RELEASE_NAME=bookworm RELEASE_NO=12 TARGET_DIR=./rootfs_${RELEASE_NAME} SOURCES_DATE=20231007T150030Z RELEASE_DATE="2023-10-07T15:00:30Z" ROOTFS_TAR=rootfs_${RELEASE_NAME}-${SOURCES_DATE}.tar.xz KEYRING_DATE=2023.4 KEYRING=${KEYRING_DIR}/${RELEASE_NAME}-${SOURCES_DATE}_Release.gpg HOST_KEYS=yes # Signing keys that are current should be downloaded, where signing keys have # been removed set HOST_KEYS to yes. echo "***** set keyring." if [ "${HOST_KEYS}" ]; then # debian-archive-keyring provides: # /usr/share/keyrings/debian-archive-removed-keys.gpg # /usr/share/keyrings/debian-archive-keyrings.gpg # KEYRING="/usr/share/keyrings/debian-archive-removed-keys.gpg" KEYRING="/usr/share/keyrings/debian-archive-keyring.gpg" else # Use release keys from snapshot rather than removed keys from hosts debian-archive-keyring package. # wget -q -c https://ftp-master.debian.org/keys/release-${RELEASE_NO}.asc -qO- | \ # gpg --import --no-default-keyring --keyring ./debian-${RELEASE_NO}.gpg # KEYRING="./debian-${RELEASE_NO}.gpg" wget -c -qO "${KEYRING}" http://snapshot.debian.org/archive/debian/${SOURCES_DATE}/dists/${RELEASE_NAME}/Release.gpg fi echo "***** initialize the chroot." # Be explicit with the debootstrap script (jessie name collision under devuan) DEBOOTSTRAP_SCRIPT="/usr/share/debootstrap/scripts/${RELEASE_NAME}" if [ ! -d ${TARGET_DIR} ]; then debuerreotype-init --keyring "${KEYRING}" --debootstrap-script ${DEBOOTSTRAP_SCRIPT} ${TARGET_DIR} ${RELEASE_NAME} ${RELEASE_DATE} else echo "Target dir exists: ${TARGET_DIR} skipping init." fi # catch the failure of init. if [ ! -f ${TARGET_DIR}/debuerreotype-epoch ]; then echo "***** init failed to create the epoch file." else echo "***** Found: $(ls ${TARGET_DIR}/debuerreotype-epoch)" fi echo "***** install snapshot keyring." mkdir -p ${TARGET_DIR}/var/tmp wget -c -q -O ${TARGET_DIR}/var/tmp/debian-archive-keyring_${KEYRING_DATE}_all.deb https://snapshot.debian.org/archive/debian/${SOURCES_DATE}/pool/main/d/debian-archive-keyring/debian-archive-keyring_${KEYRING_DATE}_all.deb || exit 1 debuerreotype-chroot ${TARGET_DIR} bash -c 'dpkg -i /var/tmp/debian-archive-keyring*deb && apt-get -y install' debuerreotype-chroot ${TARGET_DIR} bash -c "apt-key update" # This must match the output of `apt-key list` in the base image which sometimes changes between releases. # jessie apt 1.0.9.8.4 echo "***** Adding finger prints." debuerreotype-chroot ${TARGET_DIR} bash -c "keys=\"\$(apt-key finger | grep -v '\[expired' | grep 'Key fingerprint =' | awk -F' = ' '{getline;print substr(\$0, length(\$0)-18)}' | sed 's/ //g')\"; IFS=$'\n'; while read -r key; do apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 \$key; done <<< \$keys" # bullseye apt 2.6.1devuan1 # debuerreotype-chroot ${TARGET_DIR} bash -c "keys=\"$(apt-key finger | grep -v '\[expired' | awk -F' ' '/pub/{getline;print substr($0, length($0)-18)}' | sed 's/ *//g')\"; IFS=$'\n'; while read -r key; do apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 \$key; done <<< \$keys" echo "***** Adding sources." mkdir -p ${TARGET_DIR}/etc/apt # cat > ${TARGET_DIR}/etc/apt/sources.list << EOF # deb http://snapshot.debian.org/archive/debian/${SOURCES_DATE}/ ${RELEASE_NAME} main contrib non-free # deb http://snapshot.debian.org/archive/debian-security/${SOURCES_DATE}/ ${RELEASE_NAME}-security/updates main contrib non-free # EOF # cat > ${TARGET_DIR}/etc/apt/sources.list << EOF # deb [trusted=yes] http://snapshot.debian.org/archive/debian/${SOURCES_DATE}/ ${RELEASE_NAME} main contrib non-free # deb [trusted=yes] http://snapshot.debian.org/archive/debian-security/${SOURCES_DATE}/ ${RELEASE_NAME}-security/updates main contrib non-free # EOF # DEB822-STYLE FORMAT - see https://manpages.debian.org/bookworm/apt/sources.list.5.en.html#DEB822-STYLE_FORMAT https://repolib.readthedocs.io/en/latest/deb822-format.html cat <<-EOF | sudo tee ${TARGET_DIR}/etc/apt/sources.list.d/debian.sources Enabled: yes Types: deb URIs: http://snapshot.debian.org/archive/debian/${SOURCES_DATE} Suites: ${RELEASE_NAME} ${RELEASE_NAME}-updates Components: main contrib non-free Check-Valid-Until: no PDiffs: yes # Trusted: yes Signed-By: ${KEYRING} Enabled: yes Types: deb URIs: http://snapshot.debian.org/archive/debian-security/${SOURCES_DATE} Suites: ${RELEASE_NAME}-security Components: main contrib non-free Check-Valid-Until: no PDiffs: yes # Trusted: yes Signed-By: ${KEYRING} EOF # The signed-by public key requires a single space prefix to be recognized as part of the above, otherwise unrecognized lines will be ignored. Make sure the key is ASCII armored. If you have an unarmorred one, just use gpg --keyring=/public/key.gpg --armor --export # Signed-By: # -----BEGIN PGP PUBLIC KEY BLOCK----- # . # mQINBGF5YIABEACnop+0P287u+2dzExoGpe109KHHd1eaj/ULDQZz0A47qJYaOld # pGqsRq6EUbzrVxGaAsSDfCwlQ4hutP9uH0ekdIr+/te6pbrYYiUvAUthibbq0mm7 # zhpIa8saXLLyImygrPgZpfY3X8l4uWG33hMeU7OHOfReZzycfVxAzENlkomejP+W # wvzliqz+TYWO7esh730hud0tFYzQjmRtL3UGIFI5sCJkR1NzMqHup/PW4BYM1zZu # vXPGqyCLaoPV8WQz2Uq5DnX+wmTi2+s/42XbMGzyJVqXx8tjMBQlRHFpvjV1FfYc # s7niQRnwz6wAZTitIgBYBPAPbGEIE2bi+Njur/z9ys3/Zp5CZOpKkF7TzW39tgvN # ITq7oTO8DszCfVNrWARBOrWPy3NuAA9xvH1BWdZ7iaVP5UcAaHPG5rg3QGBGJ1HE # UDYBDnr5GNlBvuv53MqwaThGRAwNyajO78JYuOFfz+DkvgJg9tMITThG3gpfek9Z # TyHdN1/xZKQziMXNEgcx5CLJMoUCEMiAMKOB+Tng9HQzeCbOLTgugfzGrg2lRTnB # Vy9o9SxuVBc5nCR1LbfpeDv+MVduYM6aZAFBHA0h8bc5svCMYHyyrfaigb75c/4q # tg/Lg8GIhStw1za0bdxF8N6yPZvWztQfoQqTnTpldxLc4gkYjYE4IVKfowARAQAB # tDdTcG90aWZ5IFB1YmxpYyBSZXBvc2l0b3J5IFNpZ25pbmcgS2V5IDx0dXhAc3Bv # dGlmeS5jb20+iQJUBBMBCAA+FiEE+aIRl27WYvAOWTYeXjxF17MSxkMFAmF5YIAC # GwMFCQJRQwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQXjxF17MSxkOYbQ// # VgFX2fJTUPAPR4oa79DJi0255lXhv6ZXDW/Yv6W4ycu1iIEXbDYNqBqhL1zwdphk # Pg49LC0NkVWP3/n5WvbmJP7gfyl344ZPVeaz23ISFM8J9WlxuBonA/KSw7OCkf1+ # b+TxDb8An29hMAknwAQnLZGCoEroe3BPn9qmpbIBkkoRHFWCOAjdY98Arbq19s2k # 68wSeiGS+DcCvDOhnPxbf8M16cew/LDFpFAmbT7HhaFwN4VTLTa4gA3X9csGXMts # jBqgk2NggoYu1ZF5P3Vt0HzqjaSlLgFe3c+HEZELPMES/zRtxO1VJv5cA9CjYu3c # ldRlLdY35Y3CeEVzfqq6D8G1av1zpNDXjBk6zr9ZPeu1k5zOpxN008CshF82MZDd # ymhbb/LMoY4OR1UwFPA8DwJGUE2Nb0PBrAKxpSQFuxM/iQsw1r362ZM6O3Kwyu3Y # pCEKlbuYKKBnsBRwLY1KjhXh9ngqjxSoudwZSUtpRXp7O9SoFvUgdYsCRJuSrq/2 # qYkYgkXb9XaX1nh52tYPt50mNlceybVaKb5lDoBE6clWlBKasPAyLvjxV5RrBAKf # adxHn0judK6HunANmZbMV4fkO7MhtyletK88dWKKgtLkVTSnoXz0xYe04LPUHDo+ # VhHeq7s/LpSTlMRs/WeB/Arue2+XuXfVEVdtDi7Mg/Q= # =GrS9 # -----END PGP PUBLIC KEY BLOCK----- # cat > ${TARGET_DIR}/etc/apt/sources.list << EOF # deb [signed-by=${SNAPSHOT_KEY}] http://snapshot.debian.org/archive/debian/${SOURCES_DATE}/ ${RELEASE_NAME} main contrib non-free # deb [signed-by=${SNAPSHOT_KEY}] http://snapshot.debian.org/archive/debian-security/${SOURCES_DATE}/ ${RELEASE_NAME}-security/updates main contrib non-free # EOF # DEB822-STYLE FORMAT - see https://manpages.debian.org/bookworm/apt/sources.list.5.en.html#DEB822-STYLE_FORMAT # cat <<-EOF | sudo tee ${TARGET_DIR}/etc/sources.list.d/debian.sources # Types: deb # URIs: http://snapshot.debian.org/archive/debian/${SOURCES_DATE} # Suites: ${RELEASE_NAME} ${RELEASE_NAME}-updates # Components: main contrib non-free # Signed-By: ${SNAPSHOT_KEY} # # Types: deb # URIs: http://snapshot.debian.org/archive/debian-security/${SOURCES_DATE} # Suites: ${RELEASE_NAME}-security # Components: main contrib non-free # Signed-By: ${SNAPSHOT_KEY} # EOF echo "***** Adding apt config. Snapshot fixes." mkdir -p ${TARGET_DIR}/etc/apt/apt.conf.d/ cat > ${TARGET_DIR}/etc/apt/apt.conf.d/10_snapshot-fixes << EOF Acquire::Check-Valid-Until "false"; Acquire::http::Dl-Limit "1000"; Acquire::https::Dl-Limit "1000"; Acquire::Retries "5"; EOF echo "***** Adding apt config. No recommends." cat > ${TARGET_DIR}/etc/apt/apt.conf.d/99z_recommends << EOF APT::Install-Recommends "0"; APT::AutoRemove::RecommendsImportant "false"; EOF echo "***** Adding apt config. No suggests." cat > ${TARGET_DIR}/etc/apt/apt.conf.d/99z_suggests << EOF APT::Install-Suggests "0"; APT::AutoRemove::SuggestsImportant "false"; EOF echo "***** Running apt-get update." debuerreotype-apt-get ${TARGET_DIR} update -qq debuerreotype-recalculate-epoch "${TARGET_DIR}" debuerreotype-apt-get ${TARGET_DIR} install -y --force-yes apt-transport-https ca-certificates debian-archive-keyring sudo debuerreotype-chroot ${TARGET_DIR} bash -c 'update-ca-certificates' debuerreotype-apt-get ${TARGET_DIR} dist-upgrade -yqq mkdir -p ${TARGET_DIR}/var/tmp #cp packages.list_tonny-20170617T034212Z rootfs/var/tmp/packages.list echo "***** Installing dselect." debuerreotype-apt-get ${TARGET_DIR} install -y --force-yes dselect # This should be done in the Dockerfile. #debuerreotype-chroot ${TARGET_DIR} bash -c "dpkg --set-selections 2>&1 < /var/tmp/packages.list" # This should be done in the Dockerfile. # echo "***** Installing evolution." # debuerreotype-chroot ${TARGET_DIR} bash -c 'dselect update' # debuerreotype-apt-get ${TARGET_DIR} install -y -u dselect-upgrade # debuerreotype-apt-get ${TARGET_DIR} install -y --force-yes evolution dbus-x11 debuerreotype-apt-get ${TARGET_DIR} install -y -f echo "***** Minimizing and slimifying." debuerreotype-minimizing-config ${TARGET_DIR} debuerreotype-slimify ${TARGET_DIR} echo "***** Taring the rootfs." debuerreotype-tar ${TARGET_DIR} ${ROOTFS_TAR} # Remove the dated copy before creating the new one. rm -rf ${TARGET_DIR}-${SOURCES_DATE} mv ${TARGET_DIR} ${TARGET_DIR}-${SOURCES_DATE} # Copy this script to a corresponding dated version. SCRIPT_NAME="$(basename "$0")" cp ./"${SCRIPT_NAME}" ./"${SCRIPT_NAME}-${SOURCES_DATE}"