[neon/backports-jammy/debuerreotype/Neon/unstable] /: 0.4-1 (patches unapplied)
git-ubuntu importer
null at kde.org
Fri Aug 11 03:02:00 BST 2023
Git commit d1fff0e41e55604a581b9f2027df030bafed10de by git-ubuntu importer, on behalf of Tianon Gravi.
Committed on 14/09/2017 at 00:30.
Pushed by carlosdem into branch 'Neon/unstable'.
0.4-1 (patches unapplied)
Imported using git-ubuntu import.
M +2 -2 .travis.yml
M +2 -1 Dockerfile
M +1 -1 VERSION
M +18 -21 build-all.sh
M +28 -20 build.sh
M +10 -0 debian/changelog
M +4 -5 debian/control
C +46 -87 raspbian.sh [from: build.sh - 052% similarity]
M +57 -10 scripts/.constants.sh
M +5 -0 scripts/.tar-exclude
M +10 -0 scripts/debuerreotype-apt-get
M +10 -0 scripts/debuerreotype-chroot
M +10 -0 scripts/debuerreotype-fixup
M +5 -2 scripts/debuerreotype-gen-sources-list
M +68 -12 scripts/debuerreotype-init
M +10 -0 scripts/debuerreotype-minimizing-config
M +10 -0 scripts/debuerreotype-slimify
M +12 -3 scripts/debuerreotype-tar
M +10 -0 scripts/debuerreotype-version
A +173 -0 steamos.sh
A +184 -0 ubuntu.sh
https://invent.kde.org/neon/backports-jammy/debuerreotype/-/commit/d1fff0e41e55604a581b9f2027df030bafed10de
diff --git a/.travis.yml b/.travis.yml
index 2ce3bd7..ac4484d 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -2,8 +2,8 @@ language: bash
services: docker
env:
- - SUITE=jessie CODENAME= TIMESTAMP=2017-01-01T00:00:00Z SHA256=a674379d30cf457e49a909bb0e254ddcb1f72c27f45c68fe930668d6d9399232
- - SUITE=stable CODENAME=jessie TIMESTAMP=2017-01-01T00:00:00Z SHA256=a674379d30cf457e49a909bb0e254ddcb1f72c27f45c68fe930668d6d9399232
+ - SUITE=jessie CODENAME= TIMESTAMP=2017-01-01T00:00:00Z SHA256=881da2a3f289dd665a44e3b0f87501a39a98584a587746963cf761ef7b612c02
+ - SUITE=stable CODENAME=jessie TIMESTAMP=2017-01-01T00:00:00Z SHA256=881da2a3f289dd665a44e3b0f87501a39a98584a587746963cf761ef7b612c02
- SUITE=stretch CODENAME= TIMESTAMP=2017-01-01T00:00:00Z SHA256=139ed970d52ef950c223f9ab325657eb93d0a93c7d6e2fc697fe7510e61760fa
- SUITE=testing CODENAME=stretch TIMESTAMP=2017-01-01T00:00:00Z SHA256=139ed970d52ef950c223f9ab325657eb93d0a93c7d6e2fc697fe7510e61760fa
- SUITE=sid CODENAME= TIMESTAMP=2017-01-01T00:00:00Z SHA256=b75b4496deb4d6cee32245e4125e7ef948b09afbeb1ef3b9669e56daf3e822a7
diff --git a/Dockerfile b/Dockerfile
index c20e044..4f2da6d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,6 +13,7 @@ FROM debian:stretch-slim
RUN apt-get update && apt-get install -y --no-install-recommends \
debootstrap \
+ wget ca-certificates \
xz-utils \
&& rm -rf /var/lib/apt/lists/*
@@ -35,4 +36,4 @@ WORKDIR /tmp
# debuerreotype-init test-jessie jessie 2017-05-08T00:00:00Z
# debuerreotype-tar test-jessie test-jessie.tar
# md5sum test-jessie.tar
-# 45624a45af50f60b6b4be7203bf16c86
+# 93ad9886b0e0da17aae584d3a0236d0c
diff --git a/VERSION b/VERSION
index be58634..bd73f47 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.3
+0.4
diff --git a/build-all.sh b/build-all.sh
index 55699b0..ad04159 100755
--- a/build-all.sh
+++ b/build-all.sh
@@ -13,30 +13,21 @@ suites=(
)
thisDir="$(dirname "$(readlink -f "$BASH_SOURCE")")"
-self="$(basename "$0")"
+source "$thisDir/scripts/.constants.sh" \
+ --flags 'no-build' \
+ -- \
+ '[--no-build] <output-dir> <timestamp>' \
+ 'output 2017-05-08T00:00:00Z'
-usage() {
- cat <<-EOU
- usage: $self <output-dir> <timestamp>
- ie: $self output 2017-05-08T00:00:00Z
- EOU
-}
-eusage() {
- if [ "$#" -gt 0 ]; then
- echo >&2 "error: $*"
- fi
- usage >&2
- exit 1
-}
-
-options="$(getopt -n "$self" -o '' --long 'no-build' -- "$@")" || eusage
-eval "set -- $options"
+eval "$dgetopt"
build=1
while true; do
flag="$1"; shift
+ dgetopt-case "$flag"
case "$flag" in
--no-build) build= ;; # for skipping "docker build"
--) break ;;
+ *) eusage "unknown flag '$flag'" ;;
esac
done
@@ -60,13 +51,19 @@ echo "-- BUILDING TARBALLS FOR '$dpkgArch' FROM '$mirror/' --"
echo
for suite in "${suites[@]}"; do
- testUrl="$secmirror/dists/$suite/updates/main/binary-$dpkgArch/Packages.gz"
+ doSkip=
case "$suite" in
- testing|unstable)
- testUrl="$mirror/dists/$suite/main/binary-$dpkgArch/Packages.gz"
+ testing|unstable) ;;
+ *)
+ if ! wget --quiet --spider "$secmirror/dists/$suite/updates/main/binary-$dpkgArch/Packages.gz"; then
+ doSkip=1
+ fi
;;
esac
- if ! wget --quiet --spider "$testUrl"; then
+ if ! wget --quiet --spider "$mirror/dists/$suite/main/binary-$dpkgArch/Packages.gz"; then
+ doSkip=1
+ fi
+ if [ -n "$doSkip" ]; then
echo >&2
echo >&2 "warning: '$suite' not supported on '$dpkgArch' (at '$timestamp'); skipping"
echo >&2
diff --git a/build.sh b/build.sh
index 2bcb282..096c38d 100755
--- a/build.sh
+++ b/build.sh
@@ -2,33 +2,24 @@
set -Eeuo pipefail
thisDir="$(dirname "$(readlink -f "$BASH_SOURCE")")"
-self="$(basename "$0")"
-
-usage() {
- cat <<-EOU
- usage: $self <output-dir> <suite> <timestamp>
- ie: $self output stretch 2017-05-08T00:00:00Z
- $self --codename-copy output stable 2017-05-08T00:00:00Z
- EOU
-}
-eusage() {
- if [ "$#" -gt 0 ]; then
- echo >&2 "error: $*"
- fi
- usage >&2
- exit 1
-}
-
-options="$(getopt -n "$self" -o '' --long 'no-build,codename-copy' -- "$@")" || eusage
-eval "set -- $options"
+source "$thisDir/scripts/.constants.sh" \
+ --flags 'no-build,codename-copy' \
+ -- \
+ '[--no-build] [--codename-copy] <output-dir> <suite> <timestamp>' \
+ 'output stretch 2017-05-08T00:00:00Z
+--codename-copy output stable 2017-05-08T00:00:00Z'
+
+eval "$dgetopt"
build=1
codenameCopy=
while true; do
flag="$1"; shift
+ dgetopt-case "$flag"
case "$flag" in
--no-build) build= ;; # for skipping "docker build"
--codename-copy) codenameCopy=1 ;; # for copying a "stable.tar.xz" to "stretch.tar.xz" with updated sources.list (saves a lot of extra building work)
--) break ;;
+ *) eusage "unknown flag '$flag'" ;;
esac
done
@@ -112,7 +103,16 @@ docker run \
fi
{
- debuerreotype-init rootfs "$suite" "@$epoch"
+ initArgs=( --debian )
+ releaseSuite="$(awk -F ": " "\$1 == \"Suite\" { print \$2; exit }" "$outputDir/Release")"
+ case "$suite" in
+ # see https://bugs.debian.org/src:usrmerge for why merged-usr should not be in stable yet (mostly "dpkg" related bugs)
+ *oldstable|stable)
+ initArgs+=( --no-merged-usr )
+ ;;
+ esac
+
+ debuerreotype-init "${initArgs[@]}" rootfs "$suite" "@$epoch"
debuerreotype-minimizing-config rootfs
debuerreotype-apt-get rootfs update -qq
@@ -156,6 +156,14 @@ docker run \
# sbuild needs "deb-src" entries
debuerreotype-gen-sources-list --deb-src "$rootfs" "$suite" http://deb.debian.org/debian http://security.debian.org
+ # APT has odd issues with "Acquire::GzipIndexes=false" + "file://..." sources sometimes
+ # (which are used in sbuild for "--extra-package")
+ # Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied)
+ # ...
+ # E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied)
+ rm -f "$rootfs/etc/apt/apt.conf.d/docker-gzip-indexes"
+ # TODO figure out the bug and fix it in APT instead /o\
+
# schroot is picky about "/dev" (which is excluded by default in "debuerreotype-tar")
# see https://github.com/debuerreotype/debuerreotype/pull/8#issuecomment-305855521
debuerreotype-tar --include-dev "$rootfs" "$targetBase.tar.xz"
diff --git a/debian/changelog b/debian/changelog
index 5d46828..b0df837 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+debuerreotype (0.4-1) unstable; urgency=medium
+
+ * Update to 0.4 upstream release
+ * Update Standards-Version to 4.0.0
+ * Move debootstrap to Recommends and drop the version requirement
+ - upstream now has "--debootstrap" for using alternative debootstrap
+ implementations, and "--no-merged-usr" for skipping "--merged-usr"
+
+ -- Tianon Gravi <tianon at debian.org> Tue, 12 Sep 2017 07:51:57 -0700
+
debuerreotype (0.3-1) unstable; urgency=medium
* Update to 0.3 upstream release
diff --git a/debian/control b/debian/control
index 4d5de55..4530b3a 100644
--- a/debian/control
+++ b/debian/control
@@ -2,17 +2,16 @@ Source: debuerreotype
Maintainer: Tianon Gravi <tianon at debian.org>
Section: admin
Priority: optional
-Standards-Version: 3.9.8
-Build-Depends: debhelper (>= 9)
+Standards-Version: 4.0.0
+Build-Depends: debhelper (>= 10~)
Homepage: https://github.com/debuerreotype/debuerreotype
Vcs-Browser: https://github.com/debuerreotype/debian-debuerreotype
Vcs-Git: https://github.com/debuerreotype/debian-debuerreotype.git
Package: debuerreotype
Architecture: all
-Depends: debian-archive-keyring,
- debootstrap (>= 1.0.83~),
- ${misc:Depends}
+Depends: debian-archive-keyring, ${misc:Depends}
+Recommends: debootstrap
Suggests: diffoscope
Description: reproducible, snapshot-based Debian rootfs builder
A set of scripts for building reproducible Debian rootfs tarballs based on
diff --git a/build.sh b/raspbian.sh
similarity index 52%
copy from build.sh
copy to raspbian.sh
index 2bcb282..dff26e2 100755
--- a/build.sh
+++ b/raspbian.sh
@@ -2,39 +2,26 @@
set -Eeuo pipefail
thisDir="$(dirname "$(readlink -f "$BASH_SOURCE")")"
-self="$(basename "$0")"
-
-usage() {
- cat <<-EOU
- usage: $self <output-dir> <suite> <timestamp>
- ie: $self output stretch 2017-05-08T00:00:00Z
- $self --codename-copy output stable 2017-05-08T00:00:00Z
- EOU
-}
-eusage() {
- if [ "$#" -gt 0 ]; then
- echo >&2 "error: $*"
- fi
- usage >&2
- exit 1
-}
-
-options="$(getopt -n "$self" -o '' --long 'no-build,codename-copy' -- "$@")" || eusage
-eval "set -- $options"
+source "$thisDir/scripts/.constants.sh" \
+ --flags 'no-build' \
+ -- \
+ '[--no-build] <output-dir> <suite>' \
+ 'output stretch'
+
+eval "$dgetopt"
build=1
-codenameCopy=
while true; do
flag="$1"; shift
+ dgetopt-case "$flag"
case "$flag" in
--no-build) build= ;; # for skipping "docker build"
- --codename-copy) codenameCopy=1 ;; # for copying a "stable.tar.xz" to "stretch.tar.xz" with updated sources.list (saves a lot of extra building work)
--) break ;;
+ *) eusage "unknown flag '$flag'" ;;
esac
done
outputDir="${1:-}"; shift || eusage 'missing output-dir'
suite="${1:-}"; shift || eusage 'missing suite'
-timestamp="${1:-}"; shift || eusage 'missing timestamp'
mkdir -p "$outputDir"
outputDir="$(readlink -f "$outputDir")"
@@ -54,65 +41,55 @@ ver="${ver%% *}"
dockerImage="debuerreotype/debuerreotype:$ver"
[ -z "$build" ] || docker build -t "$dockerImage" "$thisDir"
+raspbianDockerImage="$dockerImage-raspbian"
+[ -z "$build" ] || docker build -t "$raspbianDockerImage" - <<-EODF
+ FROM $dockerImage
+ RUN wget -O raspbian.deb 'https://archive.raspbian.org/raspbian/pool/main/r/raspbian-archive-keyring/raspbian-archive-keyring-udeb_20120528.2_all.udeb' \\
+ && apt install -y ./raspbian.deb \\
+ && rm raspbian.deb
+EODF
+
docker run \
--rm \
"${securityArgs[@]}" \
- --tmpfs /tmp:dev,exec,suid,noatime \
+ -v /tmp \
-w /tmp \
-e suite="$suite" \
- -e timestamp="$timestamp" \
- -e codenameCopy="$codenameCopy" \
-e TZ='UTC' -e LC_ALL='C' \
- "$dockerImage" \
+ "$raspbianDockerImage" \
bash -Eeuo pipefail -c '
set -x
- epoch="$(date --date "$timestamp" +%s)"
- serial="$(date --date "@$epoch" +%Y%m%d)"
+ mirror="http://archive.raspbian.org/raspbian"
+
dpkgArch="$(dpkg --print-architecture)"
exportDir="output"
- outputDir="$exportDir/$serial/$dpkgArch/$suite"
-
- touch_epoch() {
- while [ "$#" -gt 0 ]; do
- local f="$1"; shift
- touch --no-dereference --date="@$epoch" "$f"
- done
- }
+ outputDir="$exportDir/raspbian/$dpkgArch/$suite"
debuerreotypeScriptsDir="$(dirname "$(readlink -f "$(which debuerreotype-init)")")"
- for archive in "" security; do
- snapshotUrl="$("$debuerreotypeScriptsDir/.snapshot-url.sh" "@$epoch" "${archive:+debian-${archive}}")"
- snapshotUrlFile="$exportDir/$serial/$dpkgArch/snapshot-url${archive:+-${archive}}"
- mkdir -p "$(dirname "$snapshotUrlFile")"
- echo "$snapshotUrl" > "$snapshotUrlFile"
- touch_epoch "$snapshotUrlFile"
- done
-
- snapshotUrl="$(< "$exportDir/$serial/$dpkgArch/snapshot-url")"
mkdir -p "$outputDir"
- wget -O "$outputDir/Release.gpg" "$snapshotUrl/dists/$suite/Release.gpg"
- wget -O "$outputDir/Release" "$snapshotUrl/dists/$suite/Release"
+ wget -O "$outputDir/Release.gpg" "$mirror/dists/$suite/Release.gpg"
+ wget -O "$outputDir/Release" "$mirror/dists/$suite/Release"
gpgv \
- --keyring /usr/share/keyrings/debian-archive-keyring.gpg \
- --keyring /usr/share/keyrings/debian-archive-removed-keys.gpg \
+ --keyring /usr/share/keyrings/raspbian-archive-keyring.gpg \
"$outputDir/Release.gpg" \
"$outputDir/Release"
- codename="$(awk -F ": " "\$1 == \"Codename\" { print \$2; exit }" "$outputDir/Release")"
- if [ -n "$codenameCopy" ] && [ "$codename" = "$suite" ]; then
- # if codename already is the same as suite, then making a copy does not make any sense
- codenameCopy=
- fi
- if [ -n "$codenameCopy" ] && [ -z "$codename" ]; then
- echo >&2 "error: --codename-copy specified but we failed to get a Codename for $suite"
- exit 1
- fi
-
{
- debuerreotype-init rootfs "$suite" "@$epoch"
+ debuerreotype-init --non-debian \
+ --arch armhf \
+ --keyring /usr/share/keyrings/raspbian-archive-keyring.gpg \
+ rootfs "$suite" "$mirror"
+
+ epoch="$(< rootfs/debuerreotype-epoch)"
+ touch_epoch() {
+ while [ "$#" -gt 0 ]; do
+ local f="$1"; shift
+ touch --no-dereference --date="@$epoch" "$f"
+ done
+ }
debuerreotype-minimizing-config rootfs
debuerreotype-apt-get rootfs update -qq
@@ -145,16 +122,19 @@ docker run \
local suite="$1"; shift
local variant="$1"; shift
- # make a copy of the snapshot-facing sources.list file before we overwrite it
- cp "$rootfs/etc/apt/sources.list" "$targetBase.sources-list-snapshot"
- touch_epoch "$targetBase.sources-list-snapshot"
-
if [ "$variant" != "sbuild" ]; then
- debuerreotype-gen-sources-list "$rootfs" "$suite" http://deb.debian.org/debian http://security.debian.org
debuerreotype-tar "$rootfs" "$targetBase.tar.xz"
else
# sbuild needs "deb-src" entries
- debuerreotype-gen-sources-list --deb-src "$rootfs" "$suite" http://deb.debian.org/debian http://security.debian.org
+ debuerreotype-chroot "$rootfs" sed -ri -e "/^deb / p; s//deb-src /" /etc/apt/sources.list
+
+ # APT has odd issues with "Acquire::GzipIndexes=false" + "file://..." sources sometimes
+ # (which are used in sbuild for "--extra-package")
+ # Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied)
+ # ...
+ # E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied)
+ rm -f "$rootfs/etc/apt/apt.conf.d/docker-gzip-indexes"
+ # TODO figure out the bug and fix it in APT instead /o\
# schroot is picky about "/dev" (which is excluded by default in "debuerreotype-tar")
# see https://github.com/debuerreotype/debuerreotype/pull/8#issuecomment-305855521
@@ -191,27 +171,6 @@ docker run \
create_artifacts "$targetBase" "$rootfs" "$suite" "$variant"
done
-
- if [ -n "$codenameCopy" ]; then
- codenameDir="$exportDir/$serial/$dpkgArch/$codename"
- mkdir -p "$codenameDir"
- tar -cC "$outputDir" --exclude="**/rootfs.*" . | tar -xC "$codenameDir"
-
- for rootfs in rootfs*/; do
- rootfs="${rootfs%/}" # "rootfs", "rootfs-slim", ...
-
- variant="${rootfs#rootfs}" # "", "-slim", ...
- variant="${variant#-}" # "", "slim", ...
-
- variantDir="$codenameDir/$variant"
- targetBase="$variantDir/rootfs"
-
- # point sources.list back at snapshot.debian.org temporarily (but this time pointing at $codename instead of $suite)
- debuerreotype-gen-sources-list "$rootfs" "$codename" "$(< "$exportDir/$serial/$dpkgArch/snapshot-url")" "$(< "$exportDir/$serial/$dpkgArch/snapshot-url-security")"
-
- create_artifacts "$targetBase" "$rootfs" "$codename" "$variant"
- done
- fi
} >&2
tar -cC "$exportDir" .
diff --git a/scripts/.constants.sh b/scripts/.constants.sh
index 5f669ad..4dacb39 100644
--- a/scripts/.constants.sh
+++ b/scripts/.constants.sh
@@ -4,6 +4,43 @@
export TZ='UTC' LC_ALL='C'
umask 0002
scriptsDir="$(dirname "$(readlink -f "$BASH_SOURCE")")"
+self="$(basename "$0")"
+
+options="$(getopt -n "$BASH_SOURCE" -o '+' --long 'flags:,flags-short:' -- "$@")"
+dFlags='help,version'
+dFlagsShort='h?'
+usageStr=
+__cgetopt() {
+ eval "set -- $options" # in a function since otherwise "set" will overwrite the parent script's positional args too
+ unset options
+
+ while true; do
+ local flag="$1"; shift
+ case "$flag" in
+ --flags) dFlags="${dFlags:+$dFlags,}$1"; shift ;;
+ --flags-short) dFlagsShort="${dFlagsShort}$1"; shift ;;
+ --) break ;;
+ *) echo >&2 "error: unexpected $BASH_SOURCE flag '$flag'"; exit 1 ;;
+ esac
+ done
+
+ while [ "$#" -gt 0 ]; do
+ local IFS=$'\n'
+ local usagePrefix='usage:' usageLine=
+ for usageLine in $1; do
+ usageStr+="$usagePrefix $self${usageLine:+ $usageLine}"$'\n'
+ usagePrefix=' '
+ done
+ usagePrefix=' ie:'
+ for usageLine in $2; do
+ usageStr+="$usagePrefix $self${usageLine:+ $usageLine}"$'\n'
+ usagePrefix=' '
+ done
+ usageStr+=$'\n'
+ shift 2
+ done
+}
+__cgetopt
_version() {
local v
@@ -19,22 +56,32 @@ _version() {
echo "$v"
}
-usageStr="$1"
-usageEx="$2"
-self="$(basename "$0")"
usage() {
- local v="$(_version)"
- cat <<-EOU
- usage: $self $usageStr
- ie: $self $usageEx
+ echo -n "$usageStr"
- debuerreotype version $v
- EOU
+ local v="$(_version)"
+ echo "debuerreotype version $v"
}
eusage() {
if [ "$#" -gt 0 ]; then
- echo >&2 "error: $*"
+ echo >&2 "error: $*"$'\n'
fi
usage >&2
exit 1
}
+_dgetopt() {
+ getopt -n "$self" \
+ -o "+$dFlagsShort" \
+ --long "$dFlags" \
+ -- "$@" \
+ || eusage 'getopt failed'
+}
+dgetopt='options="$(_dgetopt "$@")"; eval "set -- $options"; unset options'
+dgetopt-case() {
+ local flag="$1"; shift
+
+ case "$flag" in
+ -h|'-?'|--help) usage; exit 0 ;;
+ --version) _version; exit 0 ;;
+ esac
+}
diff --git a/scripts/.tar-exclude b/scripts/.tar-exclude
index e33b518..c38d0be 100644
--- a/scripts/.tar-exclude
+++ b/scripts/.tar-exclude
@@ -22,3 +22,8 @@
# wheezy-only file which APT doesn't even use (and has timestamp embedded in binary data)
# see https://github.com/debuerreotype/debuerreotype/issues/7
./etc/apt/trustdb.gpg
+
+# Debian creates this file reproducibly, but Ubuntu does not
+# (according to "man 1 journalctl", this is automatically recreated by "journalctl --update-catalog")
+# Tails also removes this file to achieve reproducibility (https://labs.riseup.net/code/projects/tails/repository/revisions/b1e05c8aac12fc79293f6a220b40a538d4f38c51/diff/config/chroot_local-hooks/99-zzzzzz_reproducible-builds-post-processing)
+./var/lib/systemd/catalog/database
diff --git a/scripts/debuerreotype-apt-get b/scripts/debuerreotype-apt-get
index 42f827b..fe90526 100755
--- a/scripts/debuerreotype-apt-get
+++ b/scripts/debuerreotype-apt-get
@@ -6,6 +6,16 @@ source "$thisDir/.constants.sh" \
'<target-dir> arguments' \
'rootfs update'
+eval "$dgetopt"
+while true; do
+ flag="$1"; shift
+ dgetopt-case "$flag"
+ case "$flag" in
+ --) break ;;
+ *) eusage "unknown flag '$flag'" ;;
+ esac
+done
+
targetDir="${1:-}"; shift || eusage 'missing target-dir'
[ -n "$targetDir" ]
diff --git a/scripts/debuerreotype-chroot b/scripts/debuerreotype-chroot
index d5e90b9..eb2e8b4 100755
--- a/scripts/debuerreotype-chroot
+++ b/scripts/debuerreotype-chroot
@@ -6,6 +6,16 @@ source "$thisDir/.constants.sh" \
'<target-dir> <command> [args...]' \
'rootfs apt-get update'
+eval "$dgetopt"
+while true; do
+ flag="$1"; shift
+ dgetopt-case "$flag"
+ case "$flag" in
+ --) break ;;
+ *) eusage "unknown flag '$flag'" ;;
+ esac
+done
+
targetDir="${1:-}"; shift || eusage 'missing target-dir'
cmd="${1:-}"; shift || eusage 'missing command'
[ -n "$targetDir" ]
diff --git a/scripts/debuerreotype-fixup b/scripts/debuerreotype-fixup
index d85879d..77199af 100755
--- a/scripts/debuerreotype-fixup
+++ b/scripts/debuerreotype-fixup
@@ -6,6 +6,16 @@ source "$thisDir/.constants.sh" \
'<target-dir>' \
'rootfs'
+eval "$dgetopt"
+while true; do
+ flag="$1"; shift
+ dgetopt-case "$flag"
+ case "$flag" in
+ --) break ;;
+ *) eusage "unknown flag '$flag'" ;;
+ esac
+done
+
targetDir="${1:-}"; shift || eusage 'missing target-dir'
[ -n "$targetDir" ]
epoch="$(< "$targetDir/debuerreotype-epoch")"
diff --git a/scripts/debuerreotype-gen-sources-list b/scripts/debuerreotype-gen-sources-list
index 2fbd0b0..b449ea4 100755
--- a/scripts/debuerreotype-gen-sources-list
+++ b/scripts/debuerreotype-gen-sources-list
@@ -3,17 +3,20 @@ set -Eeuo pipefail
thisDir="$(dirname "$(readlink -f "$BASH_SOURCE")")"
source "$thisDir/.constants.sh" \
+ --flags 'deb-src' \
+ -- \
'[--deb-src] <target-dir> <suite> <mirror> <secmirror>' \
'rootfs stretch http://deb.debian.org/debian http://security.debian.org'
-options="$(getopt -n "$self" -o '' --long 'deb-src' -- "$@")" || eusage
-eval "set -- $options"
+eval "$dgetopt"
debSrc=
while true; do
flag="$1"; shift
+ dgetopt-case "$flag"
case "$flag" in
--deb-src) debSrc=1 ;;
--) break ;;
+ *) eusage "unknown flag '$flag'" ;;
esac
done
diff --git a/scripts/debuerreotype-init b/scripts/debuerreotype-init
index 17bd05e..c868f94 100755
--- a/scripts/debuerreotype-init
+++ b/scripts/debuerreotype-init
@@ -3,33 +3,89 @@ set -Eeuo pipefail
thisDir="$(dirname "$(readlink -f "$BASH_SOURCE")")"
source "$thisDir/.constants.sh" \
+ --flags 'debian,non-debian' \
+ --flags 'debootstrap:' \
+ --flags 'debootstrap-script:' \
+ --flags 'keyring:,arch:' \
+ --flags 'merged-usr,no-merged-usr' \
+ -- \
'<target-dir> <suite> <timestamp>' \
- 'rootfs stretch 2017-05-08T00:00:00Z'
+ 'rootfs stretch 2017-05-08T00:00:00Z' \
+ \
+ '--non-debian [--debootstrap-script=xyz] <target-dir> <suite> <mirror>' \
+ '--non-debian rootfs xenial http://archive.ubuntu.com/ubuntu'
-targetDir="${1:-}"; shift || eusage 'missing target-dir'
-suite="${1:-}"; shift || eusage 'missing suite'
-timestamp="${1:-}"; shift || eusage 'missing timestamp'
-[ -n "$targetDir" ] # must be non-empty
+eval "$dgetopt"
+nonDebian=
+debootstrap=
+script=
+keyring=
+arch=
+noMergedUsr=
+while true; do
+ flag="$1"; shift
+ dgetopt-case "$flag"
+ case "$flag" in
+ --debian) nonDebian= ;;
+ --non-debian) nonDebian=1 ;;
+ --debootstrap) debootstrap="$1"; shift ;;
+ --debootstrap-script) script="$1"; shift ;;
+ --keyring) keyring="$1"; shift ;;
+ --arch) arch="$1"; shift ;;
+ --merged-usr) noMergedUsr= ;;
+ --no-merged-usr) noMergedUsr=1 ;;
+ --) break ;;
+ *) eusage "unknown flag '$flag'" ;;
+ esac
+done
+targetDir="${1:-}"; shift || eusage 'missing target-dir'
+[ -n "$targetDir" ] || eusage 'target-dir required' # must be non-empty
if [ -e "$targetDir" ] && [ -z "$(find "$targetDir" -maxdepth 0 -empty)" ]; then
echo >&2 "error: '$targetDir' already exists (and isn't empty)!"
exit 1
fi
+suite="${1:-}"; shift || eusage 'missing suite'
+
+timestamp=
+mirror=
+secmirror=
+if [ -z "$nonDebian" ]; then
+ timestamp="${1:-}"; shift || eusage 'missing timestamp'
+else
+ mirror="${1:-}"; shift || eusage 'missing mirror'
+
+ timestamp="$(wget -qO- "$mirror/dists/$suite/Release" | awk -F ': ' '$1 == "Date" { print $2 }')"
+fi
+
epoch="$(date --date "$timestamp" '+%s')"
export SOURCE_DATE_EPOCH="$epoch"
-mirror="$("$thisDir/.snapshot-url.sh" "@$epoch")"
-secmirror="$("$thisDir/.snapshot-url.sh" "@$epoch" 'debian-security')"
+if [ -z "$nonDebian" ]; then
+ mirror="$("$thisDir/.snapshot-url.sh" "@$epoch")"
+ secmirror="$("$thisDir/.snapshot-url.sh" "@$epoch" 'debian-security')"
+fi
+
+debootstrapArgs=(
+ --force-check-gpg
+ --variant=minbase
+)
+[ -n "$noMergedUsr" ] || debootstrapArgs+=( --merged-usr )
+[ -z "$keyring" ] || debootstrapArgs+=( --keyring="$keyring" )
+[ -z "$arch" ] || debootstrapArgs+=( --arch="$arch" )
-debootstrap \
- --force-check-gpg \
- --merged-usr \
- --variant=minbase \
+debootstrapArgs+=(
"$suite" "$targetDir" "$mirror"
+)
+[ -z "$script" ] || debootstrapArgs+=( "$script" )
+
+"${debootstrap:-debootstrap}" "${debootstrapArgs[@]}"
echo "$epoch" > "$targetDir/debuerreotype-epoch"
-"$thisDir/debuerreotype-gen-sources-list" "$targetDir" "$suite" "$mirror" "$secmirror"
+if [ -z "$nonDebian" ]; then
+ "$thisDir/debuerreotype-gen-sources-list" "$targetDir" "$suite" "$mirror" "$secmirror"
+fi
# since we're minbase, we know everything included is either essential, or a dependency of essential, so let's get clean "apt-mark showmanual" output
"$thisDir/debuerreotype-chroot" "$targetDir" apt-mark auto '.*' > /dev/null
diff --git a/scripts/debuerreotype-minimizing-config b/scripts/debuerreotype-minimizing-config
index 1359cc2..2935caf 100755
--- a/scripts/debuerreotype-minimizing-config
+++ b/scripts/debuerreotype-minimizing-config
@@ -6,6 +6,16 @@ source "$thisDir/.constants.sh" \
'<target-dir>' \
'rootfs'
+eval "$dgetopt"
+while true; do
+ flag="$1"; shift
+ dgetopt-case "$flag"
+ case "$flag" in
+ --) break ;;
+ *) eusage "unknown flag '$flag'" ;;
+ esac
+done
+
targetDir="${1:-}"; shift || eusage 'missing target-dir'
[ -n "$targetDir" ]
diff --git a/scripts/debuerreotype-slimify b/scripts/debuerreotype-slimify
index c895d5b..ba26716 100755
--- a/scripts/debuerreotype-slimify
+++ b/scripts/debuerreotype-slimify
@@ -6,6 +6,16 @@ source "$thisDir/.constants.sh" \
'<target-dir>' \
'rootfs'
+eval "$dgetopt"
+while true; do
+ flag="$1"; shift
+ dgetopt-case "$flag"
+ case "$flag" in
+ --) break ;;
+ *) eusage "unknown flag '$flag'" ;;
+ esac
+done
+
targetDir="${1:-}"; shift || eusage 'missing target-dir'
[ -n "$targetDir" ]
diff --git a/scripts/debuerreotype-tar b/scripts/debuerreotype-tar
index 667f8c5..8dba33c 100755
--- a/scripts/debuerreotype-tar
+++ b/scripts/debuerreotype-tar
@@ -3,17 +3,23 @@ set -Eeuo pipefail
thisDir="$(dirname "$(readlink -f "$BASH_SOURCE")")"
source "$thisDir/.constants.sh" \
+ --flags 'exclude:' \
+ --flags 'include-dev' \
+ -- \
'[--include-dev] <target-dir> <target-tar>' \
'rootfs rootfs.tar'
-options="$(getopt -n "$self" -o '' --long 'include-dev' -- "$@")" || eusage
-eval "set -- $options"
+eval "$dgetopt"
+excludes=()
includeDev=
while true; do
flag="$1"; shift
+ dgetopt-case "$flag"
case "$flag" in
+ --exclude) excludes+=( "$1" ); shift ;;
--include-dev) includeDev=1 ;;
--) break ;;
+ *) eusage "unknown flag '$flag'" ;;
esac
done
@@ -35,8 +41,11 @@ tarArgs=(
--exclude-from "$thisDir/.tar-exclude"
)
if [ -z "$includeDev" ]; then
- tarArgs+=( --exclude './dev/**' )
+ excludes+=( './dev/**' )
fi
+for exclude in "${excludes[@]}"; do
+ tarArgs+=( --exclude "$exclude" )
+done
tarArgs+=(
--numeric-owner
--transform 's,^./,,'
diff --git a/scripts/debuerreotype-version b/scripts/debuerreotype-version
index c1fd4cc..f87e9a5 100755
--- a/scripts/debuerreotype-version
+++ b/scripts/debuerreotype-version
@@ -6,4 +6,14 @@ source "$thisDir/.constants.sh" \
'' \
''
+eval "$dgetopt"
+while true; do
+ flag="$1"; shift
+ dgetopt-case "$flag"
+ case "$flag" in
+ --) break ;;
+ *) eusage "unknown flag '$flag'" ;;
+ esac
+done
+
_version
diff --git a/steamos.sh b/steamos.sh
new file mode 100755
index 0000000..58487a1
--- /dev/null
+++ b/steamos.sh
@@ -0,0 +1,173 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+thisDir="$(dirname "$(readlink -f "$BASH_SOURCE")")"
+source "$thisDir/scripts/.constants.sh" \
+ --flags 'no-build' \
+ -- \
+ '[--no-build] <output-dir>' \
+ 'output'
+
+eval "$dgetopt"
+build=1
+while true; do
+ flag="$1"; shift
+ dgetopt-case "$flag"
+ case "$flag" in
+ --no-build) build= ;; # for skipping "docker build"
+ --) break ;;
+ *) eusage "unknown flag '$flag'" ;;
+ esac
+done
+
+outputDir="${1:-}"; shift || eusage 'missing output-dir'
+
+mkdir -p "$outputDir"
+outputDir="$(readlink -f "$outputDir")"
+
+securityArgs=(
+ --cap-add SYS_ADMIN
+)
+if docker info | grep -q apparmor; then
+ # AppArmor blocks mount :)
+ securityArgs+=(
+ --security-opt apparmor=unconfined
+ )
+fi
+
+ver="$("$thisDir/scripts/debuerreotype-version")"
+ver="${ver%% *}"
+dockerImage="debuerreotype/debuerreotype:$ver"
+[ -z "$build" ] || docker build -t "$dockerImage" "$thisDir"
+
+steamDockerImage="$dockerImage-steamos"
+[ -z "$build" ] || docker build -t "$steamDockerImage" - <<-EODF
+ FROM $dockerImage
+ RUN wget -O valve.deb 'http://repo.steampowered.com/steamos/pool/main/v/valve-archive-keyring/valve-archive-keyring_0.5+bsos3_all.deb' \\
+ && apt install -y ./valve.deb \\
+ && rm valve.deb
+EODF
+
+docker run \
+ --rm \
+ "${securityArgs[@]}" \
+ --tmpfs /tmp:dev,exec,suid,noatime \
+ -w /tmp \
+ -e TZ='UTC' -e LC_ALL='C' \
+ "$steamDockerImage" \
+ bash -Eeuo pipefail -c '
+ set -x
+
+ # http://repo.steampowered.com/steamos/dists/
+ suite="brewmaster"
+ mirror="http://repo.steampowered.com/steamos"
+
+ dpkgArch="$(dpkg --print-architecture)"
+
+ exportDir="output"
+ outputDir="$exportDir/steamos/$dpkgArch/$suite"
+
+ debuerreotypeScriptsDir="$(dirname "$(readlink -f "$(which debuerreotype-init)")")"
+
+ mkdir -p "$outputDir"
+ wget -O "$outputDir/Release.gpg" "$mirror/dists/$suite/Release.gpg"
+ wget -O "$outputDir/Release" "$mirror/dists/$suite/Release"
+ gpgv \
+ --keyring /usr/share/keyrings/valve-archive-keyring.gpg \
+ "$outputDir/Release.gpg" \
+ "$outputDir/Release"
+
+ {
+ debuerreotype-init --non-debian \
+ --debootstrap-script /usr/share/debootstrap/scripts/jessie \
+ --keyring /usr/share/keyrings/valve-archive-keyring.gpg \
+ --no-merged-usr \
+ rootfs "$suite" "$mirror"
+ echo "deb $mirror $suite main contrib non-free" | tee rootfs/etc/apt/sources.list
+
+ epoch="$(< rootfs/debuerreotype-epoch)"
+ touch_epoch() {
+ while [ "$#" -gt 0 ]; do
+ local f="$1"; shift
+ touch --no-dereference --date="@$epoch" "$f"
+ done
+ }
+
+ debuerreotype-minimizing-config rootfs
+ debuerreotype-apt-get rootfs update -qq
+ debuerreotype-apt-get rootfs dist-upgrade -yqq
+
+ # make a couple copies of rootfs so we can create other variants
+ for variant in slim sbuild; do
+ mkdir "rootfs-$variant"
+ tar -cC rootfs . | tar -xC "rootfs-$variant"
+ done
+
+ debuerreotype-apt-get rootfs install -y --no-install-recommends iproute2 iputils-ping
+
+ debuerreotype-slimify rootfs-slim
+
+ # this should match the list added to the "buildd" variant in debootstrap and the list installed by sbuild
+ # https://anonscm.debian.org/cgit/d-i/debootstrap.git/tree/scripts/sid?id=706a45681c5bba5e062a9b02e19f079cacf2a3e8#n26
+ # https://anonscm.debian.org/cgit/buildd-tools/sbuild.git/tree/bin/sbuild-createchroot?id=eace3d3e59e48d26eaf069d9b63a6a4c868640e6#n194
+ debuerreotype-apt-get rootfs-sbuild install -y --no-install-recommends build-essential fakeroot
+
+ create_artifacts() {
+ local targetBase="$1"; shift
+ local rootfs="$1"; shift
+ local suite="$1"; shift
+ local variant="$1"; shift
+
+ if [ "$variant" != "sbuild" ]; then
+ debuerreotype-tar "$rootfs" "$targetBase.tar.xz"
+ else
+ # sbuild needs "deb-src" entries
+ debuerreotype-chroot "$rootfs" sed -ri -e "/^deb / p; s//deb-src /" /etc/apt/sources.list
+
+ # APT has odd issues with "Acquire::GzipIndexes=false" + "file://..." sources sometimes
+ # (which are used in sbuild for "--extra-package")
+ # Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied)
+ # ...
+ # E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied)
+ rm -f "$rootfs/etc/apt/apt.conf.d/docker-gzip-indexes"
+ # TODO figure out the bug and fix it in APT instead /o\
+
+ # schroot is picky about "/dev" (which is excluded by default in "debuerreotype-tar")
+ # see https://github.com/debuerreotype/debuerreotype/pull/8#issuecomment-305855521
+ debuerreotype-tar --include-dev "$rootfs" "$targetBase.tar.xz"
+ fi
+ du -hsx "$targetBase.tar.xz"
+
+ sha256sum "$targetBase.tar.xz" | cut -d" " -f1 > "$targetBase.tar.xz.sha256"
+ touch_epoch "$targetBase.tar.xz.sha256"
+
+ debuerreotype-chroot "$rootfs" dpkg-query -W > "$targetBase.manifest"
+ echo "$epoch" > "$targetBase.debuerreotype-epoch"
+ touch_epoch "$targetBase.manifest" "$targetBase.debuerreotype-epoch"
+
+ for f in debian_version os-release apt/sources.list; do
+ targetFile="$targetBase.$(basename "$f" | sed -r "s/[^a-zA-Z0-9_-]+/-/g")"
+ cp "$rootfs/etc/$f" "$targetFile"
+ touch_epoch "$targetFile"
+ done
+ }
+
+ for rootfs in rootfs*/; do
+ rootfs="${rootfs%/}" # "rootfs", "rootfs-slim", ...
+
+ du -hsx "$rootfs"
+
+ variant="${rootfs#rootfs}" # "", "-slim", ...
+ variant="${variant#-}" # "", "slim", ...
+
+ variantDir="$outputDir/$variant"
+ mkdir -p "$variantDir"
+
+ targetBase="$variantDir/rootfs"
+
+ create_artifacts "$targetBase" "$rootfs" "$suite" "$variant"
+ done
+ } >&2
+
+ tar -cC "$exportDir" .
+ ' | tar -xvC "$outputDir"
diff --git a/ubuntu.sh b/ubuntu.sh
new file mode 100755
index 0000000..b52fbd2
--- /dev/null
+++ b/ubuntu.sh
@@ -0,0 +1,184 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+thisDir="$(dirname "$(readlink -f "$BASH_SOURCE")")"
+source "$thisDir/scripts/.constants.sh" \
+ --flags 'no-build' \
+ -- \
+ '[--no-build] <output-dir> <suite>' \
+ 'output xenial'
+
+eval "$dgetopt"
+build=1
+while true; do
+ flag="$1"; shift
+ dgetopt-case "$flag"
+ case "$flag" in
+ --no-build) build= ;; # for skipping "docker build"
+ --) break ;;
+ *) eusage "unknown flag '$flag'" ;;
+ esac
+done
+
+outputDir="${1:-}"; shift || eusage 'missing output-dir'
+suite="${1:-}"; shift || eusage 'missing suite'
+
+mkdir -p "$outputDir"
+outputDir="$(readlink -f "$outputDir")"
+
+securityArgs=(
+ --cap-add SYS_ADMIN
+)
+if docker info | grep -q apparmor; then
+ # AppArmor blocks mount :)
+ securityArgs+=(
+ --security-opt apparmor=unconfined
+ )
+fi
+
+ver="$("$thisDir/scripts/debuerreotype-version")"
+ver="${ver%% *}"
+dockerImage="debuerreotype/debuerreotype:$ver"
+[ -z "$build" ] || docker build -t "$dockerImage" "$thisDir"
+
+ubuntuDockerImage="$dockerImage-ubuntu"
+[ -z "$build" ] || docker build -t "$ubuntuDockerImage" - <<-EODF
+ FROM $dockerImage
+ RUN apt-get update \\
+ && apt-get install -y --no-install-recommends ubuntu-archive-keyring \\
+ && rm -rf /var/lib/apt/lists/*
+EODF
+
+docker run \
+ --rm \
+ "${securityArgs[@]}" \
+ -v /tmp \
+ -w /tmp \
+ -e suite="$suite" \
+ -e TZ='UTC' -e LC_ALL='C' \
+ "$ubuntuDockerImage" \
+ bash -Eeuo pipefail -c '
+ set -x
+
+ dpkgArch="$(dpkg --print-architecture)"
+
+ case "$dpkgArch" in
+ amd64|i386)
+ mirror="http://archive.ubuntu.com/ubuntu"
+ secmirror="http://security.ubuntu.com/ubuntu"
+ ;;
+ *)
+ mirror="http://ports.ubuntu.com/ubuntu-ports"
+ secmirror="$mirror" # no separate security mirror for ports
+ ;;
+ esac
+
+ exportDir="output"
+ outputDir="$exportDir/ubuntu/$dpkgArch/$suite"
+
+ debuerreotypeScriptsDir="$(dirname "$(readlink -f "$(which debuerreotype-init)")")"
+
+ mkdir -p "$outputDir"
+ wget -O "$outputDir/Release.gpg" "$mirror/dists/$suite/Release.gpg"
+ wget -O "$outputDir/Release" "$mirror/dists/$suite/Release"
+ gpgv \
+ --keyring /usr/share/keyrings/ubuntu-archive-keyring.gpg \
+ "$outputDir/Release.gpg" \
+ "$outputDir/Release"
+
+ {
+ debuerreotype-init --non-debian \
+ --keyring /usr/share/keyrings/ubuntu-archive-keyring.gpg \
+ rootfs "$suite" "$mirror"
+ # TODO setup proper sources.list for Ubuntu
+ # deb http://archive.ubuntu.com/ubuntu xenial main restricted universe multiverse
+ # deb http://archive.ubuntu.com/ubuntu xenial-updates main restricted universe multiverse
+ # deb http://archive.ubuntu.com/ubuntu xenial-backports main restricted universe multiverse
+ # deb http://security.ubuntu.com/ubuntu xenial-security main restricted universe multiverse
+
+ epoch="$(< rootfs/debuerreotype-epoch)"
+ touch_epoch() {
+ while [ "$#" -gt 0 ]; do
+ local f="$1"; shift
+ touch --no-dereference --date="@$epoch" "$f"
+ done
+ }
+
+ debuerreotype-minimizing-config rootfs
+ debuerreotype-apt-get rootfs update -qq
+ debuerreotype-apt-get rootfs dist-upgrade -yqq
+
+ # make a couple copies of rootfs so we can create other variants
+ for variant in slim sbuild; do
+ mkdir "rootfs-$variant"
+ tar -cC rootfs . | tar -xC "rootfs-$variant"
+ done
+
+ debuerreotype-apt-get rootfs install -y --no-install-recommends iproute2 iputils-ping
+
+ debuerreotype-slimify rootfs-slim
+
+ # this should match the list added to the "buildd" variant in debootstrap and the list installed by sbuild
+ # https://anonscm.debian.org/cgit/d-i/debootstrap.git/tree/scripts/sid?id=706a45681c5bba5e062a9b02e19f079cacf2a3e8#n26
+ # https://anonscm.debian.org/cgit/buildd-tools/sbuild.git/tree/bin/sbuild-createchroot?id=eace3d3e59e48d26eaf069d9b63a6a4c868640e6#n194
+ debuerreotype-apt-get rootfs-sbuild install -y --no-install-recommends build-essential fakeroot
+
+ create_artifacts() {
+ local targetBase="$1"; shift
+ local rootfs="$1"; shift
+ local suite="$1"; shift
+ local variant="$1"; shift
+
+ if [ "$variant" != "sbuild" ]; then
+ debuerreotype-tar "$rootfs" "$targetBase.tar.xz"
+ else
+ # sbuild needs "deb-src" entries
+ debuerreotype-chroot "$rootfs" sed -ri -e "/^deb / p; s//deb-src /" /etc/apt/sources.list
+
+ # APT has odd issues with "Acquire::GzipIndexes=false" + "file://..." sources sometimes
+ # (which are used in sbuild for "--extra-package")
+ # Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied)
+ # ...
+ # E: Failed to fetch store:/var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages Could not open file /var/lib/apt/lists/partial/_tmp_tmp.ODWljpQfkE_._Packages - open (13: Permission denied)
+ rm -f "$rootfs/etc/apt/apt.conf.d/docker-gzip-indexes"
+ # TODO figure out the bug and fix it in APT instead /o\
+
+ # schroot is picky about "/dev" (which is excluded by default in "debuerreotype-tar")
+ # see https://github.com/debuerreotype/debuerreotype/pull/8#issuecomment-305855521
+ debuerreotype-tar --include-dev "$rootfs" "$targetBase.tar.xz"
+ fi
+ du -hsx "$targetBase.tar.xz"
+
+ sha256sum "$targetBase.tar.xz" | cut -d" " -f1 > "$targetBase.tar.xz.sha256"
+ touch_epoch "$targetBase.tar.xz.sha256"
+
+ debuerreotype-chroot "$rootfs" dpkg-query -W > "$targetBase.manifest"
+ echo "$epoch" > "$targetBase.debuerreotype-epoch"
+ touch_epoch "$targetBase.manifest" "$targetBase.debuerreotype-epoch"
+
+ for f in debian_version os-release apt/sources.list; do
+ targetFile="$targetBase.$(basename "$f" | sed -r "s/[^a-zA-Z0-9_-]+/-/g")"
+ cp "$rootfs/etc/$f" "$targetFile"
+ touch_epoch "$targetFile"
+ done
+ }
+
+ for rootfs in rootfs*/; do
+ rootfs="${rootfs%/}" # "rootfs", "rootfs-slim", ...
+
+ du -hsx "$rootfs"
+
+ variant="${rootfs#rootfs}" # "", "-slim", ...
+ variant="${variant#-}" # "", "slim", ...
+
+ variantDir="$outputDir/$variant"
+ mkdir -p "$variantDir"
+
+ targetBase="$variantDir/rootfs"
+
+ create_artifacts "$targetBase" "$rootfs" "$suite" "$variant"
+ done
+ } >&2
+
+ tar -cC "$exportDir" .
+ ' | tar -xvC "$outputDir"
More information about the Neon-commits
mailing list