Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit

400: build(deps): bump from 1.8.1 to 1.8.2 r=obbardc a=dependabot[bot]

Bumps []( from 1.8.1 to 1.8.2.
<li><a href=""><code>f36bfe3</code></a> Fix Subset/NotSubset when map is missing keys from the subset (<a href="">#1261</a>)</li>
<li><a href=""><code>0ab3ce1</code></a> Fix <code>CallerInfo()</code> source file paths (<a href="">#1288</a>)</li>
<li><a href=""><code>2b00d33</code></a> Fix Call.Unset() panic (issue <a href="">#1236</a>) (<a href="">#1250</a>)</li>
<li><a href=""><code>9acc222</code></a> fix: fix bug for check unsafe.Pointer isNil (<a href="">#1319</a>)</li>
<li><a href=""><code>1333b5d</code></a> Add sub-tests to Suite (<a href="">#1246</a>)</li>
<li>See full diff in <a href="">compare view</a></li>
<br />

[![Dependabot compatibility score](](

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting ``@dependabot` rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)


<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- ``@dependabot` rebase` will rebase this PR
- ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it
- ``@dependabot` merge` will merge this PR after your CI passes on it
- ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it
- ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging
- ``@dependabot` reopen` will reopen this PR if it is closed
- ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


Co-authored-by: dependabot[bot] <49699333+dependabot[bot]>

Git stats


Failed to load latest commit information.
Latest commit message
Commit time
January 3, 2023 13:08
December 15, 2022 14:25
December 15, 2022 14:25
October 12, 2017 14:40
January 12, 2018 10:30

debos - Debian OS images builder


debos [options] <recipe file in YAML>
debos [--help]

Application Options:

  -b, --fakemachine-backend=   Fakemachine backend to use (default: auto)
      --artifactdir=           Directory for packed archives and ostree repositories (default: current directory)
  -t, --template-var=          Template variables (use -t VARIABLE:VALUE syntax)
      --debug-shell            Fall into interactive shell on error
  -s, --shell=                 Redefine interactive shell binary (default: bash) (default: /bin/bash)
      --scratchsize=           Size of disk backed scratch space
  -c, --cpus=                  Number of CPUs to use for build VM (default: 2)
  -m, --memory=                Amount of memory for build VM (default: 2048MB)
      --show-boot              Show boot/console messages from the fake machine
  -e, --environ-var=           Environment variables (use -e VARIABLE:VALUE syntax)
  -v, --verbose                Verbose output
      --print-recipe           Print final recipe
      --dry-run                Compose final recipe to build but without any real work started
      --disable-fakemachine    Do not use fakemachine.


debos is a tool to make the creation of various Debian-based OS images simpler. While most other tools focus on specific use-cases, debos is more meant as a tool-chain to make common actions trivial while providing enough rope to do whatever tweaking that might be required behind the scene.

debos expects a YAML file as input and will run the actions listed in the file sequentially. These actions should be self-contained and independent of each other.

Some of the actions provided by debos to customize and produce images are:

  • apt: install packages and their dependencies with 'apt'
  • debootstrap: construct the target rootfs with debootstrap
  • download: download a single file from the internet
  • filesystem-deploy: deploy a root filesystem to an image previously created
  • image-partition: create an image file, make partitions and format them
  • ostree-commit: create an OSTree commit from rootfs
  • ostree-deploy: deploy an OSTree branch to the image
  • overlay: do a recursive copy of directories or files to the target filesystem
  • pack: create a tarball with the target filesystem
  • pacman: install packages and their dependencies with pacman
  • pacstrap: construct the target rootfs with pacstrap
  • raw: directly write a file to the output image at a given offset
  • recipe: includes the recipe actions at the given path
  • run: allows to run a command or script in the filesystem or in the host
  • unpack: unpack files from archive in the filesystem

A full syntax description of all the debos actions can be found at:

Installation (Docker container)

Official debos container is available:

docker pull godebos/debos

See docker/ for usage.

Installation (under Debian)

sudo apt install golang git libglib2.0-dev libostree-dev qemu-system-x86 \
     qemu-user-static debootstrap systemd-container
export GOPATH=/opt/src/gocode # or whatever suits your needs
go install -v
/opt/src/gocode/bin/debos --help

Simple example

The following example will create a arm64 image, install several packages in it, change the file /etc/hostname to "debian" and finally make a tarball.

{{- $image := or .image "debian.tgz" -}}

architecture: arm64

  - action: debootstrap
    suite: bookworm
      - main
      - non-free-firmware
    variant: minbase

  - action: apt
    packages: [ sudo, openssh-server, adduser, systemd-sysv, firmware-linux ]

  - action: run
    chroot: true
    command: echo debian > /etc/hostname

  - action: pack
    file: {{ $image }}
    compression: gz

To run it, create a file named example.yaml and run:

debos example.yaml

The final tarball will be named "debian.tgz" if you would like to modify this name, you can provided a different name for the variable image like this:

debos -t image:"debian-arm64.tgz" example.yaml

Other examples

Example recipes are collected in a separate repository:

Environment variables

debos read a predefined list of environment variables from the host and propagates it to fakemachine. The set of environment variables is defined by environ_vars on cmd/debos/debos.go. Currently the list of environment variables includes the proxy environment variables as documented at:

The list of environment variables currently exported to fakemachine is:

http_proxy, https_proxy, ftp_proxy, rsync_proxy, all_proxy, no_proxy

While the elements of environ_vars are in lower case, for each element both lower and upper case variants are probed on the host, and if found propagated to fakemachine. So if the host has the environment variables HTTP_PROXY and no_proxy defined, both will be propagated to fakemachine respecting the case.

The command line options --environ-var and -e can be used to specify, overwrite, and unset environment variables for fakemachine with the syntax:

$ debos -e ENVIRONVAR:VALUE ...

To unset an enviroment variable, or in other words, to prevent an environment variable to be propagated to fakemachine, use the same syntax without a value. debos accept multiple -e simultaneously.

Proxy configuration

While the proxy related environment variables are exported from the host to fakemachine, there are two known sources of issues:

  • Using localhost will not work from fakemachine. Prefer using an address that is valid on your network. debos will warn if environment variables contain localhost.

  • In case you are running applications and/or scripts inside fakemachine you may need to check which are the proxy environment variables they use. Different apps are known to use different environment variable names and different case for environment variable names.

Fakemachine Backend

debos (unless running debos with the --disable-fakemachine argument) creates and spawns a virtual machine using fakemachine and executes the actions defined by the recipe inside the virtual machine. This helps ensure recipes are reproducible no matter the host environment.

Fakemachine can use different virtualisation backends to spawn the virtualmachine, for more information see the documentation under the fakemachine repository.

By default the backend will automatically be selected based on what is supported on the host machine, but this can be overridden using the --fakemachine-backend / -b option. If no backends are supported, debos reverts to running the recipe on the host without creating a fakemachine.

Performance of the backends is roughly as follows: kvm is faster than uml is faster than qemu. Using --disable-fakemachine is slightly faster than kvm, but requires root permissions.

Numbers for running pine-a64-plus/debian.yaml on an Intel Pentium G4560T with SSD:

Backend Wall Time Prerequisites
--disable-fakemachine 8 min root permissions
-b kvm 9 min access to /dev/kvm
-b uml 18 min package user-mode-linux installed
-b qemu 166 min none