docker: add ability to build with docker

[dtrunk90]

With docker we don't need to build from the same distribution as the target distribution.

Tested on Ubuntu 20.04.6 LTS

[nodiscc]

Hi @dtrunk90, thanks for the patch.

However I cannot accept it in the current state because it:

1. lacks documentation
2. relies on Docker which is not in official Debian repositories (I try to keep non-Debian dependencies to a minimum)
3. relies on docker-compose as opposed to a simple docker build/run command, which adds another dependency
4. uses privileged mode which is insecure and as far as I know, requires rootful docker. The only container-based build system I would accept is using rootless podman.
5. will not work in CI/CD systems out-of-the box (unless you can show otherwise)

I am already working on automated builds through Gitea actions and a VM-based runner, which are working, but need some cleanup before it is fully ready (see https://github.com/nodiscc/debian-live-config/compare/master...gitea-actions#files_bucket). All "clean" container-based build attempts I made this far, fail at some point because of limitations in the way debootstrap works (https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=debootstrap;dist=unstable). I made a few notes about workarounds using fakeroot (or better yet, fix bugs in debootstrap) but they are not satisfying either.

we don't need to build from the same distribution as the target distribution

In the end, yes, you do. Whether it is from a container running the target distribution, or from a VM running the target distribution.

This is how I build ISO images currently - launch a dedicated libvirt/qemu VM, clone the repository inside it and run the Makefile from there. This also provides more isolation compared to a container. The ongoing work on Gitea actions just automates this a little bit more, and I'm not in a hurry since I only actually rebuild when new Debian releases are made. Though I could probably rebuild on every point release.

You could probably just docker run -it debian:bookworm, clone the repo/run make and the result would be the same (minus the debootstrap issues i mentioned. Does it work without --privileged?).

I will keep this open for future reference, but don't expect a merge soon. Thanks again

[dtrunk90]

1. yes, true. i did no documentation because i just wanted to hear if this could be merged so i don't have to waste time.
2. true, but it's actually intended to run on other distros than debian because there you could use the host system directly to build.
3. true. could be changed.
4. privileged is required for mounting¹
5. didn't tested in a CI/CD env. i could try though on my self-hosted gitlab.

In the end, yes, you do. Whether it is from a container running the target distribution, or from a VM running the target distribution.

yeah, i just meant you don't need to install a whole debian system first or use a vm or a live system or whatever

Does it work without --privileged?

¹ Nope, unfortunately it is required for mounting to work:

debian-live-config-1  | [2024-04-04 18:44:37] lb chroot_devpts install
debian-live-config-1  | P: Begin mounting /dev/pts...
debian-live-config-1  | mount: /tmp/workspace/chroot/dev/pts: permission denied.
debian-live-config-1  |        dmesg(1) may have more information after failed mount system call.
debian-live-config-1  | [2024-04-04 18:44:37] lb chroot_proc install
debian-live-config-1  | P: Begin mounting /proc...
debian-live-config-1  | mount: /tmp/workspace/chroot/proc: permission denied.
debian-live-config-1  |        dmesg(1) may have more information after failed mount system call.
debian-live-config-1  | E: An unexpected failure occurred, exiting...

[nodiscc]

I will try to rework this to make it work with (rootful, no choice) podman