refactor(docker): modernize setup

- Upgrade base image from ubuntu:22.04 to ubuntu:noble-20260113
- Pin APT snapshot for reproducible builds
- Add multi-platform support (amd64/arm64) via buildx
- Add entry-point.sh to create a matching host user inside the
  container instead of bind-mounting /etc/passwd and /etc/group
- Use platform-specific package lists (e.g. cross-compilation
  toolchains for arm64 hosts)
- Rename docker.mk to docker/docker.mk and update Makefile include

Author: bryanforbes

Dockerfile

@@ -69,7 +69,7 @@ MESSAGE = printf '$(TERM_BOLD)>>> $(if $*,$*: ,)%b$(TERM_RESET)\n' $$'$(call str
 $(file >$(USER_DEFCONFIG),)
 
 -include $(LOCAL_MK)
-include $(PROJECT_DIR)/docker.mk
+include $(PROJECT_DIR)/docker/docker.mk
 
 ifdef EXTRA_OPTS
 $(warning EXTRA_OPTS will be removed in the future, please migrate to $$(call add-defconfig,...))

Makefile

@@ -0,0 +1,95 @@
+FROM ubuntu:noble-20260113
+SHELL ["/bin/bash", "-c"]
+
+# Architecture to build for
+ARG TARGETPLATFORM
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+# This first RUN is separated from the second one because it
+# shouldn't change often, and we want to cache it as much as
+# possible. The second may change more often, and we don't
+# want to invalidate the cache of the first one when that
+# happens.
+RUN <<EOF
+apt-get update -y
+apt-get install ca-certificates -y
+
+echo 'APT::Snapshot "20260215T000000Z";' > /etc/apt/apt.conf.d/50snapshot
+
+if [ "$TARGETPLATFORM" = "linux/amd64" ]; then
+    dpkg --add-architecture i386
+fi
+
+apt-get update -y
+apt-get upgrade -y
+EOF
+
+RUN <<EOF
+PACKAGES=(
+    "bc"
+    "build-essential"
+    "cpio"
+    "curl"
+    "default-jre"
+    "file"
+    "gettext"  # buildstats.sh
+    "git"
+    "gosu"  # entry-point.sh
+    "graphviz"
+    "libncurses6"
+    "libncurses-dev"
+    "libssl-dev"  # cmake build
+    "locales"
+    "lzip"
+    "mercurial"
+    "python3"
+    "rsync"
+    "subversion"
+    "wget"
+    "unzip"
+)
+
+if [ "$TARGETPLATFORM" = "linux/amd64" ]; then
+    PACKAGES+=(
+        "gcc-multilib"  # cross-compilation of 32-bit x86 builds on 64-bit host
+        "g++-multilib"  # cross-compilation of 32-bit x86 builds on 64-bit host
+        "libc6:i386"
+        "libncurses6:i386"
+        "libstdc++6:i386"
+    )
+else
+    PACKAGES+=(
+        "gcc-arm-linux-gnueabihf"  # 32-bit arm builds
+        "g++-arm-linux-gnueabihf"  # 32-bit arm builds
+        "gcc-mingw-w64-x86-64-win32"  # wine
+        "libc6-dev-armhf-cross"  # 32-bit arm builds
+    )
+fi
+
+apt-get install -y --no-install-recommends -o APT::Immediate-Configure=0 "${PACKAGES[@]}"
+apt-get clean
+rm -rf /var/lib/apt/lists/*
+
+# Set locale
+sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen
+locale-gen
+
+# Use bash instead of dash as default shell
+echo 'dash dash/sh boolean false' | debconf-set-selections
+dpkg-reconfigure dash
+
+# Create this so the ccache directory gets mounted here
+mkdir -p /home/batocera
+EOF
+
+ENV LANG=en_US.UTF-8 \
+    LANGUAGE=en_US:en \
+    LC_ALL=en_US.UTF-8 \
+    TZ=Europe/Paris
+
+WORKDIR /build
+
+COPY --chmod=0755 entry-point.sh /opt/entry-point.sh
+ENTRYPOINT ["/opt/entry-point.sh"]
+CMD ["/bin/bash"]

docker/Dockerfile

@@ -1,7 +1,8 @@
-DOCKER         ?= docker
-DOCKER_OPTS    ?=
-DOCKER_REPO    ?= batoceralinux
-DOCKER_IMAGE_NAME   ?= batocera.linux-build
+DOCKER            ?= docker
+DOCKER_OPTS       ?=
+DOCKER_REPO       ?= batoceralinux
+DOCKER_IMAGE_NAME ?= batocera.linux-build
+DOCKER_PLATFORM   ?= linux/amd64,linux/arm64
 
 ifdef IMAGE_NAME
 $(warning IMAGE_NAME will be removed in the future, please migrate to DOCKER_IMAGE_NAME)
@@ -24,15 +25,13 @@ GID  := $(shell id -g)
 
 define RUN_DOCKER
 	$(DOCKER) run -t --init --rm \
-		-e HOME \
 		-v $(PROJECT_DIR):/build \
 		-v $(DL_DIR):/build/buildroot/dl \
 		-v $(OUTPUT_DIR)/$*:/$* \
-		-v $(CCACHE_DIR):$(HOME)/.buildroot-ccache \
+		-v $(CCACHE_DIR):/home/batocera/.buildroot-ccache \
 		-w /$* \
-		-v /etc/passwd:/etc/passwd:ro \
-		-v /etc/group:/etc/group:ro \
-		-u $(UID):$(GID) \
+		-e HOST_UID=$(UID) \
+		-e HOST_GID=$(GID) \
 		$(DOCKER_OPTS) \
 		$(DOCKER_IMAGE)
 endef
@@ -48,11 +47,30 @@ endif
 DOCKER_IMAGE_STAMP = $(PROJECT_DIR)/.ba-docker-image-available
 DOCKER_IMAGE_AVAILABLE := $(if $(DIRECT_BUILD),,$(DOCKER_IMAGE_STAMP))
 
+define DOCKER_CHECK_BUILDER
+if ! $(DOCKER) buildx inspect batocera-builder >/dev/null 2>&1 ; then \
+	$(call MESSAGE,Creating docker builder 'batocera-builder'); \
+	$(DOCKER) buildx create --name batocera-builder; \
+fi
+endef
+
+define DOCKER_ECHO_ACTION_MESSAGE
+$(call MESSAGE,$(DOCKER_ACTION_MESSAGE) docker image $(DOCKER_IMAGE))
+endef
+
 $(DOCKER_IMAGE_STAMP): | _check_docker
-	@$(call MESSAGE,$(DOCKER_ACTION_MESSAGE) docker image $(DOCKER_IMAGE))
-	$(if $(filter build,$(DOCKER_ACTION)),\
-		$(DOCKER) build -t $(DOCKER_IMAGE) .,\
-		$(DOCKER) pull $(DOCKER_IMAGE))
+	@if [ '$(DOCKER_ACTION)' = 'build' ]; then \
+		$(DOCKER_CHECK_BUILDER); \
+		$(DOCKER_ECHO_ACTION_MESSAGE); \
+		$(DOCKER) buildx build --builder batocera-builder \
+				--platform $(DOCKER_PLATFORM) \
+				-t $(DOCKER_IMAGE) $(PROJECT_DIR)/docker; \
+		$(DOCKER) buildx build --builder batocera-builder \
+				--load -t $(DOCKER_IMAGE) $(PROJECT_DIR)/docker; \
+	else \
+		$(DOCKER_ECHO_ACTION_MESSAGE); \
+		$(DOCKER) pull $(DOCKER_IMAGE); \
+	fi
 	@touch $@
 
 .PHONY: pull-docker-image
@@ -79,5 +97,9 @@ rebuild-docker-image: clean-for-docker-image
 
 .PHONY: publish-docker-image
 publish-docker-image: | _check_docker
+	@$(DOCKER_CHECK_BUILDER)
 	@$(call MESSAGE,Publishing docker image $(DOCKER_IMAGE))
-	@$(DOCKER) push $(DOCKER_IMAGE):latest
+	@$(DOCKER) buildx build --builder batocera-builder \
+		--push --platform $(DOCKER_PLATFORM) \
+		-t $(DOCKER_IMAGE) \
+		$(PROJECT_DIR)/docker

docker.mk docker/docker.mkdocker.mk renamed to docker/docker.mk

@@ -0,0 +1,25 @@
+#!/bin/bash
+set -e
+
+if [ ! -z "$HOST_UID" ] && [ ! -z "$HOST_GID" ]; then
+    # Create "batocera" user and group with the same UID and GID as the host user
+    groupadd -o -g "$HOST_GID" batocera 2>/dev/null
+    useradd -o -u "$HOST_UID" -g "$HOST_GID" -d /home/batocera -c '' -M -s /bin/bash batocera 2>/dev/null
+
+    # This should already be made, but create it just in case
+    mkdir -p /home/batocera
+
+    # Set the ownership of the home directory to the "batocera" user and group
+    # NOTE: this is not done recursively because the build process mounts the
+    # ccache directory in /home/batocera/.ccache and we don't want to change
+    # the ownership of all of those files (since they should already have the
+    # correct ownership)
+    chown batocera:batocera /home/batocera
+
+    export HOME=/home/batocera
+
+    # Set $@ to run the docker command as the "batocera" user and group
+    set -- gosu "$HOST_UID":"$HOST_GID" "$@"
+fi
+
+exec "$@"

docker/entry-point.sh

@@ -7,6 +7,7 @@
 BATOCERA_SYSLINUX_EFI_VERSION = 6.04.pre2.r11.gbf6db5b4-2
 BATOCERA_SYSLINUX_EFI_SOURCE =
 BATOCERA_SYSLINUX_EFI_SITE = binaries
+BATOCERA_SYSLINUX_EFI_DEPENDENCIES = host-dosfstools host-mtools
 
 define BATOCERA_SYSLINUX_EFI_EXTRACT_CMDS
 	cp -R $(BR2_EXTERNAL_BATOCERA_PATH)/package/batocera/boot/batocera-syslinux-efi/binaries/* $(@D)