# vim: filetype=yaml sw=2
filename: 'container-image_[% c("var/container/suite") %]-[% c("var/container/arch") %]-[% c("version") %].tar.gz'
version: 3
pkg_type: build

var:
  ubuntu_version: 20.04.1

  container:
    use_container: 1
    # We need CAP_SYS_ADMIN for debootstrap to work
    CAP_SYS_ADMIN: 1

pre: |
  #!/bin/sh
  set -e
  export DEBIAN_FRONTEND=noninteractive
  apt-get update -y -q
  apt-get install -y -q debian-archive-keyring ubuntu-keyring debootstrap
  debootstrap --arch=[% c("var/container/arch") %] [% c("var/container/debootstrap_opt") %] [% c("var/container/suite") %] base-image [% c("var/container/debootstrap_mirror") %]
  [% IF c("var/apt_package_filename") || c("var/apt_utils_package_filename") || c("var/libapt_inst_package_filename") || c("var/libapt_pkg_package_filename") -%]
    mkdir ./base-image/apt-update
    mv [% c("var/apt_package_filename") %] [% c("var/apt_utils_package_filename") %] \
       [% c("var/libapt_inst_package_filename") %] [% c("var/libapt_pkg_package_filename") %] \
       ./base-image/apt-update
    mount proc ./base-image/proc -t proc
    mount sysfs ./base-image/sys -t sysfs
    chroot ./base-image dpkg -i -R /apt-update
    umount ./base-image/proc
    umount ./base-image/sys
  [% END -%]
  [% IF c("var/minimal_apt_version") -%]
    apt_version=$(dpkg --admindir=$(pwd)/base-image/var/lib/dpkg -s apt | grep '^Version: ' | cut -d ' ' -f 2)
    echo "apt version: $apt_version"
    dpkg --compare-versions "$apt_version" ge '[% c("var/minimal_apt_version") %]'
  [% END -%]
  tar -C ./base-image -czf [% dest_dir %]/[% c("filename") %] .

targets:
  jessie-amd64:
    var:
      minimal_apt_version: 1.0.9.8.7
      # CVE-2020-27350
      apt_packages_baseurl: https://deb.freexian.com/extended-lts/pool/main/a/apt
      apt_package_filename: apt_1.0.9.8.7_amd64.deb
      apt_package_sha256sum: 02d5c6240e3410234e91facd4279c1acdce1523b583e05fac7ad64bdc75db7c7
      apt_utils_package_filename: apt-utils_1.0.9.8.7_amd64.deb
      apt_utils_package_sha256sum: aa6f0cc7cf2e7cc6e5c56782019cd651d26b01d280aef4d25288587e198ff2d3
      libapt_inst_package_filename: libapt-inst1.5_1.0.9.8.7_amd64.deb
      libapt_inst_package_sha256sum: a85c99a64f3d6cdde5bf0849649c2d5f21c7513987854628659ea014bc3eb214
      libapt_pkg_package_filename: libapt-pkg4.12_1.0.9.8.7_amd64.deb
      libapt_pkg_package_sha256sum: 0db2410376516f3420594647afc72dc99b48a44877eae4e8c79444a8244e988f

      container:
        suite: jessie
        arch: amd64

  buster-amd64:
    var:
      minimal_apt_version: 1.8.2
      container:
        suite: buster
        arch: amd64

input_files:
  - URL: 'https://cdimage.ubuntu.com/ubuntu-base/releases/[% c("var/ubuntu_version") %]/release/ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
    filename: 'container-image_ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
    sha256sum: 97f6cbcf41f39272c84e32b6f926ed5d6906c6e463a557025181f4aa191ad667
  - URL: '[% c("var/apt_packages_baseurl") %]/[% c("var/apt_package_filename") %]'
    sha256sum: '[% c("var/apt_package_sha256sum") %]'
    enable: '[% c("var/apt_package_filename") %]'
  - URL: '[% c("var/apt_packages_baseurl") %]/[% c("var/apt_utils_package_filename") %]'
    sha256sum: '[% c("var/apt_utils_package_sha256sum") %]'
    enable: '[% c("var/apt_utils_package_filename") %]'
  - URL: '[% c("var/apt_packages_baseurl") %]/[% c("var/libapt_inst_package_filename") %]'
    sha256sum: '[% c("var/libapt_inst_package_sha256sum") %]'
    enable: '[% c("var/libapt_inst_package_filename") %]'
  - URL: '[% c("var/apt_packages_baseurl") %]/[% c("var/libapt_pkg_package_filename") %]'
    sha256sum: '[% c("var/libapt_pkg_package_sha256sum") %]'
    enable: '[% c("var/libapt_pkg_package_filename") %]'
