Summary

Generalize bin/build-fs-pickle.sh so the same wrapper can produce fs.pickle for non-Debian targets. Today it's hardcoded to apt/Debian.

Adds FAMILY=:

• apt (default) — Debian/Ubuntu, current behaviour, no change for existing users.
• opkg — OpenWrt rootfs (e.g. openwrt/rootfs:x86-64-23.05.5); installs python3-light + $PACKAGES.
• none — no install step; the image must already contain python3 (e.g. python:3-alpine for a BusyBox-style surface, or any prebuilt rootfs you've imported).

OUT= already existed and now it's actually useful — point it anywhere on the host to bake pickles for multiple personas into separate paths from one tree.

The default invocation (bin/build-fs-pickle.sh / make build-fs-pickle) is unchanged — still produces the Debian 12 pickle into src/cowrie/data/fs.pickle.new. No regression risk for existing users.

motivation

This is the tool needed to actually produce the non-Debian pickles for #40092 (FLAVOR build-arg, currently open) — you can't ship an OpenWrt flavor without a way to bake its fs.pickle. Sits on the long arc of #285 (device profile support, open since 2016).

The apt path was used to regenerate the pickle for #40090 (Debian 12 fingerprint bump, merged); this PR just extends the same pattern.

Implementation notes

• Install dispatch is a case inside the in-container sh -c, with FAMILY and PACKAGES passed as plain env vars. No eval.
• Per-family defaults for IMAGE and PACKAGES set on the host side via : "${IMAGE:=...}"/: "${IMAGE:?...}" so missing-required-var errors are explicit.
• Makefile help text updated to reflect the wider scope.
• New Building from a real container subsection added to docs/HONEYFS.rst, right after the existing createfs section, covering the wrapper + the FAMILY switch with examples.

Test plan

• Default bin/build-fs-pickle.sh still produces a valid Debian 12 pickle (no regression).
• FAMILY=none IMAGE=python:3-alpine OUT=... end-to-end smoke: pulls image, runs createfs inside, writes a valid 880KB pickle with sensible top-level entries (root, opt, dev, proc, run, etc.).
• FAMILY=opkg smoke against an openwrt/rootfs image (worth a maintainer check — I haven't pulled an OpenWrt rootfs locally).

Known follow-ups (not in this PR)

• FAMILY=raw for images without python3 (would do docker export | tar -x + sidecar python container walking the extracted rootfs). Lets you snapshot pure busybox:latest and extracted firmware images. Can be a separate PR once this lands.
• Per-family command registry filtering (Add "device profile" support #285) — making apt/apt-get actually unavailable on a busybox/openwrt persona. Larger architectural change, deserves its own design discussion.

let me know what you think