#!/bin/bash set -euo pipefail declare -r WRAPPER="fakechroot -- fakeroot" declare -r GROUP="$1" declare -r BUILDDIR="$2" declare -r OUTPUTDIR="$3" mkdir -vp "$BUILDDIR/alpm-hooks/usr/share/libalpm/hooks" find /usr/share/libalpm/hooks -exec ln -sf /dev/null "$BUILDDIR/alpm-hooks"{} \; mkdir -vp "$BUILDDIR/var/lib/pacman/" "$OUTPUTDIR" [[ "$GROUP" == "multilib-devel" ]] && pacman_conf=multilib.conf || pacman_conf=extra.conf install -Dm644 "/usr/share/devtools/pacman.conf.d/$pacman_conf" "$BUILDDIR/etc/pacman.conf" awk ' { print if ($0 ~ /^Include *=/ && !found++) { last_include_line = NR } } END { if (last_include_line) { print "\n[ppr]" print "SigLevel = Never" print "Include = /etc/pacman.d/parch-mirrors" print "" print "[pcp]" print "SigLevel = Never" print "Include = /etc/pacman.d/parch-mirrors" } } ' "$BUILDDIR/etc/pacman.conf" > "$BUILDDIR/etc/pacman.conf.tmp" && mv "$BUILDDIR/etc/pacman.conf.tmp" "$BUILDDIR/etc/pacman.conf" cat pacman-conf.d-noextract.conf >> "$BUILDDIR/etc/pacman.conf" sed 's/Include = /&rootfs/g' < "$BUILDDIR/etc/pacman.conf" > pacman.conf sed -i '/#DisableSandbox/{c\ # No kernel landlock in containerd\ DisableSandbox }' "$BUILDDIR/etc/pacman.conf" cp --recursive --preserve=timestamps rootfs/* "$BUILDDIR/" $WRAPPER -- \ pacman -Sy -r "$BUILDDIR" \ --noconfirm --dbpath "$BUILDDIR/var/lib/pacman" \ --config pacman.conf \ --noscriptlet \ --hookdir "$BUILDDIR/alpm-hooks/usr/share/libalpm/hooks/" base "$GROUP" $WRAPPER -- chroot "$BUILDDIR" update-ca-trust $WRAPPER -- chroot "$BUILDDIR" pacman-key --init $WRAPPER -- chroot "$BUILDDIR" pacman-key --populate $WRAPPER -- chroot "$BUILDDIR" /usr/bin/systemd-sysusers --root "/" sed -i -e 's/^root::/root:!:/' "$BUILDDIR/etc/shadow" fakeroot -- \ tar \ --numeric-owner \ --xattrs \ --acls \ --exclude-from=exclude \ -C "$BUILDDIR" \ -c . \ -f "$OUTPUTDIR/$GROUP.tar" cd "$OUTPUTDIR" zstd --long -T0 -8 "$GROUP.tar" sha256sum "$GROUP.tar.zst" > "$GROUP.tar.zst.SHA256"