Cleanup

.github/workflows/CI.yml

@@ -10,12 +10,12 @@ jobs:
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       - name: Checks-out repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
         with:
           submodules: true
 
       - name: Enable cache
-        uses: actions/cache@v2.1.1
+        uses: actions/cache@v4
         with:
           path: $GITHUB_WORKSPACE/cache
           key: cache
@@ -50,7 +50,7 @@ jobs:
       - name: test
         run: |
           # Set the path and install the tools
-          export PATH="$GITHUB_WORKSPACE/cache/bin:$PATH"
+          export PATH="$HOME/bin:$PATH"
           ./hack/helpers/install-tools.sh
           # Start buildkit
           bkaddr="$(./hack/helpers/start-buildkit.sh 2>/dev/null)"

DEVELOP.md

@@ -10,18 +10,18 @@
 
 ### The what
 
-This image is built using: `docker.io/dubodubonduponey/base:builder-bullseye-2022-12-01` 
+This image is built using: `docker.io/dubodubonduponey/base:builder-bookworm-2024-02-20` 
 
-The runtime part is based on: `docker.io/dubodubonduponey/base:runtime-bullseye-2022-12-01`
+The runtime part is based on: `docker.io/dubodubonduponey/base:runtime-bookworm-2024-02-20`
 
-Both these images are built upon: `docker.io/dubodubonduponey/debian:bullseye-2022-12-01`
+Both these images are built upon: `docker.io/dubodubonduponey/debian:bookworm-2024-02-20`
 
 You can find out more here:
 
  * https://github.com/dubo-dubon-duponey/docker-debian for the debootstrapped Debian base
  * https://github.com/dubo-dubon-duponey/docker-base for the builder and runtime images
 
-These images provide very little - they are (mostly) barebone bullseye with some ONBUILD
+These images provide very little - they are (mostly) barebone bookworm with some ONBUILD
 Docker syntactic sugar (metadata, user creation, entrypoint).
 
 Let me repeat: you have very little reason to go and add anything up there.

Dockerfile

@@ -189,7 +189,7 @@ ENV           MOD_MDNS_ENABLED=false
 ENV           MOD_MDNS_TYPE="_$_SERVICE_TYPE._tcp"
 # Name is used as a short description for the service
 ENV           MOD_MDNS_NAME="$_SERVICE_NICK mDNS display name"
-# The service will be annonced and reachable at $MDNS_HOST.local (set to empty string to disable mDNS announces entirely)
+# The service will be annonced and reachable at $MOD_MDNS_HOST.local (set to empty string to disable mDNS announces entirely)
 ENV           MOD_MDNS_HOST="$_SERVICE_NICK"
 # Also announce the service as a workstation (for example for the benefit of coreDNS mDNS)
 ENV           ADVANCED_MOD_MDNS_STATION=true

README.md

@@ -6,7 +6,7 @@ This is based on [LibreSpot](https://github.com/librespot-org/librespot).
 
 This is useful in the following scenarios:
 
- 1. you are a hobbyist and you want to turn a small appliance connected to speakers into a Spotify Connect receiver (typically a raspberry pi) 
+ 1. you are a hobbyist, and you want to turn a small appliance connected to speakers into a Spotify Connect receiver (typically a raspberry pi) 
  1. that's it :-)
 
 ## Image features
@@ -16,27 +16,17 @@ This is useful in the following scenarios:
   * [x] linux/arm64
 * hardened:
   * [x] image runs read-only
-  * [x] image runs with no capabilities but NET_BIND_SERVICE
+  * [x] image runs with no capabilities (you need NET_BIND_SERVICE if you want to use privileged ports obviously)
   * [x] process runs as a non-root user, disabled login, no shell
 * lightweight
-  * [x] based on our slim [Debian Bullseye](https://github.com/dubo-dubon-duponey/docker-debian)
+  * [x] based on our slim [Debian Bookworm](https://github.com/dubo-dubon-duponey/docker-debian)
   * [x] simple entrypoint script
-  * [ ] multi-stage build ~~with no installed dependencies~~ dependent on the following for the runtime image:
-    * libpulse0
-    * libasound2
+  * [ ] multi-stage build with ~~zero packages~~ `libpulse0`, `libasound2` installed in the runtime image
 * observable
   * [x] healthcheck
   * [x] log to stdout
   * [ ] ~~prometheus endpoint~~
 
-unsupported (probably builds - but I lost interest):
-  * [ ] linux/arm/v7
-  * [ ] linux/arm/v6
-  * [ ] linux/386
-  * [ ] linux/ppc64le
-  * [ ] linux/s390x
-
-
 ## Run
 
 The following is the most straight-forward example, using host networking:

context/runtime/boot/entrypoint.sh

@@ -4,9 +4,9 @@ set -o errexit -o errtrace -o functrace -o nounset -o pipefail
 root="$(cd "$(dirname "${BASH_SOURCE[0]:-$PWD}")" 2>/dev/null 1>&2 && pwd)"
 readonly root
 # shellcheck source=/dev/null
-source "$root/helpers.sh"
+. "$root/helpers.sh"
 # shellcheck source=/dev/null
-source "$root/mdns.sh"
+. "$root/mdns.sh"
 
 helpers::dir::writable /tmp
 
@@ -21,13 +21,12 @@ args=(--cache-size-limit 8G --cache /tmp/cache --name "${MOD_MDNS_NAME:-Sproutif
 [ "${MOD_MDNS_ENABLED:-}" != true ] || {
   [ "${ADVANCED_MOD_MDNS_STATION:-}" != true ] || mdns::records::add "_workstation._tcp" "${MOD_MDNS_HOST}" "${MOD_MDNS_NAME:-}" "$PORT"
   mdns::records::add "${ADVANCED_MOD_MDNS_TYPE:-_spotify-connect._tcp}" "${MOD_MDNS_HOST:-}" "${MOD_MDNS_NAME:-}" "$PORT" '["VERSION=1", "CPath=/"]'
-  mdns::start::broadcaster &
+  mdns::start::broadcaster
   args+=(--disable-discovery)
 }
 
-normalized_log_level="$(printf "%s" "$LOG_LEVEL" | tr '[:upper:]' '[:lower:]')"
-[ "$normalized_log_level" != "debug" ] || args+=(--verbose)
-[ "$normalized_log_level" != "error" ] && [ "$normalized_log_level" != "warning" ]  || args+=(--quiet)
+[ "$LOG_LEVEL" != "debug" ] || args+=(--verbose)
+[ "$LOG_LEVEL" != "error" ] && [ "$LOG_LEVEL" != "warning" ]  || args+=(--quiet)
 
 [ ! "$OUTPUT" ] || args+=(--backend "$OUTPUT")
 [ ! "$DEVICE" ] || args+=(--device "$DEVICE")

context/runtime/boot/helpers.sh

@@ -10,3 +10,23 @@ helpers::dir::writable(){
     exit 1
   }
 }
+
+helpers::log::normalize(){
+  local lower
+  lower="$(printf "%s" "${LOG_LEVEL:-}" | tr '[:upper:]' '[:lower:]')"
+  case "$lower" in
+  "debug")
+  ;;
+  "info")
+  ;;
+  "error")
+  ;;
+  *)
+    lower="warning"
+  ;;
+  esac
+  LOG_LEVEL="$lower"
+  printf "%s" "$LOG_LEVEL"
+}
+
+helpers::log::normalize >/dev/null

context/runtime/boot/mdns.sh

@@ -38,7 +38,7 @@ mdns::records::resolve(){
 mdns::start::broadcaster(){
   [ ! -e "$_default_mod_mdns_configuration_path" ] || mdns::records::load "$_default_mod_mdns_configuration_path"
   local IFS=","
-  goello-server-ng -json "[${_internal_mod_mdns_records[*]}]"
+  goello-server-ng -json "[${_internal_mod_mdns_records[*]}]" &
 }
 
 mdns::start::avahi(){
@@ -51,15 +51,17 @@ mdns::start::avahi(){
   # - project is half-dead: https://github.com/lathiat/avahi/issues/388
 
   local args=()
-  local avahisocket="$XDG_STATE_HOME/avahi-daemon/socket"
+  # local avahisocket="$XDG_STATE_HOME/avahi-daemon/socket"
+  # XXX giving up on trying to be fancy with avahi
+  local avahisocket="/run/avahi-daemon/socket"
 
   # Make sure we can write it
   helpers::dir::writable "$(dirname "$avahisocket")" true
 
   # Cleanup leftovers on container restart
   rm -f "$(dirname "$avahisocket")/pid"
 
-  [ "$(printf "%s" "$LOG_LEVEL" | tr '[:upper:]' '[:lower:]')" != "debug" ] || args+=(--debug)
+  [ "$LOG_LEVEL" != "debug" ] || args+=(--debug)
 
   # -D/--daemonize implies -s/--syslog that we do not want, so, just background it
   avahi-daemon -f /config/avahi/main.conf --no-drop-root --no-chroot "${args[@]}" &

cue.mod/pkg/duponey.cloud/buildkit/buildctl/buildctl.cue

@@ -72,7 +72,7 @@ import (
 
 		["--local", "dockerfile=\(dockerfile)"] +
 		["--frontend", frontend] +
-		["--trace", "buildctl.trace.json"] +
+		["--trace", "cache/buildctl.trace.json"] +
 		["--opt", "filename=\(filename)"] +
 
 		["--local", "context=\(context)"] +

cue.mod/pkg/duponey.cloud/scullery/icing.cue

@@ -64,7 +64,7 @@ import (
 #Icing: {
 	// XXX make this type more specific
 	buildkit?: {
-		address?: string | * "docker-container://buildkitd"
+		address?: string | * "docker-container://dbdbdp-buildkit"
 		name?: string
 		ca?: types.#Path
 		cert?: types.#Path

hack/build.sh

@@ -6,7 +6,9 @@ root="$(cd "$(dirname "${BASH_SOURCE[0]:-$PWD}")" 2>/dev/null 1>&2 && pwd)/../"
 readonly root
 
 # shellcheck source=/dev/null
-BIN_LOCATION="${BIN_LOCATION:-$root/cache/bin}" source "$root/hack/helpers/install-tools.sh"
+BIN_LOCATION="${BIN_LOCATION:-$root/cache/bin}" . "$root/hack/helpers/install-tools.sh"
+
+rm -f "$root/cache/buildctl.trace.json"
 
 # Build the cue invocation
 params=(cue)
@@ -22,7 +24,7 @@ case "${1:-}" in
   *)
     cd "$root"
     target=image
-    files=("$root/hack/recipe.cue" "$root/hack/cue_tool.cue")
+    files=("$root/hack/recipe.cue" "$root/hack/helpers/cue_tool.cue")
     isparam=
     for i in "$@"; do
       if [ "${i:0:2}" == "--" ]; then

hack/helpers/install-tools.sh

@@ -1,15 +1,15 @@
 #!/usr/bin/env bash
 set -o errexit -o errtrace -o functrace -o nounset -o pipefail
 
-export SUITE=bullseye
-export DATE=2021-08-01
+export SUITE=bookworm
+export DATE=2024-02-20
 
 export BIN_LOCATION="${BIN_LOCATION:-$HOME/bin}"
 export PATH="$BIN_LOCATION:$PATH"
 readonly IMAGE_TOOLS="${IMAGE_TOOLS:-dubodubonduponey/tools:$(uname -s | grep -q Darwin && printf "macos" || printf "linux-dev")-$SUITE-$DATE}"
 
-export SHELLCHECK_VERSION=0.7.2
-export HADOLINT_VERSION=2.7.0
+export SHELLCHECK_VERSION=0.10.0
+export HADOLINT_VERSION=2.12.0
 
 setup::tools(){
   local location="$1"

hack/helpers/start-buildkit.sh

@@ -1,25 +1,24 @@
 #!/usr/bin/env bash
 set -o errexit -o errtrace -o functrace -o nounset -o pipefail
 
-export SUITE=bullseye
-export DATE=2021-08-01
-
-readonly IMAGE_BLDKT="${IMAGE_BLDKT:-docker.io/dubodubonduponey/buildkit:$SUITE-$DATE}"
+export TAG=latest
+readonly IMAGE_BLDKT="${IMAGE_BLDKT:-docker.io/dubodubonduponey/buildkit:$TAG}"
 
 setup::buildkit() {
   [ "$(docker container inspect -f '{{.State.Running}}' dbdbdp-buildkit 2>/dev/null)" == "true" ]  || {
     docker run --pull always --rm -d \
       -p 4242:4242 \
       --network host \
       --name dbdbdp-buildkit \
-      --env MDNS_ENABLED=true \
-      --env MDNS_HOST=buildkit-machina \
-      --env MDNS_NAME="Dubo Buildkit on la machina" \
+      --env MOD_MDNS_ENABLED=true \
+      --env MOD_MDNS_HOST=buildkit-machina \
+      --env MOD_MDNS_NAME="Dubo Buildkit on la machina" \
       --entrypoint buildkitd \
       --user root \
       --privileged \
       "$IMAGE_BLDKT"
     docker exec --env QEMU_BINARY_PATH=/boot/bin/ dbdbdp-buildkit binfmt --install all
+    docker exec dbdbdp-buildkit mkdir /tmp/runtime
   }
 }
 

hack/lint.sh

@@ -1,12 +1,11 @@
 #!/usr/bin/env bash
 set -o errexit -o errtrace -o functrace -o nounset -o pipefail
 
-# shellcheck source=/dev/null
 root="$(cd "$(dirname "${BASH_SOURCE[0]:-$PWD}")" 2>/dev/null 1>&2 && pwd)/../"
 readonly root
 
 # shellcheck source=/dev/null
-BIN_LOCATION="${BIN_LOCATION:-$root/cache/bin}" source "$root/hack/helpers/install-tools.sh"
+BIN_LOCATION="${BIN_LOCATION:-$root/cache/bin}" . "$root/hack/helpers/install-tools.sh"
 
 # Ignore some hadolint warnings that do not make much sense
 # DL3006 is about "dO nOT UsE --platform", which is really ludicrous
@@ -24,4 +23,6 @@ if ! hadolint "${hadolint_ignore[@]}" "$root"/*Dockerfile*; then
   exit 1
 fi
 
-find "$root" -iname "*.sh" -not -path "*debuerreotype*" -not -path "*cache*" -exec shellcheck {} \;
+while read -r line; do
+  shellcheck "$line"
+done < <(find "$root" -iname "*.sh" -not -path "*debuerreotype*" -not -path "*cache*" -not -path "*xxx*" 2>/dev/null || true)

hack/recipe.cue

@@ -20,7 +20,7 @@ cakes: {
 				platforms: types.#Platforms | * [
 					types.#Platforms.#AMD64,
 					types.#Platforms.#ARM64,
-					types.#Platforms.#V7,
+					// types.#Platforms.#V7,
 					// types.#Platforms.#I386,
 					// types.#Platforms.#V6,
 					// types.#Platforms.#S390X,
@@ -44,8 +44,8 @@ cakes: {
 }
 
 injectors: {
-	suite: * "bullseye" | =~ "^(?:bullseye|bookworm|trixie|sid)$" @tag(suite, type=string)
-	date: * "2022-12-01" | =~ "^[0-9]{4}-[0-9]{2}-[0-9]{2}$" @tag(date, type=string)
+	suite: * "bookworm" | =~ "^(?:bullseye|bookworm|trixie|sid)$" @tag(suite, type=string)
+	date: * "2024-02-20" | =~ "^[0-9]{4}-[0-9]{2}-[0-9]{2}$" @tag(date, type=string)
 	platforms: string @tag(platforms, type=string)
 	registry: * "registry.local" | string @tag(registry, type=string)
 }

hack/test.sh

@@ -1,17 +1,17 @@
 #!/usr/bin/env bash
 set -o errexit -o errtrace -o functrace -o nounset -o pipefail
 
-# shellcheck source=/dev/null
 root="$(cd "$(dirname "${BASH_SOURCE[0]:-$PWD}")" 2>/dev/null 1>&2 && pwd)/../"
+readonly root
 
 # Simple no-thrill build tester
 # XXX Currently reduced to a single architecture to avoid using all disk space until we figure out our space efficiency problem (likely the fat builder image getting duplicated over and over)
 # Solution would probably be to do like buildkit and fetch with a lightweight go image while build mount from the previous stage instead of inheriting - annoying but probably the only way
 if ! "$root/hack/build.sh" \
     --inject registry="docker.io/dubodubonduponey" \
     --inject progress=plain \
-	  --inject date=2022-12-01 \
-	  --inject suite=bullseye \
+	  --inject date=2024-02-20 \
+	  --inject suite=bookworm \
     --inject platforms=linux/arm64 \
   	"image" "$@"; then
   printf >&2 "Failed building\n"