kubernetes
/
git-sync
mirror of https://github.com/kubernetes/git-sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Change baseimage to trixie

This commit is contained in:
Tim Hockin 2025-09-08 10:01:58 -07:00
parent 239a784830
commit a203e93502
No known key found for this signature in database
3 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Dockerfile.in
View File

@ -51,7 +51,12 @@ RUN apt-get -y -qq -o Dpkg::Use-Pty=0 update
RUN apt-get -y -qq -o Dpkg::Use-Pty=0 -y upgrade RUN apt-get -y -qq -o Dpkg::Use-Pty=0 -y upgrade
RUN apt-get -y -qq -o Dpkg::Use-Pty=0 install --no-install-recommends bash # for the staging scripts and ldd RUN apt-get -y -qq -o Dpkg::Use-Pty=0 install --no-install-recommends bash # for the staging scripts and ldd
# Newer Debian uses symlinks but the stage_binaries tool is kind of dumb.
RUN mkdir -p {ARG_STAGING} RUN mkdir -p {ARG_STAGING}
RUN mkdir -p {ARG_STAGING}/usr/bin && ln -s usr/bin {ARG_STAGING}/bin
RUN mkdir -p {ARG_STAGING}/usr/sbin && ln -s usr/sbin {ARG_STAGING}/sbin
RUN mkdir -p {ARG_STAGING}/usr/lib && ln -s usr/lib {ARG_STAGING}/lib
RUN mkdir -p {ARG_STAGING}/usr/lib64 && ln -s usr/lib64 {ARG_STAGING}/lib64
COPY stage_binaries.sh / COPY stage_binaries.sh /
RUN /stage_binaries.sh -o {ARG_STAGING} \ RUN /stage_binaries.sh -o {ARG_STAGING} \
-p base-files \ -p base-files \
@ -70,14 +75,14 @@ RUN /stage_binaries.sh -o {ARG_STAGING} \
-f /etc/os-release \ -f /etc/os-release \
-f /etc/passwd \ -f /etc/passwd \
-f /tmp -f /tmp
RUN ln -s /bin/bash {ARG_STAGING}/bin/sh # Not sure why this is not set up automatically RUN ln -s bash {ARG_STAGING}/bin/sh # Not sure why this is not set up automatically
FROM scratch AS intermediate FROM scratch AS intermediate
# Docker doesn't do vars in COPY, so we can't use a regular ARG. # Docker doesn't do vars in COPY, so we can't use a regular ARG.
COPY --from=base {ARG_STAGING} / COPY --from=base {ARG_STAGING} /
# This list is not generic - it is specific to git-sync on debian bookworm. # This list is not generic - it is specific to git-sync on debian trixie.
RUN rm -rf \ RUN rm -rf \
/usr/share/base-files \ /usr/share/base-files \
/usr/share/doc \ /usr/share/doc \
@ -103,7 +108,8 @@ RUN rm -rf \
/usr/lib/openssh/ssh-keysign \ /usr/lib/openssh/ssh-keysign \
/usr/lib/openssh/ssh-pkcs11-helper \ /usr/lib/openssh/ssh-pkcs11-helper \
/usr/lib/openssh/ssh-sk-helper \ /usr/lib/openssh/ssh-sk-helper \
/usr/share/gitweb /usr/share/gitweb \
/usr/share/locale
# Add the default UID to /etc/passwd so SSH is satisfied. # Add the default UID to /etc/passwd so SSH is satisfied.
RUN echo "git-sync:x:65533:65533::/tmp:/sbin/nologin" >> /etc/passwd RUN echo "git-sync:x:65533:65533::/tmp:/sbin/nologin" >> /etc/passwd

4
Makefile
View File

@ -45,13 +45,13 @@ ALL_PLATFORMS := linux/amd64 linux/arm linux/arm64 linux/ppc64le linux/s390x
OS := $(if $(GOOS),$(GOOS),$(shell go env GOOS)) OS := $(if $(GOOS),$(GOOS),$(shell go env GOOS))
ARCH := $(if $(GOARCH),$(GOARCH),$(shell go env GOARCH)) ARCH := $(if $(GOARCH),$(GOARCH),$(shell go env GOARCH))
BASEIMAGE ?= registry.k8s.io/build-image/debian-base:bookworm-v1.0.2 BASEIMAGE ?= debian:trixie
IMAGE := $(REGISTRY)/$(BIN) IMAGE := $(REGISTRY)/$(BIN)
TAG := $(VERSION) TAG := $(VERSION)
OS_ARCH_TAG := $(TAG)__$(OS)_$(ARCH) OS_ARCH_TAG := $(TAG)__$(OS)_$(ARCH)
BUILD_IMAGE ?= golang:1.24 BUILD_IMAGE ?= golang:1.25
DBG_MAKEFILE ?= DBG_MAKEFILE ?=
ifneq ($(DBG_MAKEFILE),1) ifneq ($(DBG_MAKEFILE),1)

5
stage_binaries.sh
View File

@ -167,7 +167,7 @@ function file_to_package() {
# `dpkg-query --search $file-pattern` outputs lines with the format: "$package: $file-path" # `dpkg-query --search $file-pattern` outputs lines with the format: "$package: $file-path"
# where $file-path belongs to $package. Sometimes it has lines that say # where $file-path belongs to $package. Sometimes it has lines that say
# "diversion" but there's no documented grammar I can find. # "diversion" but there's no documented grammar I can find.
echo "${result}" | grep -v "diversion" | cut -d':' -f1 echo "${result}" | (grep -v "diversion" || true) | cut -d':' -f1
} }
function ensure_dir_in_staging() { function ensure_dir_in_staging() {
@ -216,6 +216,9 @@ function stage_file_and_deps() {
# get the package so we can stage package metadata as well # get the package so we can stage package metadata as well
local package local package
package="$(file_to_package "${file}")" package="$(file_to_package "${file}")"
if [[ -z "${package}" ]]; then
return 0 # no package, but no error either
fi
DBG "staging file ${file} from pkg ${package}" DBG "staging file ${file} from pkg ${package}"
stage_one_file "${staging}" "$file" stage_one_file "${staging}" "$file"