Expand the repro documentation with missing bits:
- The Dockerfile needs to be regenerated with the correct group for title annotation to ensure reproducibility.
- The CI_COMMIT_SHA of the original pipeline needs to be honored in the Dockerfile.
Also, set the timezome to UTC in Makefile and scripts to ensure consistency in the generated dates / timestamps (e.g. ARCHIVE_SNAPSHOT / SOURCE_DATE_EPOCH), regardless of the timezone of the environment. Otherwise, someone rebuilding the image locally can unexpectedly end up with a different value for those if the system uses a different timezome.
this commit takes the relevant repro steps from the wsl image, and wraps
breaking changes to only affect the :repro image
testing reproducability is not yet included, so we can discuss the
approach first
Can be used to build 32bit (aka multilib) packages. With all the
simplification and de-duplication done with the previous commits, this
turns out to be a fairly simple job ;-)
Notes:
- there is currently no test stage for this container
- the release bits will come with next commit
v2:
- preserve extra.conf for base/base-devel
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Less duplication ftw, specially with multilib-devel on the horizon.
Unfortunately we'd need to tag the file pattern rules as precious,
otherwise make thinks they are intermediate files and nukes them.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Embedding one pieces of code into another (shell script into a makefiles
in this case) is rarely pretty. Split things up, as appropriate.
While here, simplify the rootfs in a few ways:
- pass only the extra non-base (and effectively group name) package
- add a handy variable for the fakeroot/fakechroot combo
- split and rewrap long lines
As a bonus point, this makes it easier to use pattern rules in the
makefile - which will be handy for the upcoming multilib-devel
group/target.
Plus we can check the scripts via shellcheck/etc CI stage, as follow-up.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Currently we use the system mirrorlist for the pacman invocation.
The system config may or may not be identical to the in-tree one - as
one of my dev machines was kind enough to remind me.
The tooling should be self-contained and leak as few builder specific as
possible.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
The targets never had a docker/oci prefix. Update the PHONY targets in
the Makefile and the README.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
The glibc 2.35-6 package ships with the C.UTF-8 locale included.
This means there is now a UTF-8 locale available by default and en_US.UTF-8, which requires editing /etc/locale.gen and running locale-gen, is not needed anymore.
Instead of using the libalpm systemd-syusers hook, use sysusers
directly. The --root parameter allows us to avoid using the host's
namespace and populate using the conf files in the target's build
directory.
A docker container does not need tons of locales in order to do its job,
nor does it need extensive (or any) documentation.
With this change, a bare pacstrapped directory drops from 500MB to 390MB
When tar-ing the rootfs, the permissions preserved are from the worker
process. This is not the intended behavior, as we want to preserve the
permissions of the root user to most of the files. Use fakeroot during
the tar process to automagically map the uid of the user to that of
root's.
Fixes#22
Signed-off-by: Santiago Torres <santiago@archlinux.org>
The requirements for the compress rule used to rebuild the rootfs
regardless. Update the requirement to use the existing archlinux archive
for compression
The previous instances of the docker image allowed for passwordless root
login. Update the default shadow setting so the root account to disallow
this.
