This PR cleans up various issues with our Docker container image definitions and build scripts, and in particular removes our leftover support for Debian 9, stops our accidental publication to Packagecloud of RPMs unrelated to Git LFS, and defers to the primary Git LFS project's RPM build script to handle 32-bit builds so as to fix a naming problem with the 32-bit RPMs for CentOS 8 and Rocky Linux 9.

Reviewing this PR commit-by-commit is recommended, and each commit should have a full description of its changes.

We expect to merge this PR only when its companion PR git-lfs/git-lfs#5241 has been reviewed and merged, specifically because that PR adds support for 32-bit RPM builds.

This PR's changes have been tested in conjunction with those of PR git-lfs/git-lfs#5241 and confirmed to produce valid build artifacts. We used a branch of git-lfs/git-lfs with the changes from PR git-lfs/git-lfs#5241 plus revisions to the GitHub Actions workflows so as to use this PR's branch and then to upload the resultant artifacts to GitHub Actions. These can be examined to confirm that they now correctly name the 32-bit RPM builds for CentOS 8 and Rocky Linux 9 and that they also include only Git LFS packages and no unrelated ones:

centos/7/RPMS/i686/git-lfs-3.3.0-1.el7.i686.rpm
centos/7/RPMS/x86_64/git-lfs-3.3.0-1.el7.x86_64.rpm
centos/7/SRPMS/git-lfs-3.3.0-1.el7.src.rpm
centos/8/RPMS/i686/git-lfs-3.3.0-1.el8.i686.rpm
centos/8/RPMS/x86_64/git-lfs-3.3.0-1.el8.x86_64.rpm
centos/8/SRPMS/git-lfs-3.3.0-1.el8.src.rpm
debian/10/git-lfs_3.3.0_amd64.deb
debian/10/git-lfs_3.3.0_i386.deb
debian/11/git-lfs_3.3.0_amd64.deb
debian/11/git-lfs_3.3.0_i386.deb
rocky/9/RPMS/i686/git-lfs-3.3.0-1.el9.i686.rpm
rocky/9/RPMS/x86_64/git-lfs-3.3.0-1.el9.x86_64.rpm
rocky/9/SRPMS/git-lfs-3.3.0-1.el9.src.rpm

Note that after these PRs are merged, we should delete the unrelated RPMs from our Packagecloud account to save some space and cost.

Removing Debian 9 Support

In commit git-lfs/git-lfs@e642e53 of PR git-lfs/git-lfs#5169 we dropped support for Debian 9 (stretch) in our primary Git LFS project, so we drop it here now as well, for the reasons explained that commit's description:

Debian 9 (stretch) is now beyond LTS support and on to ELTS support, which means that the typical Debian infrastructure is no longer involved and updates are no longer available from Debian. As a result, it's not really appropriate for us to continue to build packages on stretch since we can't be certain our dependencies or build environment are secure.

It is the case that some of the OSes that use Debian 9 packages, such as some versions of Ubuntu, do still receive security updates, but since we don't build specifically for those OSes, we'll need to drop support for them as well. Of the OSes receiving mainline (non-extended) security support, only Ubuntu bionic is affected.

One advantageous consequence of this change is that we should see the Build Linux packages CI job in the primary Git LFS project run somewhat faster, as it currently calls the build_dockers.bsh script without specifying an architecture with an --arch argument, and so that script then builds containers for all Docker instruction files matching *.Dockerfile, which means we are currently building an extra, unused Debian 9 container for the debian_9.Dockerfile file on every CI run.

Unintentionally Published RPM Packages

We use an rsync command to copy our built RPM packages into the output directory specified by the REPO_DIR variable, which defaults to /repo.

At present, this command copies all the RPM files, which includes the ones we built for the asciidoctor Ruby gem (and prior to Git LFS v3.3.0, the ones we built for the hpricot, mustache, rdiscount, and ronn Ruby gems). As a result we publish RPMs such as rubygem-asciidoctor-2.0.17-1.el9.src.rpm and rubygem-asciidoctor-2.0.17-1.el9.noarch.rpm in our Packagecloud account.

To exclude these RPMs so we do not upload them to our Packagecloud account, we add --include and --exclude options to the rsync command which limits copying to files with a git-lfs prefix.

Let Primary Project Script to Build 32-Bit RPMs

In commit git-lfs/git-lfs@c2d25ee of PR git-lfs/git-lfs#511 we added support for building RPM packages for 32-bit platforms by updating the docker/centos_script.bsh script which was present at that time in the primary Git LFS project's repository to call rpmbuild with a --target=i686 argument.

Since commit git-lfs/git-lfs@56ffe42 of PR git-lfs/git-lfs#555 both that script and the rpm/build_rpms.bsh script in the primary project's repository contained the same logic to parse the OS name and version in order to set a short suffix for the RPM filenames.

However, the docker/centos_script.bsh script was subsequently moved into this repository, where it has not been updated to match the rpm/build_rpms.bsh script in the primary project repository, such as when parsing of the OS major version was added in commit git-lfs/git-lfs@e939409 of PR git-lfs/git-lfs#5054, which allows us to properly parse the version number on CentOS/Rocky Linux 8 and above, or when parsing of the Rocky Linux OS name was added in commit git-lfs/git-lfs@723be34 of PR git-lfs/git-lfs#5144.

The result is that at present we build 32-bit RPMs for CentOS 8 and Rocky Linux 9 (el8 and el9, respectively) without the platform short name suffix in their filenames, e.g., git-lfs-3.3.0-1.i686.rpm and git-lfs-3.3.0-1.i686.rpm (instead of git-lfs-3.3.0-1.el9.i686.rpm and git-lfs-3.3.0-1.el8.i686.rpm), and then upload them to Packagecloud with those names.

To resolve this problem and avoid later regressions between the two sets of parsing logic, we add an rpmbuild command with the --target=i686 argument for 32-bit packages to the rpm/build_rpms.bsh script in the primary Git LFS project repository in commit git-lfs/git-lfs@7830f04 of PR git-lfs/git-lfs#5241, which ensures they will be built with the same context as our 64-bit packages.

We can therefore also remove the rpmbuild command with the --target=i686 argument from the centos_script.bsh script in this repository, along with the setup code which attempted to parse the OS version and name from either /etc/os-release or /etc/redhat-release, as these values are only used to set the RPM_DIST variable passed to rpmbuild, and the initialization code for that variable can be removed as well.

Removing Substitute Repository Cleanup Script

Since the original introduction of support for building CentOS RPMs in commit git-lfs/git-lfs@4a71627 of PR git-lfs/git-lfs#332, an rpm/clean.bsh script has been provided to perform the equivalent of a git clean -xdf command on the Git repository from which we build Git LFS.

However, this script is no longer needed as all of the CentOS and Rocky Linux container image builds have a native Git package installed (or a recent Git built, in the case of CentOS 7), so we remove our use of it, and also drop the script from the primary Git LFS project in commit git-lfs/git-lfs@ba6f278 of PR git-lfs/git-lfs#5241.

Use Git 2.34.x in CentOS 7 RPM Build

Since commit 7af5552 in PR #19 in 2018 our CentOS 7 Dockerfile has installed Git 2.16.0. As that version is now somewhat old, we update to a recent version instead, i.e., 2.34.5.

We avoid using a newer version higher then 2.34.x because those include a "test balloon" check for C99 compiler support, as introduced in git/git@7bc341e, which fails without further changes to our CentOS 7 build.