0.15

• #135: switch from security.debian.org/debian-security to deb.debian.org/debian-security

• #128: support deb822-style APT sources (and apply them in our unstable images for now -- intended to be for bookworm+ sometime before the release)

Full changes: 0.14...0.15

0.14

• #117: invoke debootstrap inside unshare --mount (matching debuerreotype-chroot)

• #121: improve gpgv-ignore-expiration.sh script (for EOL releases)

• #122: remove sbuild variants

• #124: remove --qemu flag (qemu-debootstrap is deprecated)

• #125: add slink support (see also https://bugs.debian.org/973852 and https://salsa.debian.org/installer-team/debootstrap/-/merge_requests/63)

• #130: adjust debuerreotype-fixup to empty out /etc/machine-id if it exists (and examples/debian.sh to exclude it entirely); see https://www.freedesktop.org/software/systemd/man/machine-id.html

Full changes: 0.13...0.14

0.13

• cab0fad: include examples/ inside the published Docker images (under /opt/debuerreotype/examples/)

• 5d6756b: add qemu-debootstrap deprecation warning (https://bugs.debian.org/901197)

• 3e94a64, 781e3a6: add rootfs.dpkg-arch, rootfs.apt-dist, rootfs.debuerreotype-variant output files

• #108, c8eeb0f, efe28e1, c47e797, a1aab8a, b0336db: add experimental new examples/oci-image.sh script

• #111: add new debuerreotype-recalculate-epoch for non-Debian chroots

• #110: add a --pull flag to docker-run.sh wrapper

• #114: update (canonical) build environment to Debian Bullseye

• #116: explicitly keep (empty) /usr/share/man/man[0-9]/ directories in slim variants (see #10)

Full changes: 0.12...0.13

0.12

• #99: move example scripts into dedicated examples/ directory

• #96: add --include and --exclude to examples/debian.sh

• #101: remove explicit ping and ip from Debian 11+ (in examples/debian.sh)

• #103: update examples/raspbian.sh to mirrordirector.raspbian.org

• #104: add unreleased suite for ports architectures

• #107: fix EOL assumptions around archive.debian.org and update examples/debian-all.sh to use distro-info-data to exclude EOL releases that still exist on the security mirror

Full changes: 0.11...0.12

0.11

• #65: https://lists.debian.org/debian-devel-announce/2019/07/msg00004.html

• #67: prefer InRelease over separate Release+Release.gpg (https://lists.debian.org/debian-release/2019/07/msg00113.html)

• #76: add --no-check-gpg flag for disabling GPG checking

• #77: update links from anonscm to salsa

• #86: fix (and add a simple smoke test for) --non-debian support

• #93: when building with ports, include the ports removed keyring for validation of past signatures

• #94: remove /usr/share/groff from slimify-excludes

Full changes: 0.10...0.11

0.10

"The 'EOL' Release"
(I'm normally not a fan of giving release codenames/taglines on my own projects, but this release is so focused on EOL distributions that it really deserves this title! If you're not building EOL suites, this release probably isn't terribly interesting to you. See also https://github.com/debuerreotype/docker-debian-eol-artifacts. 🤘)

• #57: fix rootfs.manifest file generation that broken in 0.9 😅

• #56: add snapshot.debian.org commented-out lines to final sources.list content for better image provenance (Note: changes hashes)

• #58: removed debuerreotype-gen-sources-list in favor of the new debuerreotype-debian-sources-list that's more obviously Debian-specific and also more assuming in order to allow it to do more directly with less work from the user (Note: changes hashes, but likely only for users of debuerreotype-gen-sources-list that were not using the full 4-mirror-argument form, so build.sh should be unaffected by this one)

• #59: auto-fix apt.conf comment syntax for older APT versions instead of simply not configuring APT on older versions; turns out // used to be the only comment syntax and that was the reason this has been failing on older versions all this time! (Note: this obviously changes hashes for older releases where there will now be APT configuration and was not previously)

• #60: add new debuerreotype-gpgv-ignore-expiration-config script specifically for EOL releases with APT newer than 0.7.20 in order to ignore archive GPG key expiration so that we still get some verification of archive contents instead of going all the way to --allow-unauthenticated or --force-yes (Note: of course, again, this changes the hashes for new-ish EOL release tarball generation, likely lenny and above)

• #61: exclude /var/lib/apt/lists (and /var/cache/apt) less aggressively, but only for APT versions older than 0.8 which will not auto-recreate /var/lib/apt/lists/partial properly (Note: you guessed it, if APT is older than 0.8, this will change hashes)

• #62: also exclude /var/state/apt appropriately on all releases of APT which had any semblance of support for that ancient alternative directory (Note: if you're building Potato, this changes hashes 😄)

Full changes: 0.9...0.10

0.9

Note: some checksums change with this release, but for the better (in the more reproducible direction; see especially #50, #51, #54, #55).

• #50: disable "merged-usr" for official Debian builds

• #51: only dpkg-divert the upstart-related /sbin/initctl if upstart actually exists in our target

• #53: handle Debian keyrings a little more forgivingly (especially for building archived/EOL releases)

• #54: fix reproducibility of sources.list over time (final contents were based on the current state of support instead of the state of support at the epoch being built)

• #55: allow Debian Potato to actually be built (and reproducibly!)

Full changes: 0.8...0.9

0.8

• #39: read-only bind-mount of /etc/resolv.conf from the host environment during debuerreotype-chroot

• #42: (Note: this changes debuerreotype-init hashes!)

  • fix jessie buildability (see #41)
  • update installed DNS to CloudFlare (from Google)
  • fix generated sources.list ordering

Full changes: 0.7...0.8

0.7

• #34: fix over-enthusiastic /usr/share/lintian excludes

• #35: properly apply --merged-usr / --no-merged-usr (especially if the defaults in debootstrap change; https://salsa.debian.org/installer-team/debootstrap/merge_requests/5)

• #37: remove Acquire::GzipIndexes where it is no longer necessary

• #36: update slimify with more excludes (and a list of includes) from src:localepurge

• #38: use Docker's --cap-drop SETFCAP to disallow filesystem capabilities to be set, thus forcing iputils-ping to use setuid bits instead (as inetutils-ping did for us previously)

Full changes: 0.6...0.7

0.6

• dc4b7a4: prefer iputils-ping over inetutils-ping (since it's the ping alternative that is part of a standard install)

• #31: fix "targetDir" permissions

• #32: also purge /run/mount/utab

Full changes: 0.5...0.6