From 8c41d85498843dc26a042af423a2fc8243ceb921 Mon Sep 17 00:00:00 2001 From: Ievgen Popovych Date: Tue, 14 Mar 2023 17:49:20 +0100 Subject: [PATCH] images: Add ubuntu-toolbox image definitions for Ubuntu These are the definitions of the ubuntu-toolbox images for Ubuntus 16.04, 18.04, 20.04, 22.04 and 22.10 that play well with Toolbx. Such as, password-less sudo, able to resolve its own hostname, SELinux is masked off, etc.. At the moment, these are already published at quay.io/toolbx-images/ubuntu-toolbox:22.04 and such. https://github.com/containers/toolbox/pull/483 https://github.com/containers/toolbox/pull/1284 Signed-off-by: Ievgen Popovych --- images/ubuntu/16.04/Containerfile | 37 +++++++++++++++++++++++++++ images/ubuntu/16.04/extra-packages | 8 ++++++ images/ubuntu/18.04/Containerfile | 37 +++++++++++++++++++++++++++ images/ubuntu/18.04/extra-packages | 8 ++++++ images/ubuntu/20.04/Containerfile | 41 ++++++++++++++++++++++++++++++ images/ubuntu/20.04/extra-packages | 9 +++++++ images/ubuntu/22.04/Containerfile | 38 +++++++++++++++++++++++++++ images/ubuntu/22.04/extra-packages | 9 +++++++ images/ubuntu/22.10/Containerfile | 38 +++++++++++++++++++++++++++ images/ubuntu/22.10/extra-packages | 9 +++++++ 10 files changed, 234 insertions(+) create mode 100644 images/ubuntu/16.04/Containerfile create mode 100644 images/ubuntu/16.04/extra-packages create mode 100644 images/ubuntu/18.04/Containerfile create mode 100644 images/ubuntu/18.04/extra-packages create mode 100644 images/ubuntu/20.04/Containerfile create mode 100644 images/ubuntu/20.04/extra-packages create mode 100644 images/ubuntu/22.04/Containerfile create mode 100644 images/ubuntu/22.04/extra-packages create mode 100644 images/ubuntu/22.10/Containerfile create mode 100644 images/ubuntu/22.10/extra-packages diff --git a/images/ubuntu/16.04/Containerfile b/images/ubuntu/16.04/Containerfile new file mode 100644 index 0000000..3da776a --- /dev/null +++ b/images/ubuntu/16.04/Containerfile @@ -0,0 +1,37 @@ +FROM docker.io/library/ubuntu:16.04 + +LABEL com.github.containers.toolbox="true" \ + name="ubuntu-toolbox" \ + version="16.04" \ + usage="This image is meant to be used with the toolbox command" \ + summary="Base image for creating Ubuntu toolbox containers" \ + maintainer="Ievgen Popovych " + +# Remove apt configuration optimized for containers +# Remove docker-gzip-indexes to help with "command-not-found" +RUN rm /etc/apt/apt.conf.d/docker-gzip-indexes /etc/apt/apt.conf.d/docker-no-languages + +# Enable myhostname nss plugin for clean hostname resolution without patching +# hosts (at least for sudo), add it right after 'files' entry. We expect that +# this entry is not present yet. Do this early so that package postinst (which +# adds it too late in the order) skips this step +RUN sed -Ei 's/^(hosts:.*)(\)\s*(.*)/\1\2 myhostname \3/' /etc/nsswitch.conf + +# Install ubuntu-minimal & ubuntu-standard +# Ask resolvconf maintainer script not to touch resolve.conf file +# Install extra packages as well as libnss-myhostname +COPY extra-packages / +RUN apt-get update && \ + echo "resolvconf resolvconf/linkify-resolvconf boolean false" | debconf-set-selections && \ + DEBIAN_FRONTEND=noninteractive apt-get install -y \ + ubuntu-minimal ubuntu-standard \ + libnss-myhostname \ + $(cat extra-packages | xargs) && \ + rm -rd /var/lib/apt/lists/* +RUN rm /extra-packages + +# Allow authentication with empty password, promptless +RUN sed -i '/^auth.*pam_unix.so/s/nullok_secure/try_first_pass nullok/' /etc/pam.d/common-auth + +# Fix empty bind-mount to clear selinuxfs (see #337) +RUN mkdir /usr/share/empty diff --git a/images/ubuntu/16.04/extra-packages b/images/ubuntu/16.04/extra-packages new file mode 100644 index 0000000..5e917e8 --- /dev/null +++ b/images/ubuntu/16.04/extra-packages @@ -0,0 +1,8 @@ +curl +git +gnupg2 +keyutils +tree +unzip +zip +zsh diff --git a/images/ubuntu/18.04/Containerfile b/images/ubuntu/18.04/Containerfile new file mode 100644 index 0000000..21e7f44 --- /dev/null +++ b/images/ubuntu/18.04/Containerfile @@ -0,0 +1,37 @@ +FROM docker.io/library/ubuntu:18.04 + +LABEL com.github.containers.toolbox="true" \ + name="ubuntu-toolbox" \ + version="18.04" \ + usage="This image is meant to be used with the toolbox command" \ + summary="Base image for creating Ubuntu toolbox containers" \ + maintainer="Ievgen Popovych " + +# Remove apt configuration optimized for containers +# Remove docker-gzip-indexes to help with "command-not-found" +RUN rm /etc/apt/apt.conf.d/docker-gzip-indexes /etc/apt/apt.conf.d/docker-no-languages + +# Enable myhostname nss plugin for clean hostname resolution without patching +# hosts (at least for sudo), add it right after 'files' entry. We expect that +# this entry is not present yet. Do this early so that package postinst (which +# adds it too late in the order) skips this step +RUN sed -Ei 's/^(hosts:.*)(\)\s*(.*)/\1\2 myhostname \3/' /etc/nsswitch.conf + +# Restore documentation but do not upgrade all packages +# Install extra packages as well as libnss-myhostname +COPY extra-packages / +RUN sed -Ei '/apt-get (update|upgrade)/s/^/#/' /usr/local/sbin/unminimize && \ + apt-get update && \ + yes | /usr/local/sbin/unminimize && \ + DEBIAN_FRONTEND=noninteractive apt-get -y install \ + ubuntu-minimal ubuntu-standard \ + libnss-myhostname \ + $(cat extra-packages | xargs) && \ + rm -rd /var/lib/apt/lists/* +RUN rm /extra-packages + +# Allow authentication with empty password, promptless +RUN sed -i '/^auth.*pam_unix.so/s/nullok_secure/try_first_pass nullok/' /etc/pam.d/common-auth + +# Fix empty bind-mount to clear selinuxfs (see #337) +RUN mkdir /usr/share/empty diff --git a/images/ubuntu/18.04/extra-packages b/images/ubuntu/18.04/extra-packages new file mode 100644 index 0000000..5e917e8 --- /dev/null +++ b/images/ubuntu/18.04/extra-packages @@ -0,0 +1,8 @@ +curl +git +gnupg2 +keyutils +tree +unzip +zip +zsh diff --git a/images/ubuntu/20.04/Containerfile b/images/ubuntu/20.04/Containerfile new file mode 100644 index 0000000..9060512 --- /dev/null +++ b/images/ubuntu/20.04/Containerfile @@ -0,0 +1,41 @@ +FROM docker.io/library/ubuntu:20.04 + +LABEL com.github.containers.toolbox="true" \ + name="ubuntu-toolbox" \ + version="20.04" \ + usage="This image is meant to be used with the toolbox command" \ + summary="Base image for creating Ubuntu toolbox containers" \ + maintainer="Ievgen Popovych " + +# Remove apt configuration optimized for containers +# Remove docker-gzip-indexes to help with "command-not-found" +RUN rm /etc/apt/apt.conf.d/docker-gzip-indexes /etc/apt/apt.conf.d/docker-no-languages + +# Enable myhostname nss plugin for clean hostname resolution without patching +# hosts (at least for sudo), add it right after 'files' entry. We expect that +# this entry is not present yet. Do this early so that package postinst (which +# adds it too late in the order) skips this step +RUN sed -Ei 's/^(hosts:.*)(\)\s*(.*)/\1\2 myhostname \3/' /etc/nsswitch.conf + +# Restore documentation but do not upgrade all packages +# Install ubuntu-minimal & ubuntu-standard +# Install extra packages as well as libnss-myhostname +COPY extra-packages / +RUN sed -Ei '/apt-get (update|upgrade)/s/^/#/' /usr/local/sbin/unminimize && \ + apt-get update && \ + yes | /usr/local/sbin/unminimize && \ + DEBIAN_FRONTEND=noninteractive apt-get -y install \ + ubuntu-minimal ubuntu-standard \ + libnss-myhostname \ + $(cat extra-packages | xargs) && \ + rm -rd /var/lib/apt/lists/* +RUN rm /extra-packages + +# Allow authentication with empty password, promptless +RUN sed -i '/^auth.*pam_unix.so/s/nullok_secure/try_first_pass nullok/' /etc/pam.d/common-auth + +# Fix empty bind-mount to clear selinuxfs (see #337) +RUN mkdir /usr/share/empty + +# Add flatpak-spawn to /usr/bin +RUN ln -s /usr/libexec/flatpak-xdg-utils/flatpak-spawn /usr/bin/ diff --git a/images/ubuntu/20.04/extra-packages b/images/ubuntu/20.04/extra-packages new file mode 100644 index 0000000..1c47c1e --- /dev/null +++ b/images/ubuntu/20.04/extra-packages @@ -0,0 +1,9 @@ +curl +flatpak-xdg-utils +git +gnupg2 +keyutils +tree +unzip +zip +zsh diff --git a/images/ubuntu/22.04/Containerfile b/images/ubuntu/22.04/Containerfile new file mode 100644 index 0000000..94af429 --- /dev/null +++ b/images/ubuntu/22.04/Containerfile @@ -0,0 +1,38 @@ +FROM docker.io/library/ubuntu:22.04 + +LABEL com.github.containers.toolbox="true" \ + name="ubuntu-toolbox" \ + version="22.04" \ + usage="This image is meant to be used with the toolbox command" \ + summary="Base image for creating Ubuntu toolbox containers" \ + maintainer="Ievgen Popovych " + +# Remove apt configuration optimized for containers +# Remove docker-gzip-indexes to help with "command-not-found" +RUN rm /etc/apt/apt.conf.d/docker-gzip-indexes /etc/apt/apt.conf.d/docker-no-languages + +# Enable myhostname nss plugin for clean hostname resolution without patching +# hosts (at least for sudo), add it right after 'files' entry. We expect that +# this entry is not present yet. Do this early so that package postinst (which +# adds it too late in the order) skips this step +RUN sed -Ei 's/^(hosts:.*)(\)\s*(.*)/\1\2 myhostname \3/' /etc/nsswitch.conf + +# Restore documentation but do not upgrade all packages +# Install ubuntu-minimal & ubuntu-standard +# Install extra packages as well as libnss-myhostname +COPY extra-packages / +RUN sed -Ei '/apt-get (update|upgrade)/s/^/#/' /usr/local/sbin/unminimize && \ + apt-get update && \ + yes | /usr/local/sbin/unminimize && \ + DEBIAN_FRONTEND=noninteractive apt-get -y install \ + ubuntu-minimal ubuntu-standard \ + libnss-myhostname \ + $(cat extra-packages | xargs) && \ + rm -rd /var/lib/apt/lists/* +RUN rm /extra-packages + +# Fix empty bind-mount to clear selinuxfs (see #337) +RUN mkdir /usr/share/empty + +# Add flatpak-spawn to /usr/bin +RUN ln -s /usr/libexec/flatpak-xdg-utils/flatpak-spawn /usr/bin/ diff --git a/images/ubuntu/22.04/extra-packages b/images/ubuntu/22.04/extra-packages new file mode 100644 index 0000000..1c47c1e --- /dev/null +++ b/images/ubuntu/22.04/extra-packages @@ -0,0 +1,9 @@ +curl +flatpak-xdg-utils +git +gnupg2 +keyutils +tree +unzip +zip +zsh diff --git a/images/ubuntu/22.10/Containerfile b/images/ubuntu/22.10/Containerfile new file mode 100644 index 0000000..45e4256 --- /dev/null +++ b/images/ubuntu/22.10/Containerfile @@ -0,0 +1,38 @@ +FROM docker.io/library/ubuntu:22.10 + +LABEL com.github.containers.toolbox="true" \ + name="ubuntu-toolbox" \ + version="22.10" \ + usage="This image is meant to be used with the toolbox command" \ + summary="Base image for creating Ubuntu toolbox containers" \ + maintainer="Ievgen Popovych " + +# Remove apt configuration optimized for containers +# Remove docker-gzip-indexes to help with "command-not-found" +RUN rm /etc/apt/apt.conf.d/docker-gzip-indexes /etc/apt/apt.conf.d/docker-no-languages + +# Enable myhostname nss plugin for clean hostname resolution without patching +# hosts (at least for sudo), add it right after 'files' entry. We expect that +# this entry is not present yet. Do this early so that package postinst (which +# adds it too late in the order) skips this step +RUN sed -Ei 's/^(hosts:.*)(\)\s*(.*)/\1\2 myhostname \3/' /etc/nsswitch.conf + +# Restore documentation but do not upgrade all packages +# Install ubuntu-minimal & ubuntu-standard +# Install extra packages as well as libnss-myhostname +COPY extra-packages / +RUN sed -Ei '/apt-get (update|upgrade)/s/^/#/' /usr/local/sbin/unminimize && \ + apt-get update && \ + yes | /usr/local/sbin/unminimize && \ + DEBIAN_FRONTEND=noninteractive apt-get -y install \ + ubuntu-minimal ubuntu-standard \ + libnss-myhostname \ + $(cat extra-packages | xargs) && \ + rm -rd /var/lib/apt/lists/* +RUN rm /extra-packages + +# Fix empty bind-mount to clear selinuxfs (see #337) +RUN mkdir /usr/share/empty + +# Add flatpak-spawn to /usr/bin +RUN ln -s /usr/libexec/flatpak-xdg-utils/flatpak-spawn /usr/bin/ diff --git a/images/ubuntu/22.10/extra-packages b/images/ubuntu/22.10/extra-packages new file mode 100644 index 0000000..1c47c1e --- /dev/null +++ b/images/ubuntu/22.10/extra-packages @@ -0,0 +1,9 @@ +curl +flatpak-xdg-utils +git +gnupg2 +keyutils +tree +unzip +zip +zsh