Drop pull_digest from hermetic boostrap image

[tkopecek]

Image has one Digest and many RepoDigests. So, we can hit situation when these two values don't match and podman will refuse to load such tarball later with error like described here:
containers/podman#27323

We should move to different mechanism (porbably skopeo) in the near future.

[gemini-code-assist]

Code Review

This pull request correctly removes the pull_digest field from the metadata query for hermetic bootstrap images. This change addresses a potential issue where Digest and RepoDigests can mismatch, causing podman load to fail. The change is well-justified and improves the robustness of the hermetic build process. I have added one suggestion to improve the readability of a related log message, also aligning with preferred logging practices.

[gemini-code-assist]

The log message on line 255 is confusing because it includes the raw query format string, making the log output difficult to interpret. Since get_query is only used once after this change, you can improve readability by inlining it into the podman command and writing a more descriptive log message. Additionally, prefer lazy '%s' formatting for log entries, as demonstrated in the suggestion, over f-strings or direct string concatenation for better performance and consistency. This aligns with the style guide's emphasis on readability.

Suggested change

	get_query = '{"id": "{{.Id}}", "architecture": "{{ .Architecture }}"}'
	getLog().info("Reading image %s from %s", get_query, self.image)
	cmd = ["podman", "image", "inspect", "--format", get_query, self.image]
	getLog().info("Reading image metadata from %s", self.image)

References

1. The style guide states in line 4: 'Readability: Code should be easy to understand for all team members.' The current log message is not easily understandable and thus violates this principle. ^(link)
2. Prefer lazy '%s' formatting for log entries over f-strings.

[praiskup]

copy paste from testing farm:

    And the produced lockfile is validated properly                                      # steps/other.py:236
      Traceback (most recent call last):
        File "/usr/lib/python3.14/site-packages/behave/model.py", line 1329, in run
          match.run(runner.context)
          ~~~~~~~~~^^^^^^^^^^^^^^^^
        File "/usr/lib/python3.14/site-packages/behave/matchers.py", line 98, in run
          self.func(context, *args, **kwargs)
          ~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^
        File "steps/other.py", line 252, in step_impl
          jsonschema.validate(lockfile_data, schema)
          ~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^
        File "/usr/lib/python3.14/site-packages/jsonschema/validators.py", line 1332, in validate
          raise error
      jsonschema.exceptions.ValidationError: 'pull_digest' is a required property
      
      Failed validating 'required' in schema['properties']['bootstrap']:
          {'description': 'The object that describes the Mock bootstrap chroot.  '
                          'Optional, only provided when bootstrap (image) is '
                          'used.',
           'type': 'object',
           'additionalProperties': False,
           'required': ['image_digest', 'pull_digest', 'architecture', 'id'],
           'properties': {'image_digest': {'description': 'SHA256 digest '
                                                          'concatenated RootFS '
                                                          'layer digests and '
                                                          'Config section from '
                                                          "'podman image "
                                                          "inspect' command, "
                                                          'sha256 string',
                                           'type': 'string'},
                          'pull_digest': {'description': 'Image digest, as '
                                                         'reported by podman '
                                                         'inspect, can be used '
                                                         'for podman pull.',
                                          'type': 'string'},
                          'architecture': {'description': 'OCI architecture '
                                                          'string, as reported '
                                                          'by podman inspect '
                                                          '.Architecture field.',
                                           'type': 'string'},
                          'id': {'type': 'string',
                                 'description': 'Image ID, as reported by podman '
                                                'inspect .Id'}}}
      
      On instance['bootstrap']:
          {'architecture': 'amd64',
           'id': 'b7043263a6898fb5c85d28447b861e18891bff47a38df17767d330490417c46c',
           'image_digest': 'd6dfb0013366a2137f25ff95a5188fb3f22173292e0fee0da99095d1ad2ed95b'}
      
      Captured stdout:
      using uniqueext o4hnjqtd
      ```

[tkopecek]

Could be replaced by #1717

[praiskup]

Yeah, let's go with #1717