From dde3e427720d8cb792686db1ea0f8b37edaf2389 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Wed, 19 Jun 2024 13:39:37 -0400 Subject: [PATCH 01/12] fix: make the docker-dbox work --- apps/docker/Containerfile.docker | 46 ++++++++++++++++++-------------- 1 file changed, 26 insertions(+), 20 deletions(-) diff --git a/apps/docker/Containerfile.docker b/apps/docker/Containerfile.docker index 981155b..cda958d 100644 --- a/apps/docker/Containerfile.docker +++ b/apps/docker/Containerfile.docker @@ -1,23 +1,29 @@ FROM ghcr.io/ublue-os/ubuntu-toolbox -RUN apt-get update && \ - apt-get install -y \ - ca-certificates \ - curl \ - systemd && \ - mkdir -p /etc/apt/keyrings/ && \ - curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o \ - /etc/apt/keyrings/docker.asc && \ - echo "deb [arch=$(dpkg --print-architecture) \ - signed-by=/etc/apt/keyrings/docker.asc] \ - https://download.docker.com/linux/ubuntu \ - $(. /etc/os-release && echo "$VERSION_CODENAME") stable" \ - > /etc/apt/sources.list.d/docker.list && \ - apt-get update && \ - apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin && \ - apt-get clean && \ - mkdir -p /var/lib/docker && \ - groupmod -g 252 docker && \ - systemctl enable docker.socket - +RUN < /etc/apt/sources.list.d/docker.list +apt-get update +apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin +apt-get clean +mkdir -p /var/lib/docker +rm -rf /var/lib/docker/** +rm -f /usr/local/bin/docker +cat > /usr/lib/systemd/system/docker-setup-var.service <<- EEOF +[Unit] +Description=Setup Docker Socket in /var/run/ +After=docker.socket +[Service] +ExecStart=sh -c "while true; do sleep 1; /usr/bin/socat UNIX-LISTEN:/run/host/var/run/docker.sock,reuseaddr,fork,group=docker,umask=007 UNIX-CONNECT:/var/run/docker.sock; done" +[Install] +WantedBy=sockets.target +EEOF +groupmod -g 252 docker +systemctl enable docker-setup-var.service +EOF CMD ["/sbin/init"] From 911b10686bde323aa66193c4569b25ef03599599 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Wed, 19 Jun 2024 14:11:38 -0400 Subject: [PATCH 02/12] chore: use 24.04 for more up to date podman --- .github/workflows/build-docker-app.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-docker-app.yml b/.github/workflows/build-docker-app.yml index 450e09d..6001891 100644 --- a/.github/workflows/build-docker-app.yml +++ b/.github/workflows/build-docker-app.yml @@ -17,7 +17,7 @@ concurrency: jobs: push-ghcr: name: Build and push image - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: contents: read packages: write From 5260c668904af4e60cfa343d052d5eb29dcc00f5 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Wed, 19 Jun 2024 14:21:14 -0400 Subject: [PATCH 03/12] chore: try using the obs updated podman --- .github/workflows/build-docker-app.yml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-docker-app.yml b/.github/workflows/build-docker-app.yml index 6001891..18e6331 100644 --- a/.github/workflows/build-docker-app.yml +++ b/.github/workflows/build-docker-app.yml @@ -17,7 +17,7 @@ concurrency: jobs: push-ghcr: name: Build and push image - runs-on: ubuntu-24.04 + runs-on: ubuntu-22.04 permissions: contents: read packages: write @@ -36,6 +36,19 @@ jobs: pubkey: https://raw.githubusercontent.com/ublue-os/toolboxes/main/cosign.pub registry: ghcr.io/ublue-os + # Update Podman + - name: Setup Podman + shell: bash + run: | + # from https://askubuntu.com/questions/1414446/whats-the-recommended-way-of-installing-podman-4-in-ubuntu-22-04 + ubuntu_version='22.04' + key_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}/Release.key" + sources_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}" + echo "deb $sources_url/ /" | sudo tee /etc/apt/sources.list.d/devel-kubic-libcontainers-unstable.list + curl -fsSL $key_url | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null + sudo apt-get update + sudo apt-get install -y podman + # Build metadata - name: Image Metadata uses: docker/metadata-action@v5 From 4e4295c91e5218e15b3fdfbd7d20f7c85ced2f48 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Wed, 19 Jun 2024 15:10:59 -0400 Subject: [PATCH 04/12] chore: use docker to build docker-distrobox --- .github/workflows/build-docker-app.yml | 69 ++++++++------------------ 1 file changed, 22 insertions(+), 47 deletions(-) diff --git a/.github/workflows/build-docker-app.yml b/.github/workflows/build-docker-app.yml index 18e6331..01a83a4 100644 --- a/.github/workflows/build-docker-app.yml +++ b/.github/workflows/build-docker-app.yml @@ -36,18 +36,13 @@ jobs: pubkey: https://raw.githubusercontent.com/ublue-os/toolboxes/main/cosign.pub registry: ghcr.io/ublue-os - # Update Podman - - name: Setup Podman - shell: bash - run: | - # from https://askubuntu.com/questions/1414446/whats-the-recommended-way-of-installing-podman-4-in-ubuntu-22-04 - ubuntu_version='22.04' - key_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}/Release.key" - sources_url="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_${ubuntu_version}" - echo "deb $sources_url/ /" | sudo tee /etc/apt/sources.list.d/devel-kubic-libcontainers-unstable.list - curl -fsSL $key_url | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable.gpg > /dev/null - sudo apt-get update - sudo apt-get install -y podman + # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. + # https://github.com/macbre/push-to-ghcr/issues/12 + - name: Lowercase Registry + id: registry_case + uses: ASzc/change-string-case-action@v6 + with: + string: ${{ env.IMAGE_REGISTRY }} # Build metadata - name: Image Metadata @@ -55,44 +50,13 @@ jobs: id: meta with: images: | - ${{ env.IMAGE_NAME }} + ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }} labels: | io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/boxkit/main/README.md + tags: | + ${{ env.IMAGE_TAGS }} - # Build image using Buildah action - - name: Build Image - id: build_image - uses: redhat-actions/buildah-build@v2 - with: - containerfiles: | - ./apps/docker/Containerfile.docker - image: ${{ env.IMAGE_NAME }} - tags: ${{ env.IMAGE_TAGS }} - labels: ${{ steps.meta.outputs.labels }} - oci: false - - # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR. - # https://github.com/macbre/push-to-ghcr/issues/12 - - name: Lowercase Registry - id: registry_case - uses: ASzc/change-string-case-action@v6 - with: - string: ${{ env.IMAGE_REGISTRY }} - - # Push the image to GHCR (Image Registry) - - name: Push To GHCR - uses: redhat-actions/push-to-registry@v2 - if: github.event_name != 'pull_request' - id: push - env: - REGISTRY_USER: ${{ github.actor }} - REGISTRY_PASSWORD: ${{ github.token }} - with: - image: ${{ steps.build_image.outputs.image }} - tags: ${{ steps.build_image.outputs.tags }} - registry: ${{ steps.registry_case.outputs.lowercase }} - username: ${{ env.REGISTRY_USER }} - password: ${{ env.REGISTRY_PASSWORD }} + # Login to Contaier Registry if not a PR - name: Login to GitHub Container Registry uses: docker/login-action@v3 if: github.event_name != 'pull_request' @@ -101,6 +65,17 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + # Build and Push Image + - name: Build and Push Image + id: build_image + uses: docker/build-push-action@v6 + with: + file: ./apps/docker/Containerfile.docker + images: ${{ env.IMAGE_NAME }} + tags: ${{ env.IMAGE_TAGS }} + labels: ${{ steps.meta.output.labels }} + push: ${{ github.event_name != 'pull_request' }} + # Sign container - uses: sigstore/cosign-installer@v3.5.0 if: github.event_name != 'pull_request' From d4f90ead0695f9260515b9d12a52b83632afdbd1 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Wed, 19 Jun 2024 15:13:41 -0400 Subject: [PATCH 05/12] chore: remove unnecessary input --- .github/workflows/build-docker-app.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-docker-app.yml b/.github/workflows/build-docker-app.yml index 01a83a4..5c02f37 100644 --- a/.github/workflows/build-docker-app.yml +++ b/.github/workflows/build-docker-app.yml @@ -70,11 +70,10 @@ jobs: id: build_image uses: docker/build-push-action@v6 with: + push: ${{ github.event_name != 'pull_request' }} file: ./apps/docker/Containerfile.docker - images: ${{ env.IMAGE_NAME }} - tags: ${{ env.IMAGE_TAGS }} labels: ${{ steps.meta.output.labels }} - push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.output.tags }} # Sign container - uses: sigstore/cosign-installer@v3.5.0 From fc137c7f60a17130d430e9fd61399b0dff2f2180 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Wed, 19 Jun 2024 16:59:23 -0400 Subject: [PATCH 06/12] chore: use docker install script. Support Setting the group for the exported socket via an environment variable set in the distrobox assemble file. Set DOCKERGROUP=$GROUP with the additional flags key and -e flag to set it at assemble time. Fallback to the generic docker group at GID 252 otherwise. --- apps/docker/Containerfile.docker | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/apps/docker/Containerfile.docker b/apps/docker/Containerfile.docker index cda958d..e85c26e 100644 --- a/apps/docker/Containerfile.docker +++ b/apps/docker/Containerfile.docker @@ -2,28 +2,26 @@ FROM ghcr.io/ublue-os/ubuntu-toolbox RUN < /etc/apt/sources.list.d/docker.list -apt-get update -apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin +curl -fsSL https://get.docker.com -o /tmp/get-docker.sh +sh /tmp/get-docker.sh apt-get clean mkdir -p /var/lib/docker rm -rf /var/lib/docker/** rm -f /usr/local/bin/docker -cat > /usr/lib/systemd/system/docker-setup-var.service <<- EEOF +cat > /usr/lib/systemd/system/docker-setup.service <<- EEOF [Unit] Description=Setup Docker Socket in /var/run/ After=docker.socket [Service] -ExecStart=sh -c "while true; do sleep 1; /usr/bin/socat UNIX-LISTEN:/run/host/var/run/docker.sock,reuseaddr,fork,group=docker,umask=007 UNIX-CONNECT:/var/run/docker.sock; done" +PassEnvironment=DOCKERGROUP +ExecStart=/usr/bin/bash -c "while true; do sleep 1; /usr/bin/socat UNIX-LISTEN:/run/host/var/run/docker.sock,reuseaddr,fork,group=\${DOCKERGROUP:-docker},umask=007 UNIX-CONNECT:/var/run/docker.sock; done" [Install] WantedBy=sockets.target EEOF groupmod -g 252 docker -systemctl enable docker-setup-var.service +systemctl enable docker-setup.service +rm -rf /tmp /var/tmp EOF CMD ["/sbin/init"] From c733aab5fa3bc28306eb78ce9f5c5b3863dc41bf Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Wed, 19 Jun 2024 17:10:55 -0400 Subject: [PATCH 07/12] chore: add example distrobox.ini files for apps --- apps/docker/distrobox.ini | 10 ++++++++++ apps/incus/distrobox.ini | 8 ++++++++ 2 files changed, 18 insertions(+) create mode 100644 apps/docker/distrobox.ini create mode 100644 apps/incus/distrobox.ini diff --git a/apps/docker/distrobox.ini b/apps/docker/distrobox.ini new file mode 100644 index 0000000..a0600e1 --- /dev/null +++ b/apps/docker/distrobox.ini @@ -0,0 +1,10 @@ +[docker] +image=localhost/docker-distrobox:latest +# Change the group name to your desired group. Otherwise falls back to docker @ gid 252 +#additional_flags="-e DOCKERGROUP=$group" +init=true +nvidia=true +root=true +entry=false +volume="/var/lib/docker" +init_hooks="usermod -aG docker ${USER}" diff --git a/apps/incus/distrobox.ini b/apps/incus/distrobox.ini new file mode 100644 index 0000000..183180e --- /dev/null +++ b/apps/incus/distrobox.ini @@ -0,0 +1,8 @@ +[incus] +image=ghcr.io/ublue-os/incus-distrobox:latest +init=true +nvidia=true +root=true +entry=false +volume="/var/lib/incus:/var/lib/incus /lib/modules:/lib/modules:ro" +init_hooks="usermod -aG incus-admin ${USER}" From aa514e5b7fb2c3ccd79f99ba06355ca809478d27 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Wed, 19 Jun 2024 17:17:05 -0400 Subject: [PATCH 08/12] chore: correct image location --- apps/docker/distrobox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/docker/distrobox.ini b/apps/docker/distrobox.ini index a0600e1..55f32b1 100644 --- a/apps/docker/distrobox.ini +++ b/apps/docker/distrobox.ini @@ -1,5 +1,5 @@ [docker] -image=localhost/docker-distrobox:latest +image=ghcr.io/ublue-os/docker-distrobox:latest # Change the group name to your desired group. Otherwise falls back to docker @ gid 252 #additional_flags="-e DOCKERGROUP=$group" init=true From 65a2254c2349a4a3da28ed77d2d48e1e948eb731 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Wed, 19 Jun 2024 19:17:08 -0400 Subject: [PATCH 09/12] chore: missing s --- .github/workflows/build-docker-app.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-docker-app.yml b/.github/workflows/build-docker-app.yml index 5c02f37..0642602 100644 --- a/.github/workflows/build-docker-app.yml +++ b/.github/workflows/build-docker-app.yml @@ -72,8 +72,8 @@ jobs: with: push: ${{ github.event_name != 'pull_request' }} file: ./apps/docker/Containerfile.docker - labels: ${{ steps.meta.output.labels }} - tags: ${{ steps.meta.output.tags }} + labels: ${{ steps.meta.outputs.labels }} + tags: ${{ steps.meta.outputs.tags }} # Sign container - uses: sigstore/cosign-installer@v3.5.0 From c72da0cd07711f3664cd9b92b2aeef6e3ccca023 Mon Sep 17 00:00:00 2001 From: m2 <69128853+m2Giles@users.noreply.github.com> Date: Sat, 22 Jun 2024 11:38:36 -0400 Subject: [PATCH 10/12] chore(ci): tags for signing docker app --- .github/workflows/build-docker-app.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-docker-app.yml b/.github/workflows/build-docker-app.yml index 0642602..b4fe15a 100644 --- a/.github/workflows/build-docker-app.yml +++ b/.github/workflows/build-docker-app.yml @@ -86,7 +86,7 @@ jobs: wc -c cosign.key cosign sign -y --key cosign.key ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS} env: - TAGS: ${{ steps.push.outputs.digest }} + TAGS: ${{ steps.build_image.outputs.digest }} COSIGN_EXPERIMENTAL: false COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }} From cd655f719f7318b05af19c6f22c63fa4a03d76e4 Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 22 Jun 2024 12:27:03 -0400 Subject: [PATCH 11/12] chore(ci): make docker outputs work with toJSON. --- .github/workflows/build-docker-app.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-docker-app.yml b/.github/workflows/build-docker-app.yml index b4fe15a..feb4c0f 100644 --- a/.github/workflows/build-docker-app.yml +++ b/.github/workflows/build-docker-app.yml @@ -92,4 +92,4 @@ jobs: - name: Echo outputs run: | - echo "${{ toJSON(steps.push.outputs) }}" + echo "${{ toJSON(steps.build_image.outputs) }}" From 33070cfa5c14f066ae83a76b0482066f8334fc8e Mon Sep 17 00:00:00 2001 From: m2Giles <69128853+m2Giles@users.noreply.github.com> Date: Sat, 22 Jun 2024 20:00:41 -0400 Subject: [PATCH 12/12] chore: update README --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 35bd932..4c95fc4 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,8 @@ Centralized repository of containers designed for Toolbox/Distrobox with batteri - `wolfi-toolbox` - a WolfiOS base image - `bluefin-cli` - a WolfiOS based image with Homebrew and a strongly opinionated default experience - `powershell-toolbox` - a WolfiOS based image with PowerShell and other Microsoft related tooling +- `docker-distrobox` - an Ubuntu distrobox with Docker-CE. It will export the docker socket to the host. +- `incus-distrobox` - an Ubuntu distrobox with Incus packages from Zabbly. It is strongly recommended that the [Ptyxis terminal](https://gitlab.gnome.org/chergert/ptyxis) be used with these toolboxes and is the default experience in both [Bazzite](https://bazzite.gg) and [Bluefin](https://projectbluefin.io). @@ -57,6 +59,9 @@ Both `bluefin-cli` and `wolfi-toolbox` have Wolfi developer variants built from `powershell-toolbox` is based on `WolfiOS`. Its primary purpose is to be a dedicated container for Microsoft related technologies used during development. It contains [PowerShell](https://github.com/PowerShell/PowerShell), [Azure CLI](https://github.com/Azure/azure-cli) and [.NET](https://github.com/dotnet/core) (latest LTS) configured out of the box. It also includes a small selection of other useful CLI utilities to improve the overall experience. +### Incus and Docker Distrobox +Both `incus-distrobox` and `docker-distrobox` are designed to be run with a rootful, init distrobox. [Incus](https://linuxcontainers.org/incus/) uses packages built by [Zabbly](https://github.com/zabbly/incus). [Docker](https://www.docker.com/) uses the [convience install script](https://docs.docker.com/engine/install/ubuntu/#install-using-the-convenience-script) from Docker. Both are built from the ubuntu-toolbox built in this repo. Example distrobox-assemble files are with each of them. Both work well with a volume mount for their respective files in `/var/lib/{docker,incus}`. Both can be setup to autostart on boot with a `systemd service`. However, your user sockets for `Xorg`, `Wayland`, and `Pulseaudio` will not be setup until you login. For the `docker-distrobox` you can customize the group of the exported `docker socket` by setting an environment variable at distrobox creation time for `DOCKERGROUP`. The assemble file has more information. Both the `incus-distrobox` and `docker-distrobox` set the unix-groups. For incus, matching `incus-admin` inside the distrobox and on the host will enable you to use the `incus socket` from the host. + # Stats ## Star History