From eedee1a10bfb6e60c16e2363b4c79641867f49f5 Mon Sep 17 00:00:00 2001
From: Pavel Raiskup <praiskup@redhat.com>
Date: Mon, 28 Oct 2024 20:21:34 +0100
Subject: [PATCH] hermetic: rely on "podman pull" that imports the bootstrap

---
 mock/py/mockbuild/buildroot.py | 5 -----
 mock/py/mockbuild/config.py    | 8 ++++----
 mock/py/mockbuild/podman.py    | 9 ---------
 3 files changed, 4 insertions(+), 18 deletions(-)

diff --git a/mock/py/mockbuild/buildroot.py b/mock/py/mockbuild/buildroot.py
index 3643636c1..385b48455 100644
--- a/mock/py/mockbuild/buildroot.py
+++ b/mock/py/mockbuild/buildroot.py
@@ -277,11 +277,6 @@ def _fallback(message):
                                   self.chroot_image, podman.image_id)
                 podman.tag_image()
 
-                if self.is_bootstrap and self.config["hermetic_build"]:
-                    tarball = os.path.join(self.config["offline_local_repository"],
-                                           "bootstrap.tar")
-                    podman.import_tarball(tarball)
-
                 digest_expected = self.config.get("image_assert_digest", None)
                 if digest_expected:
                     getLog().info("Checking image digest: %s",
diff --git a/mock/py/mockbuild/config.py b/mock/py/mockbuild/config.py
index 93fc80bd4..56b4827d5 100644
--- a/mock/py/mockbuild/config.py
+++ b/mock/py/mockbuild/config.py
@@ -777,6 +777,10 @@ def process_hermetic_build_config(cmdline_opts, config_opts):
             f"The {repo_reference} doesn't seem to be a valid "
             "offline RPM repository (RPM metadata not found)")
 
+    # Use the offline image for bootstrapping.
+    bootstrap_tarball = os.path.join(final_offline_repo, "bootstrap.tar")
+    config_opts["bootstrap_image"] = f"oci-archive:{bootstrap_tarball}"
+
     config_opts["offline_local_repository"] = final_offline_repo
 
     # We install all the packages at once (for now?).  We could inherit the
@@ -784,10 +788,6 @@ def process_hermetic_build_config(cmdline_opts, config_opts):
     # installation command - and we have no groups in the offline repo.
     config_opts["chroot_setup_cmd"] = "install *"
 
-    # The image needs to be prepared on host.  Build-systems implementing SLSA 3
-    # should make sure the config_opts["bootstrap_image"] is already downloaded.
-    config_opts["bootstrap_image_skip_pull"] = True
-
     # With hermetic builds, we always assert that we are reproducing the build
     # with the same image.
     config_opts["bootstrap_image_assert_digest"] = data["bootstrap"]["image_digest"]
diff --git a/mock/py/mockbuild/podman.py b/mock/py/mockbuild/podman.py
index a1d714f7b..100c920bd 100644
--- a/mock/py/mockbuild/podman.py
+++ b/mock/py/mockbuild/podman.py
@@ -8,7 +8,6 @@
 
 import backoff
 from mockbuild.trace_decorator import getLog, traceLog
-from mockbuild import util
 
 
 class PodmanError(Exception):
@@ -97,14 +96,6 @@ def tag_image(self):
         subprocess.run(cmd, env=self.buildroot.env, stdout=subprocess.PIPE,
                        stderr=subprocess.PIPE, check=True)
 
-    def import_tarball(self, tarball):
-        """
-        Import tarball using podman into the local database.
-        """
-        getLog().info("Loading container image from %s", tarball)
-        cmd = [self.podman_binary, "load", "-i", tarball]
-        util.do_with_status(cmd, env=self.buildroot.env)
-
     def retry_image_pull(self, max_time):
         """ Try pulling the image multiple times """
         @backoff.on_predicate(backoff.expo, lambda x: not x,