Changes in the container stack

Lucas Kanashiro kanashiro at ubuntu.com
Tue Aug 1 21:45:59 UTC 2023 

Hi -devel,


Historically, the container stack, which is composed by src:docker.io, 
src:containerd and src:runc, has diverged from Debian to deliver the 
"upstream" experience to our users [1] instead of worrying too much 
about backward compatibility or regressions. However, recently, those 
fast-moving projects have been introducing some breaking changes which 
have impacted an increasing number of packages (Golang specifically) in 
the archive. Not just the breaking changes have been an issue but also 
the way we maintain those packages, bundling all the vendor code (rdeps 
cannot load the vendor code without introducing a delta), so we can 
easily backport them to old releases.


With that in mind, we, the Server team, identified the need to decouple 
the application (what users really use) and the library (what is used by 
rdeps) in a way that, on the one hand, we can keep following upstream 
projects without worrying about breaking changes and on the other hand, 
we keep the library (-dev package) stable to avoid breakages of packages 
sync'ed from Debian or already in stable releases during SRUs.


The way this decoupling was implemented this cycle (Mantic) can be 
summarized as follows:


- src:docker.io now provides just the -dev package (library) and it is 
in "sync" with Debian, without bundled vendor code (i.e., with proper 
dependencies on Debian packages). Sync is in quotation marks because 
there is a delta to make it not provide the docker.io binary anymore 
(application). And now there is a new src:docker.io-app, which provides 
just the application and the documentation for our users.


- The same was done to src:containerd. Now, src:containerd provides just 
the library and src:containerd-app provides the application.


- src:runc was kept as is, one source package providing application and 
library. It will very likely follow docker.io and containerd in the next 
cycle. It was not done now because it has not presented big issues, but 
for consistency we will follow the same pattern. I'll let you know once 
this happens.


The changes listed above are about to be SRU'ed to all supported 
releases [2].


With that, the -dev packages of docker.io and containerd will be kept 
stable in all supported releases from now on (also devel). And in the 
near future, the same will happen for runc. Just the -app source 
packages will be updated across all releases with major version bumps; 
I'll be working on updating the current SRU exception to cover those 
changes.


I've sent a heads-up email to people actively working on those packages 
(Security and CPC) but here is another reminder.


[1] https://wiki.ubuntu.com/DockerUpdates

[2] 
https://bugs.launchpad.net/ubuntu/lunar/+source/docker.io-app/+bug/2022390


Cheers!

-- 
Lucas Kanashiro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20230801/9a414648/attachment.html>

More information about the ubuntu-devel mailing list