Copy in a fake /etc/ "overlay" to account for missing /etc/ files

tianon · tianon · commit 08ed78e738ae · 2024-05-12T23:58:29.000-07:00
diff --git a/docker-sbuild/docker-image-to-sbuild-schroot b/docker-sbuild/docker-image-to-sbuild-schroot
@@ -59,6 +59,7 @@ defer 'rm -rf %q' "$dir"
 			rm -rf /var/lib/apt/lists/*; \
 		fi
 	COPY .tar-excludes /
+	COPY tianon-fake-etc/ /tianon-fake-etc/
 EOF
 cat > "$dir/.tar-excludes" <<-'EOF'
 	./.docker*
@@ -69,16 +70,31 @@ cat > "$dir/.tar-excludes" <<-'EOF'
 	./proc/**
 	./sys/**
 EOF
+
+# we need to re-inject /etc/hosts into the end result!
+# (otherwise things like https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f418e2732b21c952fd17cab771c75/pkg/validation/validate/jsonschema_test.go#L109 result in "panic: listen tcp: lookup localhost on 172.17.0.1:53: no such host")
+mkdir "$dir/tianon-fake-etc"
+echo 'from-docker' > "$dir/tianon-fake-etc/hostname"
+cat > "$dir/tianon-fake-etc/hosts" <<-'EOF'
+	127.0.0.1	localhost
+	127.0.1.1	from-docker
+	::1		localhost ip6-localhost ip6-loopback
+	ff02::1		ip6-allnodes
+	ff02::2		ip6-allrouters
+EOF
+cat > "$dir/tianon-fake-etc/resolv.conf" <<-'EOF'
+	# https://1.1.1.1 (privacy-focused, highly-available DNS service)
+	nameserver 1.1.1.1
+	nameserver 1.0.0.1
+EOF
+
 docker build "${buildArgs[@]}" --iidfile "$dir/image.txt" "$dir"
 img="$(< "$dir/image.txt")"
 #defer 'docker rmi %q > /dev/null' "$img"
 
-# TODO we need to re-inject /etc/hosts into the end result!
-# (otherwise things like https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f418e2732b21c952fd17cab771c75/pkg/validation/validate/jsonschema_test.go#L109 result in "panic: listen tcp: lookup localhost on 172.17.0.1:53: no such host")
-
 # since we already assumed the current Docker host can successfully run the image's binaries, we'll use that here
 timestamp="$(docker image inspect --format='{{ .Created }}' "$img")"
-docker run --rm --log-driver none --entrypoint bash --env timestamp="$timestamp" "$img" -Eeuo pipefail -c 'tar --create --directory=/ --one-file-system --exclude-from=/.tar-excludes --clamp-mtime --mtime="$timestamp" . ./dev' > "$tar"
+docker run --rm --log-driver none --entrypoint bash --env timestamp="$timestamp" "$img" -Eeuo pipefail -c 'tar --create --directory=/ --one-file-system --exclude-from=/.tar-excludes --clamp-mtime --mtime="$timestamp" --transform="s/tianon-fake-etc/etc/g" . ./dev' > "$tar"
 tar --list --file "$tar" > /dev/null # very crude "is this tar OK" test
 
 printf '%q created (FROM %q)\n' "$tar" "$from"
