In 4b15f9a1a1, a placeholder for the ldconfig aux-cache cleanup (required for the repro image) was implemented in the Dockerfile template and was substituted by either `&& rm -f /var/cache/ldconfig/aux-cache` for the repro group or `&& true` for other groups (so that it does nothing).
While technically harmless, the resulting `&& true` for the non-repro groups is slightly confusing and may raise some eyebrows (see https://github.com/docker-library/official-images/pull/21366). This change aims to drop the placeholder for the ldconfig aux-cache cleanup in the Dockerfile template and simply expand the "ldconfig + sed" RUN command to include the ldconfig aux-cache cleanup for the repro group. This results in a more precisely targeted substitution without unnecessary and confusing addition in the Dockerfile of the non-repro groups.
Expand the repro documentation with missing bits:
- The Dockerfile needs to be regenerated with the correct group for title annotation to ensure reproducibility.
- The CI_COMMIT_SHA of the original pipeline needs to be honored in the Dockerfile.
Also, set the timezome to UTC in Makefile and scripts to ensure consistency in the generated dates / timestamps (e.g. ARCHIVE_SNAPSHOT / SOURCE_DATE_EPOCH), regardless of the timezone of the environment. Otherwise, someone rebuilding the image locally can unexpectedly end up with a different value for those if the system uses a different timezome.
We were not patching the correct mirrorlist and therefore the Archive repo snapshot was not honored in the build...
Also adding some debug visibility to ease future debug sessions
Given that we intend to create a dedicated repro tag, we should probably put every repro steps behind this condition and leave the other groups / tags untouched for now.
this commit takes the relevant repro steps from the wsl image, and wraps
breaking changes to only affect the :repro image
testing reproducability is not yet included, so we can discuss the
approach first
Currently things are a bit mixed up - just rename all the files to
include the BUILD_VERSION and consistently use the rootfs_file variable.
Throw in some quotes while in there.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Can be used to build 32bit (aka multilib) packages. With all the
simplification and de-duplication done with the previous commits, this
turns out to be a fairly simple job ;-)
Notes:
- there is currently no test stage for this container
- the release bits will come with next commit
v2:
- preserve extra.conf for base/base-devel
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Bonus point, we actually error out when the git command fails.
v2:
- fix curl quoting
- sed match-complete-line-and-remove
- inline update make-dockerfile.sh variables
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
The field is an inline comment, which by default is not present in the
podman log. Plus we do have the exact URL list a couple of lines further
down.
Haven't seen any other Dockerfile have one either, so let's nuke it.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Currently the TEMPLATE_ROOTFS_DOWNLOAD handling is overly complicated.
For the local builds, we set a ROOTFS=$GROUP.tar.zst. While for remote
builds, we:
- invoke curl to fetch the remote tarball - ok
- do curl and shell escaping contortions to prints the filename - ehhh
- that we already now
- and rely upon to not change, otherwise sha256sum will fail
Just use a dummy "true", for the local builds and a normal curl
command otherwise.
v2:
- don't call curl in a sub-shell - no longer needed
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Move the cp/ln calls outside of the WRAPPER call block. The files that
are referenced are either disowned by pacman or are explicitly "backup"
files, such that pacman will not override them.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Embedding one pieces of code into another (shell script into a makefiles
in this case) is rarely pretty. Split things up, as appropriate.
While here, simplify the rootfs in a few ways:
- pass only the extra non-base (and effectively group name) package
- add a handy variable for the fakeroot/fakechroot combo
- split and rewrap long lines
As a bonus point, this makes it easier to use pattern rules in the
makefile - which will be handy for the upcoming multilib-devel
group/target.
Plus we can check the scripts via shellcheck/etc CI stage, as follow-up.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
