tmp

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

Author: invidian

targets/linux/deb/distro/container.go

@@ -62,9 +62,7 @@ func BuildDistrolessContainer(ctx context.Context, input BuildDistrolessContaine
 	}
 	if bi != nil {
 		baseImg = bi.ToState(input.SOpt, opts...)
-	}
-
-	if bi == nil {
+	} else {
 		baseImg = baseImg.File(llb.Mkdir("/etc", 0o755), opts...).
 			File(llb.Mkdir("/etc/apt", 0o755), opts...).
 			File(llb.Mkdir("/etc/apt/apt.conf.d", 0o755), opts...).
@@ -86,71 +84,74 @@ rootfs=/tmp/rootfs
 apt_archives=/var/cache/apt/archives
 
 # Ensure apt cache directory exists
-mkdir -p "$apt_archives"
+mkdir -p "${apt_archives}"
 
 apt-get update
 
 essential_packages=$(dpkg-query -Wf '${Package} ${Essential}\n' | awk '$2 == "yes" {print $1}')
 local_package_files=$(ls /base-packages/*.deb /spec-packages/*.deb)
 
 # Extract dependencies of local packages for downloading.
-local_packages_dependencies=$(for f in $local_package_files; do dpkg-deb -f "$f" Depends 2>/dev/null; done | tr ',' '\n' | sed 's/([^)]*)//g; s/|.*//; s/ //g' | grep -v '^$' | sort -u)
+local_packages_dependencies=$(for f in ${local_package_files}; do dpkg-deb -f "${f}" Depends 2>/dev/null; done | tr ',' '\n' | sed 's/([^)]*)//g; s/|.*//; s/ //g' | grep -v '^$' | sort -u)
 
 # Get names of local packages so we can exclude them from apt-get install.
-local_package_names=$(for f in $local_package_files; do dpkg-deb -f "$f" Package 2>/dev/null; done | sort -u)
+local_package_names=$(for f in ${local_package_files}; do dpkg-deb -f "${f}" Package 2>/dev/null; done | sort -u)
 
 # Spec packages may depend on base packages, so we need to filter to only download remaining packages, since downloading local packages
 # would fail.
-dependencies_to_download=$(echo "$local_packages_dependencies" | grep -vxF "$local_package_names")
+dependencies_to_download=$(echo "${local_packages_dependencies}" | grep -vxF "${local_package_names}")
 
-# Use empty state file so we download all packages.
-apt-get -o Dir::State::status="$rootfs/var/lib/dpkg/status" \
-    --yes --download-only install $essential_packages $dependencies_to_download
+# Use state file from target image so we only download necessary packages. If target image is a base image, less packages should
+# be downloaded.
+apt-get -o Dir::State::status="${rootfs}/var/lib/dpkg/status" \
+    --yes --download-only install ${essential_packages} ${dependencies_to_download}
 
 # Extract all packages into the target rootfs.
 #
 # Extract base-files first to establish merged-usr symlinks (/bin -> usr/bin, etc.)
 # before other packages create those paths as real directories, which would
 # cause tar to fail when base-files tries to create the symlinks later.
-base_files_package=$(ls "$apt_archives"/base-files_*.deb)
-for f in $base_files_package $local_package_files $(ls "$apt_archives"/*.deb | grep -vxF "$base_files_package"); do
-    dpkg-deb --extract "$f" "$rootfs"
+base_files_package=$(ls "${apt_archives}"/base-files_*.deb)
+for f in ${base_files_package} ${local_package_files} $(ls "${apt_archives}"/*.deb | grep -vxF "${base_files_package}"); do
+    dpkg-deb --extract "${f}" "${rootfs}"
 done
 
 # Fix merged-usr: on Noble+, /bin, /sbin, /lib should be symlinks to usr/bin, usr/sbin, usr/lib
 # but dpkg-deb --extract may recreate them as real directories.
 for dir in bin sbin lib; do
-    if [ -d "$rootfs/usr/$dir" ] && [ -d "$rootfs/$dir" ] && [ ! -L "$rootfs/$dir" ]; then
-        cp -a "$rootfs/$dir"/* "$rootfs/usr/$dir/" 2>/dev/null || true
-        rm -rf "$rootfs/$dir"
-        ln -s "usr/$dir" "$rootfs/$dir"
+    if [ -d "${rootfs}/usr/${dir}" ] && [ -d "${rootfs}/${dir}" ] && [ ! -L "${rootfs}/${dir}" ]; then
+        cp -a "${rootfs}/${dir}"/* "${rootfs}/usr/${dir}/" 2>/dev/null || true
+        rm -rf "${rootfs}/${dir}"
+        ln -s "usr/${dir}" "${rootfs}/${dir}"
     fi
 done
 
 # dpkg-deb --extract doesn't run postinst scripts, so the /bin/sh symlink
 # normally created by update-alternatives is missing. Create it manually.
-if [ ! -e "$rootfs/usr/bin/sh" ] && [ ! -e "$rootfs/bin/sh" ]; then
-		ln -s dash "$rootfs/usr/bin/sh"
+if [ ! -e "${rootfs}/usr/bin/sh" ] && [ ! -e "${rootfs}/bin/sh" ]; then
+    ln -s dash "${rootfs}/usr/bin/sh"
 fi
 
 # Remove usrmerge package - our merged-usr fixup above already handles this,
 # and usrmerge's postinst fails on overlayfs (which BuildKit uses).
 # Create a fake dpkg status entry so dpkg thinks it's installed.
-for f in $(ls "$apt_archives"/usrmerge_*.deb "$apt_archives"/usr-is-merged_*.deb 2>/dev/null); do
-  	pkg=$(dpkg-deb -f "$f" Package)
-		ver=$(dpkg-deb -f "$f" Version)
-		arch=$(dpkg-deb -f "$f" Architecture)
-		printf 'Package: %s\nStatus: install ok installed\nVersion: %s\nArchitecture: %s\nDescription: faked by dalec\n\n' "$pkg" "$ver" "$arch" >> "$rootfs/var/lib/dpkg/status"
-		rm "$f"
+#
+# This only runs when usrmerge package is not installed in the base image, since only then the deb file will be downloaded.
+for f in $(ls "${apt_archives}"/usrmerge_*.deb "${apt_archives}"/usr-is-merged_*.deb 2>/dev/null); do
+    pkg=$(dpkg-deb -f "${f}" Package)
+    ver=$(dpkg-deb -f "${f}" Version)
+    arch=$(dpkg-deb -f "${f}" Architecture)
+    printf 'Package: %s\nStatus: install ok installed\nVersion: %s\nArchitecture: %s\nDescription: faked by dalec\n\n' "${pkg}" "${ver}" "${arch}" >> "${rootfs}/var/lib/dpkg/status"
+    rm "${f}"
 done
 
-cp $local_package_files "$apt_archives"/*.deb "$rootfs$apt_archives"/
+cp ${local_package_files} "${apt_archives}"/*.deb "${rootfs}${apt_archives}"/
 
 # Copy apt sources from worker into rootfs so the final container can install packages. Do we want that?
 # There is no guarantee that the final image will have access to the same sources worker had (e.g. with  mounted repos).
 #
 # A the moment this is necessary so we can for example install test dependencies without using worker image.
-cp -ar /etc/apt/sources.list* "$rootfs/etc/apt/"
+cp -ar /etc/apt/sources.list* "${rootfs}/etc/apt/"
 `
 
 	script := llb.Scratch().File(llb.Mkfile("install.sh", 0o755, []byte(installScript)), opts...)