~bigbes/sourcehut-root

fc8e0cd3627049e20fd00b74b4969d35a350bb13 — Eugene Blikh 8 days ago d705344 
patches: ubuntu/genimg — move guest DNS override to end of script
patch browse .tar.gz 
1 files changed, 30 insertions(+), 10 deletions(-)

M patches/builds-images-ubuntu-genimg.patch

M patches/builds-images-ubuntu-genimg.patch => patches/builds-images-ubuntu-genimg.patch +30 -10
@@ 32,11 32,22 @@ fail on any host that doesn't happen to satisfy their hidden assumptions.
   `git.srht.bigb.es`) to their *public* address. On a self-hosted forge whose
   public IP routes back through the user's own ISP, the worker container
   can't NAT-hairpin to itself and every `git clone` from a build dies with
   "Couldn't connect to server". Use QEMU SLIRP's built-in DNS proxy
   (`10.0.2.3`) instead: SLIRP forwards each query through the host process's
   `/etc/resolv.conf`, which inside the worker container is Docker's embedded
   resolver, which knows the LAN DNS — so internal hostnames resolve to the
   LAN IP and the path stays entirely on-LAN.
   "Couldn't connect to server". The fix is to use QEMU SLIRP's built-in DNS
   proxy (`10.0.2.3`) in the *guest*: SLIRP forwards each query through the
   host process's `/etc/resolv.conf`, which inside the worker container is
   Docker's embedded resolver, which knows the LAN DNS — so internal hostnames
   resolve to the LAN IP and the path stays entirely on-LAN.

   Subtle constraint: the script's `/mnt/etc/resolv.conf` is dual-purpose —
   `chroot`'d `apt-get` reads it during debootstrap, *and* the same file is
   what the booted guest uses. SLIRP's `10.0.2.3` only exists *inside* a
   QEMU SLIRP guest; on the image-builder host it's unroutable, so swapping
   the file early breaks `apt-get install linux-image-generic` with
   "Temporary failure resolving 'archive.ubuntu.com'". Leave the public DNS
   in place for the build, then overwrite `/mnt/etc/resolv.conf` with
   `nameserver 10.0.2.3` at the end of the script — after all apt operations,
   immediately before `sync`. This way the build still works and the booted
   guest gets the SLIRP DNS proxy.

Apply when refreshing the apk recipe tree on the image-builder host:



@@ 53,12 64,11 @@ Apply when refreshing the apk recipe tree on the image-builder host:
 trap cleanup EXIT

 if [ "$arch" = "amd64" ]
@@ -85,9 +86,8 @@
@@ -85,9 +86,9 @@
 rm -f /mnt/etc/resolv.conf
-echo 'nameserver 8.8.8.8' >/mnt/etc/resolv.conf
-echo 'nameserver 8.8.4.4' >>/mnt/etc/resolv.conf
 echo 'nameserver 8.8.8.8' >/mnt/etc/resolv.conf
 echo 'nameserver 8.8.4.4' >>/mnt/etc/resolv.conf
-cat >/mnt/etc/systemd/network/25-ens3.network <<EOF
+echo 'nameserver 10.0.2.3' >/mnt/etc/resolv.conf
+cat >/mnt/etc/systemd/network/25-ethernet.network <<EOF
 [Match]
-Name=ens3


@@ 66,7 76,7 @@ Apply when refreshing the apk recipe tree on the image-builder host:

 [Network]
 Address=10.0.2.15/24
@@ -163,7 +163,7 @@
@@ -163,7 +164,7 @@
   name = builds.sr.ht
   email = builds@sr.ht
 EOF


@@ 75,3 85,13 @@ Apply when refreshing the apk recipe tree on the image-builder host:

 if [ "$arch" != "amd64" ]
 then
@@ -174,4 +175,9 @@
 	cp /mnt/boot/initrd.img $arch/initrd.img
 fi

+# Switch the *guest's* DNS to QEMU SLIRP's built-in proxy. Must run last,
+# after all apt operations — 10.0.2.3 is unroutable from the image-builder
+# host, so swapping it in earlier breaks debootstrap's apt-get.
+rm -f /mnt/etc/resolv.conf
+echo 'nameserver 10.0.2.3' >/mnt/etc/resolv.conf
 sync