From 67935dee287e618632edce37e49f9a2fa35f5e66 Mon Sep 17 00:00:00 2001
From: Opvolger <opvolger@gmail.com>
Date: Thu, 5 Mar 2026 21:39:43 +0100
Subject: [PATCH] add debian trixie support for debian-base

---
 images/build/debian-base/trixie/Dockerfile    |  19 ++++
 .../build/debian-base/trixie/Dockerfile.build | 100 ++++++++++++++++++
 images/build/debian-base/trixie/clean-install |  36 +++++++
 images/build/debian-base/trixie/excludes      |  10 ++
 images/build/debian-base/variants.yaml        |   3 +
 5 files changed, 168 insertions(+)
 create mode 100644 images/build/debian-base/trixie/Dockerfile
 create mode 100644 images/build/debian-base/trixie/Dockerfile.build
 create mode 100755 images/build/debian-base/trixie/clean-install
 create mode 100644 images/build/debian-base/trixie/excludes

diff --git a/images/build/debian-base/trixie/Dockerfile b/images/build/debian-base/trixie/Dockerfile
new file mode 100644
index 00000000000..41dcac33f21
--- /dev/null
+++ b/images/build/debian-base/trixie/Dockerfile
@@ -0,0 +1,19 @@
+# Copyright 2021 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM scratch
+
+ADD rootfs.tar /
+
+CMD ["/bin/sh"]
diff --git a/images/build/debian-base/trixie/Dockerfile.build b/images/build/debian-base/trixie/Dockerfile.build
new file mode 100644
index 00000000000..b80e5f15de5
--- /dev/null
+++ b/images/build/debian-base/trixie/Dockerfile.build
@@ -0,0 +1,100 @@
+# Copyright 2021 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG BASEIMAGE
+
+FROM $BASEIMAGE AS certs
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install ca-certificates and dependencies
+RUN apt-get update \
+    && apt-get install -y ca-certificates
+
+FROM $BASEIMAGE
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Copy only ca-certificates without any dependencies
+COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+
+# Smaller package install size.
+COPY excludes /etc/dpkg/dpkg.cfg.d/excludes
+
+# Convenience script for building on this base image.
+COPY clean-install /usr/local/bin/clean-install
+
+# An attempt to fix issues like:
+# ```
+# Error while loading /usr/sbin/dpkg-split: No such file or directory
+# Error while loading /usr/sbin/dpkg-deb: No such file or directory
+# ```
+# See: https://github.com/docker/buildx/issues/495
+RUN ln -s /usr/bin/dpkg-split /usr/sbin/dpkg-split && \
+    ln -s /usr/bin/dpkg-deb /usr/sbin/dpkg-deb && \
+    ln -s /bin/tar /usr/sbin/tar && \
+    ln -s /bin/rm /usr/sbin/rm
+
+# Update system packages.
+RUN apt-get update \
+    && apt-get dist-upgrade -y
+
+# Remove unnecessary packages.
+RUN dpkg --purge --force-remove-essential \
+        bash \
+        e2fsprogs \
+        libss2 \
+        libcom-err2 \
+        libext2fs2 \
+        logsave \
+        ncurses-base \
+        ncurses-bin \
+        tzdata \
+    && apt-get autoremove --purge -y
+
+# No-op stubs replace some unnecessary binaries that may be depended on in the install process (in
+# particular we don't run an init process).
+WORKDIR /usr/local/bin
+RUN touch noop && \
+    chmod 555 noop && \
+    ln -s noop runlevel && \
+    ln -s noop invoke-rc.d && \
+    ln -s noop update-rc.d
+WORKDIR /
+
+# Cleanup cached and unnecessary files.
+RUN apt-get autoremove -y && \
+    apt-get clean -y && \
+    tar -czf /usr/share/copyrights.tar.gz /usr/share/common-licenses /usr/share/doc/*/copyright && \
+    rm -rf \
+        /usr/share/doc \
+        /usr/share/man \
+        /usr/share/info \
+        /usr/share/locale \
+        /var/lib/apt/lists/* \
+        /var/log/* \
+        /var/cache/debconf/* \
+        /usr/share/common-licenses* \
+        /usr/share/bash-completion \
+        ~/.bashrc \
+        ~/.profile \
+        /etc/systemd \
+        /lib/lsb \
+        /lib/udev \
+        /usr/lib/x86_64-linux-gnu/gconv/IBM* \
+        /usr/lib/x86_64-linux-gnu/gconv/EBC* && \
+    mkdir -p /usr/share/man/man1 /usr/share/man/man2 \
+        /usr/share/man/man3 /usr/share/man/man4 \
+        /usr/share/man/man5 /usr/share/man/man6 \
+        /usr/share/man/man7 /usr/share/man/man8
diff --git a/images/build/debian-base/trixie/clean-install b/images/build/debian-base/trixie/clean-install
new file mode 100755
index 00000000000..b0c2cc3f720
--- /dev/null
+++ b/images/build/debian-base/trixie/clean-install
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+# Copyright 2021 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# A script encapsulating a common Dockerimage pattern for installing packages
+# and then cleaning up the unnecessary install artifacts.
+# e.g. clean-install iptables ebtables conntrack
+
+set -o errexit
+
+if [ $# = 0 ]; then
+  echo >&2 "No packages specified"
+  exit 1
+fi
+
+apt-get update
+apt-get install -y --no-install-recommends $@
+apt-get clean -y
+rm -rf \
+   /var/cache/debconf/* \
+   /var/lib/apt/lists/* \
+   /var/log/* \
+   /tmp/* \
+   /var/tmp/*
diff --git a/images/build/debian-base/trixie/excludes b/images/build/debian-base/trixie/excludes
new file mode 100644
index 00000000000..406948ebe99
--- /dev/null
+++ b/images/build/debian-base/trixie/excludes
@@ -0,0 +1,10 @@
+path-exclude /usr/share/doc/*
+path-include /usr/share/doc/*/copyright
+path-exclude /usr/share/groff/*
+path-exclude /usr/share/i18n/locales/*
+path-include /usr/share/i18n/locales/en_US*
+path-exclude /usr/share/info/*
+path-exclude /usr/share/locale/*
+path-include /usr/share/locale/en_US*
+path-include /usr/share/locale/locale.alias
+path-exclude /usr/share/man/*
diff --git a/images/build/debian-base/variants.yaml b/images/build/debian-base/variants.yaml
index 8ffe0c20936..ca58f66c602 100644
--- a/images/build/debian-base/variants.yaml
+++ b/images/build/debian-base/variants.yaml
@@ -2,3 +2,6 @@ variants:
   bookworm:
     CONFIG: 'bookworm'
     IMAGE_VERSION: 'bookworm-v1.0.8'
+  trixie:
+    CONFIG: 'trixie'
+    IMAGE_VERSION: 'trixie-v1.0.0'