From ab5627aec2c4811dc3fd1a5a24154912f522b19c Mon Sep 17 00:00:00 2001 From: Thales Maciel Date: Sat, 18 Apr 2026 13:25:42 -0300 Subject: [PATCH] imagecat: publish debian-bookworm golden image First entry in the image catalog. Verified end-to-end: - https://images.thaloco.com/debian-bookworm-x86_64.tar.zst reachable - sha256 071495e6... matches - bundle unpacks to rootfs.ext4 (4 GiB) + manifest.json with the expected name/distro/arch/kernel_ref. publish-golden-image.sh tweaks: - default RCLONE_REMOTE from 'r2' to 'banger-images' (matches the rclone config actually in use here). - rclone copyto now passes --s3-no-check-bucket and --no-check-dest so scoped R2 tokens without HeadBucket/HeadObject permission still upload cleanly. To use: restart bangerd so it picks up the new embedded catalog, then `banger image pull debian-bookworm`. Co-Authored-By: Claude Opus 4.7 (1M context) --- internal/imagecat/catalog.json | 12 +++++++++++- scripts/publish-golden-image.sh | 13 ++++++++++--- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/internal/imagecat/catalog.json b/internal/imagecat/catalog.json index 7f19696..07c5e11 100644 --- a/internal/imagecat/catalog.json +++ b/internal/imagecat/catalog.json @@ -1,4 +1,14 @@ { "version": 1, - "entries": [] + "entries": [ + { + "name": "debian-bookworm", + "distro": "debian", + "arch": "x86_64", + "kernel_ref": "generic-6.12", + "tarball_url": "https://images.thaloco.com/debian-bookworm-x86_64.tar.zst", + "tarball_sha256": "071495e60e830d5a0b40bb7b227a40a81cc0631a99d79a4eae471166b0d69a53", + "size_bytes": 286026738 + } + ] } diff --git a/scripts/publish-golden-image.sh b/scripts/publish-golden-image.sh index 8ca65b2..5636f9a 100755 --- a/scripts/publish-golden-image.sh +++ b/scripts/publish-golden-image.sh @@ -11,7 +11,7 @@ # [--size ] [--platform

] [--skip-upload] # # Environment overrides: -# RCLONE_REMOTE rclone remote to upload through (default: r2) +# RCLONE_REMOTE rclone remote to upload through (default: banger-images) # RCLONE_BUCKET R2 bucket name (default: banger-images) # BASE_URL public URL prefix for the bucket (default: https://images.thaloco.com) @@ -24,7 +24,7 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" CATALOG_FILE="$REPO_ROOT/internal/imagecat/catalog.json" -RCLONE_REMOTE="${RCLONE_REMOTE:-r2}" +RCLONE_REMOTE="${RCLONE_REMOTE:-banger-images}" RCLONE_BUCKET="${RCLONE_BUCKET:-banger-images}" BASE_URL="${BASE_URL:-https://images.thaloco.com}" @@ -98,7 +98,14 @@ if [[ "$SKIP_UPLOAD" -eq 1 ]]; then fi log "uploading to $RCLONE_REMOTE:$RCLONE_BUCKET/$TARBALL_NAME" -rclone copyto "$OUT" "$RCLONE_REMOTE:$RCLONE_BUCKET/$TARBALL_NAME" +# --s3-no-check-bucket skips the HeadBucket preflight; --no-check-dest +# skips the HeadObject preflight. Both fail with 403 on R2 tokens that +# only have PutObject + GetObject but not Head* — a common scoped-token +# setup. +rclone copyto \ + --s3-no-check-bucket \ + --no-check-dest \ + "$OUT" "$RCLONE_REMOTE:$RCLONE_BUCKET/$TARBALL_NAME" URL="$BASE_URL/$TARBALL_NAME" log "verifying $URL is reachable"