Re: machinectl pull-{tar,raw}, checksums & signatures
On Sun, Dec 31, 2023 at 07:10:26AM +0100, Philip Hands wrote:
> I'm new to this cloud image stuff, so may well have made broken
> assumptions in the following -- please correct me if I'm wrong.
>
> I see that `machinectl` (from systemd-container) has the subcommands
> pull-raw and pull-tar, so I went looking for Debian images that might be
> expected to work with those.
The images published by the cloud team aren't really appropriate for use
with machinectl or systemd-nspawn, which are more specifically intended
to manipulate containers. Our images are raw disk images describing
disks with multiple partitions and include things like the bootloader
and kernel, which you won't need with the systemd-container tools.
The container images (e.g. as described on https://docker.debian.net/)
are closer to what you want, and they work with machinectl and
systemd-nspawn. However, because all these images are published to
GitHub, automated checksum validation is broken (the .sha256sum files
are available, and their content matches the actual checksum, but you'll
need to validate this manually). You might want to contact the
container image maintainers (tianon@d.o) to see about improving this
situation.
You can also simply use debootstrap to create machinectl/nspawn
compatible installations as described in the systemd-nspawn
documentation.
$ machinectl pull-tar --verify=no https://github.com/debuerreotype/docker-debian-artifacts/raw/06e65b40faea2bdba5d884cc89a990274c543bfb/sid/slim/rootfs.tar.xz sid-slim
Enqueued transfer job 1. Press C-c to continue download in background.
Pulling 'https://github.com/debuerreotype/docker-debian-artifacts/raw/06e65b40faea2bdba5d884cc89a990274c543bfb/sid/slim/rootfs.tar.xz', saving as 'sid-slim'.
HTTP request to https://github.com/debuerreotype/docker-debian-artifacts/raw/06e65b40faea2bdba5d884cc89a990274c543bfb/sid/slim/rootfs.nspawn failed with code 404.
Settings file could not be retrieved, proceeding without.
Downloading 18.0M for https://github.com/debuerreotype/docker-debian-artifacts/raw/06e65b40faea2bdba5d884cc89a990274c543bfb/sid/slim/rootfs.tar.xz.
Got 2% of https://github.com/debuerreotype/docker-debian-artifacts/raw/06e65b40faea2bdba5d884cc89a990274c543bfb/sid/slim/rootfs.tar.xz. 1min 42s left at 176.5K/s.
Got 23% of https://github.com/debuerreotype/docker-debian-artifacts/raw/06e65b40faea2bdba5d884cc89a990274c543bfb/sid/slim/rootfs.tar.xz. 10s left at 1.3M/s.
Got 42% of https://github.com/debuerreotype/docker-debian-artifacts/raw/06e65b40faea2bdba5d884cc89a990274c543bfb/sid/slim/rootfs.tar.xz. 5s left at 1.8M/s.
Got 44% of https://github.com/debuerreotype/docker-debian-artifacts/raw/06e65b40faea2bdba5d884cc89a990274c543bfb/sid/slim/rootfs.tar.xz. 6s left at 1.4M/s.
Got 51% of https://github.com/debuerreotype/docker-debian-artifacts/raw/06e65b40faea2bdba5d884cc89a990274c543bfb/sid/slim/rootfs.tar.xz. 6s left at 1.2M/s.
Got 72% of https://github.com/debuerreotype/docker-debian-artifacts/raw/06e65b40faea2bdba5d884cc89a990274c543bfb/sid/slim/rootfs.tar.xz. 3s left at 1.5M/s.
Got 79% of https://github.com/debuerreotype/docker-debian-artifacts/raw/06e65b40faea2bdba5d884cc89a990274c543bfb/sid/slim/rootfs.tar.xz. 2s left at 1.5M/s.
Acquired 80.0M.
Download of https://github.com/debuerreotype/docker-debian-artifacts/raw/06e65b40faea2bdba5d884cc89a990274c543bfb/sid/slim/rootfs.tar.xz complete.
Created new local image 'sid-slim'.
Operation completed successfully.
Exiting.
$ machinectl list-images
NAME TYPE RO USAGE CREATED MODIFIED
bullseye directory no Sat 2023-12-30 22:45:42 PST -
sid-slim directory no Sat 2023-12-30 23:03:08 PST -
2 images listed.
$ sudo systemd-nspawn --machine=sid-slim
Spawning container sid-slim on /var/lib/machines/sid-slim.
Press ^] three times within 1s to kill container.
root@sid-slim:~# cat /etc/debian_version
trixie/sid
root@sid-slim:~# exit
logout
Container sid-slim exited successfully.
Reply to: