From bc6ae91a707d3e22f0037e11505f421a49b9cd3f Mon Sep 17 00:00:00 2001 From: Thomas Bechtold Date: Tue, 20 Apr 2021 13:21:46 +0200 Subject: [PATCH 1/3] Add new ubuntu-oci project This is a copy of the ubuntu-base project. Currently ubuntu-base is used as a base for the docker/OCI container images. The rootfs tarball that is created with ubuntu-base is published under [0]. That tarball is used in the FROM statement of the Dockerfile as base and then a couple of modifications are done inside of the Dockerfile[1]. The ubuntu-oci project will include the changes that are currently done in the Dockerfile. With that: 1) a Dockerfile using that tarball will be just a 2 line thing: FROM scratch ADD ubuntu-hirsute-core-cloudimg-amd64-root.tar.gz / CMD ["/bin/bash"] 2) Ubuntu has the full control about the build process of the docker/OCI container. No external sources (like [1]) need to be modified anymore. 3) Ubuntu can publish containers without depending on the official dockerhub containers[2]. Currently the containers for the AWS ECR registry[3] use as a base[4] the official dockerhub containers. That's no longer needed because a container just needs a Dockerfile described in 1) When the ubuntu-oci project has the modifications from [1] included, we'll also update [1] to use the ubuntu-oci rootfs tarball as a base and drop the modifications done at [1]. Note: Creating a new ubuntu-oci project instead of using ubuntu-base will make sure that we don't break users who are currently using ubuntu-base rootfs tarballs for doing their own thing. [0] https://partner-images.canonical.com/core/ [1] https://github.com/tianon/docker-brew-ubuntu-core/blob/master/update.sh [2] https://hub.docker.com/_/ubuntu [3] https://gallery.ecr.aws/ubuntu/ubuntu [4] https://launchpad.net/~ubuntu-docker-images/ubuntu-docker-images/+oci/ubuntu/+recipe/ubuntu-20.04 (cherry picked from commit ac4a95b9314cf1f8ce01f42016c271c0a6078372) --- live-build/auto/config | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/live-build/auto/config b/live-build/auto/config index 7f0b27c3..c75dea52 100755 --- a/live-build/auto/config +++ b/live-build/auto/config @@ -317,7 +317,7 @@ if [ "$PREINSTALLED" = "true" ]; then ubuntu-server) add_package live oem-config-debconf ubiquity-frontend-debconf ;; - ubuntu-core|ubuntu-base|base|ubuntu-touch|ubuntu-touch-custom|ubuntu-cpc|ubuntu-desktop-next) + ubuntu-core|ubuntu-base|base|ubuntu-touch|ubuntu-touch-custom|ubuntu-cpc|ubuntu-desktop-next|ubuntu-oci) ;; ubuntu) add_package live oem-config-gtk ubiquity-frontend-gtk @@ -672,6 +672,10 @@ case $PROJECT in OPTS="${OPTS:+$OPTS }--bootstrap-flavour=minimal" ;; + ubuntu-oci) + OPTS="${OPTS:+$OPTS }--bootstrap-flavour=minimal" + ;; + ubuntu-touch|ubuntu-touch-custom) HINTS="packagekit ubuntu-system-settings" case $ARCH in @@ -925,7 +929,7 @@ case $ARCH in esac case $PROJECT:${SUBPROJECT:-} in - ubuntu-server:*|ubuntu-base:*|ubuntu-touch:*|ubuntu-touch-custom:*) + ubuntu-server:*|ubuntu-base:*|ubuntu-touch:*|ubuntu-touch-custom:*|ubuntu-oci:*) OPTS="${OPTS:+$OPTS }--linux-packages=none --initramfs=none" KERNEL_FLAVOURS=none BINARY_REMOVE_LINUX=false From 387ae191a13395e876d7a29f70e8cb6262fd5628 Mon Sep 17 00:00:00 2001 From: Thomas Bechtold Date: Tue, 20 Apr 2021 16:56:04 +0200 Subject: [PATCH 2/3] add configure_oci function and use it in ubuntu-oci With that, the Dockerfile modifications[0] currently done externally are done now here. That means that the created rootfs tarball can be directly used within a Dockerfile to create a container from scratch: FROM scratch ADD livecd.ubuntu-oci.rootfs.tar.gz / CMD ["/bin/bash"] [0] https://github.com/tianon/docker-brew-ubuntu-core/blob/master/update.sh (cherry picked from commit a81972a58b004897bf3e5c14ff371bc2f6b5e4b8) --- live-build/auto/build | 3 +++ live-build/functions | 56 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) diff --git a/live-build/auto/build b/live-build/auto/build index 3c26818c..356c5aae 100755 --- a/live-build/auto/build +++ b/live-build/auto/build @@ -439,6 +439,9 @@ deb file:/var/lib/preinstalled-pool/ $LB_DISTRIBUTION $LB_PARENT_ARCHIVE_AREAS Chroot chroot "ln -s /etc/media-info /var/log/installer/media-info" fi fi + if [ "$PROJECT" = "ubuntu-oci" ]; then + configure_oci chroot + fi if [ "$PROJECT" = "ubuntu-cpc" ]; then if [ "${SUBPROJECT:-}" = minimized ]; then BUILD_NAME=minimal diff --git a/live-build/functions b/live-build/functions index b8f91e4f..6306405d 100644 --- a/live-build/functions +++ b/live-build/functions @@ -608,6 +608,62 @@ snap_preseed() { fi } +configure_oci() { + # configure a chroot to be a OCI/docker container + # theses changes are taken from the current Dockerfile modifications done + # at https://github.com/tianon/docker-brew-ubuntu-core/blob/master/update.sh + + local chroot=$1 + + echo "==== Configuring OCI ====" + + # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L40-L48 + echo '#!/bin/sh' > ${chroot}/usr/sbin/policy-rc.d + echo 'exit 101' >> ${chroot}/usr/sbin/policy-rc.d + Chroot ${chroot} "chmod +x /usr/sbin/policy-rc.d" + + # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L54-L56 + Chroot ${chroot} "dpkg-divert --local --rename --add /sbin/initctl" + cp -a ${chroot}/usr/sbin/policy-rc.d ${chroot}/sbin/initctl + sed -i 's/^exit.*/exit 0/' ${chroot}/sbin/initctl + + # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L71-L78 + echo 'force-unsafe-io' > ${chroot}/etc/dpkg/dpkg.cfg.d/docker-apt-speedup + + # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L85-L105 + echo 'DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' > ${chroot}/etc/apt/apt.conf.d/docker-clean + + echo 'APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' >> ${chroot}/etc/apt/apt.conf.d/docker-clean + + echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";' >> ${chroot}/etc/apt/apt.conf.d/docker-clean + + # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L109-L115 + echo 'Acquire::Languages "none";' > ${chroot}/etc/apt/apt.conf.d/docker-no-languages + + # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L118-L130 + echo 'Acquire::GzipIndexes "true"; Acquire::CompressionTypes::Order:: "gz";' > ${chroot}/etc/apt/apt.conf.d/docker-gzip-indexes + + # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L134-L151 + echo 'Apt::AutoRemove::SuggestsImportant "false";' > ${chroot}/etc/apt/apt.conf.d/docker-autoremove-suggests + + # delete all the apt list files since they're big and get stale quickly + rm -rf ${chroot}/var/lib/apt/lists/* + + # verify that the APT lists files do not exist + Chroot chroot "apt-get indextargets" > indextargets.out + [ ! -s indextargets.out ] + rm indextargets.out + # (see https://bugs.launchpad.net/cloud-images/+bug/1699913) + + # make systemd-detect-virt return "docker" + # See: https://github.com/systemd/systemd/blob/aa0c34279ee40bce2f9681b496922dedbadfca19/src/basic/virt.c#L434 + mkdir -p ${chroot}/run/systemd + echo 'docker' > ${chroot}/run/systemd/container + + rm -rf ${chroot}/var/cache/apt/*.bin + echo "==== Configuring OCI done ====" +} + is_live_layer () { local pass=$1 for livepass in $LIVE_PASSES; do From fa079378426ba4b12d12fadecdc3b1e706a95abf Mon Sep 17 00:00:00 2001 From: Thomas Bechtold Date: Fri, 30 Apr 2021 14:20:21 +0200 Subject: [PATCH 3/3] add debian/changelog entry --- debian/changelog | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/debian/changelog b/debian/changelog index c695d246..4d1f2700 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +livecd-rootfs (2.525.53) UNRELEASED; urgency=medium + + * Add a new ubuntu-oci project that contains the customizations currently + performed downstream for the official Ubuntu images on dockerhub. + (LP: #1926732) + + -- Thomas Bechtold Fri, 30 Apr 2021 14:20:00 +0200 + livecd-rootfs (2.525.52) bionic; urgency=medium [ Gauthier Jolly ]