149 lines
6.5 KiB
Bash
149 lines
6.5 KiB
Bash
RELEASE_NAME=wheezy
|
|
RELEASE_NO=7
|
|
TARGET_DIR=./rootfs_${RELEASE_NAME}
|
|
SOURCES_DATE=20170617T034212Z
|
|
RELEASE_DATE=2014-12-06T09:59:32Z
|
|
# SOURCES_DATE=20170617T034212Z
|
|
# RELEASE_DATE=2014-12-06T09:59:32Z
|
|
ROOTFS_TAR=rootfs_${RELEASE_NAME}-${SOURCES_DATE}.tar.xz
|
|
KEYRING_DATE=2017.5
|
|
KEYRING=${KEYRING_DIR}/${RELEASE_NAME}-${SOURCES_DATE}_Release.gpg
|
|
HOST_KEYS=yes
|
|
|
|
|
|
# Signing keys that are current should be downloaded, where signing keys have
|
|
# been removed set HOST_KEYS to yes.
|
|
echo "***** set keyring."
|
|
if [ "${HOST_KEYS}" ]; then
|
|
# debian-archive-keyring provides /usr/share/keyrings/debian-archive-removed-keys.gpg
|
|
KEYRING="/usr/share/keyrings/debian-archive-removed-keys.gpg"
|
|
else
|
|
# Use release keys from snapshot rather than removed keys from hosts debian-archive-keyring package.
|
|
# wget -q -c https://ftp-master.debian.org/keys/release-${RELEASE_NO}.asc -qO- | gpg --import --no-default-keyring --keyring ./debian-${RELEASE_NO}.gpg
|
|
# KEYRING="./debian-${RELEASE_NO}.gpg"
|
|
wget -c -qO "${KEYRING}" http://snapshot.debian.org/archive/debian/${SOURCES_DATE}/dists/${RELEASE_NAME}/Release.gpg
|
|
fi
|
|
|
|
|
|
echo "***** initialize the chroot."
|
|
# NB. wheezy debootstrap segfaults without the host kernel being booted with
|
|
# vsyscall=emulate it may also require an older kernel.
|
|
# See: "This breaks (e)glibc 2.13 and earlier, which may still be installed in
|
|
# a chroot or container environment based on Debian 7, or earlier."
|
|
# Even with this the programs within the running docker container will segfault
|
|
# on newer kernels.
|
|
|
|
# Be explicit with the debootstrap script (jessie name collision under devuan)
|
|
DEBOOTSTRAP_SCRIPT="/usr/share/debootstrap/scripts/${RELEASE_NAME}"
|
|
if [ ! -d ${TARGET_DIR} ]; then
|
|
debuerreotype-init --keyring "${KEYRING}" --debootstrap-script ${DEBOOTSTRAP_SCRIPT} ${TARGET_DIR} ${RELEASE_NAME} ${RELEASE_DATE}
|
|
else
|
|
echo "Target dir exists: ${TARGET_DIR} skipping init."
|
|
fi
|
|
|
|
# catch the failure of init.
|
|
if [ ! -f ${TARGET_DIR}/debuerreotype-epoch ]; then
|
|
echo "***** init failed to create the epoch file."
|
|
else
|
|
echo "***** Found: $(ls ${TARGET_DIR}/debuerreotype-epoch)"
|
|
fi
|
|
|
|
|
|
echo "***** install snapshot keyring."
|
|
mkdir -p ${TARGET_DIR}/var/tmp
|
|
wget -c -q -O ${TARGET_DIR}/var/tmp/debian-archive-keyring_${KEYRING_DATE}_all.deb https://snapshot.debian.org/archive/debian/${SOURCES_DATE}/pool/main/d/debian-archive-keyring/debian-archive-keyring_${KEYRING_DATE}_all.deb || exit 1
|
|
|
|
debuerreotype-chroot ${TARGET_DIR} bash -c 'dpkg -i /var/tmp/debian-archive-keyring*deb && apt-get -y install'
|
|
debuerreotype-chroot ${TARGET_DIR} bash -c "apt-key update"
|
|
|
|
# This must match the output of `apt-key list` in the base image which sometimes changes between releases.
|
|
# jessie apt 1.0.9.8.4
|
|
echo "***** Adding finger prints."
|
|
debuerreotype-chroot ${TARGET_DIR} bash -c "keys=\"\$(apt-key finger | grep -v '\[expired' | grep 'Key fingerprint =' | awk -F' = ' '{getline;print substr(\$0, length(\$0)-18)}' | sed 's/ //g')\"; IFS=$'\n'; while read -r key; do apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 \$key; done <<< \$keys"
|
|
|
|
# bullseye apt 2.6.1devuan1
|
|
# debuerreotype-chroot ${TARGET_DIR} bash -c "keys=\"$(apt-key finger | grep -v '\[expired' | awk -F' ' '/pub/{getline;print substr($0, length($0)-18)}' | sed 's/ *//g')\"; IFS=$'\n'; while read -r key; do apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 \$key; done <<< \$keys"
|
|
|
|
echo "***** Adding sources."
|
|
mkdir -p ${TARGET_DIR}/etc/apt
|
|
# cat > ${TARGET_DIR}/etc/apt/sources.list << EOF
|
|
# deb http://snapshot.debian.org/archive/debian/${SOURCES_DATE}/ ${RELEASE_NAME} main contrib non-free
|
|
# deb http://snapshot.debian.org/archive/debian-security/${SOURCES_DATE}/ ${RELEASE_NAME}/updates main contrib non-free
|
|
# EOF
|
|
|
|
cat > ${TARGET_DIR}/etc/apt/sources.list << EOF
|
|
deb [trusted=yes] http://snapshot.debian.org/archive/debian/${SOURCES_DATE}/ ${RELEASE_NAME} main contrib non-free
|
|
deb [trusted=yes] http://snapshot.debian.org/archive/debian-security/${SOURCES_DATE}/ ${RELEASE_NAME}/updates main contrib non-free
|
|
EOF
|
|
|
|
# cat > ${TARGET_DIR}/etc/apt/sources.list << EOF
|
|
# deb [signed-by=${SNAPSHOT_KEY}] http://snapshot.debian.org/archive/debian/${SOURCES_DATE}/ ${RELEASE_NAME} main contrib non-free
|
|
# deb [signed-by=${SNAPSHOT_KEY}] http://snapshot.debian.org/archive/debian-security/${SOURCES_DATE}/ ${RELEASE_NAME}/updates main contrib non-free
|
|
# EOF
|
|
|
|
|
|
|
|
echo "***** Adding apt config. Snapshot fixes."
|
|
mkdir -p ${TARGET_DIR}/etc/apt/apt.conf.d/
|
|
cat > ${TARGET_DIR}/etc/apt/apt.conf.d/10_snapshot-fixes << EOF
|
|
Acquire::Check-Valid-Until "false";
|
|
Acquire::http::Dl-Limit "1000";
|
|
Acquire::https::Dl-Limit "1000";
|
|
Acquire::Retries "5";
|
|
EOF
|
|
|
|
echo "***** Adding apt config. No recommends."
|
|
cat > ${TARGET_DIR}/etc/apt/apt.conf.d/99z_recommends << EOF
|
|
APT::Install-Recommends "0";
|
|
APT::AutoRemove::RecommendsImportant "false";
|
|
EOF
|
|
|
|
echo "***** Adding apt config. No suggests."
|
|
cat > ${TARGET_DIR}/etc/apt/apt.conf.d/99z_suggests << EOF
|
|
APT::Install-Suggests "0";
|
|
APT::AutoRemove::SuggestsImportant "false";
|
|
EOF
|
|
|
|
echo "***** Running apt-get update."
|
|
debuerreotype-apt-get ${TARGET_DIR} update -qq
|
|
debuerreotype-recalculate-epoch "${TARGET_DIR}"
|
|
|
|
debuerreotype-apt-get ${TARGET_DIR} install -y --allow-change-held-packages apt-transport-https ca-certificates debian-archive-keyring sudo
|
|
debuerreotype-chroot ${TARGET_DIR} bash -c 'update-ca-certificates'
|
|
|
|
debuerreotype-apt-get ${TARGET_DIR} dist-upgrade -yqq
|
|
|
|
mkdir -p ${TARGET_DIR}/var/tmp
|
|
#cp packages.list_tonny-20170617T034212Z rootfs/var/tmp/packages.list
|
|
|
|
echo "***** Installing dselect."
|
|
debuerreotype-apt-get ${TARGET_DIR} install -y --allow-change-held-packages dselect
|
|
|
|
|
|
# This should be done in the Dockerfile.
|
|
#debuerreotype-chroot ${TARGET_DIR} bash -c "dpkg --set-selections 2>&1 < /var/tmp/packages.list"
|
|
|
|
# This should be done in the Dockerfile.
|
|
# echo "***** Installing evolution."
|
|
# debuerreotype-chroot ${TARGET_DIR} bash -c 'dselect update'
|
|
# debuerreotype-apt-get ${TARGET_DIR} install -y -u dselect-upgrade
|
|
# debuerreotype-apt-get ${TARGET_DIR} install -y --allow-change-held-packages evolution dbus-x11
|
|
debuerreotype-apt-get ${TARGET_DIR} install -y -f
|
|
|
|
|
|
echo "***** Minimizing and slimifying."
|
|
debuerreotype-minimizing-config ${TARGET_DIR}
|
|
debuerreotype-slimify ${TARGET_DIR}
|
|
|
|
|
|
echo "***** Taring the rootfs."
|
|
debuerreotype-tar ${TARGET_DIR} ${ROOTFS_TAR}
|
|
|
|
# Remove the dated copy before creating the new one.
|
|
rm -rf ${TARGET_DIR}-${SOURCES_DATE}
|
|
mv ${TARGET_DIR} ${TARGET_DIR}-${SOURCES_DATE}
|
|
|
|
# Copy this script to a corresponding dated version.
|
|
SCRIPT_NAME="$(basename "$0")"
|
|
cp ./"${SCRIPT_NAME}" ./"${SCRIPT_NAME}-${SOURCES_DATE}"
|