@@ -27,19 +27,30 @@ RUN apt-get install --assume-yes --fix-broken \
2727 debhelper \
2828 libxtables-dev
2929
30- # `dkms mkdeb` was removed in dkms 3.x (which is what noble ships). The
31- # glb-redirect Makefile uses the older `template-dkms-mkdeb` flow plus
32- # `dkms mkdeb --source-only`. Restore both by installing the focal dkms
33- # package alongside dkms 3.x: focal's /etc/dkms/template-dkms-mkdeb/ and the
34- # `mkdeb` code path in /usr/sbin/dkms are extracted into a parallel location
35- # and the script is wrapped so `dkms mkdeb ...` calls the legacy binary.
30+ # noble's dkms 3.x dropped `dkms mkdeb`, which the glb-redirect Makefile needs
31+ # (template-dkms-mkdeb + `dkms mkdeb --source-only`). Restore it by extracting
32+ # focal's dkms 2.x alongside 3.x and shimming `dkms mkdeb` to the legacy binary.
33+ #
34+ # We `apt-get download` the focal dkms from a GPG-verified focal source (full
35+ # apt chain of trust, no hardcoded/unverified URL). The focal pockets are
36+ # pinned below noble's so they're only used for this download, never installs.
3637RUN set -eux; \
38+ keyring=/usr/share/keyrings/ubuntu-archive-keyring.gpg; \
39+ printf 'deb [signed-by=%s] http://archive.ubuntu.com/ubuntu focal main\ndeb [signed-by=%s] http://archive.ubuntu.com/ubuntu focal-updates main\n' "$keyring" "$keyring" > /etc/apt/sources.list.d/focal-dkms.list; \
40+ printf 'Package: *\nPin: release n=focal\nPin-Priority: 100\n\nPackage: *\nPin: release n=focal-updates\nPin-Priority: 100\n' > /etc/apt/preferences.d/focal-dkms.pref; \
41+ apt-get update; \
42+ # Sanity check: the focal pin must not change the dkms candidate (stays 3.x).
43+ case "$(apt-cache policy dkms | awk '/Candidate:/{print $2}')" in 3.*) : ;; *) echo "ERROR: dkms candidate changed by focal pin" >&2; exit 1 ;; esac; \
3744 cd /tmp; \
38- wget -q https://archive.ubuntu.com/ubuntu/pool/main/d/dkms/dkms_2.8.1-5ubuntu2_all.deb; \
39- dpkg-deb -x dkms_2.8.1-5ubuntu2_all.deb /tmp/dkms-focal; \
45+ apt-get download dkms/focal-updates; \
46+ deb="$(ls dkms_*_all.deb)"; \
47+ dpkg-deb -x "$deb" /tmp/dkms-focal; \
4048 cp -r /tmp/dkms-focal/etc/dkms/template-dkms-mkdeb /etc/dkms/template-dkms-mkdeb; \
4149 install -m 0755 /tmp/dkms-focal/usr/sbin/dkms /usr/sbin/dkms-legacy; \
42- rm -rf /tmp/dkms-focal /tmp/dkms_2.8.1-5ubuntu2_all.deb; \
50+ rm -rf /tmp/dkms-focal "/tmp/$deb"; \
51+ # Remove the temporary focal source + pin so they don't linger in the image.
52+ rm -f /etc/apt/sources.list.d/focal-dkms.list /etc/apt/preferences.d/focal-dkms.pref; \
53+ apt-get update; \
4354 printf '#!/bin/sh\nif [ "$1" = "mkdeb" ]; then exec /usr/sbin/dkms-legacy "$@"; fi\nexec /usr/sbin/dkms.real "$@"\n' > /usr/local/bin/dkms; \
4455 chmod 0755 /usr/local/bin/dkms; \
4556 mv /usr/sbin/dkms /usr/sbin/dkms.real
0 commit comments