Refactor to use distrust/toolchain project.

.gitignore

@@ -1,4 +1,4 @@
-build/
+cache/
 out/
 release/develop
 .*

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "src/toolchain"]
+	path = src/toolchain
+	url = git@codeberg.org:distrust/toolchain.git

Makefile

@@ -1,195 +1,66 @@
-NAME := airgap
-IMAGE := local/$(NAME):latest
-ARCH := x86_64
-TARGET := $(ARCH)
-USER := $(shell id -u):$(shell id -g)
-CPUS := $(shell docker run -it debian nproc)
-GIT_REF := $(shell git log -1 --format=%H config)
-GIT_AUTHOR := $(shell git log -1 --format=%an config)
-GIT_KEY := $(shell git log -1 --format=%GP config)
-GIT_EPOCH := $(shell git log -1 --format=%at config)
-GIT_DATETIME := \
-	$(shell git log -1 --format=%cd --date=format:'%Y-%m-%d %H:%M:%S' config)
-ifeq ($(strip $(shell git status --porcelain 2>/dev/null)),)
-	GIT_STATE=clean
-else
-	GIT_STATE=dirty
-endif
-VERSION := $(shell TZ=UTC0 git show --quiet --date='format-local:%Y%m%dT%H%M%SZ' --format="%cd")
-RELEASE_DIR := release/$(VERSION)
-CONFIG_DIR := config
-BR2_EXTERNAL := $(CONFIG_DIR)/buildroot
-HEADS_EXTERNAL := $(CONFIG_DIR)/heads
-CACHE_DIR := build
-SRC_DIR := src
-OUT_DIR := out
-docker = docker
-executables = $(docker) git patch
+include $(PWD)/src/toolchain/Makefile
 
-include $(PWD)/config/config.env
-
-## Use env vars from existing release if present
-ifneq (,$(wildcard $(RELEASE_DIR)/release.env))
-    include $(RELEASE_DIR)/release.env
-    export
-endif
-
-.DEFAULT_GOAL := out/manifest.txt
-
-## Primary Targets
-
-.PHONY: fetch
-fetch: $(CACHE_DIR)/toolchain.tar
-	mkdir -p build release
-	$(call toolchain,$(USER),"fetch")
+.DEFAULT_GOAL := $(OUT_DIR)/airgap.iso
 
 .PHONY: clean
-clean: $(CACHE_DIR)/toolchain.tar
-	$(call toolchain,$(USER),"clean")
+clean: toolchain
+	rm -f $(OUT_DIR) $(CACHE_DIR)/buildroot-ccache || :
+	$(call toolchain,$(USER)," \
+		cd $(CACHE_DIR)/buildroot; \
+		make clean; \
+	")
 
 .PHONY: mrproper
 mrproper:
 	docker image rm -f $(IMAGE)
 	rm -rf $(CACHE_DIR) $(OUT_DIR)
 
-## Release Targets
-
-.PHONY: release
-release: | \
-	$(OUT_DIR)/release.env \
-	$(OUT_DIR)/airgap.iso \
-	$(OUT_DIR)/manifest.txt
-	mkdir -p $(RELEASE_DIR)
-	cp out/release.env $(RELEASE_DIR)/release.env
-	cp out/airgap.iso $(RELEASE_DIR)/airgap.iso
-	cp out/manifest.txt $(RELEASE_DIR)/manifest.txt
-
-.PHONY: attest
-attest:
-	rm -rf $(CACHE_DIR) $(OUT_DIR)
-	$(MAKE) $(OUT_DIR)/manifest.txt
-	diff -q $(OUT_DIR)/manifest.txt release/$(VERSION)/manifest.txt;
-
-.PHONY: sign
-sign:
-	set -e; \
-	git config --get user.signingkey 2>&1 >/dev/null || { \
-		echo "Error: git user.signingkey is not defined"; \
-		exit 1; \
-	}; \
-	fingerprint=$$(\
-		git config --get user.signingkey \
-		| sed 's/.*\([A-Z0-9]\{16\}\).*/\1/g' \
-	); \
-	gpg --armor \
-		--detach-sig  \
-		--output $(RELEASE_DIR)/manifest.$${fingerprint}.asc \
-		$(RELEASE_DIR)/manifest.txt
-
-.PHONY: verify
-verify: | $(RELEASE_DIR)/manifest.txt
-	set -e; \
-	for file in $(RELEASE_DIR)/manifest.*.asc; do \
-		echo "\nVerifying: $${file}\n"; \
-		gpg --verify $${file} $(RELEASE_DIR)/manifest.txt; \
-	done;
-
-.PHONY: audit
-audit: $(CACHE_DIR)/toolchain.tar
-	mkdir -p $(CACHE_DIR)/audit
-	$(call toolchain,$(USER),"audit")
-
-$(RELEASE_DIR):
-	mkdir -p $(RELEASE_DIR)
-
-$(RELEASE_DIR)/release.env: \
-	$(RELEASE_DIR) \
-	$(OUT_DIR)/release.env
-	cp $(OUT_DIR)/release.env $(RELEASE_DIR)/release.env
-
-$(RELEASE_DIR)/airgap.iso: \
-	$(RELEASE_DIR) \
-	$(OUT_DIR)/airgap.iso
-	cp $(OUT_DIR)/airgap.iso $(RELEASE_DIR)/airgap.iso
-
-$(RELEASE_DIR)/manifest.txt: \
-	$(RELEASE_DIR) \
-	$(OUT_DIR)/manifest.txt
-	cp $(OUT_DIR)/manifest.txt $(RELEASE_DIR)/manifest.txt
-
-## Development Targets
-
 .PHONY: menuconfig
-menuconfig: $(CACHE_DIR)/toolchain.tar
-	$(call toolchain,$(USER),"menuconfig")
+menuconfig: toolchain
+	$(call toolchain,$(USER)," \
+		cd $(CACHE_DIR)/buildroot; \
+    	make "airgap_$(TARGET)_defconfig"; \
+		make menuconfig; \
+	")
 	cp $(CACHE_DIR)/buildroot/.config \
 	"config/buildroot/configs/airgap_$(TARGET)_defconfig"
 
 .PHONY: linux-menuconfig
-linux-menuconfig: $(CACHE_DIR)/toolchain.tar
-	$(call toolchain,$(USER),"linux-menuconfig")
+linux-menuconfig: toolchain
+	$(call toolchain,$(USER),"\
+		cd $(CACHE_DIR)/buildroot; \
+		make linux-menuconfig; \
+		make linux-update-defconfig; \
+	")
 
 .PHONY: vm
-vm: $(CACHE_DIR)/toolchain.tar
-	$(call toolchain,$(USER),"vm")
+vm: toolchain
+	$(call toolchain,$(USER)," \
+		qemu-system-i386 \
+			-M pc \
+			-nographic \
+			-cdrom "${HOME}/release/${TARGET}/airgap.iso"; \
+	")
 
-# Launch a shell inside the toolchain container
-.PHONY: toolchain-shell
-toolchain-shell: $(CACHE_DIR)/toolchain.tar
-	$(call toolchain,$(USER),"bash --norc")
+.PHONY: release
+release: | \
+	$(OUT_DIR)/airgap.iso \
+	$(OUT_DIR)/manifest.txt
+	mkdir -p $(RELEASE_DIR)
+	cp $(OUT_DIR)/release.env $(RELEASE_DIR)/release.env
+	cp $(OUT_DIR)/airgap.iso $(RELEASE_DIR)/airgap.iso
+	cp $(OUT_DIR)/manifest.txt $(RELEASE_DIR)/manifest.txt
 
-# Pin all packages in toolchain container to latest versions
-.PHONY: toolchain-update
-toolchain-update:
-	docker run \
-		--rm \
-		--env LOCAL_USER=$(USER) \
-		--platform=linux/$(ARCH) \
-		--volume $(PWD)/$(CONFIG_DIR):/config \
-		--volume $(PWD)/$(SRC_DIR)/toolchain/scripts:/usr/local/bin \
-		--env ARCH=$(ARCH) \
-		--interactive \
-		--tty \
-		debian@sha256:$(DEBIAN_HASH) \
-		bash -c /usr/local/bin/packages-update
-
-## Real targets
-
-$(CACHE_DIR)/toolchain.tar:
-	mkdir -p $(CACHE_DIR)
-	DOCKER_BUILDKIT=1 \
-	docker build \
-		--tag $(IMAGE) \
-		--build-arg DEBIAN_HASH=$(DEBIAN_HASH) \
-		--build-arg CONFIG_DIR=$(CONFIG_DIR) \
-		--build-arg SCRIPTS_DIR=$(SRC_DIR)/toolchain/scripts \
-		--platform=linux/$(ARCH) \
-		-f $(SRC_DIR)/toolchain/Dockerfile \
-		.
-	docker save "$(IMAGE)" -o "$@"
-
-$(CACHE_DIR)/buildroot: $(CACHE_DIR)/toolchain.tar
+$(CACHE_DIR)/buildroot: toolchain
 	$(call git_clone,buildroot,$(BUILDROOT_REPO),$(BUILDROOT_REF))
 
-$(CACHE_DIR)/heads: $(CACHE_DIR)/toolchain.tar
-	$(call git_clone,heads,$(HEADS_REPO),$(HEADS_REF))
-
-$(OUT_DIR):
-	mkdir -p $(OUT_DIR)
-
-$(OUT_DIR)/release.env: $(OUT_DIR)
-	echo 'VERSION=$(VERSION)'            > $(OUT_DIR)/release.env
-	echo 'GIT_REF=$(GIT_REF)'           >> $(OUT_DIR)/release.env
-	echo 'GIT_AUTHOR=$(GIT_AUTHOR)'     >> $(OUT_DIR)/release.env
-	echo 'GIT_KEY=$(GIT_KEY)'           >> $(OUT_DIR)/release.env
-	echo 'GIT_DATETIME=$(GIT_DATETIME)' >> $(OUT_DIR)/release.env
-
 $(OUT_DIR)/airgap.iso: \
+	toolchain \
 	$(CACHE_DIR)/buildroot \
 	$(OUT_DIR)/release.env
-	$(call apply_patches,buildroot,$(BR2_EXTERNAL)/patches)
+	$(call apply_patches,$(CACHE_DIR)/buildroot,$(BR2_EXTERNAL)/patches)
 	$(call toolchain,$(USER)," \
-    	cd buildroot; \
+    	cd $(CACHE_DIR)/buildroot; \
     	make "airgap_$(TARGET)_defconfig"; \
 		unset FAKETIME; \
 		make source; \
@@ -198,73 +69,3 @@ $(OUT_DIR)/airgap.iso: \
 	mkdir -p $(OUT_DIR)
 	cp $(CACHE_DIR)/buildroot/output/images/rootfs.iso9660 \
 		$(OUT_DIR)/airgap.iso
-
-$(OUT_DIR)/manifest.txt: \
-	$(OUT_DIR)/airgap.iso \
-	$(OUT_DIR)/release.env
-	cd $(OUT_DIR); \
-	openssl sha256 -r release.env > manifest.txt; \
-	openssl sha256 -r airgap.iso >> manifest.txt;
-
-## Make Helpers
-
-check_executables := $(foreach exec,$(executables),\$(if \
-	$(shell which $(exec)),some string,$(error "No $(exec) in PATH")))
-
-define git_clone
-	[ -d $(CACHE_DIR)/$(1) ] || git clone $(2) $(CACHE_DIR)/$(1)
-	git -C $(CACHE_DIR)/$(1) checkout $(3)
-	git -C $(CACHE_DIR)/$(1) rev-parse --verify HEAD | grep -q $(3) || { \
-		echo 'Error: Git ref/branch collision.'; exit 1; \
-	};
-endef
-
-define apply_patches
-	[ -d $(2) ] && $(call toolchain,$(USER)," \
-		cd $(1); \
-		git restore .; \
-		find /$(2) -type f -iname '*.patch' -print0 \
-		| xargs -t -0 -n 1 patch -p1 --no-backup-if-mismatch -i ; \
-	")
-endef
-
-define toolchain
-	docker load -i $(CACHE_DIR)/toolchain.tar
-	docker run \
-		--rm \
-		--tty \
-		--interactive \
-		--user=$(1) \
-		--platform=linux/$(ARCH) \
-		--volume $(PWD)/config:/config \
-		--volume $(PWD)/$(KEY_DIR):/keys \
-		--volume $(PWD)/$(SRC_DIR):/src \
-		--volume $(PWD)/$(CACHE_DIR):/home/build \
-		--volume $(PWD)/scripts:/usr/local/bin \
-		--cpus $(CPUS) \
-		--workdir /home/build \
-		--env HOME=/home/build \
-		--env PS1="$(NAME)-toolchain" \
-		--env GNUPGHOME=/cache/.gnupg \
-		--env ARCH=$(ARCH) \
-		--env TARGET="$(ARCH)" \
-		--env GIT_REF="$(GIT_REF)" \
-		--env GIT_AUTHOR="$(GIT_AUTHOR)" \
-		--env GIT_KEY="$(GIT_KEY)" \
-		--env GIT_DATETIME="$(GIT_DATETIME)" \
-		--env GIT_EPOCH="$(GIT_EPOCH)" \
-		--env KBUILD_BUILD_USER=$(KBUILD_BUILD_USER) \
-		--env KBUILD_BUILD_HOST=$(KBUILD_BUILD_HOST) \
-		--env KBUILD_BUILD_VERSION=$(KBUILD_BUILD_VERSION) \
-		--env KBUILD_BUILD_TIMESTAMP=$(KBUILD_BUILD_TIMESTAMP) \
-		--env KCONFIG_NOTIMESTAMP=$(KCONFIG_NOTIMESTAMP) \
-		--env SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
-		--env FAKETIME_FMT=$(FAKETIME_FMT) \
-		--env FAKETIME=$(FAKETIME) \
-		--env BR2_EXTERNAL="/$(BR2_EXTERNAL)" \
-		--env HEADS_EXTERNAL="/$(HEADS_EXTERNAL)" \
-		--env UID="$(shell id -u)" \
-		--env GID="$(shell id -g)" \
-		$(IMAGE) \
-		bash -c $(2)
-endef

config/buildroot/configs/airgap_qemu_defconfig

@@ -117,7 +117,7 @@ BR2_LUAROCKS_MIRROR="http://rocks.moonscript.org"
 BR2_CPAN_MIRROR="http://cpan.metacpan.org"
 BR2_JLEVEL=0
 BR2_CCACHE=y
-BR2_CCACHE_DIR="$(HOME)/build/buildroot-ccache"
+BR2_CCACHE_DIR="$(HOME)/cache/buildroot-ccache"
 BR2_CCACHE_INITIAL_SETUP=""
 BR2_CCACHE_USE_BASEDIR=y
 # BR2_ENABLE_DEBUG is not set

config/buildroot/configs/airgap_x86_64_defconfig

@@ -3,7 +3,7 @@
 # Buildroot 2022.02.8-dirty Configuration
 #
 BR2_HAVE_DOT_CONFIG=y
-BR2_EXTERNAL_Airgap_PATH="/config/buildroot"
+BR2_EXTERNAL_Airgap_PATH="/home/build/config/buildroot"
 BR2_HOST_GCC_AT_LEAST_4_9=y
 BR2_HOST_GCC_AT_LEAST_5=y
 BR2_HOST_GCC_AT_LEAST_6=y
@@ -129,7 +129,7 @@ BR2_LUAROCKS_MIRROR="http://rocks.moonscript.org"
 BR2_CPAN_MIRROR="http://cpan.metacpan.org"
 BR2_JLEVEL=0
 BR2_CCACHE=y
-BR2_CCACHE_DIR="$(HOME)/build/buildroot-ccache"
+BR2_CCACHE_DIR="$(HOME)/cache/buildroot-ccache"
 BR2_CCACHE_INITIAL_SETUP=""
 BR2_CCACHE_USE_BASEDIR=y
 # BR2_ENABLE_DEBUG is not set
@@ -4500,7 +4500,7 @@ BR2_TARGET_UBOOT_CUSTOM_PATCH_DIR=""
 #
 
 #
-# Linux distribution for offline cryptography use cases (in /config/buildroot)
+# Linux distribution for offline cryptography use cases (in /home/build/config/buildroot)
 #
 
 #

config/config.env

@@ -1,14 +0,0 @@
-export BUILDROOT_REF=ea51485ee9ab44f72f8b1cc019dcb17f276d1def
-export HEADS_REF=6e62c83e164231c629d77a45d37569b3bff43d3f
-export DEBIAN_HASH=48b28b354484a7f0e683e340fa0e6e4c4bce3dc3aa0146fc2f78f443fde2c55d
-export FAKETIME_FMT="%s"
-export FAKETIME="1"
-export SOURCE_DATE_EPOCH=1
-export KBUILD_BUILD_TIMESTAMP="1970-01-01 00:00:00 UTC"
-export KCONFIG_NOTIMESTAMP=1
-export KBUILD_BUILD_USER=root
-export KBUILD_BUILD_HOST=AirgapOS
-export KBUILD_BUILD_VERSION=1
-
-export BUILDROOT_REPO=git://git.busybox.net/buildroot
-export HEADS_REPO=https://source.puri.sm/coreboot/purism-heads.git

config/global.env

@@ -0,0 +1,7 @@
+DEBIAN_HASH=48b28b354484a7f0e683e340fa0e6e4c4bce3dc3aa0146fc2f78f443fde2c55d
+BUILDROOT_REF=ea51485ee9ab44f72f8b1cc019dcb17f276d1def
+HEADS_REF=6e62c83e164231c629d77a45d37569b3bff43d3f
+BUILDROOT_REPO=git://git.busybox.net/buildroot
+HEADS_REPO=https://source.puri.sm/coreboot/purism-heads.git
+BR2_EXTERNAL=/home/build/config/buildroot
+HEADS_EXTERNAL=/home/build/config/heads

scripts/build-fw

@@ -1,11 +0,0 @@
-#!/bin/bash
-[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
-set -e; source environment
-
-devices=${DEVICES?}
-build_dir="${BUILD_DIR?}"
-heads_dir="${build_dir}/heads"
-
-for device in ${devices}; do
-	(cd "${heads_dir}"; make BOARD="$device")
-done

scripts/build-os

@@ -1,8 +0,0 @@
-#!/bin/bash
-[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
-set -e; source environment
-unset FAKETIME
-
-buildroot_dir="${HOME}/buildroot"
-
-(cd "${buildroot_dir}"; make )

scripts/clean

@@ -1,11 +0,0 @@
-#!/bin/bash
-[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
-set -e; source environment
-
-build_dir="${BUILD_DIR?}"
-release_dir="${RELEASE_DIR?}"
-
-[ -d "${build_dir}/buildroot" ] && (cd ${build_dir}/buildroot && make clean)
-[ -d "${build_dir}/heads" ] && (cd ${build_dir}/heads && make real.clean)
-[ -d "${build_dir}/buildroot-ccache" ] && rm -rf ${build_dir}/buildroot-ccache
-[ -d "${release_dir}" ] && rm -rf ${release_dir}/develop

scripts/environment

@@ -1,12 +0,0 @@
-#!/bin/bash
-
-target=${TARGET?}
-env_file=/config/config.env
-
-source ${env_file}
-
-export HOME=/home/build
-export RELEASE_DIR="${HOME}/release"
-
-mkdir -p ${HOME}
-chown -R "${UID}:${GID}" /home/build/

scripts/fetch

@@ -1,38 +0,0 @@
-#!/bin/bash
-[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
-set -e; source environment
-
-heads_dir="${HOME}/heads"
-heads_repo="${HEADS_REPO?}"
-heads_ref=${HEADS_REF?}
-heads_external=${HEADS_EXTERNAL?}
-devices=${DEVICES?}
-target=${TARGET?}
-unset FAKETIME
-
-[[ -f ~/.gitconfig ]] || \
-	printf "[color]\nui=auto\n[user]\nemail=build@local\nname=Build User" \
-		> ~/.gitconfig
-
-[ "$(ls -A "${heads_dir}")" ] \
-	|| git clone "$heads_repo" "$heads_dir"
-(
-	cd "$heads_dir";
-	git checkout "$heads_ref";
-	git reset --hard;
-	git tag airgap || :
-	current_ref="$(git rev-parse --verify HEAD)"
-	[ "$current_ref" == "$heads_ref" ] || {
-		echo "Error: $heads_ref was not successfully checked out"; exit 1;
-	}
-	if [ "$(ls -A "${heads_external}/patches")" ]; then
-		for patch in "${heads_external}"/patches/*; do
-			echo "Applying patch: ${patch}";
-			patch -p1 --no-backup-if-mismatch < "${patch}";
-		done;
-	fi
-	[ -d "${heads_external}/boards" ] && \
-		rsync -Pav "${heads_external}/boards/" "${heads_dir}/boards/"
-	[[ "$devices" =~ "librem" ]] \
-		&& (cd "$heads_dir/blobs/librem_kbl" && ./get_blobs.sh)
-)

scripts/host-env

@@ -1,20 +0,0 @@
-#!/bin/bash
-set -e
-
-uid=${UID?}
-gid=${GID?}
-user=${USER:-"build"}
-export HOME="/home/${user}"
-
-groupadd -g "$gid" "${user}"
-useradd \
-	-g "$gid" \
-	-u "$uid" \
-	-md "/home/${user}" \
-	-s /bin/bash \
-	"${user}"
-
-mkdir -p "$HOME"
-chown -R "$uid:$gid" "$HOME"
-cd "$HOME"
-setpriv --reuid="$uid" --regid="$gid" --init-groups "$@"

scripts/linux-menuconfig

@@ -1,9 +0,0 @@
-#!/bin/bash
-[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
-set -e; source environment
-
-target=${TARGET?}
-
-cd /home/build/build/buildroot
-make linux-menuconfig
-make linux-update-defconfig

scripts/menuconfig

@@ -1,9 +0,0 @@
-#!/bin/bash
-[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
-set -e; source environment
-
-target=${TARGET?}
-
-cd /home/build/buildroot
-make "airgap_${TARGET}_defconfig"
-make menuconfig

scripts/shell

@@ -1,4 +0,0 @@
-#!/bin/bash --init-file
-[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
-source environment
-clear

scripts/vm

@@ -1,9 +0,0 @@
-#!/bin/bash
-[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
-source environment
-set -e
-
-qemu-system-i386 \
-	-M pc \
-	-nographic \
-	-cdrom "${HOME}/release/${TARGET}/airgap.iso"

src/toolchain

@@ -0,0 +1 @@
+Subproject commit 5191085576e4f9d043bbc2b0ca091d4bb81efaff

src/toolchain/Dockerfile

@@ -1,18 +0,0 @@
-ARG DEBIAN_HASH
-FROM debian@sha256:${DEBIAN_HASH}
-
-ENV DEBIAN_FRONTEND=noninteractive \
-    LANG=C.UTF-8 \
-    TZ=UTC \
-    PATH=/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-
-ARG CONFIG_DIR
-ADD ${CONFIG_DIR} /config
-
-ARG SCRIPTS_DIR
-ADD ${SCRIPTS_DIR} /usr/local/bin
-
-RUN packages-install
-
-RUN echo "/usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1" \
-    > /etc/ld.so.preload

src/toolchain/scripts/packages-install

@@ -1,26 +0,0 @@
-#!/usr/bin/env bash
-set -e;
-
-ARCH=$(uname -m)
-
-cp /config/toolchain/* /etc/apt/
-
-apt-get update
-apt-get install debian-archive-keyring
-
-until apt-get install --download-only --reinstall --allow-downgrades -y $(cat /etc/apt/packages-${ARCH}.list); do
-    echo "apt install failed. Likely throttled. Retrying in 10 mins...";
-    sleep 600;
-done;
-
-(
-	cd /var/cache/apt/archives \
-		&& find . -type f \( -iname \*.deb \) -exec sha256sum {} \; \
-		| sed 's/.\///g' \
-		| LC_ALL=C sort
-) > /etc/apt/package-hashes-${ARCH}-compare.txt
-
-diff /etc/apt/package-hashes-${ARCH}{,-compare}.txt
-
-apt-get install --allow-downgrades -y $(cat /etc/apt/packages-${ARCH}.list)
-rm -rf /var/cache/apt/archives/* /var/lib/apt/lists/* /tmp/* /var/tmp/*;

src/toolchain/scripts/packages-update

@@ -1,43 +0,0 @@
-#!/bin/bash
-
-[ -f /.dockerenv ] || { echo "please run in supplied container"; exit 1; }
-set -e
-
-snapshot_url="http://snapshot.debian.org/archive/debian"
-snapshot_date=$(date +"%Y%m%dT000000Z")
-cat <<-EOF > /etc/apt/sources.list
-deb http://deb.debian.org/debian bookworm main
-deb http://security.debian.org/debian-security bookworm-security main
-deb http://deb.debian.org/debian bookworm-updates main
-deb [check-valid-until=no] ${snapshot_url}/${snapshot_date} bookworm main
-deb [check-valid-until=no] ${snapshot_url}-security/${snapshot_date} bookworm-security main
-deb [check-valid-until=no] ${snapshot_url}/${snapshot_date} bookworm-updates main
-EOF
-cp /etc/apt/sources.list /config/toolchain/
-
-ARCH=$(uname -m)
-
-apt-get update
-apt-get install -y --download-only --reinstall $( \
-	dpkg-query \
-		-W \
-		-f='${db:Status-Abbrev}\t${binary:Package} - ${binary:Summary}\n' \
-	| awk -F'\t' '/^ii/ {print $2}' \
-	| awk '{print $1}' \
-)
-apt-get install -y --download-only $(cat /config/toolchain/packages-base.list)
-
-( cd /var/cache/apt/archives \
-	&& find . -type f \( -iname \*.deb \) -exec sha256sum {} \; \
-	| sed 's/.\///g' \
-	| LC_ALL=C sort
-) > /config/toolchain/package-hashes-${ARCH}.txt
-
-cp /dev/null /config/toolchain/packages-${ARCH}.list
-for deb in /var/cache/apt/archives/*.deb; do
-	package=$(dpkg-deb -f $deb Package);
-	version=$(dpkg --info ${deb} | grep "^ Version: " | sed 's/^ Version: //g');
-	echo "${package}=${version}" >> /config/toolchain/packages-${ARCH}.list;
-done
-
-chown -R $LOCAL_USER /config/toolchain