releasing package livecd-rootfs version 2.719.1

Merge branch 'sru-hirsute-lp1926732' into ubuntu/hirsute
fix version number for initial SRU
2025-08-20 21:24:09 +00:00 · 2021-05-11 11:35:11 +12:00 · 2021-05-11 11:34:52 +12:00 · 2021-05-11 11:34:36 +12:00 · 2021-04-30 13:24:00 +02:00 · 2021-04-30 13:13:34 +02:00
4 changed files with 78 additions and 5 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,12 @@
+livecd-rootfs (2.719.1) hirsute; urgency=medium
+
+  [ Thomas Bechtold ]
+  * Add a new ubuntu-oci project that contains the customizations currently
+    performed downstream for the official Ubuntu images on dockerhub.
+    (LP: #1926732)
+
+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Tue, 11 May 2021 11:34:58 +1200
+
 livecd-rootfs (2.719) hirsute; urgency=medium

  * Our raspi server images should have used the raspi-server seed in hirsute,
--- a/live-build/auto/build
+++ b/live-build/auto/build
@ -245,7 +245,7 @@ if  [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then
 fi
 EOF

-                if [ "$PROJECT" != "ubuntu-base" ]; then
+                if [ "$PROJECT" != "ubuntu-base" ] && [ "$PROJECT" != "ubuntu-oci" ]; then
                    	# ubuntu-minimal is too much for a docker container (it contains
                    	# systemd and other things)
 	                cat >> chroot/usr/local/sbin/unminimize <<'EOF'
@ -441,6 +441,10 @@ serial: $BUILDSTAMP
 EOF
 		fi

+		if [ "$PROJECT" = "ubuntu-oci" ]; then
+		    configure_oci chroot
+		fi
+
 		configure_network_manager

 		echo "===== Checking size of /usr/share/doc ====="
--- a/live-build/auto/config
+++ b/live-build/auto/config
@ -514,7 +514,7 @@ if [ "$PREINSTALLED" = "true" ]; then
 		ubuntu-server)
 			add_package live oem-config-debconf ubiquity-frontend-debconf
 			;;
-		ubuntu-core|ubuntu-base|base|ubuntu-cpc)
+		ubuntu-core|ubuntu-base|ubuntu-oci|base|ubuntu-cpc)
 			;;
 		ubuntu)
 			add_package live oem-config-gtk ubiquity-frontend-gtk
@ -796,6 +796,10 @@ case $PROJECT in
 		OPTS="${OPTS:+$OPTS }--bootstrap-flavour=minimal"
 		;;

+	ubuntu-oci)
+		OPTS="${OPTS:+$OPTS }--bootstrap-flavour=minimal"
+		;;
+
 	ubuntu-cpc)
 		KERNEL_FLAVOURS=virtual

@ -962,7 +966,7 @@ case $ARCH in
 esac

 case $PROJECT:${SUBPROJECT:-} in
-	ubuntu-server:*|ubuntu-base:*)
+	ubuntu-server:*|ubuntu-base:*|ubuntu-oci:*)
 		OPTS="${OPTS:+$OPTS }--linux-packages=none --initramfs=none"
 		KERNEL_FLAVOURS=none
 		BINARY_REMOVE_LINUX=false
@ -1029,7 +1033,7 @@ echo "SUBPROJECT=\"${SUBPROJECT:-}\"" >> config/binary
 echo "LB_DISTRIBUTION=\"$SUITE\"" >> config/binary

 case $PROJECT in
-  ubuntu-cpc|ubuntu-core|ubuntu-base|base)
+  ubuntu-cpc|ubuntu-core|ubuntu-base|ubuntu-oci|base)
    # ubuntu-cpc gets this added in 025-create-groups.chroot, and we do
    # not want this group in projects that are effectively just chroots
    ;;
--- a/live-build/functions
+++ b/live-build/functions
@ -833,7 +833,7 @@ clean_debian_chroot() {
    rm -f chroot/var/cache/debconf/*-old chroot/var/lib/dpkg/*-old
    Chroot chroot apt clean
    # For the docker images we remove even more stuff.
-    if [ "${PROJECT}:${SUBPROJECT:-}" = "ubuntu-base:minimized" ]; then
+    if [ "${PROJECT}:${SUBPROJECT:-}" = "ubuntu-base:minimized" ] || [ "${PROJECT}:${SUBPROJECT:-}" = "ubuntu-oci:minimized" ]; then
        # Remove apt lists (that are currently removed downstream
        # anyway)
        rm -rf chroot/var/lib/apt/lists/*
@ -906,6 +906,62 @@ EOF
 fi
 }

+configure_oci() {
+    # configure a chroot to be a OCI/docker container
+    # theses changes are taken from the current Dockerfile modifications done
+    # at https://github.com/tianon/docker-brew-ubuntu-core/blob/master/update.sh
+
+    local chroot=$1
+
+    echo "==== Configuring OCI ===="
+
+    # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L40-L48
+    echo '#!/bin/sh' > ${chroot}/usr/sbin/policy-rc.d
+    echo 'exit 101' >> ${chroot}/usr/sbin/policy-rc.d
+    Chroot ${chroot} "chmod +x /usr/sbin/policy-rc.d"
+
+    # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L54-L56
+    Chroot ${chroot} "dpkg-divert --local --rename --add /sbin/initctl"
+    cp -a ${chroot}/usr/sbin/policy-rc.d ${chroot}/sbin/initctl
+    sed -i 's/^exit.*/exit 0/' ${chroot}/sbin/initctl
+
+    # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L71-L78
+    echo 'force-unsafe-io' > ${chroot}/etc/dpkg/dpkg.cfg.d/docker-apt-speedup
+
+    # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L85-L105
+    echo 'DPkg::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' > ${chroot}/etc/apt/apt.conf.d/docker-clean
+
+    echo 'APT::Update::Post-Invoke { "rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true"; };' >> ${chroot}/etc/apt/apt.conf.d/docker-clean
+
+    echo 'Dir::Cache::pkgcache ""; Dir::Cache::srcpkgcache "";' >> ${chroot}/etc/apt/apt.conf.d/docker-clean
+
+    # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L109-L115
+    echo 'Acquire::Languages "none";' > ${chroot}/etc/apt/apt.conf.d/docker-no-languages
+
+    # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L118-L130
+    echo 'Acquire::GzipIndexes "true"; Acquire::CompressionTypes::Order:: "gz";' > ${chroot}/etc/apt/apt.conf.d/docker-gzip-indexes
+
+    # https://github.com/docker/docker/blob/9a9fc01af8fb5d98b8eec0740716226fadb3735c/contrib/mkimage/debootstrap#L134-L151
+    echo 'Apt::AutoRemove::SuggestsImportant "false";' > ${chroot}/etc/apt/apt.conf.d/docker-autoremove-suggests
+
+    # delete all the apt list files since they're big and get stale quickly
+    rm -rf ${chroot}/var/lib/apt/lists/*
+
+    # verify that the APT lists files do not exist
+    Chroot chroot "apt-get indextargets" > indextargets.out
+    [ ! -s indextargets.out ]
+    rm indextargets.out
+    # (see https://bugs.launchpad.net/cloud-images/+bug/1699913)
+
+    # make systemd-detect-virt return "docker"
+    # See: https://github.com/systemd/systemd/blob/aa0c34279ee40bce2f9681b496922dedbadfca19/src/basic/virt.c#L434
+    mkdir -p ${chroot}/run/systemd
+    echo 'docker' > ${chroot}/run/systemd/container
+
+    rm -rf ${chroot}/var/cache/apt/*.bin
+    echo "==== Configuring OCI done ===="
+}
+
 configure_network_manager() {
    # If the image pre-installs network-manager, let it manage all devices by
    # default. Installing NM on an existing system only manages wifi and wwan via
Author	SHA1	Message	Date
Michael Hudson-Doyle	9d03006f87	releasing package livecd-rootfs version 2.719.1	2021-05-11 11:35:11 +12:00
Michael Hudson-Doyle	6270e4d7ad	Merge branch 'sru-hirsute-lp1926732' into ubuntu/hirsute	2021-05-11 11:34:52 +12:00
Michael Hudson-Doyle	57f126ae4d	fix version number for initial SRU	2021-05-11 11:34:36 +12:00
Thomas Bechtold	dc0990939e	add debian/changelog entry	2021-04-30 13:24:00 +02:00
Thomas Bechtold	77d998829a	add configure_oci function and use it in ubuntu-oci With that, the Dockerfile modifications[0] currently done externally are done now here. That means that the created rootfs tarball can be directly used within a Dockerfile to create a container from scratch: FROM scratch ADD livecd.ubuntu-oci.rootfs.tar.gz / CMD ["/bin/bash"] [0] https://github.com/tianon/docker-brew-ubuntu-core/blob/master/update.sh (cherry picked from commit a81972a58b004897bf3e5c14ff371bc2f6b5e4b8)	2021-04-30 13:13:34 +02:00
Thomas Bechtold	3ad6996779	Add new ubuntu-oci project This is a copy of the ubuntu-base project. Currently ubuntu-base is used as a base for the docker/OCI container images. The rootfs tarball that is created with ubuntu-base is published under [0]. That tarball is used in the FROM statement of the Dockerfile as base and then a couple of modifications are done inside of the Dockerfile[1]. The ubuntu-oci project will include the changes that are currently done in the Dockerfile. With that: 1) a Dockerfile using that tarball will be just a 2 line thing: FROM scratch ADD ubuntu-hirsute-core-cloudimg-amd64-root.tar.gz / CMD ["/bin/bash"] 2) Ubuntu has the full control about the build process of the docker/OCI container. No external sources (like [1]) need to be modified anymore. 3) Ubuntu can publish containers without depending on the official dockerhub containers[2]. Currently the containers for the AWS ECR registry[3] use as a base[4] the official dockerhub containers. That's no longer needed because a container just needs a Dockerfile described in 1) When the ubuntu-oci project has the modifications from [1] included, we'll also update [1] to use the ubuntu-oci rootfs tarball as a base and drop the modifications done at [1]. Note: Creating a new ubuntu-oci project instead of using ubuntu-base will make sure that we don't break users who are currently using ubuntu-base rootfs tarballs for doing their own thing. [0] https://partner-images.canonical.com/core/ [1] https://github.com/tianon/docker-brew-ubuntu-core/blob/master/update.sh [2] https://hub.docker.com/_/ubuntu [3] https://gallery.ecr.aws/ubuntu/ubuntu [4] https://launchpad.net/~ubuntu-docker-images/ubuntu-docker-images/+oci/ubuntu/+recipe/ubuntu-20.04 (cherry picked from commit ac4a95b9314cf1f8ce01f42016c271c0a6078372)	2021-04-30 13:13:18 +02:00