Introduce Ubuntu LTS and latest non-LTS images

[Jmennius]

This adds Ubuntu 16.04, 18.04, 20.04, 21.10 and 22.04 images that play well with toolbox:
password-less sudo, able to resolve its own hostname (so that sudo does not complain), SELinux is masked off, etc.
Since 18.04 Ubuntu images on the Docker Hub are 'minimized', so we have to undo that.
Pushed images to https://hub.docker.com/r/jmennius/ubuntu-toolbox for the time being.

Users may want to generate their locale after toolbox creation with sudo sed -i "/${LANG}/s/^# //g" /etc/locale.gen && sudo locale-gen (assuming that you have LANG set) to avoid perl and others complain about it.

I've been using an 18.04 image for several months 1.5yrs now with great success.

Some things I'd like to resolve or discuss at least (need help/guidance/decisionmaking/PRs):

• Use actual quay toolbx robot credentials.
• READMEs are not symlinked. Didn't get this to work as symlink target is out of build context. images: Use a regular file, not a symbolic link, for README.md #723
• Moreover, I'd also like to share extra-packages between images. Maybe we can store all Containerfiles in the ubuntu and a single readme and extra-packages alongside?
• align READMEs with the rest of the repo before merging
• Needs Drop unnecessary and wrong group detection on host #401 to function
• I can mention myself as the image maintainer if that's the way to go.
• Any CI/CD integration? Yes, see Consider building and shipping toolbx images using Quay.io #1019
• I've only tested this with a shell-based toolbox. Works perfectly with golang implementation.
• Did not use NAME and VERSION variables (discussed in NAME and VERSION leak into toolbox container env #188)

I'd be grateful for any testing and feedback on their use-case and environment.

Alternative-to: #298

[softwarefactory-project-zuul]

Build failed.

• shellcheck : SUCCESS in 1m 56s
• test-with-podman-stable-f30 : FAILURE in 2m 45s
• test-with-podman-stable-f31 : FAILURE in 3m 03s
• test-with-podman-rawhide : FAILURE in 3m 53s

[Jmennius]

I'd really appreciate some feedback ;) @debarshiray ?

[HarryMichal]

I'd really appreciate some feedback ;) @debarshiray ?

I'd love to give this a spin but I'm currently working on something else.. :(

[Jmennius]

@HarryMichal no problem :)

What do you think about sharing extra-packages and READMEs? Any nice way to do it?
Maybe we can drop READMEs from images themselves?

[HarryMichal]

In my opinion, sharing of those files mainly depends on the way the images will be built. fedora-toolbox images are built in Fedora's build system and their definitions are maintained there (meaning the definitions in this repository could be called a mirror - or is it the other way @debarshiray?). If the container definitions are tracked in a got repository where every version is in a separate branch than it's not really possible to share. If they are in a single branch but separated in their own directories, than a single file shared by all definitions could be placed in the root directory. But that approach may be dangerous a bit if the package is renamed in some of those version (though in some cases very unlikely).

I myself never worked with Docker Hub and other tools so I can't really help much with this.

Dropping READMEs seems okay-ish to me. But on the other hand having some kind of file that holds some info about the image/tool is nice. Maybe some specialized file that will be defined once, will be shorter than the project's README that will not require to be updated with every tweak to the project's README?

[mfocko]

used the Dockerfile for 20.10, seems to be running OK 👍

[mtalexan]

Probably out-of-scope for the intended changes here, but support for ubuntu as a distribution under the (-d|--distribution) and the related releases under the (-r|--release) options would require updating the src/pkg/utils/utils.go supportedDistros map to add a Distro structure (and the related functions to fill it) for an ubuntu key. Otherwise the results of these builds are limited to use of the --image option.

[Jmennius]

cc @debarshiray

[softwarefactory-project-zuul]

Build succeeded.

• shellcheck : SUCCESS in 1m 56s
• system-test-fedora-32 : SUCCESS in 5m 10s
• system-test-fedora-33 : SUCCESS in 5m 37s
• system-test-fedora-34 : SUCCESS in 5m 34s
• system-test-fedora-rawhide : SUCCESS in 10m 45s

[Jmennius]

I now get WARNING: libcap needs an update (cap=40 should have a name). when entering a 20.04 toolbox.
This is likely because I am using Linux 5.10 (Fedora 33) but Ubuntu 20.04 userspace ships with libcap2 2.32 which is not aware of CAP_CHECKPOINT_RESTORE (40).
Everyhting works fine though.

[runfalk]

I too would really like to see Ubuntu support being included one way or another. My use case is doing firmware development on Fedora when the rest of the team uses Ubuntu. They have set up install scripts and debs for installing the all the required cross compilation targets.

I tried the image in this project using:

$ toolbox create --image registry.hub.docker.com/jmennius/ubuntu-toolbox:20.04 firmaredev

The /README.md talks about using systemctl for managing services, but it doesn't seem like systemd is actually running in the container:

$ systemctl
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down

This seems to be documented in another issue as well: #176.

Other than some dbus errors (probably because systemd isn't running) and the libpcap error I don't see any other problems with these containers. I tried both 20.04 and 18.04.

I shouldn't hijack this MR, but is there a way of running services like SSH in the container?

[Jmennius]

Guys, any updates or feedback?

[Jmennius]

Probably out-of-scope for the intended changes here, but support for ubuntu as a distribution under the (-d|--distribution) and the related releases under the (-r|--release) options would require updating the src/pkg/utils/utils.go supportedDistros map to add a Distro structure (and the related functions to fill it) for an ubuntu key. Otherwise the results of these builds are limited to use of the --image option.

I've implemented this when I ported it to Go (back in April).

[Jmennius]

The /README.md talks about using systemctl for managing services, but it doesn't seem like systemd is actually running in the container:

$ systemctl
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down

This seems to be documented in another issue as well: #176.

Other than some dbus errors (probably because systemd isn't running) and the libpcap error I don't see any other problems with these containers. I tried both 20.04 and 18.04.

I shouldn't hijack this MR, but is there a way of running services like SSH in the container?

Well, I wouldn't expect any of this to really work, the README should probably be corrected.
I don't think that running sshd is feasible, but you can probably google that with regards to containers in general.

[dabrain34]

I gave a try to 16.04 and 18.04 and both are failing for the same reason as:

level=debug msg="Binding /tmp to /run/host/tmp"
mount: wrong fs type, bad option, bad superblock on /run/host/tmp,
       missing codepage or helper program, or other error

       In some cases useful info is found in syslog - try
       dmesg | tail or so.
Error: failed to bind /tmp to /run/host/tmp

The 20.04 image from #878 is working fine.

I'm running podman and toolbox 0.0.99.3 on a Debian SID

[dabrain34]

mounting a tmpfs on /tmp made it work !

mount -o mode=1777,nosuid,nodev -t tmpfs tmpfs /tmp

[Jmennius]

mounting a tmpfs on /tmp made it work !

mount -o mode=1777,nosuid,nodev -t tmpfs tmpfs /tmp

Interesting.. so you didn't have a tmpfs on /tmp on your host (Debian)?
If so - that probably deserves a separate issue to be fixed properly.

edit: I see you've opened #906

[dabrain34]

For now i havent investigated into toolbox code to see how I could propose a patch but the other problem I faced was that on the tip, the binary was not exectutable.

[Jmennius]

Few updates:

• decided to also provide the image for the latest non-LTS release - 21.10 image
• I've noticed a delay when using sudo in new images (and that has probably been there forever... no idea how I lived with it for over a year!?) - fixed by moving myhostname nsswitch entry to the proper place manually instead of trusting package postinst with it.
• few updates to align with fedora image changes
• rebuilt and pushed all images

[softwarefactory-project-zuul]

Build succeeded.

• unit-test : SUCCESS in 5m 05s
• system-test-fedora-33 : SUCCESS in 8m 22s
• system-test-fedora-34 : SUCCESS in 10m 13s
• system-test-fedora-rawhide : SUCCESS in 20m 06s

[travier]

OK, I have access to the toolbx org on Quay.io now.

[travier]

I've set up the robot and permissions on Quay and added the token in the repo here.

[travier]

Note that to clearly distinguish PR & commit workflows, I've used two distinct GitHub Action definition in the toolbx-images repo. This PR is missing the one for PRs (https://github.com/toolbx-images/images/blob/main/.github/workflows/ubuntu-pr.yaml) and thus it is not triggered here.

[debarshiray]

I've set up the robot and permissions on Quay and added the token in
the repo here.

Thanks for doing that, @travier !

What are the next steps? Are we waiting for @Jmennius to update the GitHub Action in this pull request?

Note that to clearly distinguish PR & commit workflows, I've used
two distinct GitHub Action definition in the toolbx-images repo. This
PR is missing the one for PRs
(https://github.com/toolbx-images/images/blob/main/.github/workflows/ubuntu-pr.yaml)
and thus it is not triggered here.

I will let @Jmennius respond to this one.

[debarshiray]

Ping, @travier @Jmennius : what's the next step here?

The most pressing issue right now for Ubuntu support is to get the ubuntu-toolbox images for 23.04 published.

[travier]

The missing bits are in my review #483 (review). Then we should be able to merge this one.

[softwarefactory-project-zuul]

Build succeeded.
https://softwarefactory-project.io/zuul/t/local/buildset/074a7db07d22487f933b780c7317c0cb

✔️ unit-test SUCCESS in 8m 41s
✔️ unit-test-migration-path-for-coreos-toolbox SUCCESS in 3m 24s
✔️ unit-test-restricted SUCCESS in 8m 30s
✔️ system-test-fedora-rawhide SUCCESS in 21m 35s
✔️ system-test-fedora-38 SUCCESS in 20m 51s
✔️ system-test-fedora-37 SUCCESS in 21m 25s
✔️ system-test-fedora-36 SUCCESS in 20m 55s

[debarshiray]

The missing bits are in my review #483 (review). Then we should be able to merge this one.

Okay! I took the liberty to make those changes and merged. I hope I got it right.

[debarshiray]

I filed a pull request to switch the toolbox(1) code and the system tests to use the new location: #1306