flashbots · alexhulbert · Nov 26, 2025 · Nov 26, 2025 · Dec 3, 2025 · 0x416e746f6e
diff --git a/base/add-backports.sh b/base/add-backports.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# The mkosi sandbox environment should have a debian backports source list
+# that matches the archive timestamp of the main release.
+# See https://github.com/systemd/mkosi/issues/1755
+MIRROR=$(jq -r .Mirror /work/config.json)
+if [ "$MIRROR" = "null" ]; then
+    MIRROR="http://deb.debian.org/debian"
+fi
+
+cat > "$SRCDIR/mkosi.builddir/debian-backports.sources" <<EOF
+Types: deb deb-src
+URIs: $MIRROR
+Suites: ${RELEASE}-backports
+Components: main
+Enabled: yes
+Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
+EOF
diff --git a/base/mkosi.conf b/base/mkosi.conf
@@ -5,6 +5,7 @@ Release=trixie
 
 [Build]
 PackageCacheDirectory=mkosi.cache
+SandboxTrees=mkosi.builddir/debian-backports.sources:/etc/apt/sources.list.d/debian-backports.sources
 Environment=KERNEL_IMAGE KERNEL_VERSION
 WithNetwork=true
 
@@ -23,6 +24,7 @@ FinalizeScripts=base/debloat.sh
 PostInstallationScripts=base/debloat-systemd.sh
 PostInstallationScripts=base/efi-stub.sh
 BuildScripts=kernel/mkosi.build
+SyncScripts=base/add-backports.sh
 
 CleanPackageMetadata=true
 Packages=kmod

diff --git a/flake.nix b/flake.nix
@@ -71,6 +71,7 @@
             qemu-utils
             parted
             unzip
+            jq
           ]
           ++ [reprepro];
       };
@@ -92,6 +93,7 @@
         nativeBuildInputs = [(mkosi system) measured-boot measured-boot-gcp];
         shellHook = ''
           mkdir -p mkosi.packages mkosi.cache mkosi.builddir ~/.cache/mkosi
+          touch mkosi.builddir/debian-backports.sources
         '';
       };
     }) ["x86_64-linux" "aarch64-linux"]);

diff --git a/l2/_op_rbuilder/mkosi.build b/l2/_op_rbuilder/mkosi.build
@@ -4,19 +4,11 @@ set -euxo pipefail
 
 ENV_YAML="$SRCDIR/l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml"
 
-RUST_VERSION=$(mkosi-chroot yq -r .rust.version < "$ENV_YAML")
-
 OP_RBUILDER_REF=$(mkosi-chroot yq -r .op_rbuilder.git_reference < "$ENV_YAML")
 TDX_QUOTE_PROVIDER_REF=$(mkosi-chroot yq -r .tdx_quote_provider.git_reference < "$ENV_YAML")
 RPROXY_REF=$(mkosi-chroot yq -r .rproxy.git_reference < "$ENV_YAML")
 NODE_HEALTHCHECKER_REF=$(mkosi-chroot yq -r .node_healthchecker.git_reference < "$ENV_YAML")
 
-export RUSTUP_HOME="/rustup"
-export CARGO_HOME="/cargo"
-mkosi-chroot rustup toolchain install $RUST_VERSION
-mkosi-chroot rustup default $RUST_VERSION
-export PATH="$CARGO_HOME/bin:$PATH"
-
 source scripts/make_git_package.sh
 source scripts/build_rust_package.sh
 

diff --git a/l2/_op_rbuilder/mkosi.conf b/l2/_op_rbuilder/mkosi.conf
@@ -12,6 +12,7 @@ Packages=libtss2-dev
 
 BuildPackages=golang
               libssl-dev
-              rustup
+              cargo/trixie-backports
+              rustc/trixie-backports
               unzip
               yq
diff --git a/l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml b/l2/_op_rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml
@@ -1,6 +1,3 @@
-rust:
-  version: 1.91.1
-
 node_healthchecker:
   git_reference: v0.1.11