install all packages outside the chroot

use the mkosi sandbox to install, so now the arch linux packages
are all cached properly

bootstrap.sh

@@ -8,6 +8,19 @@
 # Exit immediately if any command fails and print all commands before they are executed.
 set -ex
 
+cat <<- EOF >> /etc/pacman.conf
+[kde-linux]
+# Signature checking is not needed beacuse the packages are served over HTTPS and we have no mirrors
+SigLevel = Never
+Server = https://cdn.kde.org/kde-linux/packaging/packages/
+
+[kde-linux-debug]
+SigLevel = Never
+Server = https://cdn.kde.org/kde-linux/packaging/packages-debug/
+EOF
+
+cp /etc/pacman.conf mkosi.sandbox/etc
+
 # From https://hub.docker.com/_/archlinux/:
 #
 # "For Security Reasons, these images strip the pacman lsign key.
@@ -18,11 +31,27 @@ set -ex
 #
 pacman-key --init
 
+
+# Insert a fallback for starters
+# shellcheck disable=SC2016
+echo 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' >> /etc/pacman.d/mirrorlist
+# Then use fastest servers we can find
+pacman --sync --refresh --noconfirm reflector
+if [ ! -f mkosi.sandbox/etc/pacman.d/mirrorlist ]; then
+  reflector --protocol https --country ${MIRRORS_COUNTRY:-de} --score 10 --fastest 3 >mkosi.sandbox/etc/pacman.d/mirrorlist
+fi
+PARALLEL_DOWNLOADS=${PARALLEL_DOWNLOADS:-5}
+cp mkosi.sandbox/etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist
+
+# enable parallel downloads for m0ar speed!
+sed -i 's/#*\(ParallelDownloads =\) .*/\1 '"${PARALLEL_DOWNLOADS}"'/' mkosi.sandbox/etc/pacman.conf
+
 # Update the system and install packages we'll need for building KDE Linux.
 # Even though we use mkosi from Git, we'll grab the package,
 # to make sure all the dependencies are properly pulled.
 pacman --sync --refresh --noconfirm --sysupgrade \
     mkosi \
+    arch-install-scripts \
     base-devel \
     btrfs-progs \
     compsize \

build.sh

@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 # SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only OR LicenseRef-KDE-Accepted-GPL
 # SPDX-FileCopyrightText: 2023 Harald Sitter <sitter@kde.org>
 # SPDX-FileCopyrightText: 2024 Bruno Pajdek <brupaj@proton.me>
@@ -9,6 +9,81 @@
 
 set -ex
 
+packages=(
+    sddm
+    bash-completion
+    pacman
+    mesa
+    pipewire
+    pipewire-pulse
+    pipewire-zeroconf
+    pipewire-libcamera
+    noto-fonts
+    acpid
+    busybox
+    nvme-cli
+    bind
+    dmidecode
+    ntfs-3g
+    iproute2
+    tpm2-tss
+    xz
+    wireplumber
+    flatpak
+    apparmor
+    ffmpeg # ffmpegthumbs
+    jxrlib # kimageformats
+    libavif # kimageformats
+    libheif # kimageformats
+    libjxl # kimageformats
+    libraw # kimageformats
+    openexr # kimageformats
+    freerdp2 # krdp
+    libmtp # kio-extras, for MTP support
+    libappimage # kio-extras, for AppImage app thumbnails
+    editorconfig-core-c # ktexteditor
+    aspell # sonnet
+    hspell # sonnet
+
+    # Install build and runtime dependencies
+    git base-devel cmake yaml-cpp boost-libs boost dosfstools btrfs-progs glib2-devel
+    # NOTE: plasma-workspace depends on phonon (to build integration plugins **for** phonon) but doesn't actually
+    #   need a working backend so we build without vlc for now.
+    # For discover backend
+    fwupd
+    # For kio-extras
+    smbclient
+    # For selenium
+    python-atspi
+    # For print-manager
+    cups cups-browsed system-config-printer
+    # For kdenetwork-filesharing
+    samba
+    # For spectacle
+    opencv
+    # For fingerprint login
+    fprintd
+    # For DDC/CI external monitors brightness; https://wiki.archlinux.org/title/backlight
+    ddcutil
+    # For users KCM
+    accountsservice
+
+    # All the KDE we plan to include in the base image
+    $(pacman --sync --groups --quiet kde-linux)
+
+    # AUR packages
+    snapd steam-devices-git systemd-bootchart
+
+    systemd-git
+    systemd-resolvconf-git
+    systemd-sysvcompat-git
+    systemd-ukify-git
+    #probably can be removed:
+    arch-install-scripts
+)
+printf -v packages_str "%s," "${packages[@]}"
+packages_str=${packages_str%,}
+
 VERSION=$(date +%Y%m%d%H%M) # Build version, will just be YYYYmmddHHMM for now
 OUTPUT=kde-linux_$VERSION   # Built rootfs path (mkosi uses this directory by default)
 
@@ -36,7 +111,9 @@ mkosi \
     --environment="CI_COMMIT_SHA=${CI_COMMIT_SHA:-unknownSHA}" \
     --environment="CI_PIPELINE_URL=${CI_PIPELINE_URL:-https://invent.kde.org}" \
     --image-version="$VERSION" \
+    --package-cache-dir=/var/cache/mkosi.pacman \
     --output-directory=. \
+    --package="${packages_str}" \
     "$@"
 
 # Create a directory structure for the UKIs.
@@ -48,8 +125,11 @@ cp "${OUTPUT}/kde-linux.efi" "$MAIN_UKI"
 mv "${OUTPUT}/kde-linux.efi" "${OUTPUT}/efi/EFI/Linux/$EFI"
 mv "${OUTPUT}/live.efi" "$LIVE_UKI"
 
-# Move debug tarball out of the tree
-mv -v "$OUTPUT/debug.tar.zst" "$DEBUG_TAR"
+
+# TODO this is clearly a goofy way to go about it:
+cp ${OUTPUT}/usr/lib/os-release /usr/lib/os-release
+mkosi.extra/usr/bin/_kde-linux-make-debug-archive
+mv -v "debug.tar.zst" "$DEBUG_TAR"
 
 # Now let's actually build a live raw image. First, the ESP.
 # We use kde-linux.cache instead of /tmp as usual because we'll probably run out of space there.

build_docker.sh

@@ -12,11 +12,40 @@ set -e
 SCRIPT_DIR="$(readlink --canonicalize "$(dirname "$0")")"
 
 CONTAINER_RUNTIME="docker"
+MIRRORS_COUNTRY=""
+PARALLEL_DOWNLOADS=""
 
-if [ "$1" = "--podman" ]; then
-  CONTAINER_RUNTIME="podman"
-  shift
+while [ $# -gt 0 ]; do
+  case "$1" in
+    --podman)
+      CONTAINER_RUNTIME="podman"
+      shift
+      ;;
+    --country)
+      MIRRORS_COUNTRY="$2"
+      shift 2
+      ;;
+    --parallel)
+      PARALLEL_DOWNLOADS="$2"
+      shift 2
+      ;;
+    --help)  # New help option
+      echo "Usage: $0 [options]"
+      echo "Options:"
+      echo "  --podman                Use podman instead of docker"
+      echo "  --country <country code> Set the country code for mirrors"
+      echo "  --parallel <number>     Set the number of parallel downloads"
+      echo "  --help                  Display this help message"
+      exit 0
+      ;;
+    *)
+      echo "Unknown option: $1"
+      exit 1
+      ;;
+  esac
+done
 
+if [ "$CONTAINER_RUNTIME" = "podman" ]; then
   if ! podman info | grep -q 'rootless: false'; then
     echo "Podman must be running in rootful mode. Just run this script as root."
     exit 1
@@ -24,6 +53,7 @@ if [ "$1" = "--podman" ]; then
 
   # podman requires the volume mount points to exist already
   mkdir -p "${SCRIPT_DIR}/kde-linux.cache/pacman"
+  mkdir -p "${SCRIPT_DIR}/kde-linux.cache/mkosi.pacman"
 fi
 
 # Exit if Docker or Podman are not available.
@@ -71,6 +101,16 @@ set -x
 # Make sure we have the latest available Arch Linux image.
 $CONTAINER_RUNTIME pull archlinux:latest
 
+ENV_OPTIONS=""
+if [ -n "$MIRRORS_COUNTRY" ];
+then
+  ENV_OPTIONS="$ENV_OPTIONS -e MIRRORS_COUNTRY=$MIRRORS_COUNTRY"
+fi
+
+if [ -n "$PARALLEL_DOWNLOADS" ];
+then
+  ENV_OPTIONS="$ENV_OPTIONS -e PARALLEL_DOWNLOADS=$PARALLEL_DOWNLOADS"
+fi
 
 # Spin up a new Arch Linux container and run the in_docker.sh script inside of it,
 # passing any command line arguments to it and mounting $SCRIPT_DIR to /workspace.
@@ -78,8 +118,10 @@ $CONTAINER_RUNTIME run \
   --privileged \
   --volume="${SCRIPT_DIR}:/workspace" \
   --volume="${SCRIPT_DIR}/kde-linux.cache/pacman:/var/cache/pacman/pkg" \
+  --volume="${SCRIPT_DIR}/kde-linux.cache/mkosi.pacman:/var/cache/mkosi.pacman" \
   --volume="/dev:/dev" \
   --workdir="/workspace" \
   --rm \
+  $ENV_OPTIONS \
   archlinux:latest \
   /workspace/in_docker.sh "$@"

mkosi.conf

@@ -16,40 +16,6 @@ SplitArtifacts=yes
 # for some reason (supposedly as a side effect of the initrd creation?)
 Bootable=no
 KernelCommandLine=
-Packages=sddm
-         bash-completion
-         pacman
-         mesa
-         pipewire
-         pipewire-pulse
-         pipewire-zeroconf
-         pipewire-libcamera
-         noto-fonts
-         acpid
-         busybox
-         nvme-cli
-         bind
-         dmidecode
-         ntfs-3g
-         iproute2
-         tpm2-tss
-         xz
-         wireplumber
-         flatpak
-         apparmor
-         ffmpeg # ffmpegthumbs
-         jxrlib # kimageformats
-         libavif # kimageformats
-         libheif # kimageformats
-         libjxl # kimageformats
-         libraw # kimageformats
-         openexr # kimageformats
-         freerdp2 # krdp
-         libmtp # kio-extras, for MTP support
-         libappimage # kio-extras, for AppImage app thumbnails
-         editorconfig-core-c # ktexteditor
-         aspell # sonnet
-         hspell # sonnet
 WithNetwork=true
 # No root login thank you very much. We'll provision a live user as part of spinup
 # RootPassword=

mkosi.extra/usr/bin/_kde-linux-make-debug-archive

@@ -10,8 +10,8 @@ mkdir -p "$debugroot"
 
 # The debug packages are not in a group, so we make 
 # pacman list every package in the kde-linux-debug repo
-pacstrap "$debugroot" $(pacman --sync --list --quiet kde-linux-debug)
-
+pacstrap -c "$debugroot" $(pacman --sync --list --quiet kde-linux-debug)
+rm -rf "${debugroot}/var/lib/pacman"
 extension_dir="${debugroot}/usr/lib/extension-release.d/"
 mkdir -p "$extension_dir"
 

mkosi.postinst.chroot

@@ -15,65 +15,6 @@ bootctl install
 echo 'timeout 5' >> "$SYSTEMD_ESP_PATH/loader/loader.conf"
 cp /usr/share/edk2-shell/x64/Shell.efi "$SYSTEMD_ESP_PATH/shellx64.efi"
 
-# TODO: validate our sysupdate definitions are correct
-
-# Add the kde-linux repository to pacman.conf.
-cat <<- EOF >> /etc/pacman.conf
-[kde-linux]
-# Signature checking is not needed beacuse the packages are served over HTTPS and we have no mirrors
-SigLevel = Never
-Server = https://cdn.kde.org/kde-linux/packaging/packages/
-
-[kde-linux-debug]
-SigLevel = Never
-Server = https://cdn.kde.org/kde-linux/packaging/packages-debug/
-EOF
-
-pacman --sync --refresh
-
-# Install build and runtime dependencies
-packages=(
-  git base-devel cmake yaml-cpp boost-libs boost dosfstools btrfs-progs glib2-devel
-  # NOTE: plasma-workspace depends on phonon (to build integration plugins **for** phonon) but doesn't actually
-  #   need a working backend so we build without vlc for now.
-  # For discover backend
-  fwupd
-  # For kio-extras
-  smbclient
-  # For selenium
-  python-atspi
-  # For print-manager
-  cups cups-browsed system-config-printer
-  # For kdenetwork-filesharing
-  samba
-  # For spectacle
-  opencv
-  # For fingerprint login
-  fprintd
-  # For DDC/CI external monitors brightness; https://wiki.archlinux.org/title/backlight
-  ddcutil
-  # For users KCM
-  accountsservice
-
-  # All the KDE we plan to include in the base image
-  $(pacman --sync --groups --quiet kde-linux)
-
-  # AUR packages
-  snapd steam-devices-git systemd-bootchart
-
-  systemd-git
-  systemd-resolvconf-git
-  systemd-sysvcompat-git
-  systemd-ukify-git
-
-  # for _kde-linux-make-debug-archive
-  arch-install-scripts
-)
-
-# Install in parallel to improve performance
-# --noconfirm won't replace conflicts so we use `yes`
-yes | pacman --sync --refresh --needed "${packages[@]}"
-
 # Meanwhile cleanup a bit
 ## Unnecessary for us
 pacman --remove --noconfirm qt6-doc qt6-examples || true
@@ -118,10 +59,6 @@ EOF
 [ -f /usr/lib/os-release ] || false
 cat /usr/lib/os-release
 
-# Generate the debug archive after the os-release so we can easily turn it into a systemd-sysext
-cd /
-_kde-linux-make-debug-archive
-
 mkdir flatpak
 flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
 # Do this separately, when used as part of remote-add it complains about GPG for unknown reasons

mkosi.prepare.chroot

@@ -14,22 +14,5 @@ echo "$@"
 
 if [ "$1" = "final" ]; then
   env
-  pacman-key --init
-  pacman-key --populate
-
-  # Insert a fallback for starters
-  # shellcheck disable=SC2016
-  echo 'Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch' >> /etc/pacman.d/mirrorlist
-  # Then use fastest servers we can find
-  pacman --sync --refresh --noconfirm reflector
-  reflector --protocol https --country ${MIRRORS_COUNTRY:-de} --score 10 --fastest 3 >/etc/pacman.d/mirrorlist
-
-  PARALLELL_DOWNLOADS=${PARALLELL_DOWNLOADS:-5}
-
-  # enable parallel downloads for m0ar speed!
-  sed -i "s/#ParallelDownloads = 5/ParallelDownloads = $PARALLELL_DOWNLOADS/" /etc/pacman.conf
-
-  # Flatpak
-  pacman --sync --noconfirm flatpak
   flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
 fi