docker
/
snapshot-rootfs-builder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
snapshot-rootfs-builder/build_rootfs_bookworm.sh-20...

214 lines
9.5 KiB
Plaintext
Raw Blame History

RELEASE_NAME=bookworm
RELEASE_NO=12
TARGET_DIR=./rootfs_${RELEASE_NAME}
SOURCES_DATE=20231007T150030Z
RELEASE_DATE="2023-10-07T15:00:30Z"
ROOTFS_TAR=rootfs_${RELEASE_NAME}-${SOURCES_DATE}.tar.xz
KEYRING_DATE=2023.4
KEYRING=${KEYRING_DIR}/${RELEASE_NAME}-${SOURCES_DATE}_Release.gpg
HOST_KEYS=yes
# Signing keys that are current should be downloaded, where signing keys have
# been removed set HOST_KEYS to yes.
echo "***** set keyring."
if [ "${HOST_KEYS}" ]; then
# debian-archive-keyring provides:
# /usr/share/keyrings/debian-archive-removed-keys.gpg
# /usr/share/keyrings/debian-archive-keyrings.gpg
# KEYRING="/usr/share/keyrings/debian-archive-removed-keys.gpg"
KEYRING="/usr/share/keyrings/debian-archive-keyring.gpg"
else
# Use release keys from snapshot rather than removed keys from hosts debian-archive-keyring package.
# wget -q -c https://ftp-master.debian.org/keys/release-${RELEASE_NO}.asc -qO- | \
# gpg --import --no-default-keyring --keyring ./debian-${RELEASE_NO}.gpg
# KEYRING="./debian-${RELEASE_NO}.gpg"
wget -c -qO "${KEYRING}" http://snapshot.debian.org/archive/debian/${SOURCES_DATE}/dists/${RELEASE_NAME}/Release.gpg
fi
echo "***** initialize the chroot."
# Be explicit with the debootstrap script (jessie name collision under devuan)
DEBOOTSTRAP_SCRIPT="/usr/share/debootstrap/scripts/${RELEASE_NAME}"
if [ ! -d ${TARGET_DIR} ]; then
debuerreotype-init --keyring "${KEYRING}" --debootstrap-script ${DEBOOTSTRAP_SCRIPT} ${TARGET_DIR} ${RELEASE_NAME} ${RELEASE_DATE}
else
echo "Target dir exists: ${TARGET_DIR} skipping init."
fi
# catch the failure of init.
if [ ! -f ${TARGET_DIR}/debuerreotype-epoch ]; then
echo "***** init failed to create the epoch file."
else
echo "***** Found: $(ls ${TARGET_DIR}/debuerreotype-epoch)"
fi
echo "***** install snapshot keyring."
mkdir -p ${TARGET_DIR}/var/tmp
wget -c -q -O ${TARGET_DIR}/var/tmp/debian-archive-keyring_${KEYRING_DATE}_all.deb https://snapshot.debian.org/archive/debian/${SOURCES_DATE}/pool/main/d/debian-archive-keyring/debian-archive-keyring_${KEYRING_DATE}_all.deb || exit 1
debuerreotype-chroot ${TARGET_DIR} bash -c 'dpkg -i /var/tmp/debian-archive-keyring*deb && apt-get -y install'
debuerreotype-chroot ${TARGET_DIR} bash -c "apt-key update"
# This must match the output of `apt-key list` in the base image which sometimes changes between releases.
# jessie apt 1.0.9.8.4
echo "***** Adding finger prints."
debuerreotype-chroot ${TARGET_DIR} bash -c "keys=\"\$(apt-key finger | grep -v '\[expired' | grep 'Key fingerprint =' | awk -F' = ' '{getline;print substr(\$0, length(\$0)-18)}' | sed 's/ //g')\"; IFS=$'\n'; while read -r key; do apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 \$key; done <<< \$keys"
# bullseye apt 2.6.1devuan1
# debuerreotype-chroot ${TARGET_DIR} bash -c "keys=\"$(apt-key finger | grep -v '\[expired' | awk -F' ' '/pub/{getline;print substr($0, length($0)-18)}' | sed 's/ *//g')\"; IFS=$'\n'; while read -r key; do apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 \$key; done <<< \$keys"
echo "***** Adding sources."
mkdir -p ${TARGET_DIR}/etc/apt
# cat > ${TARGET_DIR}/etc/apt/sources.list << EOF
# deb http://snapshot.debian.org/archive/debian/${SOURCES_DATE}/ ${RELEASE_NAME} main contrib non-free
# deb http://snapshot.debian.org/archive/debian-security/${SOURCES_DATE}/ ${RELEASE_NAME}-security/updates main contrib non-free
# EOF
# cat > ${TARGET_DIR}/etc/apt/sources.list << EOF
# deb [trusted=yes] http://snapshot.debian.org/archive/debian/${SOURCES_DATE}/ ${RELEASE_NAME} main contrib non-free
# deb [trusted=yes] http://snapshot.debian.org/archive/debian-security/${SOURCES_DATE}/ ${RELEASE_NAME}-security/updates main contrib non-free
# EOF
# DEB822-STYLE FORMAT - see https://manpages.debian.org/bookworm/apt/sources.list.5.en.html#DEB822-STYLE_FORMAT https://repolib.readthedocs.io/en/latest/deb822-format.html
cat <<-EOF | sudo tee ${TARGET_DIR}/etc/apt/sources.list.d/debian.sources
Enabled: yes
Types: deb
URIs: http://snapshot.debian.org/archive/debian/${SOURCES_DATE}
Suites: ${RELEASE_NAME} ${RELEASE_NAME}-updates
Components: main contrib non-free
Check-Valid-Until: no
PDiffs: yes
# Trusted: yes
Signed-By: ${KEYRING}
Enabled: yes
Types: deb
URIs: http://snapshot.debian.org/archive/debian-security/${SOURCES_DATE}
Suites: ${RELEASE_NAME}-security
Components: main contrib non-free
Check-Valid-Until: no
PDiffs: yes
# Trusted: yes
Signed-By: ${KEYRING}
EOF
# The signed-by public key requires a single space prefix to be recognized as part of the above, otherwise unrecognized lines will be ignored. Make sure the key is ASCII armored. If you have an unarmorred one, just use gpg --keyring=/public/key.gpg --armor --export <fingerprint>
# Signed-By:
# -----BEGIN PGP PUBLIC KEY BLOCK-----
# .
# mQINBGF5YIABEACnop+0P287u+2dzExoGpe109KHHd1eaj/ULDQZz0A47qJYaOld
# pGqsRq6EUbzrVxGaAsSDfCwlQ4hutP9uH0ekdIr+/te6pbrYYiUvAUthibbq0mm7
# zhpIa8saXLLyImygrPgZpfY3X8l4uWG33hMeU7OHOfReZzycfVxAzENlkomejP+W
# wvzliqz+TYWO7esh730hud0tFYzQjmRtL3UGIFI5sCJkR1NzMqHup/PW4BYM1zZu
# vXPGqyCLaoPV8WQz2Uq5DnX+wmTi2+s/42XbMGzyJVqXx8tjMBQlRHFpvjV1FfYc
# s7niQRnwz6wAZTitIgBYBPAPbGEIE2bi+Njur/z9ys3/Zp5CZOpKkF7TzW39tgvN
# ITq7oTO8DszCfVNrWARBOrWPy3NuAA9xvH1BWdZ7iaVP5UcAaHPG5rg3QGBGJ1HE
# UDYBDnr5GNlBvuv53MqwaThGRAwNyajO78JYuOFfz+DkvgJg9tMITThG3gpfek9Z
# TyHdN1/xZKQziMXNEgcx5CLJMoUCEMiAMKOB+Tng9HQzeCbOLTgugfzGrg2lRTnB
# Vy9o9SxuVBc5nCR1LbfpeDv+MVduYM6aZAFBHA0h8bc5svCMYHyyrfaigb75c/4q
# tg/Lg8GIhStw1za0bdxF8N6yPZvWztQfoQqTnTpldxLc4gkYjYE4IVKfowARAQAB
# tDdTcG90aWZ5IFB1YmxpYyBSZXBvc2l0b3J5IFNpZ25pbmcgS2V5IDx0dXhAc3Bv
# dGlmeS5jb20+iQJUBBMBCAA+FiEE+aIRl27WYvAOWTYeXjxF17MSxkMFAmF5YIAC
# GwMFCQJRQwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQXjxF17MSxkOYbQ//
# VgFX2fJTUPAPR4oa79DJi0255lXhv6ZXDW/Yv6W4ycu1iIEXbDYNqBqhL1zwdphk
# Pg49LC0NkVWP3/n5WvbmJP7gfyl344ZPVeaz23ISFM8J9WlxuBonA/KSw7OCkf1+
# b+TxDb8An29hMAknwAQnLZGCoEroe3BPn9qmpbIBkkoRHFWCOAjdY98Arbq19s2k
# 68wSeiGS+DcCvDOhnPxbf8M16cew/LDFpFAmbT7HhaFwN4VTLTa4gA3X9csGXMts
# jBqgk2NggoYu1ZF5P3Vt0HzqjaSlLgFe3c+HEZELPMES/zRtxO1VJv5cA9CjYu3c
# ldRlLdY35Y3CeEVzfqq6D8G1av1zpNDXjBk6zr9ZPeu1k5zOpxN008CshF82MZDd
# ymhbb/LMoY4OR1UwFPA8DwJGUE2Nb0PBrAKxpSQFuxM/iQsw1r362ZM6O3Kwyu3Y
# pCEKlbuYKKBnsBRwLY1KjhXh9ngqjxSoudwZSUtpRXp7O9SoFvUgdYsCRJuSrq/2
# qYkYgkXb9XaX1nh52tYPt50mNlceybVaKb5lDoBE6clWlBKasPAyLvjxV5RrBAKf
# adxHn0judK6HunANmZbMV4fkO7MhtyletK88dWKKgtLkVTSnoXz0xYe04LPUHDo+
# VhHeq7s/LpSTlMRs/WeB/Arue2+XuXfVEVdtDi7Mg/Q=
# =GrS9
# -----END PGP PUBLIC KEY BLOCK-----
# cat > ${TARGET_DIR}/etc/apt/sources.list << EOF
# deb [signed-by=${SNAPSHOT_KEY}] http://snapshot.debian.org/archive/debian/${SOURCES_DATE}/ ${RELEASE_NAME} main contrib non-free
# deb [signed-by=${SNAPSHOT_KEY}] http://snapshot.debian.org/archive/debian-security/${SOURCES_DATE}/ ${RELEASE_NAME}-security/updates main contrib non-free
# EOF
# DEB822-STYLE FORMAT - see https://manpages.debian.org/bookworm/apt/sources.list.5.en.html#DEB822-STYLE_FORMAT
# cat <<-EOF | sudo tee ${TARGET_DIR}/etc/sources.list.d/debian.sources
# Types: deb
# URIs: http://snapshot.debian.org/archive/debian/${SOURCES_DATE}
# Suites: ${RELEASE_NAME} ${RELEASE_NAME}-updates
# Components: main contrib non-free
# Signed-By: ${SNAPSHOT_KEY}
#
# Types: deb
# URIs: http://snapshot.debian.org/archive/debian-security/${SOURCES_DATE}
# Suites: ${RELEASE_NAME}-security
# Components: main contrib non-free
# Signed-By: ${SNAPSHOT_KEY}
# EOF
echo "***** Adding apt config. Snapshot fixes."
mkdir -p ${TARGET_DIR}/etc/apt/apt.conf.d/
cat > ${TARGET_DIR}/etc/apt/apt.conf.d/10_snapshot-fixes << EOF
Acquire::Check-Valid-Until "false";
Acquire::http::Dl-Limit "1000";
Acquire::https::Dl-Limit "1000";
Acquire::Retries "5";
EOF
echo "***** Adding apt config. No recommends."
cat > ${TARGET_DIR}/etc/apt/apt.conf.d/99z_recommends << EOF
APT::Install-Recommends "0";
APT::AutoRemove::RecommendsImportant "false";
EOF
echo "***** Adding apt config. No suggests."
cat > ${TARGET_DIR}/etc/apt/apt.conf.d/99z_suggests << EOF
APT::Install-Suggests "0";
APT::AutoRemove::SuggestsImportant "false";
EOF
echo "***** Running apt-get update."
debuerreotype-apt-get ${TARGET_DIR} update -qq
debuerreotype-recalculate-epoch "${TARGET_DIR}"
debuerreotype-apt-get ${TARGET_DIR} install -y --force-yes apt-transport-https ca-certificates debian-archive-keyring sudo
debuerreotype-chroot ${TARGET_DIR} bash -c 'update-ca-certificates'
debuerreotype-apt-get ${TARGET_DIR} dist-upgrade -yqq
mkdir -p ${TARGET_DIR}/var/tmp
#cp packages.list_tonny-20170617T034212Z rootfs/var/tmp/packages.list
echo "***** Installing dselect."
debuerreotype-apt-get ${TARGET_DIR} install -y --force-yes dselect
# This should be done in the Dockerfile.
#debuerreotype-chroot ${TARGET_DIR} bash -c "dpkg --set-selections 2>&1 < /var/tmp/packages.list"
# This should be done in the Dockerfile.
# echo "***** Installing evolution."
# debuerreotype-chroot ${TARGET_DIR} bash -c 'dselect update'
# debuerreotype-apt-get ${TARGET_DIR} install -y -u dselect-upgrade
# debuerreotype-apt-get ${TARGET_DIR} install -y --force-yes evolution dbus-x11
debuerreotype-apt-get ${TARGET_DIR} install -y -f
echo "***** Minimizing and slimifying."
debuerreotype-minimizing-config ${TARGET_DIR}
debuerreotype-slimify ${TARGET_DIR}
echo "***** Taring the rootfs."
debuerreotype-tar ${TARGET_DIR} ${ROOTFS_TAR}
# Remove the dated copy before creating the new one.
rm -rf ${TARGET_DIR}-${SOURCES_DATE}
mv ${TARGET_DIR} ${TARGET_DIR}-${SOURCES_DATE}
# Copy this script to a corresponding dated version.
SCRIPT_NAME="$(basename "$0")"
cp ./"${SCRIPT_NAME}" ./"${SCRIPT_NAME}-${SOURCES_DATE}"
Reference in New Issue View Git Blame Copy Permalink