scripts/docker/entry.sh

#!/usr/bin/env bash
set -euo pipefail

# ---------------------------------------------------------------------------
# Ensure Nix has access to a valid CA bundle (TLS trust store)
# ---------------------------------------------------------------------------
if [[ -z "${NIX_SSL_CERT_FILE:-}" ]]; then
  if [[ -f /etc/ssl/certs/ca-certificates.crt ]]; then
    # Debian/Ubuntu-style path
    export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
    echo "[docker] Using CA bundle: ${NIX_SSL_CERT_FILE}"
  elif [[ -f /etc/pki/tls/certs/ca-bundle.crt ]]; then
    # Fedora/RHEL/CentOS-style path
    export NIX_SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt
    echo "[docker] Using CA bundle: ${NIX_SSL_CERT_FILE}"
  else
    echo "[docker] WARNING: No CA bundle found for Nix (NIX_SSL_CERT_FILE not set)."
    echo "[docker] HTTPS access for Nix flakes may fail."
  fi
fi

SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

echo "[docker] Starting package-manager container"

# Distro info for logging
if [[ -f /etc/os-release ]]; then
  # shellcheck disable=SC1091
  . /etc/os-release
  echo "[docker] Detected distro: ${ID:-unknown} (like: ${ID_LIKE:-})"
fi

# Always use /src (mounted from host) as working directory
echo "[docker] Using /src as working directory"
cd /src

# ------------------------------------------------------------
# DEV mode: build/install package-manager from current /src
# ------------------------------------------------------------
if [[ "${PKGMGR_DEV:-0}" == "1" ]]; then
  echo "[docker] DEV mode enabled (PKGMGR_DEV=1)"
  echo "[docker] Rebuilding package-manager from /src via scripts/installation/run-package.sh..."

  if [[ -x scripts/installation/run-package.sh ]]; then
    bash scripts/installation/run-package.sh
  else
    echo "[docker] ERROR: scripts/installation/run-package.sh not found or not executable"
    exit 1
  fi
fi

# ------------------------------------------------------------
# Hand-off to pkgmgr / arbitrary command
# ------------------------------------------------------------
if [[ $# -eq 0 ]]; then
  echo "[docker] No arguments provided. Showing pkgmgr help..."
  exec pkgmgr --help
else
  echo "[docker] Executing command: $*"
  exec "$@"
fi
Refactor container build and installation pipeline to use configurable Makefile parameters (e.g. DISTROS, base images) and propagate them through all build, install, and test scripts 2025-12-09 05:31:55 +01:00			`#!/usr/bin/env bash`
			`set -euo pipefail`

Fix container tests, unify RPM install path, and ensure Nix TLS truststore detection Changes included: • GitHub Actions workflow: rename job from 'test-unit' to 'test-container' to match intent. • RPM packaging: replace %{_libdir}/package-manager with a fixed /usr/lib/package-manager to avoid lib/lib64 divergence on CentOS and ensure pkgmgr + Nix flake resolution works consistently across distros. • Docker entrypoint: add automatic CA-bundle detection and set NIX_SSL_CERT_FILE to fix TLS issues on CentOS ('unable to get local issuer certificate') when Nix fetches flake inputs. These updates stabilize container-based tests and unify the runtime environment for Fedora, CentOS, and other distributions. Reference: ChatGPT conversation: https://chatgpt.com/share/6937aa72-d33c-800f-a63f-c353e92de6b3 2025-12-09 05:50:08 +01:00			`# ---------------------------------------------------------------------------`
			`# Ensure Nix has access to a valid CA bundle (TLS trust store)`
			`# ---------------------------------------------------------------------------`
			`if [[ -z "${NIX_SSL_CERT_FILE:-}" ]]; then`
			`if [[ -f /etc/ssl/certs/ca-certificates.crt ]]; then`
			`# Debian/Ubuntu-style path`
			`export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt`
			`echo "[docker] Using CA bundle: ${NIX_SSL_CERT_FILE}"`
			`elif [[ -f /etc/pki/tls/certs/ca-bundle.crt ]]; then`
			`# Fedora/RHEL/CentOS-style path`
			`export NIX_SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt`
			`echo "[docker] Using CA bundle: ${NIX_SSL_CERT_FILE}"`
			`else`
			`echo "[docker] WARNING: No CA bundle found for Nix (NIX_SSL_CERT_FILE not set)."`
			`echo "[docker] HTTPS access for Nix flakes may fail."`
			`fi`
			`fi`

Refactor container build and installation pipeline to use configurable Makefile parameters (e.g. DISTROS, base images) and propagate them through all build, install, and test scripts 2025-12-09 05:31:55 +01:00			`SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"`

			`echo "[docker] Starting package-manager container"`

Fix container tests, unify RPM install path, and ensure Nix TLS truststore detection Changes included: • GitHub Actions workflow: rename job from 'test-unit' to 'test-container' to match intent. • RPM packaging: replace %{_libdir}/package-manager with a fixed /usr/lib/package-manager to avoid lib/lib64 divergence on CentOS and ensure pkgmgr + Nix flake resolution works consistently across distros. • Docker entrypoint: add automatic CA-bundle detection and set NIX_SSL_CERT_FILE to fix TLS issues on CentOS ('unable to get local issuer certificate') when Nix fetches flake inputs. These updates stabilize container-based tests and unify the runtime environment for Fedora, CentOS, and other distributions. Reference: ChatGPT conversation: https://chatgpt.com/share/6937aa72-d33c-800f-a63f-c353e92de6b3 2025-12-09 05:50:08 +01:00			`# Distro info for logging`
Refactor container build and installation pipeline to use configurable Makefile parameters (e.g. DISTROS, base images) and propagate them through all build, install, and test scripts 2025-12-09 05:31:55 +01:00			`if [[ -f /etc/os-release ]]; then`
			`# shellcheck disable=SC1091`
			`. /etc/os-release`
			`echo "[docker] Detected distro: ${ID:-unknown} (like: ${ID_LIKE:-})"`
			`fi`

Fix container tests, unify RPM install path, and ensure Nix TLS truststore detection Changes included: • GitHub Actions workflow: rename job from 'test-unit' to 'test-container' to match intent. • RPM packaging: replace %{_libdir}/package-manager with a fixed /usr/lib/package-manager to avoid lib/lib64 divergence on CentOS and ensure pkgmgr + Nix flake resolution works consistently across distros. • Docker entrypoint: add automatic CA-bundle detection and set NIX_SSL_CERT_FILE to fix TLS issues on CentOS ('unable to get local issuer certificate') when Nix fetches flake inputs. These updates stabilize container-based tests and unify the runtime environment for Fedora, CentOS, and other distributions. Reference: ChatGPT conversation: https://chatgpt.com/share/6937aa72-d33c-800f-a63f-c353e92de6b3 2025-12-09 05:50:08 +01:00			`# Always use /src (mounted from host) as working directory`
Refactor container build and installation pipeline to use configurable Makefile parameters (e.g. DISTROS, base images) and propagate them through all build, install, and test scripts 2025-12-09 05:31:55 +01:00			`echo "[docker] Using /src as working directory"`
			`cd /src`

			`# ------------------------------------------------------------`
Fix container tests, unify RPM install path, and ensure Nix TLS truststore detection Changes included: • GitHub Actions workflow: rename job from 'test-unit' to 'test-container' to match intent. • RPM packaging: replace %{_libdir}/package-manager with a fixed /usr/lib/package-manager to avoid lib/lib64 divergence on CentOS and ensure pkgmgr + Nix flake resolution works consistently across distros. • Docker entrypoint: add automatic CA-bundle detection and set NIX_SSL_CERT_FILE to fix TLS issues on CentOS ('unable to get local issuer certificate') when Nix fetches flake inputs. These updates stabilize container-based tests and unify the runtime environment for Fedora, CentOS, and other distributions. Reference: ChatGPT conversation: https://chatgpt.com/share/6937aa72-d33c-800f-a63f-c353e92de6b3 2025-12-09 05:50:08 +01:00			`# DEV mode: build/install package-manager from current /src`
Refactor container build and installation pipeline to use configurable Makefile parameters (e.g. DISTROS, base images) and propagate them through all build, install, and test scripts 2025-12-09 05:31:55 +01:00			`# ------------------------------------------------------------`
			`if [[ "${PKGMGR_DEV:-0}" == "1" ]]; then`
			`echo "[docker] DEV mode enabled (PKGMGR_DEV=1)"`
			`echo "[docker] Rebuilding package-manager from /src via scripts/installation/run-package.sh..."`

			`if [[ -x scripts/installation/run-package.sh ]]; then`
			`bash scripts/installation/run-package.sh`
			`else`
			`echo "[docker] ERROR: scripts/installation/run-package.sh not found or not executable"`
			`exit 1`
			`fi`
			`fi`

			`# ------------------------------------------------------------`
Fix container tests, unify RPM install path, and ensure Nix TLS truststore detection Changes included: • GitHub Actions workflow: rename job from 'test-unit' to 'test-container' to match intent. • RPM packaging: replace %{_libdir}/package-manager with a fixed /usr/lib/package-manager to avoid lib/lib64 divergence on CentOS and ensure pkgmgr + Nix flake resolution works consistently across distros. • Docker entrypoint: add automatic CA-bundle detection and set NIX_SSL_CERT_FILE to fix TLS issues on CentOS ('unable to get local issuer certificate') when Nix fetches flake inputs. These updates stabilize container-based tests and unify the runtime environment for Fedora, CentOS, and other distributions. Reference: ChatGPT conversation: https://chatgpt.com/share/6937aa72-d33c-800f-a63f-c353e92de6b3 2025-12-09 05:50:08 +01:00			`# Hand-off to pkgmgr / arbitrary command`
Refactor container build and installation pipeline to use configurable Makefile parameters (e.g. DISTROS, base images) and propagate them through all build, install, and test scripts 2025-12-09 05:31:55 +01:00			`# ------------------------------------------------------------`
			`if [[ $# -eq 0 ]]; then`
			`echo "[docker] No arguments provided. Showing pkgmgr help..."`
			`exec pkgmgr --help`
			`else`
			`echo "[docker] Executing command: $*"`
			`exec "$@"`
			`fi`