1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
#!/bin/bash
echo $0
set -e
set -x
debian_mirror=$1
export DEBIAN_FRONTEND=noninteractive
printf 'APT::Install-Recommends "0";\nAPT::Install-Suggests "0";\n' \
> /etc/apt/apt.conf.d/99no-install-recommends
printf 'Acquire::Retries "20";\n' \
> /etc/apt/apt.conf.d/99acquire-retries
cat <<EOF > /etc/apt/apt.conf.d/99no-auto-updates
APT::Periodic::Enable "0";
APT::Periodic::Update-Package-Lists "0";
APT::Periodic::Unattended-Upgrade "0";
EOF
printf 'APT::Get::Assume-Yes "true";\n' \
> /etc/apt/apt.conf.d/99assumeyes
cat <<EOF > /etc/apt/apt.conf.d/99quiet
Dpkg::Use-Pty "0";
quiet "1";
EOF
cat <<EOF > /etc/apt/apt.conf.d/99confdef
Dpkg::Options { "--force-confdef"; };
EOF
echo "man-db man-db/auto-update boolean false" | debconf-set-selections
if echo $debian_mirror | grep '^https' 2>&1 > /dev/null; then
apt-get update || apt-get update
apt-get install ca-certificates
fi
cat << EOF > /etc/apt/sources.list
deb ${debian_mirror} bookworm main
deb https://security.debian.org/debian-security bookworm-security main
deb ${debian_mirror} bookworm-updates main
EOF
echo "deb ${debian_mirror} bookworm-backports main" > /etc/apt/sources.list.d/backports.list
apt-get update || apt-get update
# purge things that might come from the base box, but we don't want
# https://salsa.debian.org/cloud-team/debian-vagrant-images/-/tree/master/config_space/package_config
# cat config_space/package_config/* | sort -u | grep -v '[A-Z#]'
purge="
apt-listchanges
apt-utils
bash-completion
bind9-*
bsdextrautils
bzip2
chrony
cloud-utils
cron
cron-daemon-common
dbus
debconf-i18n
debian-faq
dmidecode
doc-debian
fdisk
file
groff-base
inetutils-telnet
krb5-locales
less
locales
logrotate
lsof
manpages
nano
ncurses-term
netcat-traditional
pciutils
reportbug
rsyslog
tasksel
traceroute
unattended-upgrades
usrmerge
vim-*
wamerican
wget
whiptail
xz-utils
"
# clean up files packages to be purged, then purge the packages
rm -rf /var/run/dbus /var/log/unattended-upgrades
apt-get purge $purge
apt-get upgrade --download-only
apt-get upgrade
# again after upgrade in case of keyring changes
apt-get update || apt-get update
packages="
androguard/bookworm-backports
apksigner
default-jdk-headless
default-jre-headless
curl
dexdump
fdroidserver
git-svn
gnupg
mercurial
patch
python3-magic
python3-packaging
rsync
sdkmanager/bookworm-backports
sudo
unzip
"
apt-get install $packages --download-only
apt-get install $packages
# fdroidserver comes from git, it was installed just for dependencies
apt-mark manual `apt-cache depends fdroidserver | sed -nE 's,^[| ]*Depends: ([a-z0-9 -]+),\1,p'`
apt-get purge fdroidserver
# clean up things that will become outdated anyway
apt-get autoremove --purge
apt-get clean
rm -rf /var/lib/apt/lists/*
highestjava=`update-java-alternatives --list | sort -n | tail -1 | cut -d ' ' -f 1`
update-java-alternatives --set $highestjava
|
