:1_Wh5pYvM       
loop2p1          252   6 L--w    0    1      0 part1-devnode_7:2_Wh5pYvM       
loop2p2          252   7 L--w    0    1      0 part2-devnode_7:2_Wh5pYvM       
loop2p3          252   8 L--w    0    1      0 part3-devnode_7:2_Wh5pYvM   

There is a check after kdpartx -d which greps for the corresponding loop device/part, verifying whether it’s been removed and executing kpartx -d /dev/loop if it hasn’t.

++ printf ' %s*%s Removing loopback mount of file /home/user/test.img.\n' '' ''
 * Removing loopback mount of file /home/user/test.img.
++ LAST_E_CMD=einfon
++ return 0
++ return 0
++ kpartx -d /home/user/test.img
++ dmsetup ls
++ grep -q '^loop2p3 '
++ '[' -n 1 ']'
++ EXIT=1
++ '[' -n '' ']'
++ exit 1

grep exits 1 because there is a space in grep -q '^loop2p3 '

grep succeeds without that space.

sudo dmsetup ls | grep '^loop2p3'; echo $?
loop2p3	(252:8)
0

Looking at grml-deboostrap, this is confirmed. (Lines 326 - 334)

  if [ -n "${ORIG_TARGET}" ] ; then
    einfo "Removing loopback mount of file ${ORIG_TARGET}."
    kpartx -d "${ORIG_TARGET}" || eend $?
    # Workaround for a bug in kpartx which doesn't clean up properly,
    # see Debian Bug #891077 and Github-PR grml/grml-debootstrap#112
    if dmsetup ls | grep -q "^${LOOP_PART} "; then
      kpartx -d "/dev/${LOOP_DISK}" >/dev/null || eend $?
    fi
  fi

dmsetup ls | grep -q "^${LOOP_PART} "

Excellent.

Does it help to delete the extra space from grml-debootstrap?

Could you report this to grml-debootstrap please?

Yes, after removing the space grep exits 0 and the if works.

    if dmsetup ls | grep -q "^${LOOP_PART}"; then
      kpartx -d "/dev/${LOOP_DISK}" >/dev/null || eend $?
    fi

Sure, I’ll report it. Your changes in derivative-maker work btw. No stray loop devices whatsoever.

I’ll finish with the derivative-maker-docker (new name) stuff today or tomorrow and report back.

@arraybolt3 Thanks for the great suggestions. I added you as a collaborator in case you wanted to modify things directly. It’s pretty much done now, only minor things left.