[neon/backports-jammy/debuerreotype/Neon/unstable] /: 0.6-1 (patches unapplied)
git-ubuntu importer
null at kde.org
Fri Aug 11 03:02:00 BST 2023
Git commit 674efede00b44090f6fbf37ff0092a6d8408f018 by git-ubuntu importer, on behalf of Tianon Gravi.
Committed on 18/05/2018 at 06:28.
Pushed by carlosdem into branch 'Neon/unstable'.
0.6-1 (patches unapplied)
Imported using git-ubuntu import.
M +2 -0 .dockerignore
M +11 -2 .travis.sh
M +19 -8 .travis.yml
M +10 -4 Dockerfile
M +2 -2 README.md
M +1 -1 VERSION
M +1 -1 build-all.sh
M +115 -21 build.sh
M +12 -0 debian/changelog
M +6 -1 debian/tests/control
M +24 -6 debian/tests/stretch
M +3 -3 raspbian.sh
A +30 -0 scripts/.apt-version.sh
A +27 -0 scripts/.dpkg-arch.sh
M +10 -0 scripts/.snapshot-url.sh
M +4 -1 scripts/debuerreotype-chroot
M +5 -0 scripts/debuerreotype-fixup
M +20 -3 scripts/debuerreotype-gen-sources-list
M +78 -10 scripts/debuerreotype-init
M +93 -80 scripts/debuerreotype-minimizing-config
M +4 -4 scripts/debuerreotype-slimify
M +20 -6 steamos.sh
M +1 -1 ubuntu.sh
https://invent.kde.org/neon/backports-jammy/debuerreotype/-/commit/674efede00b44090f6fbf37ff0092a6d8408f018
diff --git a/.dockerignore b/.dockerignore
index 3bedb49..c33e173 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,2 +1,4 @@
**
+
+!VERSION
!scripts/
diff --git a/.travis.sh b/.travis.sh
index d7fec7f..903988f 100755
--- a/.travis.sh
+++ b/.travis.sh
@@ -5,12 +5,21 @@ epoch="$(TZ=UTC date --date "$TIMESTAMP" +%s)"
serial="$(TZ=UTC date --date "@$epoch" +%Y%m%d)"
buildArgs=()
-if [ -n "${CODENAME:-}" ]; then
+if [ "$SUITE" = 'eol' ]; then
+ buildArgs+=( '--eol' )
+ SUITE="$CODENAME"
+elif [ -n "${CODENAME:-}" ]; then
buildArgs+=( '--codename-copy' )
fi
+if [ -n "${ARCH:-}" ]; then
+ buildArgs+=( "--arch=${ARCH}" )
+ if [ "$ARCH" != 'i386' ]; then
+ buildArgs+=( '--qemu' )
+ fi
+fi
buildArgs+=( travis "$SUITE" "@$epoch" )
-checkFile="travis/$serial/amd64/${CODENAME:-$SUITE}/rootfs.tar.xz"
+checkFile="travis/$serial/${ARCH:-amd64}/${CODENAME:-$SUITE}/rootfs.tar.xz"
set -x
diff --git a/.travis.yml b/.travis.yml
index ac4484d..f74ac80 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -2,14 +2,25 @@ language: bash
services: docker
env:
- - SUITE=jessie CODENAME= TIMESTAMP=2017-01-01T00:00:00Z SHA256=881da2a3f289dd665a44e3b0f87501a39a98584a587746963cf761ef7b612c02
- - SUITE=stable CODENAME=jessie TIMESTAMP=2017-01-01T00:00:00Z SHA256=881da2a3f289dd665a44e3b0f87501a39a98584a587746963cf761ef7b612c02
- - SUITE=stretch CODENAME= TIMESTAMP=2017-01-01T00:00:00Z SHA256=139ed970d52ef950c223f9ab325657eb93d0a93c7d6e2fc697fe7510e61760fa
- - SUITE=testing CODENAME=stretch TIMESTAMP=2017-01-01T00:00:00Z SHA256=139ed970d52ef950c223f9ab325657eb93d0a93c7d6e2fc697fe7510e61760fa
- - SUITE=sid CODENAME= TIMESTAMP=2017-01-01T00:00:00Z SHA256=b75b4496deb4d6cee32245e4125e7ef948b09afbeb1ef3b9669e56daf3e822a7
- - SUITE=unstable CODENAME=sid TIMESTAMP=2017-01-01T00:00:00Z SHA256=b75b4496deb4d6cee32245e4125e7ef948b09afbeb1ef3b9669e56daf3e822a7
- - SUITE=wheezy CODENAME= TIMESTAMP=2017-01-01T00:00:00Z SHA256=b4f7069aba089e014590e51437ab03dc1b827372711fe4860866bfe9d920e956
- - SUITE=oldstable CODENAME=wheezy TIMESTAMP=2017-01-01T00:00:00Z SHA256=b4f7069aba089e014590e51437ab03dc1b827372711fe4860866bfe9d920e956
+ - SUITE=jessie CODENAME= TIMESTAMP=2017-01-01T00:00:00Z SHA256=29ac0469fb58500a9e02044dbba11f8f583a3fb73e9dafed8cd18bb816e756ed
+ - SUITE=stable CODENAME=jessie TIMESTAMP=2017-01-01T00:00:00Z SHA256=29ac0469fb58500a9e02044dbba11f8f583a3fb73e9dafed8cd18bb816e756ed
+ - SUITE=stretch CODENAME= TIMESTAMP=2017-01-01T00:00:00Z SHA256=92b3de2c3e349bb4db9de238299ca0423438ff6f021ae44cf4734f19eb4b84c7
+ - SUITE=testing CODENAME=stretch TIMESTAMP=2017-01-01T00:00:00Z SHA256=92b3de2c3e349bb4db9de238299ca0423438ff6f021ae44cf4734f19eb4b84c7
+ - SUITE=sid CODENAME= TIMESTAMP=2017-01-01T00:00:00Z SHA256=e34b97bfbe21d13aac00e83e2cd8132cfb8e5f4211fe43c229c44766a8722d6b
+ - SUITE=unstable CODENAME=sid TIMESTAMP=2017-01-01T00:00:00Z SHA256=e34b97bfbe21d13aac00e83e2cd8132cfb8e5f4211fe43c229c44766a8722d6b
+ - SUITE=wheezy CODENAME= TIMESTAMP=2017-01-01T00:00:00Z SHA256=94aac7c0dde96024d3c09d8ed1711b392b415e70f89d36407d27bebd7e8f0a21
+ - SUITE=oldstable CODENAME=wheezy TIMESTAMP=2017-01-01T00:00:00Z SHA256=94aac7c0dde96024d3c09d8ed1711b392b415e70f89d36407d27bebd7e8f0a21
+ # EOL suites testing
+ - SUITE=eol CODENAME=etch TIMESTAMP=2016-03-13T13:03:28Z SHA256=82f368d4dd0257603e9091fa3e2511d90cff16188f95414e7b3bff260b927d2d
+ - SUITE=eol CODENAME=woody ARCH=i386 TIMESTAMP=2016-03-13T13:03:28Z SHA256=e7db9c0074b2fff8feca7cd273a89ee37275731c409c8c496043f5a1c7ff8d83
+ # qemu-debootstrap testing
+ - ARCH=arm64 SUITE=jessie CODENAME= TIMESTAMP=2017-01-01T00:00:00Z SHA256=f6f2ba94b0554e5f2485abcb1b36a5b976d7c9c07c7c2af2301c7652274bd797
+
+addons:
+ apt:
+ packages:
+ - binfmt-support
+ - qemu-user-static
script:
- travis_retry ./.travis.sh
diff --git a/Dockerfile b/Dockerfile
index 4f2da6d..41d65e8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,7 +3,7 @@
# bootstrapping a new architecture?
# ./scripts/debuerreotype-init /tmp/docker-rootfs stretch now
# ./scripts/debuerreotype-minimizing-config /tmp/docker-rootfs
-# ./scripts/debuerreotype-gen-sources-list /tmp/docker-rootfs stretch http://deb.debian.org/debian http://security.debian.org
+# ./scripts/debuerreotype-gen-sources-list /tmp/docker-rootfs stretch http://deb.debian.org/debian http://security.debian.org/debian-security
# ./scripts/debuerreotype-tar /tmp/docker-rootfs - | docker import - debian:stretch-slim
# alternate:
# debootstrap --variant=minbase stretch /tmp/docker-rootfs
@@ -15,14 +15,20 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
debootstrap \
wget ca-certificates \
xz-utils \
+ \
+ gnupg dirmngr \
&& rm -rf /var/lib/apt/lists/*
-COPY scripts /opt/debuerreotype/scripts
+# see ".dockerignore"
+COPY . /opt/debuerreotype
RUN set -ex; \
cd /opt/debuerreotype/scripts; \
for f in debuerreotype-*; do \
ln -svL "$PWD/$f" "/usr/local/bin/$f"; \
- done
+ done; \
+ version="$(debuerreotype-version)"; \
+ [ "$version" != 'unknown' ]; \
+ echo "debuerreotype version $version"
WORKDIR /tmp
@@ -31,7 +37,7 @@ WORKDIR /tmp
# debuerreotype-init test-stretch stretch 2017-05-08T00:00:00Z
# debuerreotype-tar test-stretch test-stretch.tar
# md5sum test-stretch.tar
-# 6f965e84837215ac0aa375e3391392db
+# 983b79e9c4ba158e269ef9964dbab60b
# debuerreotype-init test-jessie jessie 2017-05-08T00:00:00Z
# debuerreotype-tar test-jessie test-jessie.tar
diff --git a/README.md b/README.md
index d1bb911..8da8691 100644
--- a/README.md
+++ b/README.md
@@ -86,10 +86,10 @@ Setting up inetutils-ping (2:1.9.4-2+b1) ...
Setting up iproute2 (4.9.0-1) ...
Processing triggers for libc-bin (2.24-8) ...
-$ debuerreotype-gen-sources-list rootfs stretch http://deb.debian.org/debian http://security.debian.org
+$ debuerreotype-gen-sources-list rootfs stretch http://deb.debian.org/debian http://security.debian.org/debian-security
$ debuerreotype-tar rootfs - | sha256sum
-0542bec04135ed60ed5763f0bcf90381d4e5e33786d57aba5aa4b0fc4e43478a -
+541ccb5b2aa56217141185a3d7eaa5f81549d0191b9452082cf6e29feec6ad35 -
$ # try it! you should get that same sha256sum value!
```
diff --git a/VERSION b/VERSION
index bd73f47..5a2a580 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.4
+0.6
diff --git a/build-all.sh b/build-all.sh
index ad04159..eb5d300 100755
--- a/build-all.sh
+++ b/build-all.sh
@@ -45,7 +45,7 @@ dockerImage="debuerreotype/debuerreotype:$ver"
mirror="$("$thisDir/scripts/.snapshot-url.sh" "$timestamp")"
secmirror="$("$thisDir/scripts/.snapshot-url.sh" "$timestamp" 'debian-security')"
-dpkgArch="$(docker run --rm "$dockerImage" dpkg --print-architecture)"
+dpkgArch="$(docker run --rm "$dockerImage" dpkg --print-architecture | awk -F- '{ print $NF }')"
echo
echo "-- BUILDING TARBALLS FOR '$dpkgArch' FROM '$mirror/' --"
echo
diff --git a/build.sh b/build.sh
index 096c38d..7b1486a 100755
--- a/build.sh
+++ b/build.sh
@@ -4,20 +4,29 @@ set -Eeuo pipefail
thisDir="$(dirname "$(readlink -f "$BASH_SOURCE")")"
source "$thisDir/scripts/.constants.sh" \
--flags 'no-build,codename-copy' \
+ --flags 'eol,arch:,qemu' \
-- \
- '[--no-build] [--codename-copy] <output-dir> <suite> <timestamp>' \
+ '[--no-build] [--codename-copy] [--eol] [--arch=<arch>] [--qemu] <output-dir> <suite> <timestamp>' \
'output stretch 2017-05-08T00:00:00Z
---codename-copy output stable 2017-05-08T00:00:00Z'
+--codename-copy output stable 2017-05-08T00:00:00Z
+--eol output squeeze 2016-03-14T00:00:00Z
+--eol --arch i386 output sarge 2016-03-14T00:00:00Z' \
eval "$dgetopt"
build=1
codenameCopy=
+eol=
+arch=
+qemu=
while true; do
flag="$1"; shift
dgetopt-case "$flag"
case "$flag" in
--no-build) build= ;; # for skipping "docker build"
--codename-copy) codenameCopy=1 ;; # for copying a "stable.tar.xz" to "stretch.tar.xz" with updated sources.list (saves a lot of extra building work)
+ --eol) eol=1 ;; # for using "archive.debian.org"
+ --arch) arch="$1"; shift ;; # for adding "--arch" to debuerreotype-init
+ --qemu) qemu=1 ;; # for using "qemu-debootstrap"
--) break ;;
*) eusage "unknown flag '$flag'" ;;
esac
@@ -40,10 +49,24 @@ if docker info | grep -q apparmor; then
)
fi
+if [ "$suite" = 'potato' ]; then
+ # --debian-eol potato wants to run "chroot ... mount ... /proc" which gets blocked (i386, ancient binaries, blah blah blah)
+ securityArgs+=(
+ --security-opt seccomp=unconfined
+ )
+fi
+
ver="$("$thisDir/scripts/debuerreotype-version")"
ver="${ver%% *}"
dockerImage="debuerreotype/debuerreotype:$ver"
[ -z "$build" ] || docker build -t "$dockerImage" "$thisDir"
+if [ -n "$qemu" ]; then
+ [ -z "$build" ] || docker build -t "$dockerImage-qemu" - <<-EODF
+ FROM $dockerImage
+ RUN apt-get update && apt-get install -y --no-install-recommends qemu-user-static && rm -rf /var/lib/apt/lists/*
+ EODF
+ dockerImage="$dockerImage-qemu"
+fi
docker run \
--rm \
@@ -53,14 +76,16 @@ docker run \
-e suite="$suite" \
-e timestamp="$timestamp" \
-e codenameCopy="$codenameCopy" \
+ -e eol="$eol" -e arch="$arch" -e qemu="$qemu" \
-e TZ='UTC' -e LC_ALL='C' \
+ --hostname debuerreotype \
"$dockerImage" \
bash -Eeuo pipefail -c '
set -x
epoch="$(date --date "$timestamp" +%s)"
serial="$(date --date "@$epoch" +%Y%m%d)"
- dpkgArch="$(dpkg --print-architecture)"
+ dpkgArch="${arch:-$(dpkg --print-architecture | awk -F- "{ print \$NF }")}"
exportDir="output"
outputDir="$exportDir/$serial/$dpkgArch/$suite"
@@ -75,20 +100,36 @@ docker run \
debuerreotypeScriptsDir="$(dirname "$(readlink -f "$(which debuerreotype-init)")")"
for archive in "" security; do
- snapshotUrl="$("$debuerreotypeScriptsDir/.snapshot-url.sh" "@$epoch" "${archive:+debian-${archive}}")"
+ if [ -z "$eol" ]; then
+ snapshotUrl="$("$debuerreotypeScriptsDir/.snapshot-url.sh" "@$epoch" "${archive:+debian-${archive}}")"
+ else
+ snapshotUrl="$("$debuerreotypeScriptsDir/.snapshot-url.sh" "@$epoch" "debian-archive")/debian${archive:+-${archive}}"
+ fi
snapshotUrlFile="$exportDir/$serial/$dpkgArch/snapshot-url${archive:+-${archive}}"
mkdir -p "$(dirname "$snapshotUrlFile")"
echo "$snapshotUrl" > "$snapshotUrlFile"
touch_epoch "$snapshotUrlFile"
done
+ if [ -z "$eol" ]; then
+ keyring=/usr/share/keyrings/debian-archive-keyring.gpg
+ else
+ keyring=/usr/share/keyrings/debian-archive-removed-keys.gpg
+
+ if [ "$suite" = potato ]; then
+ # src:debian-archive-keyring was created in 2006, thus does not include a key for potato
+ export GNUPGHOME="$(mktemp -d)"
+ keyring="$GNUPGHOME/debian-archive-$suite-keyring.gpg"
+ gpg --no-default-keyring --keyring "$keyring" --keyserver ha.pool.sks-keyservers.net --recv-keys 8FD47FF1AA9372C37043DC28AA7DEB7B722F1AED
+ fi
+ fi
+
snapshotUrl="$(< "$exportDir/$serial/$dpkgArch/snapshot-url")"
mkdir -p "$outputDir"
wget -O "$outputDir/Release.gpg" "$snapshotUrl/dists/$suite/Release.gpg"
wget -O "$outputDir/Release" "$snapshotUrl/dists/$suite/Release"
gpgv \
- --keyring /usr/share/keyrings/debian-archive-keyring.gpg \
- --keyring /usr/share/keyrings/debian-archive-removed-keys.gpg \
+ --keyring "$keyring" \
"$outputDir/Release.gpg" \
"$outputDir/Release"
@@ -103,7 +144,14 @@ docker run \
fi
{
- initArgs=( --debian )
+ initArgs=( --arch="$dpkgArch" )
+ if [ -z "$eol" ]; then
+ initArgs+=( --debian )
+ else
+ initArgs+=( --debian-eol )
+ fi
+ initArgs+=( --keyring "$keyring" )
+
releaseSuite="$(awk -F ": " "\$1 == \"Suite\" { print \$2; exit }" "$outputDir/Release")"
case "$suite" in
# see https://bugs.debian.org/src:usrmerge for why merged-usr should not be in stable yet (mostly "dpkg" related bugs)
@@ -112,12 +160,24 @@ docker run \
;;
esac
+ if [ -n "$qemu" ]; then
+ initArgs+=( --debootstrap="qemu-debootstrap" )
+ fi
+
debuerreotype-init "${initArgs[@]}" rootfs "$suite" "@$epoch"
debuerreotype-minimizing-config rootfs
debuerreotype-apt-get rootfs update -qq
debuerreotype-apt-get rootfs dist-upgrade -yqq
+ aptVersion="$("$debuerreotypeScriptsDir/.apt-version.sh" rootfs)"
+ case "$aptVersion" in
+ # --debian-eol etch and lower do not support --no-install-recommends
+ 0.6.*|0.5.*) noInstallRecommends="-o APT::Install-Recommends=0" ;;
+
+ *) noInstallRecommends="--no-install-recommends" ;;
+ esac
+
# make a couple copies of rootfs so we can create other variants
for variant in slim sbuild; do
mkdir "rootfs-$variant"
@@ -125,19 +185,29 @@ docker run \
done
# prefer iproute2 if it exists
- iproute=iproute2
- if ! debuerreotype-chroot rootfs apt-cache show iproute2 > /dev/null; then
- # poor wheezy
- iproute=iproute
+ case "$aptVersion" in
+ 0.5.*) iproute=iproute ;; # --debian-eol woody and below have bad apt-cache which only warns for missing packages
+ *)
+ iproute=iproute2
+ if ! debuerreotype-chroot rootfs apt-cache show iproute2 > /dev/null; then
+ # poor wheezy
+ iproute=iproute
+ fi
+ ;;
+ esac
+ ping=iputils-ping
+ if debuerreotype-chroot rootfs bash -c "command -v ping > /dev/null"; then
+ # if we already have "ping" (as in --debian-eol potato), skip installing any extra ping package
+ ping=
fi
- debuerreotype-apt-get rootfs install -y --no-install-recommends inetutils-ping $iproute
+ debuerreotype-apt-get rootfs install -y $noInstallRecommends $ping $iproute
debuerreotype-slimify rootfs-slim
# this should match the list added to the "buildd" variant in debootstrap and the list installed by sbuild
# https://anonscm.debian.org/cgit/d-i/debootstrap.git/tree/scripts/sid?id=706a45681c5bba5e062a9b02e19f079cacf2a3e8#n26
# https://anonscm.debian.org/cgit/buildd-tools/sbuild.git/tree/bin/sbuild-createchroot?id=eace3d3e59e48d26eaf069d9b63a6a4c868640e6#n194
- debuerreotype-apt-get rootfs-sbuild install -y --no-install-recommends build-essential fakeroot
+ debuerreotype-apt-get rootfs-sbuild install -y $noInstallRecommends build-essential fakeroot
create_artifacts() {
local targetBase="$1"; shift
@@ -149,12 +219,25 @@ docker run \
cp "$rootfs/etc/apt/sources.list" "$targetBase.sources-list-snapshot"
touch_epoch "$targetBase.sources-list-snapshot"
+ local mirror secmirror
+ if [ -z "$eol" ]; then
+ mirror="http://deb.debian.org/debian"
+ secmirror="http://security.debian.org/debian-security"
+ else
+ mirror="http://archive.debian.org/debian"
+ secmirror="http://archive.debian.org/debian-security"
+ fi
+
+ local tarArgs=()
+ if [ -n "$qemu" ]; then
+ tarArgs+=( --exclude="./usr/bin/qemu-*-static" )
+ fi
+
if [ "$variant" != "sbuild" ]; then
- debuerreotype-gen-sources-list "$rootfs" "$suite" http://deb.debian.org/debian http://security.debian.org
- debuerreotype-tar "$rootfs" "$targetBase.tar.xz"
+ debuerreotype-gen-sources-list "$rootfs" "$suite" "$mirror" "$secmirror"
else
# sbuild needs "deb-src" entries
- debuerreotype-gen-sources-list --deb-src "$rootfs" "$suite" http://deb.debian.org/debian http://security.debian.org
+ debuerreotype-gen-sources-list --deb-src "$rootfs" "$suite" "$mirror" "$secmirror"
# APT has odd issues with "Acquire::GzipIndexes=false" + "file://..." sources sometimes
# (which are used in sbuild for "--extra-package")
@@ -166,21 +249,32 @@ docker run \
# schroot is picky about "/dev" (which is excluded by default in "debuerreotype-tar")
# see https://github.com/debuerreotype/debuerreotype/pull/8#issuecomment-305855521
- debuerreotype-tar --include-dev "$rootfs" "$targetBase.tar.xz"
+ tarArgs+=( --include-dev )
fi
+
+ debuerreotype-tar "${tarArgs[@]}" "$rootfs" "$targetBase.tar.xz"
du -hsx "$targetBase.tar.xz"
sha256sum "$targetBase.tar.xz" | cut -d" " -f1 > "$targetBase.tar.xz.sha256"
touch_epoch "$targetBase.tar.xz.sha256"
- debuerreotype-chroot "$rootfs" dpkg-query -W > "$targetBase.manifest"
+ debuerreotype-chroot "$rootfs" bash -c "
+ if ! dpkg-query -W; then
+ # --debian-eol woody has no dpkg-query
+ dpkg -l
+ fi
+ " > "$targetBase.manifest"
echo "$epoch" > "$targetBase.debuerreotype-epoch"
- touch_epoch "$targetBase.manifest" "$targetBase.debuerreotype-epoch"
+ debuerreotype-version > "$targetBase.debuerreotype-version"
+ touch_epoch "$targetBase.manifest" "$targetBase.debuerreotype-epoch" "$targetBase.debuerreotype-version"
for f in debian_version os-release apt/sources.list; do
targetFile="$targetBase.$(basename "$f" | sed -r "s/[^a-zA-Z0-9_-]+/-/g")"
- cp "$rootfs/etc/$f" "$targetFile"
- touch_epoch "$targetFile"
+ if [ -e "$rootfs/etc/$f" ]; then
+ # /etc/os-release does not exist in --debian-eol squeeze, for example (hence the existence check)
+ cp "$rootfs/etc/$f" "$targetFile"
+ touch_epoch "$targetFile"
+ fi
done
}
diff --git a/debian/changelog b/debian/changelog
index e3a8395..5f9f318 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+debuerreotype (0.6-1) unstable; urgency=medium
+
+ * Update to 0.6 upstream release; notable PRs (since 0.4):
+ - https://github.com/debuerreotype/debuerreotype/pull/24
+ - https://github.com/debuerreotype/debuerreotype/pull/26
+ - https://github.com/debuerreotype/debuerreotype/pull/28
+ - https://github.com/debuerreotype/debuerreotype/pull/31
+ - https://github.com/debuerreotype/debuerreotype/pull/32
+ * Update autopkgtests to show a relevant "diffoscope" result on failure
+
+ -- Tianon Gravi <tianon at debian.org> Thu, 17 May 2018 13:47:33 -0700
+
debuerreotype (0.4-2) unstable; urgency=medium
* Add debootstrap to autopkgtests Depends where Recommends get skipped
diff --git a/debian/tests/control b/debian/tests/control
index 8233571..4846b48 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -1,3 +1,8 @@
Tests: stretch
-Depends: debuerreotype, debootstrap
+Depends: ca-certificates,
+ debootstrap,
+ debuerreotype,
+ diffoscope,
+ wget,
+ xz-utils
Restrictions: allow-stderr, needs-root
diff --git a/debian/tests/stretch b/debian/tests/stretch
index 271b10a..695f615 100755
--- a/debian/tests/stretch
+++ b/debian/tests/stretch
@@ -5,10 +5,11 @@ suite='stretch'
timestamp='2017-01-01T00:00:00Z'
expectedEpoch='1483228800'
-expectedSha256='426b8ef5a40588c61084cafbb5a187e6a8e1089da34821f314ea3369f90c8931'
+expectedSha256='5ba341c3235d386744e9ea5db801174d03481c62c5f6e9463e6c5c51e91073f0'
-rootfs="$(mktemp -d)"
-trap "rm -rf '$rootfs'" EXIT
+tempDir="$(mktemp -d)"
+trap "rm -rf '$tempDir'" EXIT
+rootfs="$tempDir/rootfs"
set -x
@@ -17,7 +18,24 @@ debuerreotype-init "$rootfs" "$suite" "$timestamp"
debuerreotype-chroot "$rootfs" true
-debuerreotype-gen-sources-list "$rootfs" "$suite" http://deb.debian.org/debian http://security.debian.org
+debuerreotype-gen-sources-list "$rootfs" "$suite" http://deb.debian.org/debian http://security.debian.org/debian-security
-sha256="$(debuerreotype-tar "$rootfs" - | sha256sum | cut -d' ' -f1)"
-[ "$sha256" = "$expectedSha256" ]
+debuerreotype-tar "$rootfs" "$tempDir/actual.tar"
+sha256="$(sha256sum "$tempDir/actual.tar" | cut -d' ' -f1)"
+
+# see https://people.debian.org/~tianon/debuerreotype/
+
+if [ "$sha256" != "$expectedSha256" ]; then
+ (
+ set +x
+ echo >&2
+ echo >&2 'ERROR: expected SHA256 does not match actual -- downloading pristine source to compare (via diffoscope)'
+ echo >&2
+ )
+
+ toCompare="https://people.debian.org/~tianon/debuerreotype/$suite--$timestamp--$expectedSha256.txz"
+ wget -qO "$tempDir/expected.txz" "$toCompare"
+ xz -d < "$tempDir/expected.txz" > "$tempDir/expected.tar"
+ diffoscope >&2 "$tempDir/expected.tar" "$tempDir/actual.tar"
+ exit 1
+fi
diff --git a/raspbian.sh b/raspbian.sh
index dff26e2..be52765 100755
--- a/raspbian.sh
+++ b/raspbian.sh
@@ -62,7 +62,7 @@ docker run \
mirror="http://archive.raspbian.org/raspbian"
- dpkgArch="$(dpkg --print-architecture)"
+ dpkgArch="armhf"
exportDir="output"
outputDir="$exportDir/raspbian/$dpkgArch/$suite"
@@ -79,7 +79,7 @@ docker run \
{
debuerreotype-init --non-debian \
- --arch armhf \
+ --arch "$dpkgArch" \
--keyring /usr/share/keyrings/raspbian-archive-keyring.gpg \
rootfs "$suite" "$mirror"
@@ -107,7 +107,7 @@ docker run \
# poor wheezy
iproute=iproute
fi
- debuerreotype-apt-get rootfs install -y --no-install-recommends inetutils-ping $iproute
+ debuerreotype-apt-get rootfs install -y --no-install-recommends iputils-ping $iproute
debuerreotype-slimify rootfs-slim
diff --git a/scripts/.apt-version.sh b/scripts/.apt-version.sh
new file mode 100755
index 0000000..50146f0
--- /dev/null
+++ b/scripts/.apt-version.sh
@@ -0,0 +1,30 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+thisDir="$(dirname "$(readlink -f "$BASH_SOURCE")")"
+source "$thisDir/.constants.sh" \
+ '<target-dir>' \
+ 'rootfs'
+
+eval "$dgetopt"
+while true; do
+ flag="$1"; shift
+ dgetopt-case "$flag"
+ case "$flag" in
+ --) break ;;
+ *) eusage "unknown flag '$flag'" ;;
+ esac
+done
+
+targetDir="${1:-}"; shift || eusage 'missing target-dir'
+[ -n "$targetDir" ]
+
+# scrape our APT version so we can do some basic feature detection (especially to remove unsupported settings on --debian-eol)
+"$thisDir/debuerreotype-chroot" "$targetDir" bash -c '
+ if command -v dpkg-query > /dev/null; then
+ dpkg-query --show --showformat "\${Version}\n" apt
+ else
+ # if dpkg-query does not exist, we must be on woody or potato, so just assume something ancient like 0.5.4 (since that is what woody includes and is old enough to cover all our features being excluded)
+ echo 0.5.4
+ fi
+'
diff --git a/scripts/.dpkg-arch.sh b/scripts/.dpkg-arch.sh
new file mode 100755
index 0000000..6d7a33b
--- /dev/null
+++ b/scripts/.dpkg-arch.sh
@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+thisDir="$(dirname "$(readlink -f "$BASH_SOURCE")")"
+source "$thisDir/.constants.sh" \
+ '<target-dir>' \
+ 'rootfs'
+
+eval "$dgetopt"
+while true; do
+ flag="$1"; shift
+ dgetopt-case "$flag"
+ case "$flag" in
+ --) break ;;
+ *) eusage "unknown flag '$flag'" ;;
+ esac
+done
+
+targetDir="${1:-}"; shift || eusage 'missing target-dir'
+[ -n "$targetDir" ]
+
+arch="$("$thisDir/debuerreotype-chroot" "$targetDir" dpkg --print-architecture)"
+
+# --debian-eol woody likes to give us "i386-none"
+arch="${arch%-none}"
+
+echo "$arch" | awk -F- '{ print $NF }'
diff --git a/scripts/.snapshot-url.sh b/scripts/.snapshot-url.sh
index a3d6013..1c0997f 100755
--- a/scripts/.snapshot-url.sh
+++ b/scripts/.snapshot-url.sh
@@ -6,6 +6,16 @@ source "$thisDir/.constants.sh" \
'<timestamp> [archive]' \
'2017-05-08T00:00:00Z debian-security'
+eval "$dgetopt"
+while true; do
+ flag="$1"; shift
+ dgetopt-case "$flag"
+ case "$flag" in
+ --) break ;;
+ *) eusage "unknown flag '$flag'" ;;
+ esac
+done
+
timestamp="${1:-}"; shift || eusage 'missing timestamp'
archive="${1:-debian}"
diff --git a/scripts/debuerreotype-chroot b/scripts/debuerreotype-chroot
index eb2e8b4..b2e17a3 100755
--- a/scripts/debuerreotype-chroot
+++ b/scripts/debuerreotype-chroot
@@ -26,7 +26,10 @@ export targetDir epoch
unshare --mount bash -Eeuo pipefail -c '
[ -n "$targetDir" ] # just to be safe
for dir in dev proc sys; do
- mount --rbind "/$dir" "$targetDir/$dir"
+ if [ -e "$targetDir/$dir" ]; then
+ # --debian-eol woody and below have no /sys
+ mount --rbind "/$dir" "$targetDir/$dir"
+ fi
done
exec chroot "$targetDir" /usr/bin/env -i PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" TZ="$TZ" LC_ALL="$LC_ALL" SOURCE_DATE_EPOCH="$epoch" "$@"
' -- "$cmd" "$@"
diff --git a/scripts/debuerreotype-fixup b/scripts/debuerreotype-fixup
index 77199af..ddf48d5 100755
--- a/scripts/debuerreotype-fixup
+++ b/scripts/debuerreotype-fixup
@@ -28,6 +28,11 @@ rm -f \
"$targetDir/var/log/alternatives.log" \
"$targetDir/var/cache/ldconfig/aux-cache"
+# https://github.com/debuerreotype/debuerreotype/pull/32
+rm -f "$targetDir/run/mount/utab"
+# (also remove the directory, but only if it's empty)
+rmdir "$targetDir/run/mount" 2>/dev/null || :
+
find "$targetDir" \
-newermt "@$epoch" \
-exec touch --no-dereference --date="@$epoch" '{}' +
diff --git a/scripts/debuerreotype-gen-sources-list b/scripts/debuerreotype-gen-sources-list
index b449ea4..7749688 100755
--- a/scripts/debuerreotype-gen-sources-list
+++ b/scripts/debuerreotype-gen-sources-list
@@ -6,7 +6,7 @@ source "$thisDir/.constants.sh" \
--flags 'deb-src' \
-- \
'[--deb-src] <target-dir> <suite> <mirror> <secmirror>' \
- 'rootfs stretch http://deb.debian.org/debian http://security.debian.org'
+ 'rootfs stretch http://deb.debian.org/debian http://security.debian.org/debian-security'
eval "$dgetopt"
debSrc=
@@ -27,11 +27,22 @@ secmirror="${1:-}"; shift || eusage 'missing secmirror'
[ -n "$targetDir" ]
comp='main'
+arch="$("$thisDir/.dpkg-arch.sh" "$targetDir")"
deb() {
- echo "deb $*"
+ local mirror="$1"; shift
+ local suite="$1"; shift
+ local comp="$1"; shift
+
+ # http://snapshot.debian.org/archive/debian-archive/20160314T000000Z/debian/dists/squeeze-updates/main/binary-amd64/Packages.gz
+ if ! wget --quiet --spider -O /dev/null -o /dev/null "$mirror/dists/$suite/$comp/binary-$arch/Packages.gz"; then
+ echo >&2 "warning: $mirror does not appear to support $suite/$comp on $arch; skipping"
+ return
+ fi
+
+ echo "deb $mirror $suite $comp"
if [ -n "$debSrc" ]; then
- echo "deb-src $*"
+ echo "deb-src $mirror $suite $comp"
fi
}
@@ -43,6 +54,7 @@ deb() {
;;
*)
+ # https://wiki.debian.org/SourcesList#Example_sources.list
deb "$mirror" "$suite" "$comp"
deb "$mirror" "$suite-updates" "$comp"
deb "$secmirror" "$suite/updates" "$comp"
@@ -50,3 +62,8 @@ deb() {
esac
} > "$targetDir/etc/apt/sources.list"
chmod 0644 "$targetDir/etc/apt/sources.list"
+
+if [ ! -s "$targetDir/etc/apt/sources.list" ]; then
+ echo >&2 "error: sources.list ended up empty -- something is definitely wrong"
+ exit 1
+fi
diff --git a/scripts/debuerreotype-init b/scripts/debuerreotype-init
index c868f94..c08d97a 100755
--- a/scripts/debuerreotype-init
+++ b/scripts/debuerreotype-init
@@ -3,35 +3,42 @@ set -Eeuo pipefail
thisDir="$(dirname "$(readlink -f "$BASH_SOURCE")")"
source "$thisDir/.constants.sh" \
- --flags 'debian,non-debian' \
+ --flags 'debian,debian-eol,non-debian' \
--flags 'debootstrap:' \
--flags 'debootstrap-script:' \
- --flags 'keyring:,arch:' \
+ --flags 'keyring:,arch:,include:,exclude:' \
--flags 'merged-usr,no-merged-usr' \
-- \
'<target-dir> <suite> <timestamp>' \
- 'rootfs stretch 2017-05-08T00:00:00Z' \
+ 'rootfs stretch 2017-05-08T00:00:00Z
+--debian-eol rootfs squeeze 2016-03-14T00:00:00Z' \
\
'--non-debian [--debootstrap-script=xyz] <target-dir> <suite> <mirror>' \
'--non-debian rootfs xenial http://archive.ubuntu.com/ubuntu'
eval "$dgetopt"
nonDebian=
+debianEol=
debootstrap=
script=
keyring=
arch=
+include=
+exclude=
noMergedUsr=
while true; do
flag="$1"; shift
dgetopt-case "$flag"
case "$flag" in
- --debian) nonDebian= ;;
- --non-debian) nonDebian=1 ;;
+ --debian) nonDebian= ; debianEol= ;;
+ --debian-eol) nonDebian= ; debianEol=1 ;;
+ --non-debian) nonDebian=1; debianEol= ;;
--debootstrap) debootstrap="$1"; shift ;;
--debootstrap-script) script="$1"; shift ;;
--keyring) keyring="$1"; shift ;;
--arch) arch="$1"; shift ;;
+ --include) include="${include:+$include,}$1"; shift ;;
+ --exclude) exclude="${exclude:+$exclude,}$1"; shift ;;
--merged-usr) noMergedUsr= ;;
--no-merged-usr) noMergedUsr=1 ;;
--) break ;;
@@ -63,24 +70,66 @@ epoch="$(date --date "$timestamp" '+%s')"
export SOURCE_DATE_EPOCH="$epoch"
if [ -z "$nonDebian" ]; then
- mirror="$("$thisDir/.snapshot-url.sh" "@$epoch")"
- secmirror="$("$thisDir/.snapshot-url.sh" "@$epoch" 'debian-security')"
+ if [ -z "$debianEol" ]; then
+ mirror="$("$thisDir/.snapshot-url.sh" "@$epoch")"
+ secmirror="$("$thisDir/.snapshot-url.sh" "@$epoch" 'debian-security')"
+ else
+ mirrorbase="$("$thisDir/.snapshot-url.sh" "@$epoch" 'debian-archive')"
+ mirror="$mirrorbase/debian"
+ secmirror="$mirrorbase/debian-security"
+ fi
fi
debootstrapArgs=(
--force-check-gpg
- --variant=minbase
)
+
+minbaseSupported="$(
+ scriptFile="$(
+ if [ -n "$script" ]; then
+ readlink -f "$script"
+ else
+ cd /usr/share/debootstrap/scripts
+ readlink -f "$suite"
+ fi
+ )"
+ if grep -q 'minbase' "$scriptFile"; then
+ echo 1
+ fi
+)"
+if [ -n "$minbaseSupported" ]; then
+ # --debian-eol sarge and older do not support minbase
+ debootstrapArgs+=( --variant=minbase )
+fi
+
[ -n "$noMergedUsr" ] || debootstrapArgs+=( --merged-usr )
[ -z "$keyring" ] || debootstrapArgs+=( --keyring="$keyring" )
[ -z "$arch" ] || debootstrapArgs+=( --arch="$arch" )
+[ -z "$include" ] || debootstrapArgs+=( --include="$include" )
+[ -z "$exclude" ] || debootstrapArgs+=( --exclude="$exclude" )
debootstrapArgs+=(
"$suite" "$targetDir" "$mirror"
)
[ -z "$script" ] || debootstrapArgs+=( "$script" )
-"${debootstrap:-debootstrap}" "${debootstrapArgs[@]}"
+: "${debootstrap:=debootstrap}"
+if ! "$debootstrap" "${debootstrapArgs[@]}"; then
+ if [ -f "$targetDir/debootstrap/debootstrap.log" ]; then
+ echo >&2
+ echo >&2 "error: '$debootstrap' failed!"
+ echo >&2
+ echo >&2 ' Full command:'
+ echo >&2
+ echo >&2 " $(printf ' %q' "$debootstrap" "${debootstrapArgs[@]}")"
+ echo >&2
+ echo >&2 ' Logs:'
+ echo >&2
+ cat >&2 "$targetDir/debootstrap/debootstrap.log"
+ echo >&2
+ fi
+ exit 1
+fi
echo "$epoch" > "$targetDir/debuerreotype-epoch"
if [ -z "$nonDebian" ]; then
@@ -88,7 +137,19 @@ if [ -z "$nonDebian" ]; then
fi
# since we're minbase, we know everything included is either essential, or a dependency of essential, so let's get clean "apt-mark showmanual" output
-"$thisDir/debuerreotype-chroot" "$targetDir" apt-mark auto '.*' > /dev/null
+"$thisDir/debuerreotype-chroot" "$targetDir" bash -c '
+ # --debian-eol squeeze and below do not have python in minbase, thus "apt-mark" fails to run
+ # bash: /usr/bin/apt-mark: /usr/bin/python: bad interpreter: No such file or directory
+ # (also, squeeze APT does not treat essential packages as special, and will offer to purge them if they get marked as auto-installed)
+ if apt-mark --help > /dev/null; then
+ apt-mark auto ".*" > /dev/null
+ if [ -n "$1" ]; then
+ # if the user asked for anything to be included extra (like "xyz-archive-keyring"), mark those packages as manually installed
+ IFS=","; includePackages=( $1 ); unset IFS
+ apt-mark manual "${includePackages[@]}"
+ fi
+ fi
+' -- "$include"
echo 'debuerreotype' > "$targetDir/etc/hostname"
echo "$epoch" \
@@ -104,10 +165,17 @@ chmod 0644 \
"$targetDir/etc/machine-id" \
"$targetDir/etc/resolv.conf"
+# fix ownership/permissions on / (otherwise "debootstrap" leaves them as-is which causes reproducibility issues)
+chown 0:0 "$targetDir"
+chmod 0755 "$targetDir"
+
# https://bugs.debian.org/857803
# adjust field 3 in /etc/shadow and /etc/shadow- to $(( epoch / 60 / 60 / 24 )), if it's larger
sp_lstchg="$(( epoch / 60 / 60 / 24 ))"
for shadowFile in etc/shadow etc/shadow-; do
+ # --debian-eol etch and older do not include /etc/shadow-
+ [ -e "$targetDir/$shadowFile" ] || continue
+
newShadowFile="$shadowFile.debuerreotype"
awk -F ':' \
-v OFS=':' \
diff --git a/scripts/debuerreotype-minimizing-config b/scripts/debuerreotype-minimizing-config
index 2935caf..4d2eb78 100755
--- a/scripts/debuerreotype-minimizing-config
+++ b/scripts/debuerreotype-minimizing-config
@@ -19,6 +19,8 @@ done
targetDir="${1:-}"; shift || eusage 'missing target-dir'
[ -n "$targetDir" ]
+aptVersion="$("$thisDir/.apt-version.sh" "$targetDir")"
+
# https://github.com/docker/docker/blob/d6f4fe9e38b60f63e429fff7ffced9c26cbf8236/contrib/mkimage/debootstrap#L63-L177
# prevent init scripts from running during install/update
@@ -40,83 +42,94 @@ sed -i 's/^exit.*/exit 0/' "$targetDir/sbin/initctl"
# TODO should we only do this if "/sbin/initctl" already exists?
# force dpkg not to call sync() after package extraction (speeding up installs)
-cat > "$targetDir/etc/dpkg/dpkg.cfg.d/docker-apt-speedup" <<-'EOF'
- # For most Docker users, package installs happen during "docker build", which
- # doesn't survive power loss and gets restarted clean afterwards anyhow, so
- # this minor tweak gives us a nice speedup (much nicer on spinning disks,
- # obviously).
-
- force-unsafe-io
-EOF
-chmod 0644 "$targetDir/etc/dpkg/dpkg.cfg.d/docker-apt-speedup"
-
-# keep us lean by effectively running "apt-get clean" after every install
-aptGetClean='"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true";'
-cat > "$targetDir/etc/apt/apt.conf.d/docker-clean" <<-EOF
- # Since for most Docker users, package installs happen in "docker build" steps,
- # they essentially become individual layers due to the way Docker handles
- # layering, especially using CoW filesystems. What this means for us is that
- # the caches that APT keeps end up just wasting space in those layers, making
- # our layers unnecessarily large (especially since we'll normally never use
- # these caches again and will instead just "docker build" again and make a brand
- # new image).
-
- # Ideally, these would just be invoking "apt-get clean", but in our testing,
- # that ended up being cyclic and we got stuck on APT's lock, so we get this fun
- # creation that's essentially just "apt-get clean".
- DPkg::Post-Invoke { $aptGetClean };
- APT::Update::Post-Invoke { $aptGetClean };
-
- Dir::Cache::pkgcache "";
- Dir::Cache::srcpkgcache "";
-
- # Note that we do realize this isn't the ideal way to do this, and are always
- # open to better suggestions (https://github.com/debuerreotype/debuerreotype/issues).
-EOF
-chmod 0644 "$targetDir/etc/apt/apt.conf.d/docker-clean"
-
-# remove apt-cache translations for faster "apt-get update"
-cat > "$targetDir/etc/apt/apt.conf.d/docker-no-languages" <<-'EOF'
- # In Docker, we don't often need the "Translations" files, so we're just wasting
- # time and space by downloading them, and this inhibits that. For users that do
- # need them, it's a simple matter to delete this file and "apt-get update". :)
-
- Acquire::Languages "none";
-EOF
-chmod 0644 "$targetDir/etc/apt/apt.conf.d/docker-no-languages"
-
-cat > "$targetDir/etc/apt/apt.conf.d/docker-gzip-indexes" <<-'EOF'
- # Since Docker users using "RUN apt-get update && apt-get install -y ..." in
- # their Dockerfiles don't go delete the lists files afterwards, we want them to
- # be as small as possible on-disk, so we explicitly request "gz" versions and
- # tell Apt to keep them gzipped on-disk.
-
- # For comparison, an "apt-get update" layer without this on a pristine
- # "debian:wheezy" base image was "29.88 MB", where with this it was only
- # "8.273 MB".
-
- Acquire::GzipIndexes "true";
- Acquire::CompressionTypes::Order:: "gz";
-EOF
-chmod 0644 "$targetDir/etc/apt/apt.conf.d/docker-gzip-indexes"
-
-# update "autoremove" configuration to be aggressive about removing suggests deps that weren't manually installed
-cat > "$targetDir/etc/apt/apt.conf.d/docker-autoremove-suggests" <<-'EOF'
- # Since Docker users are looking for the smallest possible final images, the
- # following emerges as a very common pattern:
-
- # RUN apt-get update \
- # && apt-get install -y <packages> \
- # && <do some compilation work> \
- # && apt-get purge -y --auto-remove <packages>
-
- # By default, APT will actually _keep_ packages installed via Recommends or
- # Depends if another package Suggests them, even and including if the package
- # that originally caused them to be installed is removed. Setting this to
- # "false" ensures that APT is appropriately aggressive about removing the
- # packages it added.
-
- # https://aptitude.alioth.debian.org/doc/en/ch02s05s05.html#configApt-AutoRemove-SuggestsImportant
- Apt::AutoRemove::SuggestsImportant "false";
-EOF
-chmod 0644 "$targetDir/etc/apt/apt.conf.d/docker-autoremove-suggests"
+if [ -d "$targetDir/etc/dpkg/dpkg.cfg.d" ]; then
+ # --debian-eol lenny and older do not include /etc/dpkg/dpkg.cfg.d
+ cat > "$targetDir/etc/dpkg/dpkg.cfg.d/docker-apt-speedup" <<-'EOF'
+ # For most Docker users, package installs happen during "docker build", which
+ # doesn't survive power loss and gets restarted clean afterwards anyhow, so
+ # this minor tweak gives us a nice speedup (much nicer on spinning disks,
+ # obviously).
+
+ force-unsafe-io
+ EOF
+ chmod 0644 "$targetDir/etc/dpkg/dpkg.cfg.d/docker-apt-speedup"
+fi
+
+case "$aptVersion" in
+ # not supported on --debian-eol lenny and older
+ 0.7.*|0.6.*|0.5.*) ;;
+
+ *)
+ # update "autoremove" configuration to be aggressive about removing suggests deps that weren't manually installed
+ cat > "$targetDir/etc/apt/apt.conf.d/docker-autoremove-suggests" <<-'EOF'
+ # Since Docker users are looking for the smallest possible final images, the
+ # following emerges as a very common pattern:
+
+ # RUN apt-get update \
+ # && apt-get install -y <packages> \
+ # && <do some compilation work> \
+ # && apt-get purge -y --auto-remove <packages>
+
+ # By default, APT will actually _keep_ packages installed via Recommends or
+ # Depends if another package Suggests them, even and including if the package
+ # that originally caused them to be installed is removed. Setting this to
+ # "false" ensures that APT is appropriately aggressive about removing the
+ # packages it added.
+
+ # https://aptitude.alioth.debian.org/doc/en/ch02s05s05.html#configApt-AutoRemove-SuggestsImportant
+ Apt::AutoRemove::SuggestsImportant "false";
+ EOF
+ chmod 0644 "$targetDir/etc/apt/apt.conf.d/docker-autoremove-suggests"
+
+ # keep us lean by effectively running "apt-get clean" after every install
+ aptGetClean='"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true";'
+ cat > "$targetDir/etc/apt/apt.conf.d/docker-clean" <<-EOF
+ # Since for most Docker users, package installs happen in "docker build" steps,
+ # they essentially become individual layers due to the way Docker handles
+ # layering, especially using CoW filesystems. What this means for us is that
+ # the caches that APT keeps end up just wasting space in those layers, making
+ # our layers unnecessarily large (especially since we'll normally never use
+ # these caches again and will instead just "docker build" again and make a brand
+ # new image).
+
+ # Ideally, these would just be invoking "apt-get clean", but in our testing,
+ # that ended up being cyclic and we got stuck on APT's lock, so we get this fun
+ # creation that's essentially just "apt-get clean".
+ DPkg::Post-Invoke { $aptGetClean };
+ APT::Update::Post-Invoke { $aptGetClean };
+
+ Dir::Cache::pkgcache "";
+ Dir::Cache::srcpkgcache "";
+
+ # Note that we do realize this isn't the ideal way to do this, and are always
+ # open to better suggestions (https://github.com/debuerreotype/debuerreotype/issues).
+ EOF
+ chmod 0644 "$targetDir/etc/apt/apt.conf.d/docker-clean"
+
+ cat > "$targetDir/etc/apt/apt.conf.d/docker-gzip-indexes" <<-'EOF'
+ # Since Docker users using "RUN apt-get update && apt-get install -y ..." in
+ # their Dockerfiles don't go delete the lists files afterwards, we want them to
+ # be as small as possible on-disk, so we explicitly request "gz" versions and
+ # tell Apt to keep them gzipped on-disk.
+
+ # For comparison, an "apt-get update" layer without this on a pristine
+ # "debian:wheezy" base image was "29.88 MB", where with this it was only
+ # "8.273 MB".
+
+ Acquire::GzipIndexes "true";
+ Acquire::CompressionTypes::Order:: "gz";
+ EOF
+ chmod 0644 "$targetDir/etc/apt/apt.conf.d/docker-gzip-indexes"
+
+ # remove apt-cache translations for faster "apt-get update"
+ cat > "$targetDir/etc/apt/apt.conf.d/docker-no-languages" <<-'EOF'
+ # In Docker, we don't often need the "Translations" files, so we're just wasting
+ # time and space by downloading them, and this inhibits that. For users that do
+ # need them, it's a simple matter to delete this file and "apt-get update". :)
+
+ Acquire::Languages "none";
+ EOF
+ chmod 0644 "$targetDir/etc/apt/apt.conf.d/docker-no-languages"
+
+ ;;
+esac
diff --git a/scripts/debuerreotype-slimify b/scripts/debuerreotype-slimify
index ba26716..58e4476 100755
--- a/scripts/debuerreotype-slimify
+++ b/scripts/debuerreotype-slimify
@@ -52,18 +52,18 @@ for slimExclude in "${slimExcludes[@]}"; do
# step 1 -- delete everything that doesn't match "$neverExclude" and isn't a directory or a symlink
"$thisDir/debuerreotype-chroot" "$targetDir" \
find "$(dirname "$slimExclude")" \
- -mindepth 1 \
+ -depth -mindepth 1 \
-not -path "$neverExclude" \
-not \( -type d -o -type l \) \
- -delete
+ -exec rm -f '{}' ';'
# step 2 -- repeatedly delete any dangling symlinks and empty directories until there aren't any
# (might have a dangling symlink in a directory which then makes it empty, or a symlink to an empty directory)
while [ "$(
"$thisDir/debuerreotype-chroot" "$targetDir" \
find "$(dirname "$slimExclude")" \
- -mindepth 1 \( -empty -o -xtype l \) \
- -delete -printf '.' \
+ -depth -mindepth 1 \( -empty -o -xtype l \) \
+ -exec rm -rf '{}' ';' -printf '.' \
| wc -c
)" -gt 0 ]; do true; done
fi
diff --git a/steamos.sh b/steamos.sh
index 58487a1..2483581 100755
--- a/steamos.sh
+++ b/steamos.sh
@@ -5,7 +5,7 @@ thisDir="$(dirname "$(readlink -f "$BASH_SOURCE")")"
source "$thisDir/scripts/.constants.sh" \
--flags 'no-build' \
-- \
- '[--no-build] <output-dir>' \
+ '[--no-build] <output-dir> [suite]' \
'output'
eval "$dgetopt"
@@ -21,6 +21,7 @@ while true; do
done
outputDir="${1:-}"; shift || eusage 'missing output-dir'
+suite="${1:-brewmaster}" # http://repo.steampowered.com/steamos/dists/
mkdir -p "$outputDir"
outputDir="$(readlink -f "$outputDir")"
@@ -43,6 +44,7 @@ dockerImage="debuerreotype/debuerreotype:$ver"
steamDockerImage="$dockerImage-steamos"
[ -z "$build" ] || docker build -t "$steamDockerImage" - <<-EODF
FROM $dockerImage
+ # http://repo.steampowered.com/steamos/pool/main/v/valve-archive-keyring/?C=M;O=D
RUN wget -O valve.deb 'http://repo.steampowered.com/steamos/pool/main/v/valve-archive-keyring/valve-archive-keyring_0.5+bsos3_all.deb' \\
&& apt install -y ./valve.deb \\
&& rm valve.deb
@@ -53,16 +55,15 @@ docker run \
"${securityArgs[@]}" \
--tmpfs /tmp:dev,exec,suid,noatime \
-w /tmp \
+ -e suite="$suite" \
-e TZ='UTC' -e LC_ALL='C' \
"$steamDockerImage" \
bash -Eeuo pipefail -c '
set -x
- # http://repo.steampowered.com/steamos/dists/
- suite="brewmaster"
mirror="http://repo.steampowered.com/steamos"
- dpkgArch="$(dpkg --print-architecture)"
+ dpkgArch="$(dpkg --print-architecture | awk -F- "{ print \$NF }")"
exportDir="output"
outputDir="$exportDir/steamos/$dpkgArch/$suite"
@@ -81,6 +82,8 @@ docker run \
debuerreotype-init --non-debian \
--debootstrap-script /usr/share/debootstrap/scripts/jessie \
--keyring /usr/share/keyrings/valve-archive-keyring.gpg \
+ --include valve-archive-keyring \
+ --exclude debian-archive-keyring \
--no-merged-usr \
rootfs "$suite" "$mirror"
echo "deb $mirror $suite main contrib non-free" | tee rootfs/etc/apt/sources.list
@@ -103,14 +106,25 @@ docker run \
tar -cC rootfs . | tar -xC "rootfs-$variant"
done
- debuerreotype-apt-get rootfs install -y --no-install-recommends iproute2 iputils-ping
+ # prefer iproute2 if it exists
+ iproute=iproute2
+ if ! debuerreotype-chroot rootfs apt-cache show iproute2 > /dev/null; then
+ # poor wheezy
+ iproute=iproute
+ fi
+ debuerreotype-apt-get rootfs install -y --no-install-recommends iputils-ping $iproute
debuerreotype-slimify rootfs-slim
# this should match the list added to the "buildd" variant in debootstrap and the list installed by sbuild
# https://anonscm.debian.org/cgit/d-i/debootstrap.git/tree/scripts/sid?id=706a45681c5bba5e062a9b02e19f079cacf2a3e8#n26
# https://anonscm.debian.org/cgit/buildd-tools/sbuild.git/tree/bin/sbuild-createchroot?id=eace3d3e59e48d26eaf069d9b63a6a4c868640e6#n194
- debuerreotype-apt-get rootfs-sbuild install -y --no-install-recommends build-essential fakeroot
+ fakeroot=fakeroot
+ if [[ "$suite" == alchemist* ]]; then
+ # poor alchemist
+ fakeroot=
+ fi
+ debuerreotype-apt-get rootfs-sbuild install -y --no-install-recommends build-essential $fakeroot
create_artifacts() {
local targetBase="$1"; shift
diff --git a/ubuntu.sh b/ubuntu.sh
index b52fbd2..cf1d05f 100755
--- a/ubuntu.sh
+++ b/ubuntu.sh
@@ -60,7 +60,7 @@ docker run \
bash -Eeuo pipefail -c '
set -x
- dpkgArch="$(dpkg --print-architecture)"
+ dpkgArch="$(dpkg --print-architecture | awk -F- "{ print \$NF }")"
case "$dpkgArch" in
amd64|i386)
More information about the Neon-commits
mailing list