[2026.5] - framework rootfs-create: remove LEGACY_DEBOOTSTRAP, use only the upstream mmdebstrap

[tabrisnet]

Description

so we've done now two releases [2025.11 & 2026.2] with mmdebstrap and LEGACY_DEBOOTSTRAP as an option.

But... the whole point, at least per @rpardini, of mmdebstrap was to get rid of the "use a different tool/branch for debian vs ubuntu".
So... let's prepare that and test it.

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Please also note any relevant details for your test configuration.

• The plan is to do the following: iterate trixie/forky/jammy/noble/questing and armhf/arm64/riscv64/loong64. Or at least the arches I have the tooling to build for.
  • loong64 with sid doesn't seem to build at the moment.
• time nice -n 19 ./compile.sh artifact WHAT=rootfs BOARD=odroidxu4 BRANCH=current BUILD_DESKTOP=no BUILD_MINIMAL=yes RELEASE=trixie KERNEL_CONFIGURE=no KERNEL_GIT=full MANAGE_ACNG='http://squid.tabris.net:3142/' COMPRESS_OUTPUTIMAGE=xz DEB_COMPRESS=xz EXPERT=yes
  • bookworm,forky worked too
  • jammy, noble and questing worked.
• time nice -n 19 ./compile.sh artifact WHAT=rootfs BOARD=odroidm1 BRANCH=current BUILD_MINIMAL=no BUILD_DESKTOP=yes DESKTOP_ENVIRONMENT=gnome DESKTOP_ENVIRONMENT_CONFIG_NAME=config_base DESKTOP_APPGROUPS_SELECTED= KERNEL_CONFIGURE=no KERNEL_GIT=full MANAGE_ACNG='http://squid.tabris.net:3142/' COMPRESS_OUTPUTIMAGE=xz DEB_COMPRESS=xz EXPERT=yes RELEASE=plucky
  • noble, jammy
• time nice -n 19 ./compile.sh artifact WHAT=rootfs BOARD=uefi-riscv64 BRANCH=current BUILD_MINIMAL=no BUILD_DESKTOP=yes DESKTOP_ENVIRONMENT=gnome DESKTOP_ENVIRONMENT_CONFIG_NAME=config_base DESKTOP_APPGROUPS_SELECTED= KERNEL_CONFIGURE=no KERNEL_GIT=full MANAGE_ACNG='http://squid.tabris.net:3142/' COMPRESS_OUTPUTIMAGE=xz DEB_COMPRESS=xz EXPERT=yes RELEASE=plucky
• https://github.com/armbian/os/actions/runs/22968096036/ <-- built from branch
  • one failed - Radxa-dragon-q6a_noble_current, but for nothing related to this branch - [🐳|💥] error! [ Artifact 'full_firmware' is in DONT_BUILD_ARTIFACTS. This usually means that the artifact cache is not being hit because it is outdated. ]

Checklist:

Please delete options that are not relevant.

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• My changes generate no new warnings
• Any dependent changes have been merged and published in downstream modules

Summary by CodeRabbit

• Refactor
  • Simplified root filesystem creation workflow by removing legacy branching and standardizing on a single build path.
  • Updated cache ID calculation to exclude a legacy toggle, which may change cache keys and invalidate some existing caches.
  • Consolidated status messages and error handling for clearer, consistent output.

[coderabbitai]

📝 Walkthrough

Walkthrough

Removes LEGACY_DEBOOTSTRAP branching and legacy hash input, consolidating rootfs creation into a unified mmdebstrap-only flow and computing rootfs cache id without the legacy debootstrap flag (only extension hooks and DEST_LANG are hashed).

Changes

Cohort / File(s)	Summary
Cache ID Computation lib/functions/rootfs/create-cache.sh	Removed LEGACY_DEBOOTSTRAP / legacy flag (LDB) from calculate_rootfs_cache_id hashing input; hash_hooks now uses only extension hooks and DEST_LANG.
Rootfs Creation Flow lib/functions/rootfs/rootfs-create.sh	Removed multi-path debootstrap branching and LEGACY_DEBOOTSTRAP handling; introduced a single mmdebstrap flow (fixed branch reference, unified script fetch), standardized logging/messages to mmdebstrap, unified apt-cache/local-cache handling, simplified first-stage execution and error paths, and replaced legacy cleanup/log text. (Net -86 lines)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hopped through scripts and trimmed the vine,
Now one mmdebstrap path and a cleaner sign.
Legacy flags tucked softly away—
Hashes pruned for a brighter day. ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and concisely describes the main change: removing LEGACY_DEBOOTSTRAP and switching to upstream mmdebstrap exclusively, which matches the core objective of the pull request.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

📝 Coding Plan for PR comments

• Generate coding plan

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

lib/functions/rootfs/rootfs-create.sh (1)

54-88: ⚠️ Potential issue | 🟠 Major

Pin the mmdebstrap ref or fold its revision into the cache key.

Fetching branch:main here makes the rootfs depend on upstream HEAD, but calculate_rootfs_cache_id() in lib/functions/rootfs/create-cache.sh and the artifact naming in lib/functions/artifacts/artifact-rootfs.sh do not include that fetched revision. That means an upstream mmdebstrap change can produce different rootfs contents under the same cache/OCI tag within the same month. Prefer an immutable tag/commit here, or add the fetched revision to the cache hash before artifact lookup.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@lib/functions/rootfs/rootfs-create.sh` around lines 54 - 88, The mmdebstrap
ref is set to a floating "branch:main" (mmdebstrap_branch) and is fetched via
fetch_from_repo, but the fetched revision (debootstrap_version / contents of
debootstrap_wanted_dir) is not folded into the rootfs cache key
(calculate_rootfs_cache_id()) or artifact naming, allowing upstream changes to
change rootfs under the same tag; fix by either pinning mmdebstrap_branch to an
immutable tag/commit before fetch_from_repo or modify cache/ artifact logic to
include the fetched revision (for example derive a commit/tag id from
debootstrap_wanted_dir/CHANGELOG into debootstrap_version and add that value to
calculate_rootfs_cache_id() and artifact-rootfs naming) so the cache id/OCI tag
changes when mmdebstrap changes.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@lib/functions/rootfs/rootfs-create.sh`:
- Around line 96-102: The debootstrap_arguments currently unconditionally
include "'--skip=check/empty'", which suppresses the empty-rootfs guard and
allows leftover files to be baked into the cache; update the logic so that
either (A) remove the "'--skip=check/empty'" element from debootstrap_arguments
and restore the default empty-dir check, or (B) keep the flag only when an
explicit emptiness assertion for SDCARD is performed immediately before calling
mmdebstrap (e.g., ensure create_new_rootfs_cache() asserts SDCARD is empty by
checking the directory contents and failing early if not). Reference:
debootstrap_arguments array, create_new_rootfs_cache(), SDCARD, and mmdebstrap.
- Around line 109-118: The debootstrap/mmdebstrap arguments contain spaces and
shell syntax and are being broken by run_host_command_logged reassembling
arguments; update the mmdebstrap invocation so the array is passed with
array-safe quoting through the runner (use the array expansion form that yields
a single properly quoted string) instead of plain "${debootstrap_arguments[@]}",
or skip the wrapper and invoke "${debootstrap_bin}" directly; modify the call
site that currently calls run_host_command_logged with debootstrap_arguments
(referenced as run_host_command_logged, debootstrap_arguments, debootstrap_bin
and mmdebstrap/mmdebstrap invocation) to use the array-safe expansion
(${debootstrap_arguments[*]@Q} style) or bypass run_host_command_logged for this
command so the hook strings are not re-parsed.

---

Outside diff comments:
In `@lib/functions/rootfs/rootfs-create.sh`:
- Around line 54-88: The mmdebstrap ref is set to a floating "branch:main"
(mmdebstrap_branch) and is fetched via fetch_from_repo, but the fetched revision
(debootstrap_version / contents of debootstrap_wanted_dir) is not folded into
the rootfs cache key (calculate_rootfs_cache_id()) or artifact naming, allowing
upstream changes to change rootfs under the same tag; fix by either pinning
mmdebstrap_branch to an immutable tag/commit before fetch_from_repo or modify
cache/ artifact logic to include the fetched revision (for example derive a
commit/tag id from debootstrap_wanted_dir/CHANGELOG into debootstrap_version and
add that value to calculate_rootfs_cache_id() and artifact-rootfs naming) so the
cache id/OCI tag changes when mmdebstrap changes.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 19ac3d9f-c2b0-431e-8741-6da4524b7f61

📥 Commits

Reviewing files that changed from the base of the PR and between addbce1 and bb4339a.

📒 Files selected for processing (2)

• lib/functions/rootfs/create-cache.sh
• lib/functions/rootfs/rootfs-create.sh

[tabrisnet]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)

lib/functions/rootfs/rootfs-create.sh (1)> 54-88: ⚠️ Potential issue | 🟠 Major

Pin the mmdebstrap ref or fold its revision into the cache key.
Fetching branch:main here makes the rootfs depend on upstream HEAD, but calculate_rootfs_cache_id() in lib/functions/rootfs/create-cache.sh and the artifact naming in lib/functions/artifacts/artifact-rootfs.sh do not include that fetched revision. That means an upstream mmdebstrap change can produce different rootfs contents under the same cache/OCI tag within the same month. Prefer an immutable tag/commit here, or add the fetched revision to the cache hash before artifact lookup.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@lib/functions/rootfs/rootfs-create.sh` around lines 54 - 88, The mmdebstrap
ref is set to a floating "branch:main" (mmdebstrap_branch) and is fetched via
fetch_from_repo, but the fetched revision (debootstrap_version / contents of
debootstrap_wanted_dir) is not folded into the rootfs cache key
(calculate_rootfs_cache_id()) or artifact naming, allowing upstream changes to
change rootfs under the same tag; fix by either pinning mmdebstrap_branch to an
immutable tag/commit before fetch_from_repo or modify cache/ artifact logic to
include the fetched revision (for example derive a commit/tag id from
debootstrap_wanted_dir/CHANGELOG into debootstrap_version and add that value to
calculate_rootfs_cache_id() and artifact-rootfs naming) so the cache id/OCI tag
changes when mmdebstrap changes.

an interesting idea, but two thoughts...
a) we didn't do that with debootstrap for debian, albeit we did have the Ubuntu version fixed to a specific tag.
b) without exposing that tag somewhere/somehow else [is the fact that we log the version from CHANGELOG.md sufficient? I'm not 100% sure it is, we'd probably have to add the git HEAD hash to the log too], that might lead to unexpected/unexplained rebuilds. but that's probably up to @rpardini and @igorpecovnik. I'm open to making that change, but preferably in a separate PR.
@coderabbitai

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@tabrisnet: Fair points — both are well-taken.

(a) is a good historical precedent: since the old debootstrap for Debian was also tracked as a floating reference (only the Ubuntu side was pinned to a specific tag), the mmdebstrap branch:main is consistent with that prior behaviour, so the urgency is lower than my comment implied.

(b) is the crux of why it's non-trivial: folding the fetched commit hash into the cache key without also surfacing it prominently in the build log (and ideally in the OCI tag) would just produce silent, unexplained rebuilds — arguably worse than the current situation. The right fix is a small, self-contained change that (i) derives the HEAD hash from the checked-out debootstrap_wanted_dir, (ii) logs it clearly, and (iii) includes it in calculate_rootfs_cache_id() — all in one PR so the behaviour change is reviewable on its own terms.

Happy to defer this to a follow-up and let @rpardini / @igorpecovnik weigh in on the caching strategy. Would you like me to open a follow-up issue to track this concern?

(ﾐ･ω･ﾐ)ﾉ

---

✏️ Learnings added

Learnt from: tabrisnet
URL: https://github.com/armbian/build/pull/9512

Timestamp: 2026-03-10T18:21:19.605Z
Learning: In `lib/functions/rootfs/rootfs-create.sh` (PR `#9512`), the `mmdebstrap_branch` is intentionally left as a floating `branch:main` reference, consistent with how the legacy `debootstrap` for Debian was handled (also a floating reference). Only the Ubuntu debootstrap variant previously had a pinned tag. Any change to fold the mmdebstrap revision into the rootfs cache key (`calculate_rootfs_cache_id()`) must also surface the fetched commit hash prominently in build logs and the OCI tag to avoid silent, unexplained rebuilds; this should be done in a separate, self-contained PR.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

---

🧠 Learnings used

Learnt from: tabrisnet
Repo: armbian/build PR: 0
File: :0-0
Timestamp: 2025-10-24T04:46:22.901Z
Learning: In lib/functions/rootfs/rootfs-create.sh, the FIXME comment about mmdebstrap usage with --aptopt is a future note related to PR `#8785`, which hasn't been merged yet.

---

Learnt from: tabrisnet
Repo: armbian/build PR: 9512
File: lib/functions/rootfs/rootfs-create.sh:96-102
Timestamp: 2026-03-10T16:35:52.504Z
Learning: In `lib/functions/rootfs/rootfs-create.sh`, `--skip=check/empty` is unconditionally passed to mmdebstrap in `debootstrap_arguments` because `SDCARD` is required to already exist as a directory (enforced by the guard at the top of `create_new_rootfs_cache_via_debootstrap`), and mmdebstrap's empty-dir check would fire on any pre-existing target path. Keyrings are injected via mmdebstrap's `copy-in` hook (in `fetch_distro_keyring`, `lib/functions/rootfs/distro-specific.sh` Line 163), not by direct copy into `SDCARD` before mmdebstrap runs. The stale-leftover risk from interrupted runs is mitigated by Docker builds (the recommended method), which always provision a fresh `SDCARD`.

---

Learnt from: EvilOlaf
Repo: armbian/build PR: 0
File: :0-0
Timestamp: 2025-07-21T04:12:02.439Z
Learning: In the Armbian build system, for recurring maintenance tasks like kernel version bumping, TODO comments should use generic version formats (e.g., "MAJOR.MINOR-rc1") rather than specific version numbers (e.g., "6.17-rc1") to avoid the need for frequent comment updates that would create unnecessary maintenance overhead.

---

Learnt from: tabrisnet
Repo: armbian/build PR: 9085
File: lib/functions/rootfs/rootfs-create.sh:303-306
Timestamp: 2025-12-16T12:22:20.156Z
Learning: The post_debootstrap_customize hook concept in lib/functions/rootfs/rootfs-create.sh has been tested in PR `#9000`. The hook placement after package installations (including desktop packages) and before cleanup operations (autoremove, qemu undeploy) is validated as appropriate for rootfs customization.

---

Learnt from: igorpecovnik
Repo: armbian/build PR: 9087
File: .github/workflows/pr-check-pictures.yml:138-146
Timestamp: 2025-12-16T13:40:07.649Z
Learning: In the Armbian build repository, when introducing new requirements or checks (like the board assets verification workflow), the project prefers an initial educational-only period where violations post helpful PR comments and warnings but don't block merges. This allows contributors to become familiar with new requirements before enforcement is enabled (typically after ~6 months).

---

Learnt from: EvilOlaf
Repo: armbian/build PR: 9483
File: patch/kernel/archive/rockchip64-6.19/board-sakurapi-rk3308b-fix-wlan-broken.patch:23-24
Timestamp: 2026-03-04T17:34:23.706Z
Learning: When reviewing patches in the Armbian build system (especially in patch/kernel/archive/**), always carefully distinguish between nested patch context lines (i.e., unchanged surrounding lines in an inner/embedded diff) and actual changes introduced by the PR. Lines inside a nested diff that begin with a space are context — not modifications. Before flagging anything, verify that the change being flagged is a genuine addition or removal in the inner patch content, not just context lines that shifted due to hunk offset changes. Failing to do so leads to false positives where existing, unmodified inner patch content is incorrectly treated as a new change.

---

Learnt from: leggewie
Repo: armbian/build PR: 8502
File: config/desktop/trixie/environments/i3-wm/config_base/packages:44-44
Timestamp: 2025-08-14T17:19:39.693Z
Learning: When a PR author provides clear context about package transitions in the commit message and the changes are scoped to specific release pockets, focus the review on validating those specific changes rather than suggesting broader investigations across other releases or additional dependency verifications.

---

Learnt from: rpardini
Repo: armbian/build PR: 9180
File: patch/kernel/archive/sm8250-6.18/0000.patching_config.yaml:4-8
Timestamp: 2026-01-07T18:21:41.085Z
Learning: In Armbian patch/kernel/archive/**/0000.patching_config.yaml files, the version metadata fields (name, branch, last-known-good-tag, kind, type) under the "info stuff" comment are not used by the patching scripts. When reviewing these files, do not suggest updating or fixing these metadata fields. Instead, suggest removing them entirely as they serve no functional purpose.

---

Learnt from: EvilOlaf
Repo: armbian/build PR: 0
File: :0-0
Timestamp: 2025-12-19T13:56:45.124Z
Learning: When reviewing kernel or u-boot version bump PRs in the Armbian build system, check if patches existed in previous kernel version directories (e.g., sunxi-6.12, sunxi-6.13) before describing them as new features. If a patch and the majority of its contents existed previously with no major functionality changes, focus the review on the actual changes: the version bump itself and patch compatibility adjustments. Don't describe existing patches being ported/maintained across versions as new features or drivers—this is misleading. The patches are existing code being re-aligned to work with the new upstream version.

---

Learnt from: EvilOlaf
Repo: armbian/build PR: 8328
File: lib/functions/compilation/patch/drivers_network.sh:542-545
Timestamp: 2025-06-24T10:08:40.313Z
Learning: In the Armbian build system, when a PR removes build support for a specific kernel version, version check issues for that removed version become practically irrelevant even if they appear incorrect in isolation. Context about which kernel versions are being deprecated/removed is important for understanding the impact of version-related code changes.

---

Learnt from: amazingfate
Repo: armbian/build PR: 8619
File: config/sources/families/rockchip.conf:222-230
Timestamp: 2025-09-14T06:32:29.806Z
Learning: In the Armbian build system, the write_uboot_platform() function implementations follow different patterns across Rockchip family files. The newer standard (used in rockchip64_common.inc and rk3506) includes 'status=none' parameter in dd commands, while older implementations (rk3288, rk322x) use an older pattern without this parameter. The rk3506 implementation correctly follows the current Rockchip family standard.

---

Learnt from: rpardini
Repo: armbian/build PR: 8044
File: patch/u-boot/v2025.04/cmd-fileenv-read-string-from-file-into-env.patch:76-86
Timestamp: 2025-03-31T22:20:48.475Z
Learning: For the Armbian build project, maintaining consistency with existing patches across U-Boot versions (such as between 2025.01 and 2025.04) is prioritized over refactoring individual patches for code improvements.

---

Learnt from: EvilOlaf
Repo: armbian/build PR: 8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub or the PR API to get the complete picture of what files are being added or modified.

---

Learnt from: EvilOlaf
Repo: armbian/build PR: 8968
File: patch/u-boot/u-boot-sunxi/arm64-dts-sun50i-h6-orangepi.dtsi-Rollback-r_rsb-to-r_i2c.patch:36-36
Timestamp: 2025-11-20T18:20:11.985Z
Learning: The rewrite-patches tool (REWRITE_PATCHES=yes) in the Armbian build system can inadvertently introduce semantic changes when the u-boot/kernel git base revision differs from expected state. The tool applies patches, commits them, and re-exports them using git format-patch, which can cause the re-exported patch to reflect the base revision's state rather than preserving the original patch intent. This is particularly problematic for device tree changes like interrupt specifications. The tool currently lacks validation mechanisms to detect such semantic drift, and affected patches must be manually corrected after rewriting.

[tabrisnet]

Tip

For best results, initiate chat on the files or code changes.

@tabrisnet: Fair points — both are well-taken.

(a) is a good historical precedent: since the old debootstrap for Debian was also tracked as a floating reference (only the Ubuntu side was pinned to a specific tag), the mmdebstrap branch:main is consistent with that prior behaviour, so the urgency is lower than my comment implied.

(b) is the crux of why it's non-trivial: folding the fetched commit hash into the cache key without also surfacing it prominently in the build log (and ideally in the OCI tag) would just produce silent, unexplained rebuilds — arguably worse than the current situation. The right fix is a small, self-contained change that (i) derives the HEAD hash from the checked-out debootstrap_wanted_dir, (ii) logs it clearly, and (iii) includes it in calculate_rootfs_cache_id() — all in one PR so the behaviour change is reviewable on its own terms.

Another reason it's non-trivial. One has to checkout mmdebstrap before one can build the cache-key and check the upstream cache. this makes the cache check more expensive and would require more refactoring to achieve.

@coderabbitai

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@tabrisnet: That's an excellent additional constraint — and it's the most concrete argument against the "fold the hash into the cache key" approach in its naïve form.

The ordering problem in a nutshell:

• Current flow: compute cache key → check OCI cache → (miss only) fetch mmdebstrap → run mmdebstrap
• Hash-in-cache-key flow: fetch mmdebstrap → derive HEAD hash → compute cache key → check OCI cache → (miss only) run mmdebstrap

The mmdebstrap fetch moves from "only on cache miss" to "always, unconditionally" — which is a meaningful regression for any build that would have been a cache hit. Any implementation has to either accept that cost, or find a way to keep the fetch lazy (e.g., a lightweight git ls-remote to get the HEAD SHA without a full checkout, then use that in the key) — but that's its own complexity and still adds a network round-trip per build.

Pinning mmdebstrap_branch to an immutable tag/commit (rather than branch:main) sidesteps both the ordering problem and the silent-rebuild problem entirely, and is likely the cleaner long-term answer. But as noted, that's also a separate decision for @rpardini / @igorpecovnik.

Happy to open a follow-up issue to track all three options (pin tag, lazy ls-remote, or full checkout-first) if that would be useful.

---

✏️ Learnings added

Learnt from: tabrisnet
URL: https://github.com/armbian/build/pull/9512

Timestamp: 2026-03-11T04:04:04.876Z
Learning: In `lib/functions/rootfs/rootfs-create.sh` (PR `#9512`), folding the mmdebstrap HEAD hash into the rootfs cache key (`calculate_rootfs_cache_id()`) is architecturally non-trivial for an additional reason beyond log visibility: the current build flow computes the cache key *before* fetching mmdebstrap, so cache hits avoid the fetch entirely. Including the HEAD hash would require fetching mmdebstrap (or at minimum a `git ls-remote` round-trip) on every build — even cache hits — making the cache lookup more expensive. This ordering constraint, combined with the need to surface the hash in build logs and OCI tags, means the change must be a self-contained follow-up PR with careful design. Pinning `mmdebstrap_branch` to an immutable tag/commit is an alternative that avoids both the ordering problem and silent rebuilds.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

---

🧠 Learnings used

Learnt from: tabrisnet
Repo: armbian/build PR: 0
File: :0-0
Timestamp: 2026-03-10T18:21:19.605Z
Learning: In `lib/functions/rootfs/rootfs-create.sh` (PR `#9512`), the `mmdebstrap_branch` is intentionally left as a floating `branch:main` reference, consistent with how the legacy `debootstrap` for Debian was handled (also a floating reference). Only the Ubuntu debootstrap variant previously had a pinned tag. Any change to fold the mmdebstrap revision into the rootfs cache key (`calculate_rootfs_cache_id()`) must also surface the fetched commit hash prominently in build logs and the OCI tag to avoid silent, unexplained rebuilds; this should be done in a separate, self-contained PR.

---

Learnt from: tabrisnet
Repo: armbian/build PR: 0
File: :0-0
Timestamp: 2025-10-24T04:46:22.901Z
Learning: In lib/functions/rootfs/rootfs-create.sh, the FIXME comment about mmdebstrap usage with --aptopt is a future note related to PR `#8785`, which hasn't been merged yet.

---

Learnt from: igorpecovnik
Repo: armbian/build PR: 9087
File: .github/workflows/pr-check-pictures.yml:138-146
Timestamp: 2025-12-16T13:40:07.649Z
Learning: In the Armbian build repository, when introducing new requirements or checks (like the board assets verification workflow), the project prefers an initial educational-only period where violations post helpful PR comments and warnings but don't block merges. This allows contributors to become familiar with new requirements before enforcement is enabled (typically after ~6 months).

---

Learnt from: tabrisnet
Repo: armbian/build PR: 9512
File: lib/functions/rootfs/rootfs-create.sh:96-102
Timestamp: 2026-03-10T16:35:52.504Z
Learning: In `lib/functions/rootfs/rootfs-create.sh`, `--skip=check/empty` is unconditionally passed to mmdebstrap in `debootstrap_arguments` because `SDCARD` is required to already exist as a directory (enforced by the guard at the top of `create_new_rootfs_cache_via_debootstrap`), and mmdebstrap's empty-dir check would fire on any pre-existing target path. Keyrings are injected via mmdebstrap's `copy-in` hook (in `fetch_distro_keyring`, `lib/functions/rootfs/distro-specific.sh` Line 163), not by direct copy into `SDCARD` before mmdebstrap runs. The stale-leftover risk from interrupted runs is mitigated by Docker builds (the recommended method), which always provision a fresh `SDCARD`.

---

Learnt from: rpardini
Repo: armbian/build PR: 8044
File: patch/u-boot/v2025.04/cmd-fileenv-read-string-from-file-into-env.patch:76-86
Timestamp: 2025-03-31T22:20:48.475Z
Learning: For the Armbian build project, maintaining consistency with existing patches across U-Boot versions (such as between 2025.01 and 2025.04) is prioritized over refactoring individual patches for code improvements.

---

Learnt from: EvilOlaf
Repo: armbian/build PR: 8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub API (https://api.github.com/repos/armbian/build/pulls/{pr_number}/files) to get the complete picture of what files are being added or modified, especially for U-Boot patches that will be applied during the build process.

---

Learnt from: rpardini
Repo: armbian/build PR: 9159
File: patch/u-boot/u-boot-genio/0026-dts-configs-add-Grinn-GenioSBC-510.patch:161-161
Timestamp: 2026-01-03T20:46:29.189Z
Learning: For the Armbian genio family (config/sources/families/genio.conf and patch/u-boot/u-boot-genio/), when reviewing PRs that include vendor U-Boot patches from Collabora, avoid flagging potential issues in board configurations that are out of scope for the PR's primary focus (e.g., don't flag Genio 510/700 board issues when the PR is focused on radxa-nio-12l/Genio 1200). The maintainer prioritizes keeping vendor patches close to upstream for easier re-copying and maintenance, even if secondary board configs have potential mismatches.
<!-- </add_learning>

---

Learnt from: EvilOlaf
Repo: armbian/build PR: 8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub or the PR API to get the complete picture of what files are being added or modified.

---

Learnt from: EvilOlaf
Repo: armbian/build PR: 9483
File: patch/kernel/archive/rockchip64-6.19/board-sakurapi-rk3308b-fix-wlan-broken.patch:23-24
Timestamp: 2026-03-04T17:34:23.706Z
Learning: When reviewing patches in the Armbian build system (especially in patch/kernel/archive/**), always carefully distinguish between nested patch context lines (i.e., unchanged surrounding lines in an inner/embedded diff) and actual changes introduced by the PR. Lines inside a nested diff that begin with a space are context — not modifications. Before flagging anything, verify that the change being flagged is a genuine addition or removal in the inner patch content, not just context lines that shifted due to hunk offset changes. Failing to do so leads to false positives where existing, unmodified inner patch content is incorrectly treated as a new change.

---

Learnt from: EvilOlaf
Repo: armbian/build PR: 0
File: :0-0
Timestamp: 2025-12-19T13:56:45.124Z
Learning: When reviewing kernel or u-boot version bump PRs in the Armbian build system, check if patches existed in previous kernel version directories (e.g., sunxi-6.12, sunxi-6.13) before describing them as new features. If a patch and the majority of its contents existed previously with no major functionality changes, focus the review on the actual changes: the version bump itself and patch compatibility adjustments. Don't describe existing patches being ported/maintained across versions as new features or drivers—this is misleading. The patches are existing code being re-aligned to work with the new upstream version.

---

Learnt from: leggewie
Repo: armbian/build PR: 8502
File: config/desktop/trixie/environments/i3-wm/config_base/packages:44-44
Timestamp: 2025-08-14T17:19:39.693Z
Learning: When a PR author provides clear context about package transitions in the commit message and the changes are scoped to specific release pockets, focus the review on validating those specific changes rather than suggesting broader investigations across other releases or additional dependency verifications.

---

Learnt from: tabrisnet
Repo: armbian/build PR: 9085
File: lib/functions/rootfs/rootfs-create.sh:303-306
Timestamp: 2025-12-16T12:22:20.156Z
Learning: The post_debootstrap_customize hook concept in lib/functions/rootfs/rootfs-create.sh has been tested in PR `#9000`. The hook placement after package installations (including desktop packages) and before cleanup operations (autoremove, qemu undeploy) is validated as appropriate for rootfs customization.

---

Learnt from: EvilOlaf
Repo: armbian/build PR: 8328
File: lib/functions/compilation/patch/drivers_network.sh:542-545
Timestamp: 2025-06-24T10:08:40.313Z
Learning: In the Armbian build system, when a PR removes build support for a specific kernel version, version check issues for that removed version become practically irrelevant even if they appear incorrect in isolation. Context about which kernel versions are being deprecated/removed is important for understanding the impact of version-related code changes.

---

Learnt from: amazingfate
Repo: armbian/build PR: 8619
File: config/sources/families/rockchip.conf:222-230
Timestamp: 2025-09-14T06:32:29.806Z
Learning: In the Armbian build system, the write_uboot_platform() function implementations follow different patterns across Rockchip family files. The newer standard (used in rockchip64_common.inc and rk3506) includes 'status=none' parameter in dd commands, while older implementations (rk3288, rk322x) use an older pattern without this parameter. The rk3506 implementation correctly follows the current Rockchip family standard.

---

Learnt from: EvilOlaf
Repo: armbian/build PR: 8968
File: patch/u-boot/u-boot-sunxi/arm64-dts-sun50i-h6-orangepi.dtsi-Rollback-r_rsb-to-r_i2c.patch:36-36
Timestamp: 2025-11-20T18:20:11.985Z
Learning: The rewrite-patches tool (REWRITE_PATCHES=yes) in the Armbian build system can inadvertently introduce semantic changes when the u-boot/kernel git base revision differs from expected state. The tool applies patches, commits them, and re-exports them using git format-patch, which can cause the re-exported patch to reflect the base revision's state rather than preserving the original patch intent. This is particularly problematic for device tree changes like interrupt specifications. The tool currently lacks validation mechanisms to detect such semantic drift, and affected patches must be manually corrected after rewriting.

[tabrisnet]

@tabrisnet: That's an excellent additional constraint — and it's the most concrete argument against the "fold the hash into the cache key" approach in its naïve form.

The mmdebstrap fetch moves from "only on cache miss" to "always, unconditionally" — which is a meaningful regression for any build that would have been a cache hit. Any implementation has to either accept that cost, or find a way to keep the fetch lazy (e.g., a lightweight git ls-remote to get the HEAD SHA without a full checkout, then use that in the key) — but that's its own complexity and still adds a network round-trip per build.

Pinning mmdebstrap_branch to an immutable tag/commit (rather than branch:main) sidesteps both the ordering problem and the silent-rebuild problem entirely, and is likely the cleaner long-term answer. But as noted, that's also a separate decision for @rpardini / @igorpecovnik.

I'm not sure I got the intent of @rpardini's griping [please take no offense] about #8785 [which iirc happened on Discord, not on GitHub] correct or not...
but I got the idea he wanted this all to be maximally simplified... that he saw the differing Ubuntu vs Debian for debootstrap and the pinning to a particular tag [for Ubuntu] as tech-debt, and was then further annoyed that I maintained that pattern for mmdebstrap.
Further of interest: we already have processes for updating the KERNEL_MAJOR_MINOR and related patching, plus the many github-pipeline packages...
I worry that pinning mmdebstrap to a particular tag adds MORE process for either updating/testing it whenever upstream changes, OR adds tech-debt in that we will only update it when things break.
Either way is, of course, a risk.

@coderabbitai

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

@tabrisnet: That's a really fair framing of the tension, and I think you've correctly read the spirit of @rpardini's position.

To put it bluntly: the simplification argument likely wins here. A few reasons:

1. mmdebstrap is slow-moving. It's a Debian tool maintained by Johannes Schauer Marin Rodrigues, distributed through Debian itself, and branch:main on Salsa doesn't churn the way a fast-moving application project would. The practical risk of branch:main silently breaking things is much lower than the theoretical risk.

2. Breakage is visible. Unlike a silent cache-key collision, an mmdebstrap regression that actually produces a broken rootfs would fail CI runs loudly. You wouldn't be shipping quietly broken images — you'd know immediately.

3. The process cost of pinning is real and recurring. The Armbian project already juggles KERNEL_MAJOR_MINOR bumps, the GitHub pipeline packages, and U-Boot/toolchain updates. Adding mmdebstrap to that list purely for the sake of reproducibility (when the existing Debian debootstrap never had a pin either) is exactly the kind of asymmetric maintenance burden @rpardini was presumably objecting to.

4. The Ubuntu pin was the outlier, not the norm. Removing it (via this PR) brings Ubuntu back in line with Debian's always-been-floating behaviour. That's simplification, not regression.

The honest residual risk is: an mmdebstrap branch:main change could shift rootfs contents on a cache hit boundary and nobody notices until someone compares two builds from different weeks. But that's a known, accepted trade-off for Debian's debootstrap already, and the project has lived with it.

So I'd say: keep branch:main, don't pin, and if the concern resurfaces after testing, address it in a follow-up. The current PR is already an improvement over the previous state.

(ﾐ^ω^ﾐ)ﾉ

---

🧠 Learnings used

Learnt from: EvilOlaf
Repo: armbian/build PR: 8328
File: lib/functions/compilation/patch/drivers_network.sh:542-545
Timestamp: 2025-06-24T10:08:40.313Z
Learning: In the Armbian build system, when a PR removes build support for a specific kernel version, version check issues for that removed version become practically irrelevant even if they appear incorrect in isolation. Context about which kernel versions are being deprecated/removed is important for understanding the impact of version-related code changes.

---

Learnt from: EvilOlaf
Repo: armbian/build PR: 0
File: :0-0
Timestamp: 2025-12-19T13:56:45.124Z
Learning: When reviewing kernel or u-boot version bump PRs in the Armbian build system, check if patches existed in previous kernel version directories (e.g., sunxi-6.12, sunxi-6.13) before describing them as new features. If a patch and the majority of its contents existed previously with no major functionality changes, focus the review on the actual changes: the version bump itself and patch compatibility adjustments. Don't describe existing patches being ported/maintained across versions as new features or drivers—this is misleading. The patches are existing code being re-aligned to work with the new upstream version.

---

Learnt from: rpardini
Repo: armbian/build PR: 9159
File: patch/u-boot/u-boot-genio/0026-dts-configs-add-Grinn-GenioSBC-510.patch:161-161
Timestamp: 2026-01-03T20:46:29.189Z
Learning: For the Armbian genio family (config/sources/families/genio.conf and patch/u-boot/u-boot-genio/), when reviewing PRs that include vendor U-Boot patches from Collabora, avoid flagging potential issues in board configurations that are out of scope for the PR's primary focus (e.g., don't flag Genio 510/700 board issues when the PR is focused on radxa-nio-12l/Genio 1200). The maintainer prioritizes keeping vendor patches close to upstream for easier re-copying and maintenance, even if secondary board configs have potential mismatches.
<!-- </add_learning>

---

Learnt from: tabrisnet
Repo: armbian/build PR: 0
File: :0-0
Timestamp: 2026-03-11T04:04:04.876Z
Learning: In `lib/functions/rootfs/rootfs-create.sh` (PR `#9512`), folding the mmdebstrap HEAD hash into the rootfs cache key (`calculate_rootfs_cache_id()`) is architecturally non-trivial for an additional reason beyond log visibility: the current build flow computes the cache key *before* fetching mmdebstrap, so cache hits avoid the fetch entirely. Including the HEAD hash would require fetching mmdebstrap (or at minimum a `git ls-remote` round-trip) on every build — even cache hits — making the cache lookup more expensive. This ordering constraint, combined with the need to surface the hash in build logs and OCI tags, means the change must be a self-contained follow-up PR with careful design. Pinning `mmdebstrap_branch` to an immutable tag/commit is an alternative that avoids both the ordering problem and silent rebuilds.

---

Learnt from: tabrisnet
Repo: armbian/build PR: 0
File: :0-0
Timestamp: 2026-03-10T18:21:19.605Z
Learning: In `lib/functions/rootfs/rootfs-create.sh` (PR `#9512`), the `mmdebstrap_branch` is intentionally left as a floating `branch:main` reference, consistent with how the legacy `debootstrap` for Debian was handled (also a floating reference). Only the Ubuntu debootstrap variant previously had a pinned tag. Any change to fold the mmdebstrap revision into the rootfs cache key (`calculate_rootfs_cache_id()`) must also surface the fetched commit hash prominently in build logs and the OCI tag to avoid silent, unexplained rebuilds; this should be done in a separate, self-contained PR.

---

Learnt from: EvilOlaf
Repo: armbian/build PR: 9483
File: patch/kernel/archive/rockchip64-6.19/board-sakurapi-rk3308b-fix-wlan-broken.patch:23-24
Timestamp: 2026-03-04T17:34:23.706Z
Learning: When reviewing patches in the Armbian build system (especially in patch/kernel/archive/**), always carefully distinguish between nested patch context lines (i.e., unchanged surrounding lines in an inner/embedded diff) and actual changes introduced by the PR. Lines inside a nested diff that begin with a space are context — not modifications. Before flagging anything, verify that the change being flagged is a genuine addition or removal in the inner patch content, not just context lines that shifted due to hunk offset changes. Failing to do so leads to false positives where existing, unmodified inner patch content is incorrectly treated as a new change.

---

Learnt from: rpardini
Repo: armbian/build PR: 8044
File: patch/u-boot/v2025.04/cmd-fileenv-read-string-from-file-into-env.patch:76-86
Timestamp: 2025-03-31T22:20:48.475Z
Learning: For the Armbian build project, maintaining consistency with existing patches across U-Boot versions (such as between 2025.01 and 2025.04) is prioritized over refactoring individual patches for code improvements.

---

Learnt from: EvilOlaf
Repo: armbian/build PR: 8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub API (https://api.github.com/repos/armbian/build/pulls/{pr_number}/files) to get the complete picture of what files are being added or modified, especially for U-Boot patches that will be applied during the build process.

---

Learnt from: igorpecovnik
Repo: armbian/build PR: 9087
File: .github/workflows/pr-check-pictures.yml:138-146
Timestamp: 2025-12-16T13:40:07.649Z
Learning: In the Armbian build repository, when introducing new requirements or checks (like the board assets verification workflow), the project prefers an initial educational-only period where violations post helpful PR comments and warnings but don't block merges. This allows contributors to become familiar with new requirements before enforcement is enabled (typically after ~6 months).

---

Learnt from: EvilOlaf
Repo: armbian/build PR: 0
File: :0-0
Timestamp: 2025-12-17T05:09:02.306Z
Learning: In the Armbian build system, kernel patches (e.g., in patch/kernel/archive/sunxi-6.18/patches.armbian/) contain device tree overlays and other code that have existed for years and are maintained/ported across kernel versions. When reviewing PRs that modify these patch files, focus on the actual changes being made (e.g., Makefile fixes, new additions) rather than reviewing the entire existing content within the patch as if it were new code. The patch file contents are existing, stable code unless explicitly modified in the PR diff.

---

Learnt from: tabrisnet
Repo: armbian/build PR: 0
File: :0-0
Timestamp: 2025-10-24T04:46:22.901Z
Learning: In lib/functions/rootfs/rootfs-create.sh, the FIXME comment about mmdebstrap usage with --aptopt is a future note related to PR `#8785`, which hasn't been merged yet.

---

Learnt from: EvilOlaf
Repo: armbian/build PR: 0
File: :0-0
Timestamp: 2025-07-21T04:12:02.439Z
Learning: In the Armbian build system, for recurring maintenance tasks like kernel version bumping, TODO comments should use generic version formats (e.g., "MAJOR.MINOR-rc1") rather than specific version numbers (e.g., "6.17-rc1") to avoid the need for frequent comment updates that would create unnecessary maintenance overhead.

---

Learnt from: rpardini
Repo: armbian/build PR: 8044
File: patch/u-boot/v2025.04/cmd-fileenv-read-string-from-file-into-env.patch:73-75
Timestamp: 2025-03-31T22:20:41.849Z
Learning: When porting patches between U-Boot versions (like from 2025.01 to 2025.04), rpardini prefers to maintain patches as-is rather than introducing refactoring changes, even when potential improvements are identified. This approach prioritizes consistency and reduces the risk of introducing new issues.

---

Learnt from: EvilOlaf
Repo: armbian/build PR: 8968
File: patch/u-boot/u-boot-sunxi/arm64-dts-sun50i-h6-orangepi.dtsi-Rollback-r_rsb-to-r_i2c.patch:36-36
Timestamp: 2025-11-20T18:20:11.985Z
Learning: The rewrite-patches tool (REWRITE_PATCHES=yes) in the Armbian build system can inadvertently introduce semantic changes when the u-boot/kernel git base revision differs from expected state. The tool applies patches, commits them, and re-exports them using git format-patch, which can cause the re-exported patch to reflect the base revision's state rather than preserving the original patch intent. This is particularly problematic for device tree changes like interrupt specifications. The tool currently lacks validation mechanisms to detect such semantic drift, and affected patches must be manually corrected after rewriting.

---

Learnt from: tabrisnet
Repo: armbian/build PR: 9512
File: lib/functions/rootfs/rootfs-create.sh:96-102
Timestamp: 2026-03-10T16:35:52.504Z
Learning: In `lib/functions/rootfs/rootfs-create.sh`, `--skip=check/empty` is unconditionally passed to mmdebstrap in `debootstrap_arguments` because `SDCARD` is required to already exist as a directory (enforced by the guard at the top of `create_new_rootfs_cache_via_debootstrap`), and mmdebstrap's empty-dir check would fire on any pre-existing target path. Keyrings are injected via mmdebstrap's `copy-in` hook (in `fetch_distro_keyring`, `lib/functions/rootfs/distro-specific.sh` Line 163), not by direct copy into `SDCARD` before mmdebstrap runs. The stale-leftover risk from interrupted runs is mitigated by Docker builds (the recommended method), which always provision a fresh `SDCARD`.

---

Learnt from: tabrisnet
Repo: armbian/build PR: 9085
File: lib/functions/rootfs/rootfs-create.sh:303-306
Timestamp: 2025-12-16T12:22:20.156Z
Learning: The post_debootstrap_customize hook concept in lib/functions/rootfs/rootfs-create.sh has been tested in PR `#9000`. The hook placement after package installations (including desktop packages) and before cleanup operations (autoremove, qemu undeploy) is validated as appropriate for rootfs customization.

---

Learnt from: amazingfate
Repo: armbian/build PR: 8619
File: config/sources/families/rockchip.conf:222-230
Timestamp: 2025-09-14T06:32:29.806Z
Learning: In the Armbian build system, the write_uboot_platform() function implementations follow different patterns across Rockchip family files. The newer standard (used in rockchip64_common.inc and rk3506) includes 'status=none' parameter in dd commands, while older implementations (rk3288, rk322x) use an older pattern without this parameter. The rk3506 implementation correctly follows the current Rockchip family standard.

---

Learnt from: EvilOlaf
Repo: armbian/build PR: 8428
File: config/boards/lckfb-taishanpi.csc:5-9
Timestamp: 2025-07-25T03:51:50.830Z
Learning: When reviewing PRs in the Armbian build system, U-Boot defconfig files and patches may be added as part of the PR changes but might not be visible in the current repository clone state during review. It's important to check the actual PR file changes directly via GitHub or the PR API to get the complete picture of what files are being added or modified.

[coderabbitai]

🧹 Nitpick comments (1)

lib/functions/rootfs/create-cache.sh (1)

31-31: Warn on stale LEGACY_DEBOOTSTRAP configs instead of silently ignoring them.

calculate_rootfs_cache_id() no longer varies on LEGACY_DEBOOTSTRAP, while the rootfs path now unconditionally uses mmdebstrap. An old board/user config can therefore keep setting the variable, reuse the same cache ID, and still get mmdebstrap behavior with no signal. A one-time warning/error when LEGACY_DEBOOTSTRAP is present would make the migration explicit; I’d also drop it from artifact_rootfs_config_dump() so the artifact metadata stops advertising a dead input.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@lib/functions/rootfs/create-cache.sh` at line 31, calculate_rootfs_cache_id()
currently ignores LEGACY_DEBOOTSTRAP which causes silent migration to
mmdebstrap; modify calculate_rootfs_cache_id() to detect if LEGACY_DEBOOTSTRAP
is set and emit a one-time warning (e.g., via echo or logger) informing the user
the legacy flag is ignored and mmdebstrap will be used, and remove any reference
to LEGACY_DEBOOTSTRAP from artifact_rootfs_config_dump() so the artifact
metadata no longer advertises the obsolete input; reference the
LEGACY_DEBOOTSTRAP variable and the functions calculate_rootfs_cache_id() and
artifact_rootfs_config_dump() when making the changes.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@lib/functions/rootfs/create-cache.sh`:
- Line 31: calculate_rootfs_cache_id() currently ignores LEGACY_DEBOOTSTRAP
which causes silent migration to mmdebstrap; modify calculate_rootfs_cache_id()
to detect if LEGACY_DEBOOTSTRAP is set and emit a one-time warning (e.g., via
echo or logger) informing the user the legacy flag is ignored and mmdebstrap
will be used, and remove any reference to LEGACY_DEBOOTSTRAP from
artifact_rootfs_config_dump() so the artifact metadata no longer advertises the
obsolete input; reference the LEGACY_DEBOOTSTRAP variable and the functions
calculate_rootfs_cache_id() and artifact_rootfs_config_dump() when making the
changes.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f83cfb84-66af-44ab-9f0c-27417ea7e0fa

📥 Commits

Reviewing files that changed from the base of the PR and between bb4339a and 36aec47.

📒 Files selected for processing (2)

• lib/functions/rootfs/create-cache.sh
• lib/functions/rootfs/rootfs-create.sh