project-dalec
diff --git a/‎targets/linux/deb/distro/container.go‎
Lines changed: 128 additions & 197 deletions b/‎targets/linux/deb/distro/container.go‎
Lines changed: 128 additions & 197 deletions
@@ -10,18 +10,19 @@ import (
 	"github.com/project-dalec/dalec/targets"
 )
 
-type BuildDistrolessContainerInput struct {
-	Config *Config
-	Client gwclient.Client // Replace with interface.
-	Worker llb.State
-	SOpt   dalec.SourceOpts
-	Spec   *dalec.Spec
-	Target string
-	DebSt  llb.State // Why is this DebSt?
-	Opts   []llb.ConstraintsOpt
+type BuildContainerInput struct {
+	Config             *Config
+	DefaultOutputImage string
+	Client             gwclient.Client // Replace with interface.
+	Worker             llb.State
+	SOpt               dalec.SourceOpts
+	Spec               *dalec.Spec
+	Target             string
+	DebSt              llb.State // Why is this DebSt?
+	Opts               []llb.ConstraintsOpt
 }
 
-func BuildDistrolessContainer(ctx context.Context, input BuildDistrolessContainerInput) llb.State {
+func BuildDistrolessContainer(ctx context.Context, input BuildContainerInput) llb.State {
 	opts := append(input.Opts, frontend.IgnoreCache(input.Client), dalec.ProgressGroup("Build Container Image"))
 
 	// Those base repos come from distro configuration.
@@ -32,23 +33,8 @@ func BuildDistrolessContainer(ctx context.Context, input BuildDistrolessContaine
 
 	withRepos := input.Config.RepoMounts(repos, input.SOpt, opts...)
 
-	// Step 1: Bootstrap base image structure from scratch
-	baseImg := llb.Scratch().
-		File(llb.Mkdir("/etc", 0o755), opts...).
-		File(llb.Mkdir("/etc/apt", 0o755), opts...).
-		File(llb.Mkdir("/etc/apt/apt.conf.d", 0o755), opts...).
-		File(llb.Mkdir("/etc/apt/preferences.d", 0o755), opts...).
-		File(llb.Mkdir("/etc/apt/sources.list.d", 0o755), opts...).
-		File(llb.Mkdir("/var", 0o755), opts...).
-		File(llb.Mkdir("/var/cache", 0o755), opts...).
-		File(llb.Mkdir("/var/cache/apt", 0o755), opts...).
-		File(llb.Mkdir("/var/cache/apt/archives", 0o755), opts...).
-		File(llb.Mkdir("/var/lib", 0o755), opts...).
-		File(llb.Mkdir("/var/lib/dpkg", 0o755), opts...).
-		File(llb.Mkfile("/var/lib/dpkg/status", 0o644, []byte{}), opts...)
-
-	// Step 2: Build base packages if configured
-	var basePkg llb.State
+	basePkg := llb.Scratch()
+
 	if len(input.Config.BasePackages) > 0 {
 		runtimePkgs := make(dalec.PackageDependencyList, len(input.Config.BasePackages))
 		for _, pkgName := range input.Config.BasePackages {
@@ -64,225 +50,170 @@ func BuildDistrolessContainer(ctx context.Context, input BuildDistrolessContaine
 				Runtime: runtimePkgs,
 			},
 		}
+
 		basePkg = input.Config.BuildPkg(ctx, input.Client, input.SOpt, basePkgSpec, input.Target, opts...)
+	}
+
+	baseImg := llb.Scratch()
+
+	if input.DefaultOutputImage != "" {
+		baseImg = llb.Image(input.DefaultOutputImage, llb.WithMetaResolver(input.SOpt.Resolver), dalec.WithConstraints(opts...))
+	}
+
+	// Allow spec to override the base image entirely
+	bi, err := input.Spec.GetSingleBase(input.Target)
+	if err != nil {
+		return dalec.ErrorState(llb.Scratch(), err)
+	}
+	if bi != nil {
+		baseImg = bi.ToState(input.SOpt, opts...)
 	} else {
-		basePkg = llb.Scratch()
+		baseImg = baseImg.File(llb.Mkdir("/etc", 0o755), opts...).
+			File(llb.Mkdir("/etc/apt", 0o755), opts...).
+			File(llb.Mkdir("/etc/apt/apt.conf.d", 0o755), opts...).
+			File(llb.Mkdir("/etc/apt/preferences.d", 0o755), opts...).
+			File(llb.Mkdir("/etc/apt/sources.list.d", 0o755), opts...).
+			File(llb.Mkdir("/var", 0o755), opts...).
+			File(llb.Mkdir("/var/cache", 0o755), opts...).
+			File(llb.Mkdir("/var/cache/apt", 0o755), opts...).
+			File(llb.Mkdir("/var/cache/apt/archives", 0o755), opts...).
+			File(llb.Mkdir("/var/lib", 0o755), opts...).
+			File(llb.Mkdir("/var/lib/dpkg", 0o755), opts...).
+			File(llb.Mkfile("/var/lib/dpkg/status", 0o644, []byte{}), opts...)
 	}
 
-	// Step 3: Use worker to download all packages + deps and install into baseImg
-	// Worker has apt-get, dpkg, etc. while baseImg is just empty directories
-	const installScript = `#!/bin/sh
-set -ex
-# cache-bust-v2
+	installScript := `#!/bin/sh
+set -exu
+
+rootfs=/tmp/rootfs
+apt_archives=/var/cache/apt/archives
 
 # Ensure apt cache directory exists
-mkdir -p /var/cache/apt/archives
-
-# Copy local packages (base + spec) to apt cache
-cp /base-packages/*.deb /var/cache/apt/archives/
-cp /spec-packages/*.deb /var/cache/apt/archives/
-
-apt-get update
-
-# Download essential packages and all dependencies for our local packages
-# Point apt at the empty target dpkg status so it thinks nothing is installed,
-# which makes it download the full dependency tree and resolve conflicts properly.
-essential=$(dpkg-query -Wf '${Package} ${Essential}\n' | awk '$2 == "yes" {print $1}')
-# Get names of local packages so we can exclude them from apt-get install
-local_pkgs=$(for f in /var/cache/apt/archives/*.deb; do dpkg-deb -f "$f" Package 2>/dev/null; done | sort -u)
-local_deps=$(for f in /var/cache/apt/archives/*.deb; do dpkg-deb -f "$f" Depends 2>/dev/null; done | tr ',' '\n' | sed 's/([^)]*)//g; s/|.*//; s/ //g' | grep -v '^$' | sort -u)
-# Filter out deps that are satisfied by local packages (they aren't in apt repos)
-echo "$local_pkgs" > /tmp/local_pkg_names
-filtered_deps=$(echo "$local_deps" | grep -vxFf /tmp/local_pkg_names || true)
-apt-get -o Dir::State::status=/tmp/rootfs/var/lib/dpkg/status \
-    --yes --download-only install $essential $filtered_deps
-
-# Extract all packages into the target rootfs
-for f in /var/cache/apt/archives/*.deb; do
-    dpkg-deb --extract "$f" /tmp/rootfs
+mkdir -p "${apt_archives}"
+
+apt update
+
+# Upgrade worker so we pull latest package versions.
+apt dist-upgrade -y
+
+essential_packages=$(dpkg-query -Wf '${Package} ${Essential}\n' | awk '$2 == "yes" {print $1}')
+local_package_files=$(ls /base-packages/*.deb /spec-packages/*.deb)
+
+# Extract dependencies of local packages for downloading.
+local_packages_dependencies=$(for f in ${local_package_files}; do dpkg-deb -f "${f}" Depends 2>/dev/null; done | tr ',' '\n' | sed 's/([^)]*)//g; s/|.*//; s/ //g' | grep -v '^$' | sort -u)
+
+# Get names of local packages so we can exclude them from apt-get install.
+local_package_names=$(for f in ${local_package_files}; do dpkg-deb -f "${f}" Package 2>/dev/null; done | sort -u)
+
+# Spec packages may depend on base packages, so we need to filter to only download remaining packages, since downloading local packages
+# would fail.
+dependencies_to_download=$(echo "${local_packages_dependencies}" | grep -vxF "${local_package_names}")
+
+# Use state file from target image so we only download necessary packages. If target image is a base image, less packages should
+# be downloaded.
+apt-get -o Dir::State::status="${rootfs}/var/lib/dpkg/status" \
+    --yes --download-only install ${essential_packages} ${dependencies_to_download}
+
+# Extract all packages into the target rootfs.
+#
+# Extract base-files first to establish merged-usr symlinks (/bin -> usr/bin, etc.)
+# before other packages create those paths as real directories, which would
+# cause tar to fail when base-files tries to create the symlinks later.
+base_files_package=$(ls "${apt_archives}"/base-files_*.deb)
+for f in ${base_files_package} ${local_package_files} $(ls "${apt_archives}"/*.deb | grep -vxF "${base_files_package}"); do
+    dpkg-deb --extract "${f}" "${rootfs}"
+done
+
+# Fix merged-usr: on Noble+, /bin, /sbin, /lib should be symlinks to usr/bin, usr/sbin, usr/lib
+# but dpkg-deb --extract may recreate them as real directories.
+for dir in bin sbin lib; do
+    if [ -d "${rootfs}/usr/${dir}" ] && [ -d "${rootfs}/${dir}" ] && [ ! -L "${rootfs}/${dir}" ]; then
+        cp -a "${rootfs}/${dir}"/* "${rootfs}/usr/${dir}/" 2>/dev/null || true
+        rm -rf "${rootfs}/${dir}"
+        ln -s "usr/${dir}" "${rootfs}/${dir}"
+    fi
 done
 
 # dpkg-deb --extract doesn't run postinst scripts, so the /bin/sh symlink
 # normally created by update-alternatives is missing. Create it manually.
-# Also fix merged-usr: on Noble+, /bin should be a symlink to usr/bin but
-# dpkg-deb --extract may create it as a real directory if extraction order
-# causes a directory to be created before base-files' symlink.
-if [ -d /tmp/rootfs/usr/bin ] && [ -d /tmp/rootfs/bin ] && [ ! -L /tmp/rootfs/bin ]; then
-    # /bin is a real dir but should be a symlink on merged-usr systems
-    # Move any contents and replace with symlink
-    cp -a /tmp/rootfs/bin/* /tmp/rootfs/usr/bin/ 2>/dev/null || true
-    rm -rf /tmp/rootfs/bin
-    ln -s usr/bin /tmp/rootfs/bin
-fi
-if [ -d /tmp/rootfs/usr/sbin ] && [ -d /tmp/rootfs/sbin ] && [ ! -L /tmp/rootfs/sbin ]; then
-    cp -a /tmp/rootfs/sbin/* /tmp/rootfs/usr/sbin/ 2>/dev/null || true
-    rm -rf /tmp/rootfs/sbin
-    ln -s usr/sbin /tmp/rootfs/sbin
-fi
-if [ -d /tmp/rootfs/usr/lib ] && [ -d /tmp/rootfs/lib ] && [ ! -L /tmp/rootfs/lib ]; then
-    cp -a /tmp/rootfs/lib/* /tmp/rootfs/usr/lib/ 2>/dev/null || true
-    rm -rf /tmp/rootfs/lib
-    ln -s usr/lib /tmp/rootfs/lib
-fi
-if [ ! -e /tmp/rootfs/usr/bin/sh ]; then
-    if [ -x /tmp/rootfs/usr/bin/dash ]; then
-        ln -s dash /tmp/rootfs/usr/bin/sh
-    elif [ -x /tmp/rootfs/bin/dash ]; then
-        ln -s dash /tmp/rootfs/bin/sh
-    fi
+if [ ! -e "${rootfs}/usr/bin/sh" ] && [ ! -e "${rootfs}/bin/sh" ]; then
+    ln -s dash "${rootfs}/usr/bin/sh"
 fi
 
 # Remove usrmerge package - our merged-usr fixup above already handles this,
 # and usrmerge's postinst fails on overlayfs (which BuildKit uses).
 # Create a fake dpkg status entry so dpkg thinks it's installed.
-for f in /var/cache/apt/archives/usrmerge_*.deb /var/cache/apt/archives/usr-is-merged_*.deb; do
-    if [ -f "$f" ]; then
-        pkg=$(dpkg-deb -f "$f" Package)
-        ver=$(dpkg-deb -f "$f" Version)
-        arch=$(dpkg-deb -f "$f" Architecture)
-        printf 'Package: %s\nStatus: install ok installed\nVersion: %s\nArchitecture: %s\nDescription: faked by dalec\n\n' "$pkg" "$ver" "$arch" >> /tmp/rootfs/var/lib/dpkg/status
-        rm "$f"
-    fi
+#
+# This only runs when usrmerge package is not installed in the base image, since only then the deb file will be downloaded.
+for f in $(ls "${apt_archives}"/usrmerge_*.deb "${apt_archives}"/usr-is-merged_*.deb 2>/dev/null); do
+    pkg=$(dpkg-deb -f "${f}" Package)
+    ver=$(dpkg-deb -f "${f}" Version)
+    arch=$(dpkg-deb -f "${f}" Architecture)
+    printf 'Package: %s\nStatus: install ok installed\nVersion: %s\nArchitecture: %s\nDescription: faked by dalec\n\n' "${pkg}" "${ver}" "${arch}" >> "${rootfs}/var/lib/dpkg/status"
+    rm "${f}"
 done
 
-cp /var/cache/apt/archives/*.deb /tmp/rootfs/var/cache/apt/archives/
+cp ${local_package_files} "${apt_archives}"/*.deb "${rootfs}${apt_archives}"/
 
-# Copy apt sources from worker into rootfs so the final container can install packages
+# Copy apt sources from worker into rootfs so the final container can install packages. Do we want that?
+# There is no guarantee that the final image will have access to the same sources worker had (e.g. with  mounted repos).
 #
-# TODO: This is a workaround. For running tests, installing test steps should follow the same logic as here.
-cp -a /etc/apt/sources.list /tmp/rootfs/etc/apt/sources.list 2>/dev/null || true
-cp -a /etc/apt/sources.list.d/* /tmp/rootfs/etc/apt/sources.list.d/ 2>/dev/null || true
+# A the moment this is necessary so we can for example install test dependencies without using worker image.
+cp -ar /etc/apt/sources.list* "${rootfs}/etc/apt/"
 `
 
 	script := llb.Scratch().File(llb.Mkfile("install.sh", 0o755, []byte(installScript)), opts...)
 
+	// Use worker to download all packages + deps and install into baseImg.
 	baseImg = input.Worker.Run(
 		dalec.WithConstraints(opts...),
 		llb.AddMount("/tmp/install.sh", script, llb.SourcePath("install.sh")),
 		llb.AddMount("/base-packages", basePkg, llb.Readonly),
 		llb.AddMount("/spec-packages", input.DebSt, llb.Readonly),
 		withRepos,
+		dalec.WithMountedAptCache(input.Config.AptCachePrefix, opts...),
 		llb.AddEnv("DEBIAN_FRONTEND", "noninteractive"),
 		dalec.ShArgs("/tmp/install.sh"),
 		frontend.IgnoreCache(input.Client, targets.IgnoreCacheKeyContainer),
 	).AddMount("/tmp/rootfs", baseImg)
 
-	// Allow spec to override the base image entirely
-	bi, err := input.Spec.GetSingleBase(input.Target)
-	if err != nil {
-		return dalec.ErrorState(llb.Scratch(), err)
-	}
-	if bi != nil {
-		baseImg = bi.ToState(input.SOpt, opts...)
-	}
-
 	debug := llb.Scratch().File(llb.Mkfile("debug", 0o644, []byte(`debug=2`)), opts...)
-	debugOpt := llb.AddMount("/etc/dpkg/dpkg.cfg.d/99-dalec-debug", debug, llb.SourcePath("debug"), llb.Readonly)
 
-	// Run dpkg --install to properly configure the packages
-	// Try /usr/bin/sh first (merged-usr), fall back to /bin/sh (non-merged)
+	// Run dpkg --install to properly configure the packages.
 	baseImg = baseImg.Run(
 		dalec.WithConstraints(opts...),
-		debugOpt,
-		llb.AddEnv("DEBIAN_FRONTEND", "noninteractive"),
-		llb.Args([]string{"/bin/sh", "-c", "dpkg --install --force-depends /var/cache/apt/archives/*.deb && rm -rf /var/cache/apt/archives/*.deb"}),
-		frontend.IgnoreCache(input.Client, targets.IgnoreCacheKeyContainer),
-	).Root()
-
-	return baseImg.With(dalec.InstallPostSymlinks(input.Spec.GetImagePost(input.Target), input.Worker, opts...))
-}
-
-func (c *Config) BuildContainer(ctx context.Context, client gwclient.Client, sOpt dalec.SourceOpts, spec *dalec.Spec, targetKey string, debSt llb.State, opts ...llb.ConstraintsOpt) llb.State {
-	if true {
-		return BuildDistrolessContainer(ctx, BuildDistrolessContainerInput{
-			Config: c,
-			Client: client,
-			Worker: c.Worker(sOpt, dalec.Platform(sOpt.TargetPlatform), dalec.WithConstraints(opts...)),
-			SOpt:   sOpt,
-			Spec:   spec,
-			Target: targetKey,
-			DebSt:  debSt,
-			Opts:   opts,
-		})
-	}
-
-	opts = append(opts, frontend.IgnoreCache(client), dalec.ProgressGroup("Build Container Image"))
-
-	baseImg := llb.Image(c.DefaultOutputImage, llb.WithMetaResolver(sOpt.Resolver), dalec.WithConstraints(opts...))
-
-	bi, err := spec.GetSingleBase(targetKey)
-	if err != nil {
-		return dalec.ErrorState(llb.Scratch(), err)
-	}
-
-	if bi != nil {
-		baseImg = bi.ToState(sOpt, opts...)
-	}
-
-	// Those base repos come from distro configuration.
-	repos := dalec.GetExtraRepos(c.ExtraRepos, "install")
-
-	// These are user specified via spec.
-	repos = append(repos, spec.GetInstallRepos(targetKey)...)
-
-	withRepos := c.RepoMounts(repos, sOpt, opts...)
-
-	debug := llb.Scratch().File(llb.Mkfile("debug", 0o644, []byte(`debug=2`)), opts...)
-	opts = append(opts, dalec.ProgressGroup("Install spec package"))
-
-	// If we have base packages to install, create a meta-package to install them.
-	if len(c.BasePackages) > 0 {
-		runtimePkgs := make(dalec.PackageDependencyList, len(c.BasePackages))
-		for _, pkgName := range c.BasePackages {
-			runtimePkgs[pkgName] = dalec.PackageConstraints{}
-		}
-		basePkgSpec := &dalec.Spec{
-			Name:        "dalec-deb-base-packages",
-			Packager:    "dalec",
-			Description: "Base Packages for Debian-based Distros",
-			Version:     "0.1",
-			Revision:    "1",
-			Dependencies: &dalec.PackageDependencies{
-				Runtime: runtimePkgs,
-			},
-		}
-
-		basePkg := c.BuildPkg(ctx, client, sOpt, basePkgSpec, targetKey, opts...)
-
-		// Update the base image to include the base packages.
-		// This may include things that are necessary to even install the debSt package.
-		// So this must be done separately from the debSt package.
-		opts := append(opts, dalec.ProgressGroup("Install base image packages"))
-		baseImg = baseImg.Run(
-			dalec.WithConstraints(opts...),
-			InstallLocalPkg(basePkg, true, opts...),
-			dalec.WithMountedAptCache(c.AptCachePrefix, opts...),
-		).Root()
-	}
-
-	worker := c.Worker(sOpt, dalec.Platform(sOpt.TargetPlatform), dalec.WithConstraints(opts...))
-
-	return baseImg.Run(
-		dalec.WithConstraints(opts...),
-		withRepos,
-		dalec.WithMountedAptCache(c.AptCachePrefix, opts...),
-		// This file makes dpkg give more verbose output which can be useful when things go awry.
 		llb.AddMount("/etc/dpkg/dpkg.cfg.d/99-dalec-debug", debug, llb.SourcePath("debug"), llb.Readonly),
 		dalec.RunOptFunc(func(cfg *llb.ExecInfo) {
 			// Warning: HACK here
 			// The base ubuntu image has this `excludes` config file which prevents
 			// installation of a lot of things, including doc files.
 			// This is mounting over that file with an empty file so that our test suite
 			// passes (as it is looking at these files).
-			if !spec.GetArtifacts(targetKey).HasDocs() {
+			if !input.Spec.GetArtifacts(input.Target).HasDocs() {
 				return
 			}
 
 			tmp := llb.Scratch().File(llb.Mkfile("tmp", 0o644, nil), opts...)
 			llb.AddMount("/etc/dpkg/dpkg.cfg.d/excludes", tmp, llb.SourcePath("tmp")).SetRunOption(cfg)
 		}),
-		InstallLocalPkg(debSt, true, opts...),
-		frontend.IgnoreCache(client, targets.IgnoreCacheKeyContainer),
-	).Root().
-		With(dalec.InstallPostSymlinks(spec.GetImagePost(targetKey), worker, opts...))
+		llb.AddEnv("DEBIAN_FRONTEND", "noninteractive"),
+		llb.Args([]string{"/usr/bin/sh", "-c", "dpkg --install --force-depends /var/cache/apt/archives/*.deb && rm -rf /var/cache/apt/archives/*.deb"}),
+		frontend.IgnoreCache(input.Client, targets.IgnoreCacheKeyContainer),
+	).Root()
+
+	return baseImg.With(dalec.InstallPostSymlinks(input.Spec.GetImagePost(input.Target), input.Worker, opts...))
+}
+
+func (c *Config) BuildContainer(ctx context.Context, client gwclient.Client, sOpt dalec.SourceOpts, spec *dalec.Spec, targetKey string, debSt llb.State, opts ...llb.ConstraintsOpt) llb.State {
+	return BuildDistrolessContainer(ctx, BuildContainerInput{
+		Config:             c,
+		DefaultOutputImage: c.DefaultOutputImage,
+		Client:             client,
+		Worker:             c.Worker(sOpt, dalec.Platform(sOpt.TargetPlatform), dalec.WithConstraints(opts...)),
+		SOpt:               sOpt,
+		Spec:               spec,
+		Target:             targetKey,
+		DebSt:              debSt,
+		Opts:               opts,
+	})
 }