[docker-images] Initial support for bookworm images

a) add bookworm among the distros in the github workflow
b) allow specifying per-release repositories
c) allow specifying per-release apt preferences

Signed-off-by: Eugenio Paolantonio (g7) <[email protected]>

.github/workflows/docker-images.yml

@@ -17,7 +17,7 @@ jobs:
       matrix:
         arch: [amd64, armhf, arm64]
         template: [build-essential, build-essential-pm, rootfs-builder, aptly-intake]
-        dist: [bullseye]
+        dist: [bullseye, bookworm]
         namespace: [droidian]
         exclude:
           - template: aptly-intake

Dockerfile.amd64_droidian_aptly_intake_bookworm

@@ -0,0 +1,79 @@
+# Pull latest Debian bookworm
+ARG ARCH=
+FROM ${ARCH}/debian:bookworm
+
+ENV DEBIAN_FRONTEND noninteractive
+ENV DEBCONF_NOWARNINGS yes
+ENV DEBIAN_PRIORITY critical
+
+# Required for https repositories
+RUN apt-get update && apt-get install --yes ca-certificates
+
+# Copy relevant repositories and keyrings
+# Note: .dummy files used to keep the directory hierarchy in git are
+# copied too, see moby/moby#26332
+COPY repositories/bookworm/all/* /etc/apt/sources.list.d/
+COPY repositories/bookworm/amd64/* /etc/apt/sources.list.d/
+
+# Copy apt preferences
+COPY preferences/bookworm/* /etc/apt/preferences.d/
+
+COPY keyrings/all/* /etc/apt/droidian-gpg.d/
+COPY keyrings/amd64/* /etc/apt/droidian-gpg.d/
+
+COPY common/apt.conf.d/* /etc/apt/apt.conf.d/
+
+# Pre-create users and groups. We are going to remap them anyway
+# at runtime by looking at permissions of the bind-mounted directories
+# but at least we already know which ids to change
+RUN adduser --system --home /var/lib/aptly-api --no-create-home --uid 10100 aptly-api && \
+ addgroup --gid 10100 aptly-api && \
+ adduser aptly-api aptly-api && \
+ adduser --system --home /srv/aptly-queue --no-create-home --uid 10101 aptly-queue && \
+ addgroup --gid 10101 aptly-queue && \
+ adduser aptly-queue aptly-queue && \
+ adduser aptly-api aptly-queue
+
+# Update and install
+RUN apt-get update && apt-get install -y \
+ systemd \
+ systemd-sysv \
+ aptly \
+ aptly-api \
+ python3 \
+ python3-requests \
+ python3-debian \
+ wget \
+ aptly-intake
+
+# Systemd configuration:
+# Credits to Alexander Haase <[email protected]>
+#
+# https://github.com/alehaa/docker-debian-systemd
+
+# Configure systemd.
+#
+# For running systemd inside a Docker container, some additional tweaks are
+# required. Some of them have already been applied above.
+#
+# The 'container' environment variable tells systemd that it's running inside a
+# Docker container environment.
+ENV container docker
+
+# A different stop signal is required, so systemd will initiate a shutdown when
+# running 'docker stop <container>'.
+STOPSIGNAL SIGRTMIN+3
+
+# The host's cgroup filesystem need's to be mounted (read-only) in the
+# container. '/run', '/run/lock' and '/tmp' need to be tmpfs filesystems when
+# running the container without 'CAP_SYS_ADMIN'.
+#
+# NOTE: For running Debian stretch, 'CAP_SYS_ADMIN' still needs to be added, as
+#       stretch's version of systemd is not recent enough. Buster will run just
+#       fine without 'CAP_SYS_ADMIN'.
+VOLUME [ "/sys/fs/cgroup", "/run", "/run/lock", "/tmp" ]
+
+# As this image should run systemd, the default command will be changed to start
+# the init system. CMD will be preferred in favor of ENTRYPOINT, so one may
+# override it when creating the container to e.g. to run a bash console instead.
+CMD [ "/sbin/init" ]

Dockerfile.amd64_droidian_aptly_intake_bullseye

@@ -12,8 +12,11 @@ RUN apt-get update && apt-get install --yes ca-certificates
 # Copy relevant repositories and keyrings
 # Note: .dummy files used to keep the directory hierarchy in git are
 # copied too, see moby/moby#26332
-COPY repositories/all/* /etc/apt/sources.list.d/
-COPY repositories/amd64/* /etc/apt/sources.list.d/
+COPY repositories/bullseye/all/* /etc/apt/sources.list.d/
+COPY repositories/bullseye/amd64/* /etc/apt/sources.list.d/
+
+# Copy apt preferences
+COPY preferences/bullseye/* /etc/apt/preferences.d/
 
 COPY keyrings/all/* /etc/apt/droidian-gpg.d/
 COPY keyrings/amd64/* /etc/apt/droidian-gpg.d/

Dockerfile.amd64_droidian_build_essential_bookworm

@@ -0,0 +1,46 @@
+# Pull latest Debian bookworm
+ARG ARCH=
+FROM ${ARCH}/debian:bookworm
+
+ENV DEBIAN_FRONTEND noninteractive
+ENV DEBCONF_NOWARNINGS yes
+ENV DEBIAN_PRIORITY critical
+
+# Required for https repositories
+RUN apt-get update && apt-get install --yes ca-certificates
+
+# Copy relevant repositories and keyrings
+# Note: .dummy files used to keep the directory hierarchy in git are
+# copied too, see moby/moby#26332
+COPY repositories/bookworm/all/* /etc/apt/sources.list.d/
+COPY repositories/bookworm/amd64/* /etc/apt/sources.list.d/
+
+# Copy apt preferences
+COPY preferences/bookworm/* /etc/apt/preferences.d/
+
+COPY keyrings/all/* /etc/apt/droidian-gpg.d/
+COPY keyrings/amd64/* /etc/apt/droidian-gpg.d/
+
+COPY common/apt.conf.d/* /etc/apt/apt.conf.d/
+
+# Copy deployer for repo.droidian.org
+COPY extra/repo-droidian-deploy.sh /usr/local/bin
+COPY extra/repo-droidian-sign.sh /usr/local/bin
+
+# Add secondary architectures
+RUN dpkg --add-architecture arm64 && dpkg --add-architecture armhf
+
+# Update and install
+RUN apt-get update && apt-get install -y --allow-downgrades \
+ build-essential \
+ devscripts \
+ equivs \
+ wget \
+ openssh-client \
+ rsync \
+ releng-tools \
+ droidian-apt-config \
+ droidian-archive-keyring \
+ mobian-archive-keyring && \
+ rm -f /etc/apt/sources.list.d/hybris-mobian.list /etc/apt/sources.list.d/mobian.list && \
+ apt-get dist-upgrade -y --allow-downgrades

Dockerfile.amd64_droidian_build_essential_bullseye

@@ -12,8 +12,11 @@ RUN apt-get update && apt-get install --yes ca-certificates
 # Copy relevant repositories and keyrings
 # Note: .dummy files used to keep the directory hierarchy in git are
 # copied too, see moby/moby#26332
-COPY repositories/all/* /etc/apt/sources.list.d/
-COPY repositories/amd64/* /etc/apt/sources.list.d/
+COPY repositories/bullseye/all/* /etc/apt/sources.list.d/
+COPY repositories/bullseye/amd64/* /etc/apt/sources.list.d/
+
+# Copy apt preferences
+COPY preferences/bullseye/* /etc/apt/preferences.d/
 
 COPY keyrings/all/* /etc/apt/droidian-gpg.d/
 COPY keyrings/amd64/* /etc/apt/droidian-gpg.d/

Dockerfile.amd64_droidian_build_essential_pm_bookworm

@@ -0,0 +1,48 @@
+# Pull latest Debian bookworm
+ARG ARCH=
+FROM ${ARCH}/debian:bookworm
+
+ENV DEBIAN_FRONTEND noninteractive
+ENV DEBCONF_NOWARNINGS yes
+ENV DEBIAN_PRIORITY critical
+
+# Required for https repositories
+RUN apt-get update && apt-get install --yes ca-certificates
+
+# Copy relevant repositories and keyrings
+# Note: .dummy files used to keep the directory hierarchy in git are
+# copied too, see moby/moby#26332
+COPY repositories/bookworm/all/* /etc/apt/sources.list.d/
+COPY repositories/bookworm/amd64/* /etc/apt/sources.list.d/
+
+# Copy apt preferences
+COPY preferences/bookworm/* /etc/apt/preferences.d/
+
+COPY keyrings/all/* /etc/apt/droidian-gpg.d/
+COPY keyrings/amd64/* /etc/apt/droidian-gpg.d/
+
+COPY common/apt.conf.d/* /etc/apt/apt.conf.d/
+
+# Copy deployer for repo.droidian.org
+COPY extra/repo-droidian-deploy.sh /usr/local/bin
+COPY extra/repo-droidian-sign.sh /usr/local/bin
+
+# Add secondary architectures
+RUN dpkg --add-architecture arm64 && dpkg --add-architecture armhf
+
+# Update and install
+RUN apt-get update && apt-get install -y --allow-downgrades \
+ build-essential \
+ devscripts \
+ equivs \
+ wget \
+ openssh-client \
+ rsync \
+ releng-tools \
+ droidian-apt-config \
+ droidian-apt-config-plasma \
+ debian-pm-archive-keyring \
+ droidian-archive-keyring \
+ mobian-archive-keyring && \
+ rm -f /etc/apt/sources.list.d/hybris-mobian.list /etc/apt/sources.list.d/mobian.list && \
+ apt-get dist-upgrade -y --allow-downgrades

Dockerfile.amd64_droidian_build_essential_pm_bullseye

@@ -12,8 +12,11 @@ RUN apt-get update && apt-get install --yes ca-certificates
 # Copy relevant repositories and keyrings
 # Note: .dummy files used to keep the directory hierarchy in git are
 # copied too, see moby/moby#26332
-COPY repositories/all/* /etc/apt/sources.list.d/
-COPY repositories/amd64/* /etc/apt/sources.list.d/
+COPY repositories/bullseye/all/* /etc/apt/sources.list.d/
+COPY repositories/bullseye/amd64/* /etc/apt/sources.list.d/
+
+# Copy apt preferences
+COPY preferences/bullseye/* /etc/apt/preferences.d/
 
 COPY keyrings/all/* /etc/apt/droidian-gpg.d/
 COPY keyrings/amd64/* /etc/apt/droidian-gpg.d/

Dockerfile.amd64_droidian_rootfs_builder_bookworm

@@ -0,0 +1,73 @@
+# Pull latest Debian bookworm
+ARG ARCH=
+FROM ${ARCH}/debian:bookworm
+
+ENV DEBIAN_FRONTEND noninteractive
+ENV DEBCONF_NOWARNINGS yes
+ENV DEBIAN_PRIORITY critical
+
+# Required for https repositories
+RUN apt-get update && apt-get install --yes ca-certificates
+
+# Copy relevant repositories and keyrings
+# Note: .dummy files used to keep the directory hierarchy in git are
+# copied too, see moby/moby#26332
+COPY repositories/bookworm/all/* /etc/apt/sources.list.d/
+COPY repositories/bookworm/amd64/* /etc/apt/sources.list.d/
+
+# Copy apt preferences
+COPY preferences/bookworm/* /etc/apt/preferences.d/
+
+COPY keyrings/all/* /etc/apt/droidian-gpg.d/
+COPY keyrings/amd64/* /etc/apt/droidian-gpg.d/
+
+COPY common/apt.conf.d/* /etc/apt/apt.conf.d/
+
+# Update and install
+RUN apt-get update && apt-get install -y \
+ droidian-apt-config \
+ droidian-archive-keyring \
+ mobian-archive-keyring && \
+ rm -f /etc/apt/sources.list.d/hybris-mobian.list /etc/apt/sources.list.d/mobian.list && \
+ apt-get install -y \
+ debos \
+ dpkg-dev \
+ parted \
+ dosfstools \
+ udev \
+ bmap-tools \
+ rsync \
+ zip \
+ systemd-container
+
+# Systemd configuration:
+# Credits to Alexander Haase <[email protected]>
+#
+# https://github.com/alehaa/docker-debian-systemd
+
+# Configure systemd.
+#
+# For running systemd inside a Docker container, some additional tweaks are
+# required. Some of them have already been applied above.
+#
+# The 'container' environment variable tells systemd that it's running inside a
+# Docker container environment.
+ENV container docker
+
+# A different stop signal is required, so systemd will initiate a shutdown when
+# running 'docker stop <container>'.
+STOPSIGNAL SIGRTMIN+3
+
+# The host's cgroup filesystem need's to be mounted (read-only) in the
+# container. '/run', '/run/lock' and '/tmp' need to be tmpfs filesystems when
+# running the container without 'CAP_SYS_ADMIN'.
+#
+# NOTE: For running Debian stretch, 'CAP_SYS_ADMIN' still needs to be added, as
+#       stretch's version of systemd is not recent enough. Buster will run just
+#       fine without 'CAP_SYS_ADMIN'.
+VOLUME [ "/sys/fs/cgroup", "/run", "/run/lock", "/tmp" ]
+
+# As this image should run systemd, the default command will be changed to start
+# the init system. CMD will be preferred in favor of ENTRYPOINT, so one may
+# override it when creating the container to e.g. to run a bash console instead.
+CMD [ "/sbin/init" ]

Dockerfile.amd64_droidian_rootfs_builder_bullseye

@@ -12,8 +12,11 @@ RUN apt-get update && apt-get install --yes ca-certificates
 # Copy relevant repositories and keyrings
 # Note: .dummy files used to keep the directory hierarchy in git are
 # copied too, see moby/moby#26332
-COPY repositories/all/* /etc/apt/sources.list.d/
-COPY repositories/amd64/* /etc/apt/sources.list.d/
+COPY repositories/bullseye/all/* /etc/apt/sources.list.d/
+COPY repositories/bullseye/amd64/* /etc/apt/sources.list.d/
+
+# Copy apt preferences
+COPY preferences/bullseye/* /etc/apt/preferences.d/
 
 COPY keyrings/all/* /etc/apt/droidian-gpg.d/
 COPY keyrings/amd64/* /etc/apt/droidian-gpg.d/

Dockerfile.aptly-intake.in

@@ -12,8 +12,11 @@ RUN apt-get update && apt-get install --yes ca-certificates
 # Copy relevant repositories and keyrings
 # Note: .dummy files used to keep the directory hierarchy in git are
 # copied too, see moby/moby#26332
-COPY repositories/all/* /etc/apt/sources.list.d/
-COPY repositories/%(arch)s/* /etc/apt/sources.list.d/
+COPY repositories/%(tag)s/all/* /etc/apt/sources.list.d/
+COPY repositories/%(tag)s/%(arch)s/* /etc/apt/sources.list.d/
+
+# Copy apt preferences
+COPY preferences/%(tag)s/* /etc/apt/preferences.d/
 
 COPY keyrings/all/* /etc/apt/droidian-gpg.d/
 COPY keyrings/%(arch)s/* /etc/apt/droidian-gpg.d/

Dockerfile.arm64_droidian_build_essential_bookworm

@@ -0,0 +1,46 @@
+# Pull latest Debian bookworm
+ARG ARCH=
+FROM ${ARCH}/debian:bookworm
+
+ENV DEBIAN_FRONTEND noninteractive
+ENV DEBCONF_NOWARNINGS yes
+ENV DEBIAN_PRIORITY critical
+
+# Required for https repositories
+RUN apt-get update && apt-get install --yes ca-certificates
+
+# Copy relevant repositories and keyrings
+# Note: .dummy files used to keep the directory hierarchy in git are
+# copied too, see moby/moby#26332
+COPY repositories/bookworm/all/* /etc/apt/sources.list.d/
+COPY repositories/bookworm/arm64/* /etc/apt/sources.list.d/
+
+# Copy apt preferences
+COPY preferences/bookworm/* /etc/apt/preferences.d/
+
+COPY keyrings/all/* /etc/apt/droidian-gpg.d/
+COPY keyrings/arm64/* /etc/apt/droidian-gpg.d/
+
+COPY common/apt.conf.d/* /etc/apt/apt.conf.d/
+
+# Copy deployer for repo.droidian.org
+COPY extra/repo-droidian-deploy.sh /usr/local/bin
+COPY extra/repo-droidian-sign.sh /usr/local/bin
+
+# Add secondary architectures
+RUN dpkg --add-architecture arm64 && dpkg --add-architecture armhf
+
+# Update and install
+RUN apt-get update && apt-get install -y --allow-downgrades \
+ build-essential \
+ devscripts \
+ equivs \
+ wget \
+ openssh-client \
+ rsync \
+ releng-tools \
+ droidian-apt-config \
+ droidian-archive-keyring \
+ mobian-archive-keyring && \
+ rm -f /etc/apt/sources.list.d/hybris-mobian.list /etc/apt/sources.list.d/mobian.list && \
+ apt-get dist-upgrade -y --allow-downgrades

Dockerfile.arm64_droidian_build_essential_bullseye

@@ -12,8 +12,11 @@ RUN apt-get update && apt-get install --yes ca-certificates
 # Copy relevant repositories and keyrings
 # Note: .dummy files used to keep the directory hierarchy in git are
 # copied too, see moby/moby#26332
-COPY repositories/all/* /etc/apt/sources.list.d/
-COPY repositories/arm64/* /etc/apt/sources.list.d/
+COPY repositories/bullseye/all/* /etc/apt/sources.list.d/
+COPY repositories/bullseye/arm64/* /etc/apt/sources.list.d/
+
+# Copy apt preferences
+COPY preferences/bullseye/* /etc/apt/preferences.d/
 
 COPY keyrings/all/* /etc/apt/droidian-gpg.d/
 COPY keyrings/arm64/* /etc/apt/droidian-gpg.d/