Live CD: Containerize most of the build process

[yveszoundi]

Background

The Live CD is based on Debian stable. The build process generates ISO images for amd64 and aarch64

Problem

The build process is a bit too complex to both maintain and support:

• There are temporary files and artifacts left upon build failure (see https://github.com/rimerosolutions/entrusted/issues/65)
• It's difficult and too time consuming to provide user support in case of build failures:
  • Distribution specific issues and potential Unix/Linux user resourcefulness
  • Container runtime user customization concerns
  • User environment specific customization
  • Package dependencies name mappings to a specific Linux distribution
  • etc.

Proposed approach

Try containerizing most of the build process similarly to Lima Alpine ISO build or other "Live CD kits".

Main Challenge

We need a "ready-to-go" folder structure with the entire contents of $HOME/.local/share/containers in the Live CD.

• We need the container sandbox image contents
• We need all the remaining auxiliary Podman files and folders populated under $HOME/.local/share/containers

[yveszoundi]

One of the current annoyances is copying the locally built image into a chroot environment

• Ensure that all the expected files are created/unpacked in "~/.local/share/containers" during the build....
  • Save the podman image in a dedicated temporary directory (podman save with --format docker-dir)
  • Create required files in chroot without namespace errors or other issues (i.e., podman run dir:/tmp/docker-dir)
  • Maybe some podman flags can temporarily refer to the chroot environment to load the container image properly
  • Maybe there's another approach for creating all the podman data files for a specific container image.
• Update permissions accordingly

[yveszoundi]

Running podman with a custom --root parameter doesn't seem to help.

The same applies to custom variables such as XDG_DATA_DIRS or XDG_DATA_HOME.

The CD builds successfully without requiring users to build the CD in a virtual machine. However, there are podman errors apparently related to temporary folders not found (likely references during the build while pointing to the chroot environment).

[yveszoundi]

Testing with Podman 4.8.2, there are still references to the initial chroot environment within the Live CD.

Various json files in ~/.local/share/containers refer to /tmp/entrusted-tmpbuild/entrusted-livecd/live_boot_tmpdir-0.3.2-amd64/entrusted-packaging/docker-dir/containers/storage.

• A bunch of replacements doesn't help for path references in those json files
• Setting explicitly the graphroot and other options doesn' seem to help (~/.config/containers/storage.conf).

[yveszoundi]

See also the following references

• https://github.com/containers/podman/discussions/18392
• https://github.com/containers/podman/discussions/12658

If it were possible, it would be nice to import/pull a built container image (podman export) within a chroot environment. Last time that I checked (1 year ago or so), it was kind of working for amd64, but failing for aarch64 (arm64).

[yveszoundi]

This won't be necessary if we manage to remove the container solution requirement first in #57 .