prepare-host: add squid-deb-proxy-client to host dependencies

[leggewie]

squid-deb-proxy-client is a small script to transparently detect and use a caching packages proxy in the LAN like apt-cacher-ng. It is incredibly convenient and useful to cut down on unnecessary downloads and speed up the build.

[coderabbitai]

Walkthrough

The changes introduce an environment variable, APA_IS_ACTIVE, which is exported as "true" within the extension_prepare_config__apa function. In the create_sources_list_and_deploy_repo_key function, the deployment of the Armbian repository key is now conditional: if APA_IS_ACTIVE is set to "true", the key deployment steps are skipped. Otherwise, the script proceeds to deploy the repository key using the specified keyring path, with legacy handling for older distributions. No changes were made to function signatures or public entity declarations.

Possibly related PRs

• extensions: add APA extension #8133: Introduced the extension_prepare_config__apa function and the APA extension setup, which is directly modified in this PR to export the APA_IS_ACTIVE flag.
• lib distro-specific.sh: move armbian GPG to more common location #8128: Changed the key file location to /usr/share/keyrings/armbian-archive-keyring.gpg in the create_sources_list_and_deploy_repo_key function, which relates to the logic updated in this PR.

Suggested reviewers

• rpardini

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate Unit Tests

• Create PR with Unit Tests
• Post Copyable Unit Tests in Comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai auto-generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

lib/functions/host/prepare-host.sh (1)

200-200: Dependency Addition: Squid-Deb-Proxy-Client
The new package entry squid-deb-proxy-client is correctly added to the array of host dependencies. This change straightforwardly fulfills the PR objective of enhancing the caching mechanism for package downloads.

It would be helpful to add an inline comment explaining the role of this package (e.g., "Client utility for detecting and leveraging local caching proxies") so that future maintainers understand its inclusion.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 756dff9 and aa6a5fb.

📒 Files selected for processing (1)

• lib/functions/host/prepare-host.sh (1 hunks)

[rpardini]

Hmm. This ignores the fact we handle our own apt through chroot, and that we still have aptcacherng lying around. Sounds like a nice idea that needs a bit developing?

[rpardini]

Guess my point is: make this an extension for now; once very well proven and the rest clean-ed up, we can consider core-ing it.

[coderabbitai]

Note

Generated docstrings for this pull request at #8028

[leggewie]

Hmm. This ignores the fact we handle our own apt through chroot, and that we still have aptcacherng lying around. Sounds like a nice idea that needs a bit developing?

thank you for your review.

I hope I don't misunderstand you but this change does in fact not ignore the fact that the chroot/docker image handles their own apt pulls and local caching at all. Indeed, that is the very "problem" this PR tries to address. My laptop host already has squid-deb-proxy-client installed, of course. But the armbian docker build container will not benefit from the LAN acng instance, nonetheless. Yet, it should, there is no downside to it.

squid-deb-proxy-client is completely transparent. if no acng instance is present in the LAN at run-time of the chroot, nothing changes. if there is, it currently is ignored, loosing the benefits from local LAN-wide caching. all this change will do is that acng instances in the LAN will automatically start working. as such, I don't think that increasing complexity through an extension and making it optional is a good idea at all. having this package installed is a sane default and does not add all that much to the footprint.

[rpardini]

I really appreciate your argument.

So please don't misunderstand, caching is an area Armbian has been working on for many years, we've a long trail of tears with acng, squid, etc until we got to the point we are at, which works reasonably-ish for "most cases". (We've still a lot of cleanups to do, ref acng, dead code, etc).

Adding squid-deb-proxy-client to the prepare-host hostdeps, even it it works optimally, will bring very few benefits.

1. It would only impact hostdep installation. (host-side)
2. By the time it is installed (together with all other hostdeps), all other hostdeps will also already have been installed.
3. It will not impact the usage or not of proxy for debootstrap or for apt calls inside the chroot. We btw already have local caching (using mounts) for that scenario. (It doesn't benefit from a LAN cache, but shouldn't ever download the same package/version from the same distro twice, unless you manually clean the cache).

And finally: squid-deb-proxy-client is not available in Debian Bookworm. https://packages.debian.org/search?keywords=squid-deb-proxy-client -- this is a complete deal-breaker here, even if everything else made sense (which, it doesn't).

I must insist any changes will need to be proven in different environments (CI, build farm, local dev workstations, Docker, lxc, etc) before they land in core -- we've been burned too many times. That's why I suggested extension: it's a way you can land your change, I can get my clean core (lol.), time goes by, proof is established, and we can decide.

[leggewie]

Good point on squid-deb-proxy-client being dropped from unstable because squid-deb-proxy was in such bad shape. Ubuntu has reintroduced it and I kept it around. But it's probably best to start looking for an alternative to this transparent discovery mechanism like auto-apt-proxy. Too bad, the way things are currently set up in armbuild/build don't allow an easy way to set up an alternative dependency like I can do with a real package at "Depends: auto-apt-proxy | squid-deb-proxy-client"

[leggewie]

But it's probably best to start looking for an alternative to this transparent discovery mechanism like auto-apt-proxy.

auto-apt-proxy does not detect my LAN acng instance when squid-deb-proxy-client has no issue :-(

[leggewie]

good point also on the caching not propagating further down into the chroot. I do have a hook for pbuilder to do this when building debian packages, so I guess, we might want to try and do this for armbian, too.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

extensions/apa.sh (1)

5-5: Document the purpose of APA_IS_ACTIVE
Add a comment explaining that this flag is consumed in create_sources_list_and_deploy_repo_key to skip key deployment, improving clarity for future maintainers.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between aa6a5fb and 0998a77.

📒 Files selected for processing (2)

• extensions/apa.sh (1 hunks)
• lib/functions/rootfs/distro-specific.sh (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Shell script analysis

[coderabbitai]

🛠️ Refactor suggestion

Scope and freeze the signing key file variable
The variable APT_SIGNING_KEY_FILE is set without scope or protection. Make it readonly within the function for safety:

- APT_SIGNING_KEY_FILE="/usr/share/keyrings/armbian-archive-keyring.gpg"
+ declare -r APT_SIGNING_KEY_FILE="/usr/share/keyrings/armbian-archive-keyring.gpg"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	APT_SIGNING_KEY_FILE="/usr/share/keyrings/armbian-archive-keyring.gpg"
	declare -r APT_SIGNING_KEY_FILE="/usr/share/keyrings/armbian-archive-keyring.gpg"

🤖 Prompt for AI Agents

In lib/functions/rootfs/distro-specific.sh at line 83, the variable
APT_SIGNING_KEY_FILE is assigned without scope or protection. To fix this,
declare the variable as readonly within the function by using the readonly
keyword before or after the assignment to prevent it from being modified later.

[coderabbitai]

⚠️ Potential issue

Fix unquoted conditional and symlink path
The test if [ ! $APA_IS_ACTIVE = "true" ]; then is unquoted and brittle when the variable is unset. Also, the symlink invocation uses a relative target. Apply this diff:

-if [ ! $APA_IS_ACTIVE = "true" ]; then
+if [[ "${APA_IS_ACTIVE:-}" != "true" ]]; then
     display_alert "Adding Armbian repository and authentication key" "${when} :: /etc/apt/sources.list.d/armbian.sources" "info"
     mkdir -p "${basedir}/usr/share/keyrings"
-    gpg --dearmor < "${SRC}"/config/armbian.key > "${basedir}${APT_SIGNING_KEY_FILE}"
-    chroot "${basedir}" /bin/bash -c "ln -fs armbian-archive-keyring.gpg /usr/share/keyrings/armbian.gpg"
+    gpg --dearmor < "${SRC}/config/armbian.key" > "${basedir}${APT_SIGNING_KEY_FILE}"
+    chroot "${basedir}" ln -fs "${APT_SIGNING_KEY_FILE}" "/usr/share/keyrings/armbian.gpg"

This makes the conditional robust and ensures the symlink points to the correct absolute path.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# code to be made obsolete by making APA part of Armbian Core. #XXX
	if [ ! $APA_IS_ACTIVE = "true" ]; then
	# add armbian key
	display_alert "Adding Armbian repository and authentication key" "${when} :: /etc/apt/sources.list.d/armbian.sources" "info"
	mkdir -p "${basedir}"/usr/share/keyrings
	# change to binary form
	gpg --dearmor < "${SRC}"/config/armbian.key > "${basedir}${APT_SIGNING_KEY_FILE}"
	# lets link to the old file as armbian-config uses it and we can't set there to new file
	# we user force linking as some old caches still exists
	chroot "${basedir}" /bin/bash -c "ln -fs armbian-archive-keyring.gpg /usr/share/keyrings/armbian.gpg"
	# lets keep old way for old distributions
	if [[ "${RELEASE}" =~ (focal|bullseye) ]]; then
	cp "${SRC}"/config/armbian.key "${basedir}"
	chroot "${basedir}" /bin/bash -c "cat armbian.key | apt-key add - > /dev/null 2>&1"
	fi
	fi
	# code to be made obsolete by making APA part of Armbian Core. #XXX
	if [[ "${APA_IS_ACTIVE:-}" != "true" ]]; then
	# add armbian key
	display_alert "Adding Armbian repository and authentication key" "${when} :: /etc/apt/sources.list.d/armbian.sources" "info"
	mkdir -p "${basedir}/usr/share/keyrings"
	# change to binary form
	gpg --dearmor < "${SRC}/config/armbian.key" > "${basedir}${APT_SIGNING_KEY_FILE}"
	chroot "${basedir}" ln -fs "${APT_SIGNING_KEY_FILE}" "/usr/share/keyrings/armbian.gpg"
	# lets keep old way for old distributions
	if [[ "${RELEASE}" =~ (focal|bullseye) ]]; then
	cp "${SRC}"/config/armbian.key "${basedir}"
	chroot "${basedir}" /bin/bash -c "cat armbian.key | apt-key add - > /dev/null 2>&1"
	fi
	fi

🤖 Prompt for AI Agents

In lib/functions/rootfs/distro-specific.sh around lines 162 to 179, the
conditional test for APA_IS_ACTIVE is unquoted, which can cause errors if the
variable is unset, and the symlink command uses a relative path that may be
incorrect. Fix this by quoting the variable in the if test to ensure it is
safely evaluated even if unset, and change the symlink target to an absolute
path to guarantee it points correctly within the chroot environment.