SysAdmin
433eb18947
Some checks failed
Build SilverMetal Linux ISO (reproducibility-gated) / build-and-verify (push) Failing after 1m19s
Run #4254 finally got past every harness issue and into derivative- maker's actual sanity-tests, where it died with: You are attempting to build on an unsupported operating system or version. detected operating system codename: 'bookworm' expected operating system codename: 'trixie' The pinned derivative-maker tag (18.1.7.4-developers-only) requires Debian 13 (trixie) as the build host. Upstream's own linux/build/derivative-maker/docker/Dockerfile uses `FROM debian:trixie-slim`. We picked bookworm originally and the tag mismatch wasn't caught until the build actually ran. Changes: - Dockerfile.builder: FROM debian:bookworm-slim → debian:trixie-slim @ sha256:cedb1ef4…2c5a (resolved 2026-05-07 on the runner host). sources.list suite names follow: `bookworm` → `trixie`, `bookworm-security` → `trixie-security`. snapshot.debian.org pin (20260415T000000Z) is unchanged — snapshots are date-keyed, so the same timestamp resolves trixie's dists/. - silvermetal-base.conf: DERIVATIVE_DIST `bookworm` → `trixie` for consistency (the value isn't passed to derivative-maker — there's no --dist option — but it's referenced by the build.sh prologue and we shouldn't have a stale codename floating around). - build.sh: BUILDER_IMAGE digest re-pinned to sha256:7d893178…1890 (rebuilt natively on 10.0.0.51 against the new base, pushed). The reproducibility guarantee is unchanged in shape — same snapshot timestamp, same source-date-epoch derivation, just a different stable host OS. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>