chore: Debian 12 → 13 (Trixie) migration, service hardening
All checks were successful
Build Archipelago ISO (dev) / build-iso (push) Successful in 12m25s

- Update all references from Debian 12 (Bookworm) to Debian 13 (Trixie)
- Enable SystemCallArchitectures, RestrictAddressFamilies, RestrictRealtime
  in archipelago.service (safe on systemd 256+ which respects NoNewPrivileges=no)
- Update GLIBC compatibility checks from 2.36 to 2.40
- ISO filename, build container, and docs updated throughout

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-04-09 21:32:08 +02:00
parent fe3c844fe6
commit a0a7aadcb3
19 changed files with 41 additions and 43 deletions

View File

@@ -50,8 +50,8 @@ jobs:
# Build in persistent repo dir to reuse target/ cache
cd "$HOME/archy"
export GIT_HASH=$(git rev-parse --short HEAD)
# Static musl build — runner is Debian 13 (glibc 2.41) but ISO rootfs
# is Debian 12/bookworm (glibc 2.36). Dynamic binary won't run.
# Static musl build for portability — ensures binary runs regardless
# of glibc version differences between build host and ISO rootfs.
cargo build --release --target x86_64-unknown-linux-musl --manifest-path core/Cargo.toml
# Copy binary to workspace for downstream steps
mkdir -p "$GITHUB_WORKSPACE/core/target/release"