diff --git a/debian/changelog b/debian/changelog index 8e23fe60..f0743efc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +livecd-rootfs (2.664.21) focal; urgency=medium + + [ Thomas Bechtold ] + * Add a new ubuntu-oci project that contains the customizations currently + performed downstream for the official Ubuntu images on dockerhub. + (LP: #1926732) + + -- Michael Hudson-Doyle Tue, 11 May 2021 11:38:16 +1200 + livecd-rootfs (2.664.20) focal; urgency=medium [ Gauthier Jolly ] diff --git a/live-build/auto/build b/live-build/auto/build index 82eb56ee..fc456919 100755 --- a/live-build/auto/build +++ b/live-build/auto/build @@ -245,7 +245,7 @@ if [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then fi EOF - if [ "$PROJECT" != "ubuntu-base" ]; then + if [ "$PROJECT" != "ubuntu-base" ] && [ "$PROJECT" != "ubuntu-oci" ]; then # ubuntu-minimal is too much for a docker container (it contains # systemd and other things) cat >> chroot/usr/local/sbin/unminimize <<'EOF' @@ -441,6 +441,10 @@ serial: $BUILDSTAMP EOF fi + if [ "$PROJECT" = "ubuntu-oci" ]; then + configure_oci chroot + fi + configure_network_manager echo "===== Checking size of /usr/share/doc =====" diff --git a/live-build/auto/config b/live-build/auto/config index 888080dd..702af138 100755 --- a/live-build/auto/config +++ b/live-build/auto/config @@ -506,7 +506,7 @@ if [ "$PREINSTALLED" = "true" ]; then ubuntu-server) add_package live oem-config-debconf ubiquity-frontend-debconf ;; - ubuntu-core|ubuntu-base|base|ubuntu-cpc) + ubuntu-core|ubuntu-base|ubuntu-oci|base|ubuntu-cpc) ;; ubuntu) add_package live oem-config-gtk ubiquity-frontend-gtk @@ -785,6 +785,10 @@ case $PROJECT in OPTS="${OPTS:+$OPTS }--bootstrap-flavour=minimal" ;; + ubuntu-oci) + OPTS="${OPTS:+$OPTS }--bootstrap-flavour=minimal" + ;; + ubuntu-cpc) KERNEL_FLAVOURS=virtual @@ -951,7 +955,7 @@ case $ARCH in esac case $PROJECT:${SUBPROJECT:-} in - ubuntu-server:*|ubuntu-base:*) + ubuntu-server:*|ubuntu-base:*|ubuntu-oci:*) OPTS="${OPTS:+$OPTS }--linux-packages=none --initramfs=none" KERNEL_FLAVOURS=none BINARY_REMOVE_LINUX=false @@ -1018,7 +1022,7 @@ echo "SUBPROJECT=\"${SUBPROJECT:-}\"" >> config/binary echo "LB_DISTRIBUTION=\"$SUITE\"" >> config/binary case $PROJECT in - ubuntu-cpc|ubuntu-core|ubuntu-base|base) + ubuntu-cpc|ubuntu-core|ubuntu-base|ubuntu-oci|base) # ubuntu-cpc gets this added in 025-create-groups.chroot, and we do # not want this group in projects that are effectively just chroots ;; diff --git a/live-build/functions b/live-build/functions index 03d637d8..270ed1dc 100644 --- a/live-build/functions +++ b/live-build/functions @@ -802,7 +802,7 @@ clean_debian_chroot() { rm -f chroot/var/cache/debconf/*-old chroot/var/lib/dpkg/*-old Chroot chroot apt clean # For the docker images we remove even more stuff. - if [ "${PROJECT}:${SUBPROJECT:-}" = "ubuntu-base:minimized" ]; then + if [ "${PROJECT}:${SUBPROJECT:-}" = "ubuntu-base:minimized" ] || [ "${PROJECT}:${SUBPROJECT:-}" = "ubuntu-oci:minimized" ]; then # Remove apt lists (that are currently removed downstream # anyway) rm -rf chroot/var/lib/apt/lists/* @@ -875,6 +875,62 @@ EOF fi } +configure_oci() { + # configure a chroot to be a OCI/docker container + # theses changes are taken from the current Dockerfile modifications done + # at https://github.com/tianon/docker-brew-ubuntu-core/blob/master/update.sh + + local chroot=$1 + + echo "==== Configuring OCI ====" + + # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L40-L48 + echo '#!/bin/sh' > ${chroot}/usr/sbin/policy-rc.d + echo 'exit 101' >> ${chroot}/usr/sbin/policy-rc.d + Chroot ${chroot} "chmod +x /usr/sbin/policy-rc.d" + + # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L54-L56 + Chroot ${chroot} "dpkg-divert --local --rename --add /sbin/initctl" + cp -a ${chroot}/usr/sbin/policy-rc.d ${chroot}/sbin/initctl + sed -i 's/^exit.*/exit 0/' ${chroot}/sbin/initctl + + # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L71-L78 + echo 'force-unsafe-io' > ${chroot}/etc/dpkg/dpkg.cfg.d/docker-apt-speedup + + # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L85-L105 + echo 'DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' > ${chroot}/etc/apt/apt.conf.d/docker-clean + + echo 'APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' >> ${chroot}/etc/apt/apt.conf.d/docker-clean + + echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";' >> ${chroot}/etc/apt/apt.conf.d/docker-clean + + # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L109-L115 + echo 'Acquire::Languages "none";' > ${chroot}/etc/apt/apt.conf.d/docker-no-languages + + # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L118-L130 + echo 'Acquire::GzipIndexes "true"; Acquire::CompressionTypes::Order:: "gz";' > ${chroot}/etc/apt/apt.conf.d/docker-gzip-indexes + + # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L134-L151 + echo 'Apt::AutoRemove::SuggestsImportant "false";' > ${chroot}/etc/apt/apt.conf.d/docker-autoremove-suggests + + # delete all the apt list files since they're big and get stale quickly + rm -rf ${chroot}/var/lib/apt/lists/* + + # verify that the APT lists files do not exist + Chroot chroot "apt-get indextargets" > indextargets.out + [ ! -s indextargets.out ] + rm indextargets.out + # (see https://bugs.launchpad.net/cloud-images/+bug/1699913) + + # make systemd-detect-virt return "docker" + # See: https://github.com/systemd/systemd/blob/aa0c34279ee40bce2f9681b496922dedbadfca19/src/basic/virt.c#L434 + mkdir -p ${chroot}/run/systemd + echo 'docker' > ${chroot}/run/systemd/container + + rm -rf ${chroot}/var/cache/apt/*.bin + echo "==== Configuring OCI done ====" +} + configure_network_manager() { # If the image pre-installs network-manager, let it manage all devices by # default. Installing NM on an existing system only manages wifi and wwan via