diff --git a/.github/actions/build/action.yml b/.github/actions/build/action.yml index 53a54faa..3f98ba5c 100644 --- a/.github/actions/build/action.yml +++ b/.github/actions/build/action.yml @@ -1,20 +1,13 @@ inputs: dist: description: 'Dist to build' - default: 'buster' + default: 'bookworm' platform: description: 'Platform to build' default: 'amd64' is_latest: description: The created dist is also latest default: false - build_snapshot: - description: Build snapshot build - default: false -outputs: - snapshot-id: - description: "Created snapshot id if requested to build it" - value: ${{ steps.snapshot-id.outputs.snapshot-id }} runs: using: "composite" steps: @@ -26,56 +19,14 @@ runs: shell: bash - run: sudo make .installed-requirements shell: bash - - name: Install gcloud - run: | - if ! command -v gcloud &> /dev/null - then - echo "Installing gcloud" - echo "deb https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list - curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - - - apt-get update - apt-get install -y google-cloud-sdk - else - echo "gcloud is installed" - fi - shell: bash - name: "Install QEMU" run: | set -x - if [[ "${{ inputs.platform }}" == "arm64" ]]; then + if [[ "${{ inputs.platform }}" == "arm64" && "$(uname -m)" != "aarch64" ]]; then echo "Installing QEMU" - # qemu-user-static fails with segfaults building bullseye - # We will revisit this when 20.10 is allowed as build slave on GitHub Actions - # https://bugs.launchpad.net/qemu/+bug/1749393 - # https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1928075 - if [[ "${{ inputs.dist }}" == "bullseye" ]]; then - sudo tee /etc/apt/preferences.d/qemu <> $GITHUB_OUTPUT + echo "author=${author}" >> $GITHUB_OUTPUT + echo "author_association=${author_association}" >> $GITHUB_OUTPUT + echo "review_state=${issue_review_state}" >> $GITHUB_OUTPUT + echo "labels=${labels}" >> $GITHUB_OUTPUT + echo "resource_url=${resource_url}" >> $GITHUB_OUTPUT + call-pr-review-comment: + uses: bitnami/support/.github/workflows/pr-review-comment.yml@main + needs: pr-info + permissions: + contents: read + secrets: inherit + with: + author: ${{ needs.pr-info.outputs.author }} + actor: ${{ needs.pr-info.outputs.actor }} + labels: ${{ needs.pr-info.outputs.labels }} + review_state: ${{ needs.pr-info.outputs.review_state }} + resource_url: ${{ needs.pr-info.outputs.resource_url }} diff --git a/.github/workflows/pr-reviews-requested.yml b/.github/workflows/pr-reviews-requested.yml new file mode 100644 index 00000000..1f18378b --- /dev/null +++ b/.github/workflows/pr-reviews-requested.yml @@ -0,0 +1,20 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# NOTE: This workflow is maintained in the https://github.com/bitnami/support repository +name: '[Support] Review based card movements' +on: + pull_request_target: + types: + - review_requested + - synchronize +permissions: + contents: read +# Avoid concurrency over the same issue +concurrency: + group: card-movement-${{ github.event.number }} +jobs: + call-pr-review-workflow: + if: ${{ github.repository_owner == 'bitnami' }} + uses: bitnami/support/.github/workflows/pr-review-requested-sync.yml@main + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/pr-reviews.yml b/.github/workflows/pr-reviews.yml new file mode 100644 index 00000000..3d0506d7 --- /dev/null +++ b/.github/workflows/pr-reviews.yml @@ -0,0 +1,31 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# NOTE: This workflow is maintained in the https://github.com/bitnami/support repository +name: '[Support] PR review comment card movements' +on: + pull_request_review_comment: + types: + - created + pull_request_review: + types: + - submitted + - dismissed +permissions: {} +# Avoid concurrency over the same issue +concurrency: + group: card-movement-${{ github.event.pull_request.number }} +jobs: + just-notice: + # This is a dummy workflow that triggers a workflow_run + runs-on: ubuntu-latest + if: ${{ github.repository_owner == 'bitnami' }} + steps: + - run: | + echo "::notice:: Comment on PR #${{ github.event.pull_request.number }}" + jq -n --arg issue '${{ github.event.pull_request.number }}' --arg state '${{ github.event.review != null && github.event.review.state || '' }}' '{"issue": {"number": $issue }, "review": { "state": $state }}' > pull_request_info.json + - name: Upload the PR info + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 + with: + name: pull_request_info.json + path: ./pull_request_info.json \ No newline at end of file diff --git a/.github/workflows/reasign.yml b/.github/workflows/reasign.yml new file mode 100644 index 00000000..affebd94 --- /dev/null +++ b/.github/workflows/reasign.yml @@ -0,0 +1,24 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# NOTE: This workflow is maintained in the https://github.com/bitnami/support repository +name: '[Support] Review based card movements' +on: + pull_request_target: + types: + - labeled + issues: + types: + - labeled +permissions: + contents: read + pull-requests: write + issues: write +# Avoid concurrency over the same issue +concurrency: + group: card-movement-${{ github.event.issue != null && github.event.issue.number || github.event.number }} +jobs: + call-reasign-workflow: + if: ${{ github.repository_owner == 'bitnami' }} + uses: bitnami/support/.github/workflows/item-labeled.yml@main + secrets: inherit \ No newline at end of file diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 00000000..98b64ab2 --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,45 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# NOTE: This workflow is maintained in the https://github.com/bitnami/support repository +name: '[Support] Close stale issues and PRs' +on: + workflow_dispatch: + schedule: + - cron: '0 1 * * *' +# Remove all permissions by default +permissions: {} +# This job won't trigger any additional event. All actions are performed with GITHUB_TOKEN +jobs: + stale: + runs-on: ubuntu-latest + if: ${{ github.repository_owner == 'bitnami' }} + permissions: + issues: write + pull-requests: write + steps: + # This step will add the stale comment and label for the first 15 days without activity. It won't close any task + - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + stale-issue-message: 'This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.' + stale-pr-message: 'This Pull Request has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thank you for your contribution.' + days-before-stale: 15 + days-before-close: -1 + exempt-issue-labels: 'on-hold' + exempt-pr-labels: 'on-hold' + operations-per-run: 500 + # This step will add the 'solved' label and the last comment before closing the issue or PR. Note that it won't close any issue or PR, they will be closed by the clossing-issues workflow + - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + stale-issue-message: 'Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.' + stale-pr-message: 'Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Pull Request. Do not hesitate to reopen it later if necessary.' + any-of-labels: 'stale' + stale-issue-label: 'solved' + stale-pr-label: 'solved' + days-before-stale: 5 + days-before-close: -1 + exempt-issue-labels: 'on-hold' + exempt-pr-labels: 'on-hold' + operations-per-run: 200 \ No newline at end of file diff --git a/.github/workflows/triage.yml b/.github/workflows/triage.yml new file mode 100644 index 00000000..bae4cde3 --- /dev/null +++ b/.github/workflows/triage.yml @@ -0,0 +1,27 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# This workflow is built to manage the triage support by using GH issues. +# NOTE: This workflow is maintained in the https://github.com/bitnami/support repository +name: '[Support] Organize triage' +on: + issues: + types: + - reopened + - opened + pull_request_target: + types: + - reopened + - opened +permissions: + contents: read + pull-requests: write + issues: write +# Avoid concurrency over the same issue +concurrency: + group: card-movement-${{ github.event.issue != null && github.event.issue.number || github.event.number }} +jobs: + call-triage-workflow: + if: ${{ github.repository_owner == 'bitnami' }} + uses: bitnami/support/.github/workflows/item-opened.yml@main + secrets: inherit \ No newline at end of file diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 00000000..48beb02e --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,17 @@ +# Contributor Code of Conduct + +As contributors and maintainers of this project, we pledge to respect everyone who contributes by posting issues, updating documentation, submitting pull requests, providing feedback in comments, and any other activities. + +Communication through any of Bitnami's channels (GitHub, mailing lists, Twitter, and so on) must be constructive and never resort to personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct. + +We promise to extend courtesy and respect to everyone involved in this project, regardless of gender, gender identity, sexual orientation, disability, age, race, ethnicity, religion, or level of experience. We expect anyone contributing to this project to do the same. + +If any member of the community violates this code of conduct, the maintainers of this project may take action, including removing issues, comments, and PRs or blocking accounts, as deemed appropriate. + +If you are subjected to or witness unacceptable behavior, or have any other concerns, please communicate with us. + +If you have suggestions to improve this Code of Conduct, please submit an issue or PR. + +**Attribution** + +This Code of Conduct is adapted from the Angular project available at this page: https://github.com/angular/code-of-conduct/blob/master/CODE_OF_CONDUCT.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..8192828f --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,48 @@ +# Contributing Guidelines + +Contributions are welcome via GitHub Pull Requests. This document outlines the process to help get your contribution accepted. + +Any type of contribution is welcome: new features, bug fixes, documentation improvements, etc. + +## How to Contribute + +1. Fork this repository, develop, and test your changes. +2. Submit a pull request. + +### Requirements + +When submitting a PR make sure that: +- It must pass CI jobs for linting and test the changes (if any). +- The title of the PR is clear enough. +- If necessary, add information to the repository's `README.md`. + +#### Sign Your Work + +The sign-off is a simple line at the end of the explanation for a commit. All commits needs to be signed. Your signature certifies that you wrote the patch or otherwise have the right to contribute the material. The rules are pretty simple, you only need to certify the guidelines from [developercertificate.org](https://developercertificate.org/). + +Then you just add a line to every git commit message: + + Signed-off-by: Joe Smith + +Use your real name (sorry, no pseudonyms or anonymous contributions.) + +If you set your `user.name` and `user.email` git configs, you can sign your commit automatically with `git commit -s`. + +Note: If your git config information is set properly then viewing the `git log` information for your commit will look something like this: + +``` +Author: Joe Smith +Date: Thu Feb 2 11:41:15 2018 -0800 + + Update README + + Signed-off-by: Joe Smith +``` + +Notice the `Author` and `Signed-off-by` lines match. If they don't your PR will be rejected by the automated DCO check. + +### PR Approval and Release Process + +1. Changes are manually reviewed by Bitnami team members usually within a business day. +2. Once the changes are accepted, the PR is tested (if needed) into the Bitnami CI pipeline. +3. The PR is merged by the reviewer(s) in the GitHub `master` branch. diff --git a/LICENSE.md b/LICENSE.md index cdc8ab40..b57c3f72 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -1,13 +1,202 @@ -Copyright © 2022 Bitnami + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - http://www.apache.org/licenses/LICENSE-2.0 + 1. Definitions. -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/README.md b/README.md index f24fecca..fab85c7a 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,15 @@ -minideb -======= - -[![CI](https://github.com/bitnami/minideb/actions/workflows/main.yml/badge.svg?branch=master)](https://github.com/bitnami/minideb/actions/workflows/main.yml) +

+ +

+ +

+ + + + + + +

# What is Minideb A minimalist Debian-based image built specifically to be used as a base image for containers. @@ -14,24 +22,24 @@ $ docker run --rm -it bitnami/minideb:latest There are [tags](https://hub.docker.com/r/bitnami/minideb/tags/) for the different Debian releases. ``` -$ docker run --rm -it bitnami/minideb:stretch +$ docker run --rm -it bitnami/minideb:trixie ``` The images are built daily and have the security release enabled, so will contain any security updates released more than 24 hours ago. You can also use the images as a base for your own `Dockerfile`: ``` -FROM bitnami/minideb:stretch +FROM bitnami/minideb:trixie ``` # Why use Minideb - * This image aims to strike a good balance between having small images, and having many quality packages available for easy integration. - * The image is based on glibc for wide compatibility, and has apt for access to a large number of packages. In order to reduce size of the image, some things that aren't required in containers are removed: - * Packages that aren't often used in containers (hardware related, init systems etc.) + * This image aims to strike a good balance between having small images and having many quality packages available for easy integration. + * The image is based on glibc for wide compatibility and is using apt for access to a large number of packages. To reduce the size of the image, some things that aren't required in containers are removed: + * Packages that aren't often used in containers (hardware-related, init systems, etc.) * Some files that aren't usually required (docs, man pages, locales, caches) * These images also include an `install_packages` command that you can use instead of apt. This takes care of some things for you: - * Install the named packages, skipping prompts etc. - * Clean up the apt metadata afterwards to keep the image small. + * Install the named packages, skipping prompts, etc. + * Clean up the apt metadata afterward to keep the image small. * Retrying if apt fails. Sometimes a package will fail to download due to a network issue, and this may fix that, which is particularly useful in an automated build pipeline. For example: @@ -40,61 +48,67 @@ FROM bitnami/minideb:stretch ``` # Adoption of Minideb -The minideb container image is the base image for many Bitnami-maintained language runtimes including [php](https://github.com/bitnami/bitnami-docker-php-fpm), [nodejs](https://github.com/bitnami/bitnami-docker-node), [ruby](https://github.com/bitnami/bitnami-docker-ruby) and infrastructure components including [mariadb](https://github.com/bitnami/bitnami-docker-mariadb), [redis](https://github.com/bitnami/bitnami-docker-redis), [nginx](https://github.com/bitnami/bitnami-docker-nginx) and [mongodb](https://github.com/bitnami/bitnami-docker-mongodb). +The minideb container image is the base image for many Bitnami-maintained language runtimes including [php](https://github.com/bitnami/containers/tree/main/bitnami/php-fpm), [nodejs](https://github.com/bitnami/containers/tree/main/bitnami/node), [ruby](https://github.com/bitnami/containers/tree/main/bitnami/ruby) and infrastructure components including [mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb), [redis](https://github.com/bitnami/containers/tree/main/bitnami/redis), [nginx](https://github.com/bitnami/containers/tree/main/bitnami/nginx) and [mongodb](https://github.com/bitnami/containers/tree/main/bitnami/mongodb). # Compatibility -The image points to the Debian archive, so you are free to install packages from there that you need. However because some `Essential` packages have been removed they may not always install or work correctly. +The image points to the Debian archive, so you are free to install the packages from there that you need. However, because some `Essential` packages have been removed they may not always install or work correctly. -In those cases you can figure out which package is needed and manually specify to install it along with your desired packages. Please feel free to submit an issue request so that we can reach out and help you quickly. +In those cases, you can figure out which package is needed and manually specify to install it along with your desired packages. Please feel free to submit an issue request so that we can reach out and help you quickly. # Security Minideb is based on Debian and relies on their security updates. The images are built daily and have the security release enabled, so will contain any security updates released more than 24 hours ago. Note that Debian [does not fix every CVE that affects their packages](https://www.debian.org/security/faq#cvedsa), which means that CVE scanners may detect unfixed vulnerabilities in Minideb images. In those cases, you can check the [Debian security tracker](https://security-tracker.debian.org/tracker/) to see whether Debian intends to release an update to fix it. -In order to keep compatibility with Debian, we will not patch any vulnerabilities in Minideb directly. If Debian does not fix the CVE then it will also remain in Minideb. If you find a vulnerability that is fixed in Debian but not in the latest images of Minideb then please file an issue as that is not intentional. +To keep compatibility with Debian, we will not patch any vulnerabilities in Minideb directly. If Debian does not fix the CVE then it will also remain in Minideb. If you find a vulnerability that is fixed in Debian but not in the latest images of Minideb then please file an issue as that is not intentional. On [this page](https://docs.bitnami.com/kubernetes/open-cve-policy/), you can find more information about the Bitnami policy regarding CVEs. In the same way, if you find a security issue with how the Minideb images are built or published then please report it to us. # Building Minideb -We provide a Makefile to help you build Minideb locally. It should be run on a Debian based machine and requires sudo privileges. +We provide a Makefile to help you build Minideb locally. It should be run on a Debian-based machine and requires sudo privileges. ``` $ sudo make ``` -To build an individual release (stretch, buster or unstable) +To build an individual release (bullseye, bookworm or trixie) ``` -$ sudo make stretch +$ sudo make trixie ``` To test the resulting image: ``` -$ sudo make test-stretch +$ sudo make test-trixie +``` + +Building the image with podman instead of docker is possible, if you replace docker with podman in 4 scripts: +``` +$ sed -i "s/docker /podman /g" buildone dockerdiff import test ``` ## Building Minideb for foreign architecture -Make commands shown above will build an image for the architecture you are currently working on. -To build an image for a foreign architecture (for example to build a multiarch image), we provide a -simple script which run a QEMU instance for the target architecture and build the image inside it. +Make commands shown above will build an image for the architecture you are currently working on. +To build an image for a foreign architecture (for example to build a multi-arch image), we provide a +simple script that runs a QEMU instance for the target architecture and builds the image inside it. -To build and test a buster image for arm64: +To build and test a trixie image for arm64: ``` -$ ./qemu_build buster arm64 +$ ./qemu_build trixie arm64 ``` -The image will be then imported locally through the docker cli with `$distribution-$architecture` tag -(example: `bitnami/minideb:buster-arm64`) +The image will be then imported locally through the docker CLI with the `$distribution-$architecture` tag +(example: `bitnami/minideb:trixie-arm64`) -Current limitations of `qemu_build` script: +Current limitations of the `qemu_build` script: -- Can be run only on debian-based distributions +- Can be run only on Debian-based distributions - Support `AMD64` and `ARM64` target architectures only # Contributing We'd love for you to contribute to this image. You can request new features by creating an [issue](https://github.com/bitnami/minideb/issues), or submit a [pull request](https://github.com/bitnami/minideb/pulls) with your contribution. # License -Copyright © 2022 Bitnami + +Copyright © 2025 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..c3b77256 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,71 @@ +# Security Release Process + +The community has adopted this security disclosure and response policy to ensure we responsibly handle critical issues. + + +## Supported Versions + +For a list of support versions that this project will potentially create security fixes for, please refer to the Releases page on this project's GitHub and/or project related documentation on release cadence and support. + + +## Reporting a Vulnerability - Private Disclosure Process + +Security is of the highest importance and all security vulnerabilities or suspected security vulnerabilities should be reported to this project privately, to minimize attacks against current users before they are fixed. Vulnerabilities will be investigated and patched on the next patch (or minor) release as soon as possible. This information could be kept entirely internal to the project. + +If you know of a publicly disclosed security vulnerability for this project, please **IMMEDIATELY** contact the maintainers of this project privately. The use of encrypted email is encouraged. + + +**IMPORTANT: Do not file public issues on GitHub for security vulnerabilities** + +To report a vulnerability or a security-related issue, please contact the maintainers with enough details through one of the following channels: +* Directly via their individual email addresses +* Open a [GitHub Security Advisory](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability). This allows for anyone to report security vulnerabilities directly and privately to the maintainers via GitHub. Note that this option may not be present for every repository. + +The report will be fielded by the maintainers who have committer and release permissions. Feedback will be sent within 3 business days, including a detailed plan to investigate the issue and any potential workarounds to perform in the meantime. + +Do not report non-security-impacting bugs through this channel. Use GitHub issues for all non-security-impacting bugs. + + +## Proposed Report Content + +Provide a descriptive title and in the description of the report include the following information: + +* Basic identity information, such as your name and your affiliation or company. +* Detailed steps to reproduce the vulnerability (POC scripts, screenshots, and logs are all helpful to us). +* Description of the effects of the vulnerability on this project and the related hardware and software configurations, so that the maintainers can reproduce it. +* How the vulnerability affects this project's usage and an estimation of the attack surface, if there is one. +* List other projects or dependencies that were used in conjunction with this project to produce the vulnerability. + + +## When to report a vulnerability + +* When you think this project has a potential security vulnerability. +* When you suspect a potential vulnerability but you are unsure that it impacts this project. +* When you know of or suspect a potential vulnerability on another project that is used by this project. + + +## Patch, Release, and Disclosure + +The maintainers will respond to vulnerability reports as follows: + +1. The maintainers will investigate the vulnerability and determine its effects and criticality. +2. If the issue is not deemed to be a vulnerability, the maintainers will follow up with a detailed reason for rejection. +3. The maintainers will initiate a conversation with the reporter within 3 business days. +4. If a vulnerability is acknowledged and the timeline for a fix is determined, the maintainers will work on a plan to communicate with the appropriate community, including identifying mitigating steps that affected users can take to protect themselves until the fix is rolled out. +5. The maintainers will also create a [Security Advisory](https://docs.github.com/en/code-security/repository-security-advisories/publishing-a-repository-security-advisory) using the [CVSS Calculator](https://www.first.org/cvss/calculator/3.0), if it is not created yet. The maintainers make the final call on the calculated CVSS; it is better to move quickly than making the CVSS perfect. Issues may also be reported to [Mitre](https://cve.mitre.org/) using this [scoring calculator](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator). The draft advisory will initially be set to private. +6. The maintainers will work on fixing the vulnerability and perform internal testing before preparing to roll out the fix. +7. Once the fix is confirmed, the maintainers will patch the vulnerability in the next patch or minor release, and backport a patch release into all earlier supported releases. + + +## Public Disclosure Process + +The maintainers publish the public advisory to this project's community via GitHub. In most cases, additional communication via Slack, Twitter, mailing lists, blog, and other channels will assist in educating the project's users and rolling out the patched release to affected users. + +The maintainers will also publish any mitigating steps users can take until the fix can be applied to their instances. This project's distributors will handle creating and publishing their own security advisories. + + +## Confidentiality, integrity and availability + +We consider vulnerabilities leading to the compromise of data confidentiality, elevation of privilege, or integrity to be our highest priority concerns. Availability, in particular in areas relating to DoS and resource exhaustion, is also a serious security concern. The maintainer team takes all vulnerabilities, potential vulnerabilities, and suspected vulnerabilities seriously and will investigate them in an urgent and expeditious manner. + +Note that we do not currently consider the default settings for this project to be secure-by-default. It is necessary for operators to explicitly configure settings, role based access control, and other resource related features in this project to provide a hardened environment. We will not act on any security disclosure that relates to a lack of safe defaults. Over time, we will work towards improved safe-by-default configuration, taking into account backwards compatibility. diff --git a/buildall b/buildall index 917ccb85..05edfb33 100755 --- a/buildall +++ b/buildall @@ -8,30 +8,13 @@ set -o pipefail arch=${1:-"amd64 arm64"} -dist="jessie -stretch -buster +dist="bullseye +bookworm +trixie " -dist_with_snapshot="buster" - for a in $arch; do for i in $dist; do - if [[ "$a" != "amd64" && "$i" == "jessie" ]]; then - continue - fi - ./buildone "$i" "$a" done done -snapshot_id=$(./snapshot_id) -if [ -n "$snapshot_id" ]; then - for a in $arch; do - for i in $dist_with_snapshot; do - ./buildone_snapshot "$i" "$snapshot_id" "$a" - done - - mkdir -p "build/$a" - echo "$snapshot_id" > "build/$a/snapshot_id" - done -fi diff --git a/buildone b/buildone index bdf5554e..494d7e9b 100755 --- a/buildone +++ b/buildone @@ -44,13 +44,7 @@ log() { build() { DIST=$1 PLATFORM=${2:-amd64} - - debian_snapshot_id=${3:-} - if [ -n "$debian_snapshot_id" ]; then - TAG="${DIST}-snapshot-${debian_snapshot_id}-$PLATFORM" - else - TAG=$DIST-$PLATFORM - fi + TAG=$DIST-$PLATFORM [ -f "debootstrap/$DIST" ] || (echo "buildall: Unknown distribution: $DIST" && exit 1) current_ts="$(date -u +%Y-%m-%dT%H:%M:%S.%NZ)" @@ -64,7 +58,7 @@ build() { log "============================================" log "Building $BASENAME:$TAG" log "============================================" - ./mkimage "build/$TAG.tar" "$DIST" "$PLATFORM" "${debian_snapshot_id:-}" + ./mkimage "build/$TAG.tar" "$DIST" "$PLATFORM" built_image_id=$(./import "build/$TAG.tar" "$target_ts" "$PLATFORM") log "============================================" log "Running tests for $BASENAME:$TAG" @@ -73,7 +67,7 @@ build() { log "============================================" log "Rebuilding $BASENAME:$TAG to test reproducibility" log "============================================" - ./mkimage "build/${TAG}-repro.tar" "$DIST" "$PLATFORM" "${debian_snapshot_id:-}" + ./mkimage "build/${TAG}-repro.tar" "$DIST" "$PLATFORM" repro_image_id=$(./import "build/${TAG}-repro.tar" "$target_ts" "$PLATFORM") if [ "$repro_image_id" != "$built_image_id" ]; then log "$BASENAME:$TAG differs after a rebuild. Examine $built_image_id and $repro_image_id" diff --git a/buildone_snapshot b/buildone_snapshot deleted file mode 100755 index 36b0b1a1..00000000 --- a/buildone_snapshot +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -set -e -set -u -set -o pipefail - -dist=${1:?dist arg is required} -snapshot_id=${2:-$(./snapshot_id)} -platform=${3:-amd64} - -./buildone "$dist" "$platform" "$snapshot_id" diff --git a/debootstrap/bookworm b/debootstrap/bookworm new file mode 120000 index 00000000..91bf492f --- /dev/null +++ b/debootstrap/bookworm @@ -0,0 +1 @@ +bullseye \ No newline at end of file diff --git a/debootstrap/bullseye b/debootstrap/bullseye deleted file mode 120000 index 8cfa86a0..00000000 --- a/debootstrap/bullseye +++ /dev/null @@ -1 +0,0 @@ -jessie \ No newline at end of file diff --git a/debootstrap/bullseye b/debootstrap/bullseye new file mode 100644 index 00000000..861b182e --- /dev/null +++ b/debootstrap/bullseye @@ -0,0 +1,226 @@ +mirror_style release +download_style apt +finddebs_style from-indices +variants - container fakechroot +keyring /usr/share/keyrings/debian-archive-keyring.gpg + +if doing_variant fakechroot; then + test "$FAKECHROOT" = "true" || error 1 FAKECHROOTREQ "This variant requires fakechroot environment to be started" +fi + +case $ARCH in + alpha|ia64) LIBC="libc6.1" ;; + kfreebsd-*) LIBC="libc0.1" ;; + hurd-*) LIBC="libc0.3" ;; + *) LIBC="libc6" ;; +esac + +work_out_debs () { + # adduser in case users want to add a user to run as non-root + # base-files as it has many important files + # base-passwd to get user account info + # bash because users will often shell in + # bsdutils because it has some commands used in postinst + # - particularly `logger` for `mysql-server` see + # https://github.com/bitnami/minideb/issues/16 + # coreutils for many very common utilities + # dash for a shell for scripts + # debian-archive-keyring to verify apt packages + # diffutils for diff as required for installing the system + # (could maybe be removed after, but diffing is pretty common in debugging) + # dpkg for dpkg + # findutils for find as required for installing the system + # grep as it is a very common debugging tool + # gzip as decompressing zip is super common + # hostname ? + # libc-bin for ldconfig + # login as su maybe used if run as non root (?) + # lsb-base ? + # mawk as it is used by dpkg + # ncurses-base for terminfo files as docker sets TERM=xterm + # see https://github.com/bitnami/minideb/issues/17 + # passwd for managing user accounts if run as non-root. + # sed as a very commonly used tool + # sysv-rc for update-rc.d, required when installing initscripts in postinsts + # tar as uncompressing tarballs is super common when installing things. + # tzdata for handling timezones + # util-linux for getopt + # mount is required for mounting /proc during debootstrap + required="adduser base-files base-passwd bash bsdutils coreutils dash debian-archive-keyring diffutils dpkg findutils grep gzip hostname init-system-helpers libc-bin login lsb-base mawk ncurses-base passwd perl sed sysv-rc tar tzdata util-linux mount" + + base="apt" + + if doing_variant fakechroot; then + # ldd.fake needs binutils + required="$required binutils" + fi + + case $MIRRORS in + https://*) + base="$base apt-transport-https ca-certificates" + ;; + esac +} + +first_stage_install () { + extract $required + + mkdir -p "$TARGET/var/lib/dpkg" + : >"$TARGET/var/lib/dpkg/status" + : >"$TARGET/var/lib/dpkg/available" + + setup_etc + if [ ! -e "$TARGET/etc/fstab" ]; then + echo '# UNCONFIGURED FSTAB FOR BASE SYSTEM' > "$TARGET/etc/fstab" + chown 0:0 "$TARGET/etc/fstab"; chmod 644 "$TARGET/etc/fstab" + fi + + setup_devices + + x_feign_install () { + local pkg="$1" + local deb="$(debfor $pkg)" + local ver="$(extract_deb_field "$TARGET/$deb" Version)" + + mkdir -p "$TARGET/var/lib/dpkg/info" + + echo \ +"Package: $pkg +Version: $ver +Maintainer: unknown +Status: install ok installed" >> "$TARGET/var/lib/dpkg/status" + + touch "$TARGET/var/lib/dpkg/info/${pkg}.list" + } + + x_feign_install dpkg +} + +second_stage_install () { + setup_dynamic_devices + + x_core_install () { + smallyes '' | in_target dpkg --force-depends --install $(debfor "$@") + } + + p () { + baseprog="$(($baseprog + ${1:-1}))" + } + + if doing_variant fakechroot; then + setup_proc_fakechroot + else + setup_proc + in_target /sbin/ldconfig + fi + + DEBIAN_FRONTEND=noninteractive + DEBCONF_NONINTERACTIVE_SEEN=true + export DEBIAN_FRONTEND DEBCONF_NONINTERACTIVE_SEEN + + baseprog=0 + bases=7 + + p; progress $baseprog $bases INSTCORE "Installing core packages" #1 + info INSTCORE "Installing core packages..." + + p; progress $baseprog $bases INSTCORE "Installing core packages" #2 + ln -sf mawk "$TARGET/usr/bin/awk" + x_core_install base-passwd + x_core_install base-files + p; progress $baseprog $bases INSTCORE "Installing core packages" #3 + x_core_install dpkg + + if [ ! -e "$TARGET/etc/localtime" ]; then + ln -sf /usr/share/zoneinfo/UTC "$TARGET/etc/localtime" + fi + + if doing_variant fakechroot; then + install_fakechroot_tools + fi + + p; progress $baseprog $bases INSTCORE "Installing core packages" #4 + x_core_install $LIBC + + p; progress $baseprog $bases INSTCORE "Installing core packages" #5 + x_core_install perl-base + + p; progress $baseprog $bases INSTCORE "Installing core packages" #6 + rm "$TARGET/usr/bin/awk" + x_core_install mawk + + p; progress $baseprog $bases INSTCORE "Installing core packages" #7 + if doing_variant -; then + x_core_install debconf + fi + + baseprog=0 + bases=$(set -- $required; echo $#) + + info UNPACKREQ "Unpacking required packages..." + + exec 7>&1 + + smallyes '' | + (repeatn 5 in_target_failmsg UNPACK_REQ_FAIL_FIVE "Failure while unpacking required packages. This will be attempted up to five times." "" \ + dpkg --status-fd 8 --force-depends --unpack $(debfor $required) 8>&1 1>&7 || echo EXITCODE $?) | + dpkg_progress $baseprog $bases UNPACKREQ "Unpacking required packages" UNPACKING + + info CONFREQ "Configuring required packages..." + + echo \ +"#!/bin/sh +exit 101" > "$TARGET/usr/sbin/policy-rc.d" + chmod 755 "$TARGET/usr/sbin/policy-rc.d" + + mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL" + echo \ +"#!/bin/sh +echo +echo \"Warning: Fake start-stop-daemon called, doing nothing\"" > "$TARGET/sbin/start-stop-daemon" + chmod 755 "$TARGET/sbin/start-stop-daemon" + + setup_dselect_method apt + + smallyes '' | + (in_target_failmsg CONF_REQ_FAIL "Failure while configuring required packages." "" \ + dpkg --status-fd 8 --configure --pending --force-configure-any --force-depends 8>&1 1>&7 || echo EXITCODE $?) | + dpkg_progress $baseprog $bases CONFREQ "Configuring required packages" CONFIGURING + + baseprog=0 + bases="$(set -- $base; echo $#)" + + info UNPACKBASE "Unpacking the base system..." + + setup_available $required $base + done_predeps= + while predep=$(get_next_predep); do + # We have to resolve dependencies of pre-dependencies manually because + # dpkg --predep-package doesn't handle this. + predep=$(without "$(without "$(resolve_deps $predep)" "$required")" "$done_predeps") + # XXX: progress is tricky due to how dpkg_progress works + # -- cjwatson 2009-07-29 + p; smallyes '' | + in_target dpkg --force-overwrite --force-confold --skip-same-version --install $(debfor $predep) + base=$(without "$base" "$predep") + done_predeps="$done_predeps $predep" + done + + smallyes '' | + (repeatn 5 in_target_failmsg INST_BASE_FAIL_FIVE "Failure while installing base packages. This will be re-attempted up to five times." "" \ + dpkg --status-fd 8 --force-overwrite --force-confold --skip-same-version --unpack $(debfor $base) 8>&1 1>&7 || echo EXITCODE $?) | + dpkg_progress $baseprog $bases UNPACKBASE "Unpacking base system" UNPACKING + + info CONFBASE "Configuring the base system..." + + smallyes '' | + (repeatn 5 in_target_failmsg CONF_BASE_FAIL_FIVE "Failure while configuring base packages. This will be re-attempted up to five times." "" \ + dpkg --status-fd 8 --force-confold --skip-same-version --configure -a 8>&1 1>&7 || echo EXITCODE $?) | + dpkg_progress $baseprog $bases CONFBASE "Configuring base system" CONFIGURING + + mv "$TARGET/sbin/start-stop-daemon.REAL" "$TARGET/sbin/start-stop-daemon" + rm -f "$TARGET/usr/sbin/policy-rc.d" + + progress $bases $bases CONFBASE "Configuring base system" + info BASESUCCESS "Base system installed successfully." +} diff --git a/debootstrap/buster b/debootstrap/buster deleted file mode 120000 index 8cfa86a0..00000000 --- a/debootstrap/buster +++ /dev/null @@ -1 +0,0 @@ -jessie \ No newline at end of file diff --git a/debootstrap/jessie b/debootstrap/jessie deleted file mode 100644 index 804e9660..00000000 --- a/debootstrap/jessie +++ /dev/null @@ -1,226 +0,0 @@ -mirror_style release -download_style apt -finddebs_style from-indices -variants - container fakechroot -keyring /usr/share/keyrings/debian-archive-keyring.gpg - -if doing_variant fakechroot; then - test "$FAKECHROOT" = "true" || error 1 FAKECHROOTREQ "This variant requires fakechroot environment to be started" -fi - -case $ARCH in - alpha|ia64) LIBC="libc6.1" ;; - kfreebsd-*) LIBC="libc0.1" ;; - hurd-*) LIBC="libc0.3" ;; - *) LIBC="libc6" ;; -esac - -work_out_debs () { - # adduser in case users want to add a user to run as non-root - # base-files as it has many important files - # base-passwd to get user account info - # bash because users will often shell in - # bsdutils because it has some commands used in postinst - # - particularly `logger` for `mysql-server` see - # https://github.com/bitnami/minideb/issues/16 - # coreutils for many very common utilities - # dash for a shell for scripts - # debian-archive-keyring to verify apt packages - # diffutils for diff as required for installing the system - # (could maybe be removed after, but diffing is pretty common in debugging) - # dpkg for dpkg - # findutils for find as required for installing the system - # grep as it is a very common debugging tool - # gzip as decompressing zip is super common - # hostname ? - # libc-bin for ldconfig - # login as su maybe used if run as non root (?) - # lsb-base ? - # mawk as it is used by dpkg - # ncurses-base for terminfo files as docker sets TERM=xterm - # see https://github.com/bitnami/minideb/issues/17 - # passwd for managing user accounts if run as non-root. - # sed as a very commonly used tool - # sysv-rc for update-rc.d, required when installing initscripts in postinsts - # tar as uncompressing tarballs is super common when installing things. - # tzdata for handling timezones - # util-linux for getopt - # mount is required for mounting /proc during debootstrap - required="adduser base-files base-passwd bash bsdutils coreutils dash debian-archive-keyring diffutils dpkg findutils grep gzip hostname init-system-helpers libc-bin login lsb-base mawk ncurses-base passwd sed sysv-rc tar tzdata util-linux mount" - - base="apt" - - if doing_variant fakechroot; then - # ldd.fake needs binutils - required="$required binutils" - fi - - case $MIRRORS in - https://*) - base="$base apt-transport-https ca-certificates" - ;; - esac -} - -first_stage_install () { - extract $required - - mkdir -p "$TARGET/var/lib/dpkg" - : >"$TARGET/var/lib/dpkg/status" - : >"$TARGET/var/lib/dpkg/available" - - setup_etc - if [ ! -e "$TARGET/etc/fstab" ]; then - echo '# UNCONFIGURED FSTAB FOR BASE SYSTEM' > "$TARGET/etc/fstab" - chown 0:0 "$TARGET/etc/fstab"; chmod 644 "$TARGET/etc/fstab" - fi - - setup_devices - - x_feign_install () { - local pkg="$1" - local deb="$(debfor $pkg)" - local ver="$(extract_deb_field "$TARGET/$deb" Version)" - - mkdir -p "$TARGET/var/lib/dpkg/info" - - echo \ -"Package: $pkg -Version: $ver -Maintainer: unknown -Status: install ok installed" >> "$TARGET/var/lib/dpkg/status" - - touch "$TARGET/var/lib/dpkg/info/${pkg}.list" - } - - x_feign_install dpkg -} - -second_stage_install () { - setup_dynamic_devices - - x_core_install () { - smallyes '' | in_target dpkg --force-depends --install $(debfor "$@") - } - - p () { - baseprog="$(($baseprog + ${1:-1}))" - } - - if doing_variant fakechroot; then - setup_proc_fakechroot - else - setup_proc - in_target /sbin/ldconfig - fi - - DEBIAN_FRONTEND=noninteractive - DEBCONF_NONINTERACTIVE_SEEN=true - export DEBIAN_FRONTEND DEBCONF_NONINTERACTIVE_SEEN - - baseprog=0 - bases=7 - - p; progress $baseprog $bases INSTCORE "Installing core packages" #1 - info INSTCORE "Installing core packages..." - - p; progress $baseprog $bases INSTCORE "Installing core packages" #2 - ln -sf mawk "$TARGET/usr/bin/awk" - x_core_install base-passwd - x_core_install base-files - p; progress $baseprog $bases INSTCORE "Installing core packages" #3 - x_core_install dpkg - - if [ ! -e "$TARGET/etc/localtime" ]; then - ln -sf /usr/share/zoneinfo/UTC "$TARGET/etc/localtime" - fi - - if doing_variant fakechroot; then - install_fakechroot_tools - fi - - p; progress $baseprog $bases INSTCORE "Installing core packages" #4 - x_core_install $LIBC - - p; progress $baseprog $bases INSTCORE "Installing core packages" #5 - x_core_install perl-base - - p; progress $baseprog $bases INSTCORE "Installing core packages" #6 - rm "$TARGET/usr/bin/awk" - x_core_install mawk - - p; progress $baseprog $bases INSTCORE "Installing core packages" #7 - if doing_variant -; then - x_core_install debconf - fi - - baseprog=0 - bases=$(set -- $required; echo $#) - - info UNPACKREQ "Unpacking required packages..." - - exec 7>&1 - - smallyes '' | - (repeatn 5 in_target_failmsg UNPACK_REQ_FAIL_FIVE "Failure while unpacking required packages. This will be attempted up to five times." "" \ - dpkg --status-fd 8 --force-depends --unpack $(debfor $required) 8>&1 1>&7 || echo EXITCODE $?) | - dpkg_progress $baseprog $bases UNPACKREQ "Unpacking required packages" UNPACKING - - info CONFREQ "Configuring required packages..." - - echo \ -"#!/bin/sh -exit 101" > "$TARGET/usr/sbin/policy-rc.d" - chmod 755 "$TARGET/usr/sbin/policy-rc.d" - - mv "$TARGET/sbin/start-stop-daemon" "$TARGET/sbin/start-stop-daemon.REAL" - echo \ -"#!/bin/sh -echo -echo \"Warning: Fake start-stop-daemon called, doing nothing\"" > "$TARGET/sbin/start-stop-daemon" - chmod 755 "$TARGET/sbin/start-stop-daemon" - - setup_dselect_method apt - - smallyes '' | - (in_target_failmsg CONF_REQ_FAIL "Failure while configuring required packages." "" \ - dpkg --status-fd 8 --configure --pending --force-configure-any --force-depends 8>&1 1>&7 || echo EXITCODE $?) | - dpkg_progress $baseprog $bases CONFREQ "Configuring required packages" CONFIGURING - - baseprog=0 - bases="$(set -- $base; echo $#)" - - info UNPACKBASE "Unpacking the base system..." - - setup_available $required $base - done_predeps= - while predep=$(get_next_predep); do - # We have to resolve dependencies of pre-dependencies manually because - # dpkg --predep-package doesn't handle this. - predep=$(without "$(without "$(resolve_deps $predep)" "$required")" "$done_predeps") - # XXX: progress is tricky due to how dpkg_progress works - # -- cjwatson 2009-07-29 - p; smallyes '' | - in_target dpkg --force-overwrite --force-confold --skip-same-version --install $(debfor $predep) - base=$(without "$base" "$predep") - done_predeps="$done_predeps $predep" - done - - smallyes '' | - (repeatn 5 in_target_failmsg INST_BASE_FAIL_FIVE "Failure while installing base packages. This will be re-attempted up to five times." "" \ - dpkg --status-fd 8 --force-overwrite --force-confold --skip-same-version --unpack $(debfor $base) 8>&1 1>&7 || echo EXITCODE $?) | - dpkg_progress $baseprog $bases UNPACKBASE "Unpacking base system" UNPACKING - - info CONFBASE "Configuring the base system..." - - smallyes '' | - (repeatn 5 in_target_failmsg CONF_BASE_FAIL_FIVE "Failure while configuring base packages. This will be re-attempted up to five times." "" \ - dpkg --status-fd 8 --force-confold --skip-same-version --configure -a 8>&1 1>&7 || echo EXITCODE $?) | - dpkg_progress $baseprog $bases CONFBASE "Configuring base system" CONFIGURING - - mv "$TARGET/sbin/start-stop-daemon.REAL" "$TARGET/sbin/start-stop-daemon" - rm -f "$TARGET/usr/sbin/policy-rc.d" - - progress $bases $bases CONFBASE "Configuring base system" - info BASESUCCESS "Base system installed successfully." -} diff --git a/debootstrap/stretch b/debootstrap/stretch deleted file mode 120000 index 8cfa86a0..00000000 --- a/debootstrap/stretch +++ /dev/null @@ -1 +0,0 @@ -jessie \ No newline at end of file diff --git a/debootstrap/trixie b/debootstrap/trixie new file mode 120000 index 00000000..91bf492f --- /dev/null +++ b/debootstrap/trixie @@ -0,0 +1 @@ +bullseye \ No newline at end of file diff --git a/debootstrap/unstable b/debootstrap/unstable deleted file mode 120000 index 8cfa86a0..00000000 --- a/debootstrap/unstable +++ /dev/null @@ -1 +0,0 @@ -jessie \ No newline at end of file diff --git a/debootstrap/wheezy b/debootstrap/wheezy deleted file mode 120000 index 8cfa86a0..00000000 --- a/debootstrap/wheezy +++ /dev/null @@ -1 +0,0 @@ -jessie \ No newline at end of file diff --git a/import b/import index ef1708e3..3b98ffb4 100755 --- a/import +++ b/import @@ -31,7 +31,7 @@ import() { local MANIFEST="$(echo -n "$MANIFEST_TEMPLATE" | sed -e "s/%CONF_SHA%/$CONF_SHA/g" -e "s/%LAYERSUM%/$LAYERSUM/g")" echo -n "$MANIFEST" > $TDIR/manifest.json tar cf $TDIR/import.tar -C $TDIR manifest.json "${CONF_SHA}.json" "$LAYERSUM" - local ID=$(docker load -i $TDIR/import.tar | awk '{print $4}') + local ID=$(docker load -i $TDIR/import.tar | grep Loaded\ image | awk '{print $NF}') if [ "$ID" != "sha256:$CONF_SHA" ]; then echo "Failed to load $ID correctly, expected id to be $CONF_SHA, source in $TDIR" >&2 exit 1 diff --git a/install-qemu.sh b/install-qemu.sh index b63bd401..09372c4f 100755 --- a/install-qemu.sh +++ b/install-qemu.sh @@ -15,5 +15,5 @@ while do_sudo fuser /var/{lib/{dpkg,apt/lists},cache/apt/archives}/lock >/dev/nu done do_sudo apt-get update -do_sudo apt-get install -y qemu-kvm libvirt-bin qemu-utils genisoimage virtinst curl rsync qemu-system-x86 qemu-system-arm cloud-image-utils +do_sudo apt-get install -y qemu-kvm libvirt-daemon-system libvirt-clients qemu-utils genisoimage virtinst curl rsync qemu-system-x86 qemu-system-arm cloud-image-utils diff --git a/keys/buster.gpg b/keys/buster.gpg deleted file mode 100644 index 2c4a66c5..00000000 --- a/keys/buster.gpg +++ /dev/null @@ -1,53 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBFxZ9FABEADPEDVwAUd10zcdnQJF7klaxK1mcTEUd+xfNAKBjhvP69XdAf54 -7PS8Xid9zMAK/JARzLsZj5STy1VQQrPGOkSqPKA+gSpW8CmEWwfL/VTfQFFrJ9kb -1eArtb3FFk3qdtLih38t5JUhm0PidKcThemoi3kfVfoK3iWnfnb36RuNG75H73gf -/5i3C4Wq+dGusGXWxz15E9qACja3i/r239unHKvfEFWXQU6IyNYkz8o/hG/knRCX -DTBKbzKt4AH7LQFoLsd+qN8DNUUjxIUZyDTxJac5TXTWKiiOXsxzUmcgZBO+FT8b -Nx19fq9leIqxcBGdXU1TT2STwcgku9QtIKdm8wq0IrlbLjEasmmpeEx6WAIvaZfx -U2hFIKhYJXue2LTu2eUgxFBPUwQYoClCBUDuJgA9n+Z4HGKlibiUhf3HF+KIxqzr -woQn+rac6eVJowsPPN8maeMwltjAdkfSHGWQkgGPPCaGwJj7shq2qJBYmbEbC5j6 -02ZJS1srmvJbQrKhG+jdPDADDhwLq5vEQysqcJJ72+vAKjMHOTWc026zwQz3evvO -p6LsrJ+l0kyH1CjMhmumr4A/d+GSFGxzUR6BRAGigSYKQdPWb7Fb9fEuTsa1kp9k -cqRMMGxPYNQsBPu+h0PIMMHEYY5WOMaKni7bE7lfxSdcnDG6TbtAy4zcQwARAQAB -tEdEZWJpYW4gU3RhYmxlIFJlbGVhc2UgS2V5ICgxMC9idXN0ZXIpIDxkZWJpYW4t -cmVsZWFzZUBsaXN0cy5kZWJpYW4ub3JnPokCVAQTAQoAPhYhBG0zhm7dj/pBwBQ6 -7dzJ77934RUXBQJcWfRQAhsDBQkPCZwABQsJCAcDBRUKCQgLBRYCAwEAAh4BAheA -AAoJENzJ77934RUX/woQAICqnZKgvhZrYU/ogF1Kbx1oPYWg1Dz8ErQtXbFqcSeU -JBsG2eJFHkR//sqeKGFYcE8xHN9oX8i9UMUvmb6FtMMTK9wJ99sSA/PFWJT6FbZo -Eflx27q3fJfzcGGAgtslXBEqYVcyBv6KUQk/d+OC73rdFAH+53BuWFLQKxPFEa3l -U7QLo0oyWH4gKXVGs2D+Bo4sRSa0NzcJoUQXTi04f2RU/4Zs4ar/tYopMoA3H0hC -axZLfrSFtXpb7n3IsivP4mwdaPDSRavLZuNoc/Vze4RGmd0rtC/HyUBHVVMJ17Q2 -2WD7eCEhq8XBbh2u1xZWW3WjRgZxlIdvBu78+A0Kiz0noobA/pwPqYAtMmY3hB+8 -AuaYYWiM53HhySp0m/XkIMOCHZiAaOe4mTf1rrj2qsEH9ZqHljqLD1Bas5NIy2AD -Q2t5MJiNLKKI54cNCsYB2gkCNNoBN+wYRzbrFPMGFxFk/dnb7gRIsqq60t+cwfdt -Y8QlyI0ss1uWhaB7ORXNC7hOziTM1nJ3rCQy5LY1pUyb7WecYIRG2niLIb8bXlml -XA+jyVQ/Ft8FL33drvXdIrNobNz5Q9PZUSC0Ll2OYkbTzioxTMv8o0SPkz7xawvq -cOhWyNdf7E0/SUf4T75jCZ3zqaZOucNBRekumcUme+6ua8+W0iC4Jtmot5yh4oaZ -iQIzBBABCAAdFiEEcgNjDiyOcnJRaE/rxc5dwsVCzVkFAlxZ93cACgkQxc5dwsVC -zVmrKBAAlAgWCTg6sd8RH91sBlDyRd0RLb4qG3q1OQiZSuUXiaLfZkNkzhaWt2rs -fDR2YqqF5zqiJ3FzUoWAvLWvna0yWaVjxJ79x1BfIfB5m00zWtL4S9loPQk/ktyF -XKCwEYT+XFF7BMPdOt14pfnqvF4lMlQ3PYdy7PYxXicWjGAx7UEUhTxyg/w8T8Tw -8axI6JOVDI7KZKpXNHVv+QnvkVv22vrbd5CC+NoyBBHld1R5b66RHJXRlmb3eZa/ -QfTFDeI8Lbsc4mRL8xmq35oCd2+/ZRo+urD9fXN8LNYR0gdhlCDmP5lw8zKQuW3w -7DQl/Mc3zZSMP2n2YcSdVLEycZ4Q3qG0Ft0LXiDol9zPe8fjTQK8A7bR1r0Cu/hI -IhvV8HjhSwp5scjarv0/jt1p+BDgKcccf0j8vdWGiNwt5opq9vQLWgfVGxjVBDXG -lrxJg3QvM7OboN020OWs9OPnzIQhLfoP33fcMK5Fci1X09lakG3KvpvJBxPyy/cR -YYeKhL28fb7I3+z4keDsK38+b/jEPuLn4yf/5u89ZQE4FHCQdqvd8Bv9FK18UrAN -H41LKqLwDsLjKSBYZ6B1ZKryyq0IxYo3Tbxf9k1AbBIMQotYi2NFzY0+i7HVqxLq -XYD2C+XuoY5q4DUIbbM95LFGci7yM/xWz67G3hAZz3doyu7NFvSJAjMEEAEKAB0W -IQQKVbfFEiM5QobsdMNTlEed01JMUQUCXLXVIwAKCRBTlEed01JMUdrMD/sESjTO -/g/dtSwnUhKJHyn56jSBRzqDvkxpvJS3pk6NIVW/SSplTWZfw97k5DtpW3qtEh1L -KvRTGwL27jhl4J+mBepGtItRUVHKxLVLLUMn6qdVhX2K9rHB0wTW/BTcUp0/jf3Q -QrZuuhoIx1xQtugJBWnSzuqJQcV7Nc3NBIPHxuvrVnGun+TXYZhab4odNxj1efuw -z7MmFPEs1UqxNJaeSM/cDyFOwBo/FuSflKx9M45KP80hneMZzFYC7BBtcVEAsqJ0 -949UHIZp58z7lL/uI8hSsDNLoddPus+Kebq+iot7Yq9qL2KgHbnL/jjmP+JXeEJn -bvTI1XwB1yd9TpGpwx4QU+dPX9Fl0JcJ1M9Ym9GJyUUzwhfKaIEjfzJLjbCNeI0m -/KRKTm8XkGb9Mr3Za8BgZRrvK9OQsVuYfNHBQhPmSPsoOtqHP6lwfEt+ZBhsTlRG -MnjVJCXOIls7rkI2128c2cQSeUNBW8N/dXTthE0SAqTek5jGGgJ5oo7brPFmJLhD -35fJeyT1AfoJX9KavVXd63ShDvjS3Nt8+wPizzBFUmylzoJAy0172mqs+WmJ9rPs -2ywOhgdo65iPihKiqLGr2pSrcmwJ3LvHpCgQldjqZfF9dmJAqdoO+WDYBU3pTQGV -idjr8CGNeffTyeMJbSniGisGOkhiX9TLbz8ufw== -=a2kx ------END PGP PUBLIC KEY BLOCK----- diff --git a/keys/unstable.gpg b/keys/unstable.gpg deleted file mode 100644 index 7d2315f9..00000000 --- a/keys/unstable.gpg +++ /dev/null @@ -1,174 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQINBFyy5ecBEACxXGKUyi5dFjPhEFoz3IwKlVfDxySVg+hlhcUEO657UHf/7Ba5 -wr9eHxjlbpxetAymSNnptgh8oaJWcokr9UjeaTbKrYGpRra7Wd1W+f++9tF7BVvV -+AWBaltD5NDuq+eQ7kj72oeMa7KAr4702ZokLgiTsS9dPeDAodx3/jMuV9VxlJ7q -w07bAoUdzhlPBcII3MOCMfQmtwIg27/qqekeOnrGtNwscugwVqcBATxRZ1wNAebJ -60FH9FQOtPZJnuv/q3KXqoneuSMKiBKferQhLXDG/1fUyojNF9Dcae+HmHAZmVsV -K8cHQwgSICWOgWOKVHUH0YHYvElhNIWayaw1EswEW3WMa0F4tY+EDNHEII1TGOxc -X9VzbGT998Hiuf9iJuWuCgYZ75XGA/tUooOwLE77lxPGpTtLL0tr/lTJOkfwxVeY -ERH1LranSQhZAXDHozKPylGo2vLxfA4WNKfaC7Mgq2WKpDWjYtF4kO6/Eiyoiq8L -DqOkCtvt84PFoXEGMk3I1yd7d3bhIUwsgt6nkvn54xebJwVe5aK4MM7qCNZAm+7i -94iZjXTH9wUWX27n9UESqYeHjer1L0m/yL8sn4ceCMzpri2HsI71URwJp47GJTSV -6oAm7NJkiT5Oihcex/tvObZZXZZNqtwROBCkBcdb4Ii3upIfx8uQ3WBkSQARAQAB -iQJOBB8BCgA4FiEEgNFYI7f9FWH597zd3DDXwjy7q+4FAlyy5mwXDIABgOl28UpQ -ikjpyj/pvDciUsoc+WQCBwAACgkQ3DDXwjy7q+7u/g//Wzz20dlQymfkrtvgWAXN -8qw6ifkQtd/kNu61A5u5MGg/EViFnmvZdtYRentf3qnsDl3ZgjYhHMJ5hLVG16Gb -2nrkpQQe6rBX26PMkg/wP5uebUnPQscEO0KpVlJBppO4/rmJNKsphsRYCkgbZORM -LyTRijrN+NJw3Lirk59ykkWyu0PQN0by+aDMOjg4Qt8vfpNxeeEBtCg7wk5XuArZ -mDwcjqazkXn04l74LRzXynK2HFakROCWZQQxl87gpFXAzcdualbenazYI3nWcpPM -taLvOoWpse4jM2c4UC9fX+PLOCOh01POMu/7+omeKfuSLJ77ngS7jkCdbn8y469e -EBFh5tGD2piNg3IgSFjGFOIKt8eOOYQJ5dYLCYpDQ12qO3B/TnRiIwWGDPWg3wxZ -UEkVS+ZkqZcBe3qIqEQ4r/ZgG2vByWdiKDEYGIk6vITOP9SBzWE29M883oAvifcG -3cTwyODl06RMe/DJkZwMxbti0qn2Fpw6T4kozVVI3wbmuLm7kShcTxeE4volP44c -3mOcqIyXIoOQeCLHy34SmYkzmSJ7iE32u6V4hzvPOtfxFbR6VUKOGvFCGUTLfvZr -AqF2PiUWw9B/bXkD6j7js7eclYz9ClgDnW8p5HzA4xVoVAvZISNbwxtiwflplbYT -6t1Mv1sU2iyjjrncY2AYV1mJAk4EHwEKADgWIQSA0Vgjt/0VYfn3vN3cMNfCPLur -7gUCXLLmbBcMgAH7+r21QbXclVvZum7bFs9bsSUlxAIHAAAKCRDcMNfCPLur7ihB -D/4iace5p4gK5MTRNTibKNktYfpOr47BccPGdfeEx+PrVXPHAvFVoo6cwTBa0VeS -n8jXkosgwlXREUTsXFTWq0XFOKBg1OLzofKQyxfyYZLM4ge2VAGuI20HuwnAVHUU -/+8BIzH31CJmvsehWIhALaCxA7RbI01aREpiDJoiBNppHCqwXBRxzk3y7Shmo4pt -J+joRw4x9OZXjBC1y4q70bafOufglKGU11qMDqTan9LpbVT8eN/7xLuGQsUC+Nt5 -ZB/UZkN7shfHiI8bEOTfR9hawf83i/ErAv3PhFmcI9D9SAe11PYGTYwZtGs6Osnv -SXyJNyxvanaFbNfowEUou4NGGdRMXff6W3qe7SQG976SHmJtHB5V5QlO9gVxU5TC -TQc1IL7+JJRhJN83Yo/CnOo6xeY0/jlhZDvVFylGuHDe2L87Q4GqU4ztwrq6KYPA -OuPCGrDTo6Dzc0+WAiZfnrtx11qSawa6hlP0pJdjw09fhBaugrdPyIr23b0iMwp+ -Q8mMaqU8ud4Sfae8KuMvcaNF5dCNe4qJ3xVfeQCkZIsFVSWdq8LHxmQoVZYH+ZsQ -7QzjKZT5s6sb5We7scGYm6O0+1SzT0j4IoiXM39kovzmq40eEZktOm0l7qmDO5vW -2DcMSdFrf9bY4yP0/XiCgKIntl6xKC8FP6lBYl+fd4Jq1IkCTgQfAQoAOBYhBIDR -WCO3/RVh+fe83dww18I8u6vuBQJcsuZsFwyAAYyCPe0QqoBBY54SEFrOjW4MFKRw -AgcAAAoJENww18I8u6vu6IIP/RwycYXi/0bHlthWvS5dAfWlpkQBuG5ZZmxCgw0O -meTFPrIAMk2TZ7mgeiPGetwmvze+5QeRmy4zdSZfyaQWxcWoIE+oUaWEARLlSGIT -nDVn6fiAgjcqauT3Sw3EWp2UAVIvJOoz59aZI+msdglI82eSO+v/XoZ/Bk3KrwrA -ClCqsPfInXdodLeBbDxQ+CJGGjq87sjS6DM8LZFR6Y3rcJf9QbGSU1ZG+bjNb4nq -de29eIqhrJPcfh4p12ADNLUf0MFWh8KDkVOy9cqJH/GeYX3kPxl8cDD6s5PwEsrc -TIa1Iaw7cYSxRRZQJYeCf9//2kn4xQOzFwSoVDHLjg4tTgctLzcmiebqZAtoZGLA -QGDq2SrnPc9vK3z8VMgzrJM1pNkLrhAvTZtyyw85bq/SXUfymPnWDhk5071v6yfn -IMLtvzgA+FcybD6mRLC1tUFhfeqqVi5zbw1haunGnwodSTw/z2BcgR9fdCGA8ebv -Iwh8txQsDHNG10E8dWwF8pe/e8uSdagmITTE9QYN04rV/RRMY6WJ8+2pz12XQZmA -18BPljP2VIHZcBg5Cm2sSgjNA/rpwlGtAxA+ztimwnV39p90BAEVUco8AXXM9cBa -ya2pxNf5U0hj6xMG27FqIcdmmyKlys2m6kPLDuxrF0hPBIa3WM5jEKXercrsMGC+ -x9VoiQJOBB8BCgA4FiEEgNFYI7f9FWH597zd3DDXwjy7q+4FAlyy5mwXDIABMJkR -vqlm0GEwUwRXEbTl/xWw/YICBwAACgkQ3DDXwjy7q+6H7w/+OLbg5w8pGGnm1t0I -2QoLVKz3bNYLf0aJ5SwODYjXnQbLgcEjct/4gexTy3ahPR6zsX2cq0BGXH80A2nT -g9MP20BUOjtQnGjRozn9FotTOi5HsxoyIBcP5pfk2zcfcskpTJchqVhB5QXmw+vl -CIOtjSgLjrSPmRnhHqKR8bjMzvwo+jjCwTlWVBtjU9UnA1jRhvHzTp8SLC4HHY31 -yAiU6FbAlthC0UvCcw/c0FxEacZiy4tDYJUehV1e2tdwHf82yRamZq/wnU6iEM9I -KUNcxHKgpUxwOSK82urpP1gkDb3d8Qp5EVkhTuCO8C4ws6PvFIge21e+XgDLgeR2 -B6+SPU8yJdZIpYJeqN9eGjlym6J5YwBi4BSGEU8tiXvfg0ZC+zbcj809l70QMtKc -Cb7CFXQcIpfuBHuqQOkN0IphwtYTJ8u+EADFWwbTPqLrshN85BQQ44JNF/BSkl7j -ZnHJwUqMIwliP2xxBfeHBDiSaGkCju1xQh4fRB3ob2UA/W0AAAptuayUkKS1gMVu -e2Y32qzPOY7mwCKahLQ1wn8AB+jVhndHWMgNbDfJ02BtB3oGyvWDuUaS0XYKGncz -0AE8UNDyn2Xj4uESJFQZ3JP24FVGIDzVUJkYodF4mSZL/KIsjOXSBGitWB7uVlh6 -zZzuTkwSbiVvRj75r6xjmTJIlD+JAk4EHwEKADgWIQSA0Vgjt/0VYfn3vN3cMNfC -PLur7gUCXLLmbBcMgAHHT2rJ6TOzBn9S8z+kWexnFbBwXwIHAAAKCRDcMNfCPLur -7vrPD/9I5p00zJ42MW0wbAEY4QGjiAVRsv1Lw1VUokeT2h6s0sBhYn+SM+lTCAva -Pp7q0KGFjHOSVCIKlweCV/1Iw9EDuReLpfY2eKNFWRDj+lKYSI74Tos73sNHBRvp -5xXkFqLvNrBmTYfvcqr2FIDfF6LXAZb/yUg6NjE4E93kilwq8lh+3nPqM9apWo9H -6fr6rGfDt1hlrwUDzrI5O7R5tjjQ1dd79YPYBXS6Sbc3LI8mTH6HIKTVgOw1rsA8 -haEL1JwzFiCnbmIZ4s5dc2yc+ALpVc3OdUKrCTpU/AthQAu/RSXGN9AdjdLYPDGY -aFer3pZvN2Nrh1ZB8j+4MY1YiOp0qgLQSxaBqq/JRY7jVDNxMyNADZuf7ji4qeAp -9nbIiCWjK4oqKKmGG78BxVx05zTteWPtcxkVSsPMfOgjaEefagYLIgv8Be1+avVg -hboLXrOIrHCFPfV7WNeLcLD8Mwz7/JTFP+XobAvim06QSe5u/wJc85AFTKPV+oCx -dn0dE81bp2G9r4/ypROBBEkYnoFN1dhmysXs8c0xRAboK56WxWihVQhiK7fLOonM -zmceMeiaKsQufNoOQ1a3rO4qd4Dks4cwXWiGhWRXSFWY1cCbxP34oo/fFKAxLBdq -RhN/IjafU+tw5SygW/3mkMHKVxJ2Tb+726QPhb/cYfRfpX52+bRHRGViaWFuIEFy -Y2hpdmUgQXV0b21hdGljIFNpZ25pbmcgS2V5ICgxMC9idXN0ZXIpIDxmdHBtYXN0 -ZXJAZGViaWFuLm9yZz6JAlQEEwEKAD4WIQSA0Vgjt/0VYfn3vN3cMNfCPLur7gUC -XLLl5wIbAwUJDwmcAAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRDcMNfCPLur -7p8KD/4gCYmz6IjMnhsz8x9d5lP3h+wIdUdt0L0QCNceoHcblUFhqx74HwVMLFyY -k+8/WHrLry/N83mgWmP8GOeOsQG0+1Fpd+0ew1+smYagSjyON4crv8W47Yb48qfV -UwT9VRJqdW0zga6KD8F17I3ssOVr9pZTDHa33ykwzg4eUvBs4wYdb5dZMYJImgRA -NRzgeiw70LOMZyaPh6yu7i+qcDuVUP1R8xF14GWmKgczsNnOGvaHTo+lc8SSTwjb -OhkNOSN9X6EYdqXRgyeGGiLcgWL7cOmezLNVOV4pDUD1T0jOXMV/t+2hQaPNmIJO -2hFa4m8ewi4Yo7QUw9q/NToJNMwtr4ZeFH4taCfHbfIJBQE+BQJ1MXDckH95LFNF -v3Zfh9iwEXyM1P5IgcgGp5mh7Uzs+FfyNLBzIoC09Kgbtrgohihm5S7jJD7ghogW -tQP6Gvz1XWvXOmljv2ccJKezbL82ChED/uSBnWypPxs2zbtyEvX16QnwJsNZMrvT -Whh4/4jaDrM7wncmU4RoV96KwwTlx8V4XlkEielMCt1Po/9Ws3JbdcFKVEIUrLOB -p631evHuUG+mmBlGAX1k8uiEVK3Xvrn3wdDc8+tPSxDQ9GCnQ4YPOv4SU02eUB+q -tBs85NbpULxAweKyMumARNVuqC82viB2YryUZF5+JslFnmb8pokCMwQQAQgAHRYh -BOHPIN3/5LiegCZY8eCxGJT2auyYBQJcsuvcAAoJEOCxGJT2auyYoSMP/ApUnr+O -6qzfkCNkxWcyFe/cSLsjKYDNeneaGIVnffk1gwltQ6/x3403UYW+HWFMdOf+PzRu -KD0habntmdMZP3a1t0YiJkRF4rGX2rqBegesPiBp74fSlHtuy6cPWlu7PYi0qVs1 -uZWiUF3eBo9DhN5j0w0vTaEVBFh1reahhOw5SlTXj2ITGViJXcQtFgcn5CepbZ9q -cswgnCv5RU1qXUxqiOTT/zBmVdOsNiZil5X39L5t8GE6yNCNaQrm+JNM/OWPswEi -fOhN4eiCysIDwKxGLqFvrw3i18iV8zWjJ+sQO2jXeqVFaxfT3HR3S24RO9VpjtIw -s5VdFjhczkqEWAHV/VtERDgrhiEB3tVwrEARNGjuIEJvWEo643KRkI2w+KK7GB0R -p4meBXHhyDucffss/0t5NqZynjZ/DDGWa+bsk/l2BI3KvPi2NZXXCXkZHbDREQka -kjlQgsM8Cy0+a//TU2X+l7+aXHSbrwVlAfF6yA6Lf6yu/GTMyS08rs5pSwxWFucu -cYPgANGD+V6XLn490un7iewcjjml6VKbi0fEqHkUV953tgZtnQGgZ9k3KL7aNdAV -/GtIxc47sL8HEsWgvBOc6s1hXbw7v1+bvI8hS46bhxMYWmXgznAdQPB++Xlc5kHu -QMAyQfaxYui6cXZra6+26sKZv8xYmroQVzk9iQIzBBABCAAdFiEEbtb1y1+m+y9G -CuiO7aDSOIriK6kFAlyy7NwACgkQ7aDSOIriK6mzKhAAhd7CQ/3Bl9Cvk8x+Gt5N -EDnj80gLGKqxUxoRekSAp6Rkh4b7XOBbSb+LHgniPgmXZnnVhNChfAlSmnmS4i+c -hJbu9Y2B987exiNXdBYWE3VBMvzy8a5JbUF8Guqqb9DlzAaD3rHOUSOK3HWi+Rhf -9wdFKVzDUXku32v4fmxMSSTOqpXRj2iVnuKLCKR18hNiZK5ez434gQDqYDvHuU4/ -jzsXsG4nPKfxvSjZk6hykb0rWvxbmDA1RVTLKAdlL+nm1dNoJKRz7/OmHf/u5Voh -inSDhlXbtWHL1PO7mqgqst5+0qkjImENpsQE9lKAyyV8xo/PsS+pu6N6NPxyjfTL -tHHyBnUOwS09vvib8aVYSH+3GqCz0c0ZpmGaTeDT2fhdCBFs7DKV6HYT3DbnqBnj -tQF2PBFUSDJlbRafDAu2JwLVPC3QL/iYKUn6NQHQkrKPYp8uQAMSLLRCr8lGMCG6 -4oqsMcVXHv3QYrYqQE+83dNSsZa+BabYTyz+tZS9EtJkN65UgrRvRLPvVazAEmJq -uiHZxLuwEuSUmnpSfTY0KGGJMhzsN8AI98K1sqDjrUvmgHH7ACWj0hU3xzkd0yOG -RjH507xOBFNpgN9LsPpRe9h5vpisFOrJYeIp2hQcoPDKHvgdeyFau3qdOItI7S5b -KJUW7UvfXu0pH+HyydTpZX+JAjMEEAEKAB0WIQSA6XbxSlCKSOnKP+m8NyJSyhz5 -ZAUCXLLu7gAKCRC8NyJSyhz5ZKgGEACMep8c7JVSEd6hsrmET50hd8U3tlwzhlwj -uNM181mN1P1dV+Tcjprz+Dr3b5U3fuA+Irnijn3Vfvoa/DD5j79dzp8VVO5DlSzx -wTM8fnswlJtSv/NaCAFsErxX7Gi54lgwC1abuUor/YdNimij06hg5PRD8ZtjAM+j -N3OI64vPsmhS+QPD3sz1nuiuh59AXoBcVtND5Ej7nHcK3WOwf8xhvim5g+eyoaPS -T47WzawWjSK/SgBQVeJsU0B0vb+DQGemnd4QyVI5tGKWz+vw0iAXieUksqnIYDlt -NSUgru3I+M0L6cIl9C9oj+gvXn4vSwpuhwpSJZS7ratIrhvY+uShBq0T1gSy1buL -c6hkDvyS+dIqnEZzPfCBAog3Q5mPD0GZ5rzk/XJ9PPTgH4QEug57MvyYyFmvIDtQ -1ZmfAlxWcKFMCNEpuGhL3DcmZWqd+Fqs4Ik/UsEPQpSVhxcsLf8wDO1dIzJBamlF -4IJHImoHtsmMFGI9zwNDwBo1jPOKcPt3FbMlQw9KUht/H7Xg6pbRQ6yGVi9ppdiG -k1Eb5B/J72QjwSaVKhC1W/nPNZvF5NxRwImTW1i3Llyy06WebperF7/8Wksk1pHo -GKZHt5JS816DTfOVrsjkFqC66mJCYBy3vEPONJWOo9gohxA7V0SP9vMEZJa8UpaY -rDGyonjq4YkCVQQQAQoAPxYhBPv6vbVBtdyVW9m6btsWz1uxJSXEBQJcs4trIRpo -dHRwOi8vZ3BnLmdhbm5lZmYuZGUvcG9saWN5LnR4dAAKCRDbFs9bsSUlxKm/D/9p -B+G1mLPt2DZveRhLQXi9w0QJlmOH3Ec/KYZKLbrk74yV6hgJS5fP9NYMT5/89wDD -KajmXy30UpiX99Y1nOeSGV7xk0LikiVvv1ZQl3YhsIgyiHiCtYgVXxZPhFYhxHw5 -P+7Zdl00gkTilTBuVbaVQLH+S593MBla/IX7PXPZFyPkArh3pyDleiE3AQiU8EWo -0Zjhntrfa9VQtk79vC1ho0//p+W0EPyhiLl9nzRvxoCjveSMFw8Pn+Qr51FzC/Y+ -EGjYao0H2PLce4CcogWh2no0o1zeFSm8xoyGUgNczs0hMLkrQTkr2+YQj9NJ5oKd -hZM1uRzsJ/DDXaEQTZjj2iIyU8e0E/OhOaq3OnTMVeiZEy5ZvyfyYlkzb5Qmcufv -OCh5rFtUj5+6TGl3ywRyTrs21MjCVwggBn2KU0Kg/gqh2IkPavlV+LecH6CJwplA -lsH1cnnnm2RJwOQhcdAAjbpjvkAVi4k+XJGnVZaeU1KCG8nmVSWdKd60Li4EOPlO -swc5K9GmPFjEfHkY6dynKbzMh8ukSozSF2f7Z0wL+c53jMCHpZ/UZUBqNjmhKcoS -PCME5pKP9rUr+L+sucw9gNC9mwWRTj6KbjLWo7fvQpJaBvcbYNIpKU7ViBe4Blvb -Sl0Me56Cmew4s8G5T2cpUG2Aumg/Rr5lR+MXdfGjVLkCDQRcsuXnARAArgqqMQG0 -iABrEdAG6Twzp+wZV7r/2IVqJyhnGyu0+yoOcYqai9eeP8XM3yZk1Y95FE09g7RJ -2jacyhhC5Tsrg+GVJ/1eSsvudegZn+QnqEZ7HrmwJsYKFKhntak11Tvvhsw08sKM -4KVoxZSmMgBq84OUW95ILySM9vm8ge1+aYgr70flXhKne+o1VKeHWlovtmIGpWaJ -7fCHj95pDoJhe6uUkmEIJzMrNIaM7FQ0r4GdBYwqDImW07zMRWk80Av7uf6f+5xc -v27y2yW8ZjKF5u0ZKWln+VZX4EfUdCgJ/0LeV/v9gVbCeanNqGJB6k6DpKu6IzGz -KXi7rHFi1GiuoiVgy9Svx27iRpJaykLxnGFn8C7Lpzo9q034gGIWLwQnjT1FdPya -2pFV1VHNFZQ3JnQRJwE8yGhw/5bpllaUUJKvydSWvBMgOscEHQdtRnA4IMUXrHGV -IhYN/awYkjhubeVJuhbsxaQDqpdAodaoIz20PVBfE+XFbfnLCBwxgzR/m+mE0iW1 -GCOBSoFw5SPQBihCF/PPBjqQjZKJz1btUvrv7gpLNuLEyA0RsHBFGqtqvT1K4Hvx -6Y7di35/Nm/Jgty2e75vMSGUm1B+G2pFjEypZjtOckOHQ9hVN4svvMJGFnqcwZIa -gMF+67twWmv/AVb5CovsXLKv1qTzplRJWiEAEQEAAYkEcgQYAQoAJhYhBIDRWCO3 -/RVh+fe83dww18I8u6vuBQJcsuXnAhsCBQkPCZwAAkAJENww18I8u6vuwXQgBBkB -CgAdFiEEAUbcbUoLKRS97TTbZIrP1iLz0TgFAlyy5ecACgkQZIrP1iLz0TiL/g// -UwdPym98fCTVZJ+HwHId+Ssqo6vTgxA/6DLGRvFILie40vA4OnFrozusDVh/x+Vv -+pxbtdw3w16kfpDifKicx2o4ZyEYl30pdVuBmSEOhFvI3ZgN6P79/Dv3KhD3QQPK -OMSxXO2vCh7BebmpfT2rdukgFED9vxbj1Ec7IMfm4VobFJZaFXZKsTBc09MQU2Bm -1JvtzINsdwzp/sFTilxmqO7kX4DmTM3k1KYmMkx7xq5KUaxSORZHIqDcIy74pOIw -TuvHN98cYujCKFDk0MfHBovXPUnFHFxd+OgSEbxGnb4Uuus1h89VIU5xviQHPGe0 -T9qG6tUBvFuCkPzcWxUg4AN6nxZz8stZHhd0ceuSDeYnGBk6X/eEcYmy/kEbJEqj -f+kuY4VFIDkShnnDrKchyoi/LmkfvW4fOEtTpmB8nkflolKfVaN2dEo2hyma3iKC -5zp8n8hlNwhkt3DiGyYXU0RD7JAbX4jVZSVov5PhAjmrEksxslv/ICrAJ7zfCx62 -zzm37TGwiQJTWQsIcQ2PRPWFWk/CHAVjNPsu2QpMsGUWccGUOI6a70LsVnnufLzt -c73TM37Jv9hCXljRvVRikTy+StjFZlVQdXoZvNJhhIE/W+/iNoBvChD8pKSWe6RJ -Yto5CxCQtN6IKgAiUtoXusAgFSB7TZ5CJF1NFZ0VQabJcw/9GunyNNj+RRdMXbHI -VbrDQoqKY1FAhIUE0cURfkVE7z0mYUUZ5bwILchQsvwVsQKorVmryh1fgaYCOi+H -4kvmhljN9HqB9I7vgRaYAJ3qwgYIUselclYN4SNniHzatRMROppUMs9W5ytENGhx -oPARiZpRVL+rPPaFdip33c27pVdNAU/lRq2ZpzkdSTv+2V9GmVfDtcKv9A4uDqJ9 -7ttgZCaifNbHShzMEWRCXSsT7/52XB7KlxmAynwPNMLeM+/0JTCLyFBEvyejvgCM -GqgvMDEddarHhd6ChdXLJLBAeXVBGRygWcDBO5rX8GPMb0y5/yE+UVprkx3jSb2m -sl9nUW2UcOhfrtu+CPS3qazu6h/QkTwitzAFSn57DtGmwKLzqk63g9TgcjBg1HtZ -S66DzdsJ4Y6Iy51oNyHx3EBLzmdFfxKAeABsapvJl7fhiC93CC3hZTKUyBjr6Dru -I2wktWCAAMHFE0eeyIreCHdzzMtu+V2H+X9GJMxzd5jOYBI3vy946R2jG5gX+WyD -calvWyo8N+XrZKD8NQnWQ/BocU9r5S5aJFcovdcmm1s1Ymdlo5Yuk8WHZDOsSf38 -VzY12szoQ9eMbBJOH7MhseS/gIWC/4x1eEEhGbPQbkzKZlJifv+55Mqqq7emGyBG -qn8+ouVQUr65+xcIST13Ffg80zc= -=5Cty ------END PGP PUBLIC KEY BLOCK----- diff --git a/mkimage b/mkimage index 1386f982..962ddf54 100755 --- a/mkimage +++ b/mkimage @@ -8,7 +8,6 @@ ROOT=$(cd "$(dirname "$0")" && pwd) TARGET=${1:?Specify the target filename} DIST=${2:-stable} PLATFORM=${3:-$(dpkg --print-architecture)} -SNAPSHOT_ID=${4:-} LOGFILE=${TARGET}.log @@ -23,10 +22,6 @@ cp -a "${ROOT}/debootstrap/"* "${DEBOOTSTRAP_DIR}/scripts" KEYRING=$DEBOOTSTRAP_DIR/debian-archive-keyring.gpg -if [ -f "${ROOT}/keys/${DIST}.gpg" ]; then - gpg --no-default-keyring --keyring "$KEYRING" --import "${ROOT}/keys/${DIST}.gpg" -fi - use_qemu_static() { [[ "$PLATFORM" == "arm64" && ! ( "$(uname -m)" == *arm* || "$(uname -m)" == *aarch64* ) ]] } @@ -39,6 +34,7 @@ DIRS_TO_TRIM="/usr/share/man /usr/share/locale /var/log /usr/share/info +/dev " debootstrap_arch_args=( ) @@ -76,19 +72,16 @@ fi rootfs_chroot bash debootstrap/debootstrap --second-stage repo_url="http://deb.debian.org/debian" -sec_repo_url="http://security.debian.org/" - -if [ -n "$SNAPSHOT_ID" ]; then - repo_url="http://snapshot.debian.org/archive/debian/${SNAPSHOT_ID}/" - sec_repo_url="http://snapshot.debian.org/archive/debian-security/${SNAPSHOT_ID}/" -fi +sec_repo_url_1="${repo_url}-security" +sec_repo_url_2="http://security.debian.org/debian-security" echo -e "deb ${repo_url} $DIST main" > "$rootfsDir/etc/apt/sources.list" -if [ "$DIST" == "bullseye" ]; then +if [ "$DIST" == "bookworm" ] || [ "$DIST" == "trixie" ]; then + echo "deb ${repo_url} $DIST-updates main" >> "$rootfsDir/etc/apt/sources.list" + echo "deb ${sec_repo_url_1} $DIST-security main" >> "$rootfsDir/etc/apt/sources.list" +elif [ "$DIST" == "bullseye" ]; then echo "deb ${repo_url} $DIST-updates main" >> "$rootfsDir/etc/apt/sources.list" - echo "deb ${sec_repo_url} $DIST-security main" >> "$rootfsDir/etc/apt/sources.list" -elif [ "$DIST" != "unstable" ]; then - echo "deb ${sec_repo_url} $DIST/updates main" >> "$rootfsDir/etc/apt/sources.list" + echo "deb ${sec_repo_url_2} $DIST-security main" >> "$rootfsDir/etc/apt/sources.list" fi rootfs_chroot apt-get update diff --git a/pushall b/pushall index 84f4412e..226730b8 100755 --- a/pushall +++ b/pushall @@ -4,23 +4,16 @@ set -e set -u set -o pipefail -DISTS="jessie -stretch -buster +DISTS="bullseye +bookworm " -DISTS_WITH_SNAPSHOT="buster" -LATEST=buster +LATEST=bookworm BASENAME=bitnami/minideb -GCR_BASENAME=gcr.io/bitnami-containers/minideb if [ -n "${DOCKER_PASSWORD:-}" ]; then docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD" fi -if [ -n "${GCR_KEY:-}" ]; then - gcloud auth activate-service-account "$GCR_EMAIL" --key-file <(echo "$GCR_KEY") -fi - ENABLE_DOCKER_CONTENT_TRUST=0 if [ -n "${DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE:-}" ] && [ -n "${DOCKER_CONTENT_TRUST_REPOSITORY_KEY:-}" ]; then tmpdir=$(mktemp -d) @@ -34,27 +27,13 @@ fi push() { local dist="$1" DOCKER_CONTENT_TRUST=${ENABLE_DOCKER_CONTENT_TRUST} docker push "${BASENAME}:${dist}" - gcloud docker -- push "${GCR_BASENAME}:${dist}" } for DIST in $DISTS; do - docker tag "${BASENAME}:${DIST}" "${GCR_BASENAME}:${DIST}" push "$DIST" done -if [ -f "build/snapshot_id" ]; then - snapshot_id=$(cat build/snapshot_id) - - for DIST in $DISTS_WITH_SNAPSHOT; do - TAG="${DIST}-snapshot-${snapshot_id}" - - docker tag "${BASENAME}:${TAG}" "${GCR_BASENAME}:${TAG}" - push "${TAG}" - done -fi - docker tag "${BASENAME}:${LATEST}" "${BASENAME}:latest" -docker tag "${GCR_BASENAME}:${LATEST}" "${GCR_BASENAME}:latest" push latest diff --git a/pushmanifest b/pushmanifest index 88be21c9..77d5101c 100755 --- a/pushmanifest +++ b/pushmanifest @@ -4,18 +4,16 @@ set -e set -u set -o pipefail -DISTS=${DISTS:-"stretch -buster -bullseye +DISTS=${DISTS:-"bullseye +bookworm +trixie latest "} -DISTS_WITH_SNAPSHOT=${DISTS_WITH_SNAPSHOT:-buster} BASENAME=bitnami/minideb -GCR_BASENAME=gcr.io/bitnami-containers/minideb +DOCKER_REGISTRY=${DOCKER_REGISTRY:-"docker.io"} PLATFORMS=${PLATFORMS:-amd64 arm64} DRY_RUN=${DRY_RUN:-} -SNAPSHOT_ID=${SNAPSHOT_ID:-} read -r -a ARCHS <<<"$PLATFORMS" run_docker() { @@ -42,14 +40,7 @@ list_includes() { } if [ -n "${DOCKER_PASSWORD:-}" ]; then - echo "$DOCKER_PASSWORD" | run_docker login -u "$DOCKER_USERNAME" --password-stdin -fi - -if [ -n "${GCR_KEY:-}" ]; then - gcloud auth activate-service-account "$GCR_EMAIL" --key-file <(echo "$GCR_KEY") - gcloud auth print-access-token | run_docker login -u oauth2accesstoken --password-stdin gcr.io -elif [ -n "${GCR_TOKEN:-}" ]; then - echo "${GCR_TOKEN:-}" | run_docker login -u oauth2accesstoken --password-stdin gcr.io + echo "$DOCKER_PASSWORD" | run_docker login -u "$DOCKER_USERNAME" --password-stdin "${DOCKER_REGISTRY}" fi push_manifest() { @@ -69,18 +60,9 @@ tags=() for DIST in $DISTS; do tags+=("$DIST") - if list_includes "$DISTS_WITH_SNAPSHOT" "$DIST" ; then - tags+=("$DIST-snapshot-${SNAPSHOT_ID:-$(./snapshot_id)}") - fi done -repositories=("$BASENAME") - -if [[ -n "${GCR_KEY:-}" || -n "${GCR_TOKEN:-}" ]]; then - repositories+=("$GCR_BASENAME") -else - echo "Skipping repository gcr.io (empty password)" -fi +repositories=("${DOCKER_REGISTRY}/${BASENAME}") for tag in "${tags[@]}"; do for repo in "${repositories[@]}"; do diff --git a/pushone b/pushone index 9abea993..55e33c64 100755 --- a/pushone +++ b/pushone @@ -8,17 +8,10 @@ DIST=${1:?Specify the distrubution name} PLATFORM=${2:-amd64} BASENAME=bitnami/minideb -GCR_BASENAME=gcr.io/bitnami-containers/minideb +DOCKER_REGISTRY=${DOCKER_REGISTRY:-"docker.io"} if [ -n "${DOCKER_PASSWORD:-}" ]; then - echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin -fi - -if [ -n "${GCR_KEY:-}" ]; then - gcloud auth activate-service-account "$GCR_EMAIL" --key-file <(echo "$GCR_KEY") - gcloud auth print-access-token | docker login -u oauth2accesstoken --password-stdin gcr.io -elif [ -n "${GCR_TOKEN:-}" ]; then - echo "${GCR_TOKEN:-}" | docker login -u oauth2accesstoken --password-stdin gcr.io + echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin "${DOCKER_REGISTRY}" fi ENABLE_DOCKER_CONTENT_TRUST=0 @@ -33,11 +26,8 @@ fi push() { local dist="$1" - DOCKER_CONTENT_TRUST=${ENABLE_DOCKER_CONTENT_TRUST} docker push "${BASENAME}:${dist}" - docker push "${GCR_BASENAME}:${dist}" + docker tag "${BASENAME}:${dist}" "${DOCKER_REGISTRY}/${BASENAME}:${dist}" + DOCKER_CONTENT_TRUST=${ENABLE_DOCKER_CONTENT_TRUST} docker push "${DOCKER_REGISTRY}/${BASENAME}:${dist}" } -docker tag "${BASENAME}:${DIST}-${PLATFORM}" "${GCR_BASENAME}:${DIST}-${PLATFORM}" - push "$DIST-${PLATFORM}" - diff --git a/qemu_build b/qemu_build index 4f91047a..2ab505ab 100755 --- a/qemu_build +++ b/qemu_build @@ -49,7 +49,6 @@ fi DIST=$1 PLATFORM=${2:-amd64} -DEBIAN_SNAPSHOT_ID=${3:-} make .installed-qemu mkdir -p .kvm-images/{amd64,arm64} @@ -145,7 +144,7 @@ do_ssh "apt-get update && apt-get install -y docker-ce docker-ce-cli containerd. rsync -avz -e "ssh -o 'StrictHostKeyChecking=no' -o 'UserKnownHostsFile=/dev/null' -p 5555 -i $pub_key_dir/id_rsa" --exclude ".git" --exclude ".installed-requirements" --exclude ".kvm-images" --exclude "build" --exclude "ssh" ./ "root@localhost:/build/." do_ssh "cd /build/ && make .installed-requirements" -do_ssh "cd /build/ && ./buildone \"$DIST\" \"$PLATFORM\" \"$DEBIAN_SNAPSHOT_ID\"" +do_ssh "cd /build/ && ./buildone \"$DIST\" \"$PLATFORM\"" rsync -avz -e "ssh -o 'StrictHostKeyChecking=no' -o 'UserKnownHostsFile=/dev/null' -p 5555 -i $pub_key_dir/id_rsa" "root@localhost:/build/build/$DIST.tar" "./$TARGET_FILE" current_ts="$(date -u +%Y-%m-%dT%H:%M:%S.%NZ)" diff --git a/snapshot_id b/snapshot_id deleted file mode 100755 index 083cd056..00000000 --- a/snapshot_id +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash - -set -e -set -u -set -o pipefail - -snapshot_tmp_dir=$(mktemp -d) -mkdir -p "${snapshot_tmp_dir}" - -get_latest_month_query() { - local -r snapshot_archive_tmp_file="${snapshot_tmp_dir}/archive.html" - - curl -sSfL "https://snapshot.debian.org/archive/debian/" > "$snapshot_archive_tmp_file" - - local -r month_query_regex="(\?year=\d\d\d\d&month=\d+)" - local -r month_query=$(grep -Po "${month_query_regex}" "${snapshot_archive_tmp_file}" | tail -1) - - [[ -z "$month_query" ]] && echo "Not found snapshots using the following regex: ${month_query_regex}" && return 1 - - echo "$month_query" -} - -get_latest_debian_snapshot_id() { - local -r snapshot_list_tmp_file="${snapshot_tmp_dir}/month-snapshots.html" - - ! month_query=$(get_latest_month_query) && return 1 - - curl -sSfL "https://snapshot.debian.org/archive/debian/$month_query" > "$snapshot_list_tmp_file" - - local -r snapshot_id_regex="(\d+T.*Z)" - local -r snapshot_id=$(grep -Po "${snapshot_id_regex}" "${snapshot_list_tmp_file}" | tail -1) - - [[ -z "$snapshot_id" ]] && echo "Not found snapshot id using the following regex: ${snapshot_id_regex}" && return 1 - - echo "$snapshot_id" -} - -get_latest_debian_snapshot_id -rm -rf "${snapshot_tmp_dir}" diff --git a/test b/test index a0bae2e2..101fa439 100755 --- a/test +++ b/test @@ -76,9 +76,6 @@ desc "Checking that the terminfo is valid when running with -t (#17)" echo "" | test_extra_args '-t' bash -c 'install_packages procps && top -d1 -n1 -b' MYSQL_PACKAGE=default-mysql-server -if [[ "$DIST" == "jessie"* ]]; then - MYSQL_PACKAGE=mysql-server -fi # See https://github.com/bitnami/minideb/issues/16 desc "Check that we can install mysql-server (#16)"