[Bug 1926732] Re: Add ubuntu-oci project for building OCI-ready tarballs with livecd-rootfs

Thomas Bechtold 1926732 at bugs.launchpad.net
Fri May 14 07:51:30 UTC 2021 

bionic verification successful.

I changed the testing plan given that using the package from proposed
with ubuntu-old-fashioned is not that easy.

I did now use launchpad itself to build (see
https://code.launchpad.net/~toabctl/+livefs/ubuntu/bionic/proposed):

- bionic ubuntu-oci build: https://code.launchpad.net/~toabctl/+livefs/ubuntu/bionic/proposed/+build/275398/+files/buildlog_ubuntu_bionic_amd64_amd64-minimized-all_proposed_BUILDING.txt.gz
- bionic ubuntu-base build: https://code.launchpad.net/~toabctl/+livefs/ubuntu/bionic/proposed/+build/275412/+files/buildlog_ubuntu_bionic_amd64_amd64-minimized-all_proposed_BUILDING.txt.gz

Testing the docker container tarball:

$ cat << EOF > Dockerfile
FROM scratch
ADD bionic-minimal-cloudimg-amd64-root.tar.gz /
CMD ["/bin/bash"]
EOF

$ docker build .
Sending build context to Docker daemon  26.05MB
Step 1/3 : FROM scratch
 ---> 
Step 2/3 : ADD bionic-minimal-cloudimg-amd64-root.tar.gz /
 ---> 77389ea55ba2
Step 3/3 : CMD ["/bin/bash"]
 ---> Running in ed79500badff
Removing intermediate container ed79500badff
 ---> 5cd1b3e0d127
Successfully built 5cd1b3e0d127
$ docker run -it 5cd1b3e0d127 uname -a
Linux b4ecacff15c4 5.11.0-16-generic #17-Ubuntu SMP Wed Apr 14 20:12:43 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux


Size of bionic-minimal-cloudimg-amd64-root.tar.gz is 26047357 which is good.

** Tags removed: verification-needed verification-needed-bionic
** Tags added: verification-done verification-done-bionic

** Changed in: livecd-rootfs (Ubuntu)
     Assignee: (unassigned) => Thomas Bechtold (toabctl)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to livecd-rootfs in Ubuntu.
https://bugs.launchpad.net/bugs/1926732

Title:
  Add ubuntu-oci project for building OCI-ready tarballs with livecd-
  rootfs

Status in livecd-rootfs package in Ubuntu:
  Fix Released
Status in livecd-rootfs source package in Bionic:
  Fix Committed
Status in livecd-rootfs source package in Focal:
  Fix Committed
Status in livecd-rootfs source package in Groovy:
  Fix Committed
Status in livecd-rootfs source package in Hirsute:
  Fix Committed

Bug description:
  [Impact]

  Currently the ubuntu-base livecd-rootfs project is used to build tarballs that are the base for building docker/OCI images.
  The tarballs produced with the ubuntu-base project are modified externally (see https://github.com/tianon/docker-brew-ubuntu-core/blob/master/update.sh ) to create the "official" ubuntu images on dockerhub.

  When including the ubuntu-oci project into livecd-rootfs, we can build
  tarballs that already contain the changes that are currently done
  externally. This has multiple advantages:

  1) a Dockerfile using that tarball would no longer have to modify anything (means less layers)
  2) publishing new OCI images no longer depends on the external dockerhub image creation. Currently eg. the AWS ECR ubuntu containers depend on the containers from dockerhub. That would be no longer the case with this change
  3) Possible faster reaction on CVEs. no longer depending on external processes.

  [Test Plan]

  1) build ubuntu-oci project
  a) Build a test ubuntu-oci tarball with ubuntu-old-fashioned:

  ./scripts/ubuntu-bartender/ubuntu-bartender --no-cleanup --  --series
  impish --image-format plain --project ubuntu-oci --subproject
  minimized

  b) create a Dockerfile using the tarball created in step 1):

  cat << EOF > Dockerfile
  FROM scratch
  ADD ubuntu-impish-oci-cloudimg-amd64-root.tar.gz /
  CMD ["/bin/bash"]
  EOF

  c) build the container

  docker build .

  d) run something in the container:

  docker run -it $container-id uname -a

  e) check the size of the docker image and compare with the image for
  the same series available on dockerhub

  2) build another project (ubuntu-base minimized)
  a) Build a test ubuntu-base minimized project with ubuntu-old-fashioned to make sure the build does not break

  
  [Where problems could occur]

  This change could break other livecd-rootfs projects which might lead
  to failed builds. But beside that, there is nothing I can think of
  that would be affected by this change.

  [Other Info]

  When this is accepted, there will be livefs builds available at
  https://launchpad.net/~cloud-images-release-
  managers/+livefs/ubuntu/$SERIES/ubuntu-oci

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/1926732/+subscriptions

More information about the foundations-bugs mailing list