~toabctl/livecd-rootfs:sru-bionic-lp1930686

Branch merges

Propose for merging

Merged into livecd-rootfs:ubuntu/bionic at revision 2d0ffb244ff53bfece57c6406c89abc364028fe9

Ubuntu Core Development Team: Pending requested 2021-06-03

Diff: 28 lines (+8/-1)

2 files modified

debian/changelog (+7/-0)
live-build/auto/build (+1/-1)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

2d0ffb2... by Thomas Bechtold on 2021-06-03

Fix device node deletion in OCI rootfs tarballs (LP:#1930686)

The bionic tarballs created for the minimized OCI project do contain
files in /dev/ . That's not wanted and might cause problems[0] so do
remove these files.

[0] https://github.com/tianon/docker-brew-ubuntu-core/issues/62

332213f... by Steve Langasek on 2021-05-22

releasing package livecd-rootfs version 2.525.54

aace616... by Steve Langasek on 2021-05-22

Merge remote-tracking branch 'codyshepherd/buildd/hide-grub-menu-bb' into ubuntu/bionic

a66fde3... by Michael Hudson-Doyle on 2021-05-10

releasing package livecd-rootfs version 2.525.53

b6e8364... by Michael Hudson-Doyle on 2021-05-10

Merge remote-tracking branch 'toabctl/sru-bionic-lp1926732' into ubuntu/bionic

fa07937... by Thomas Bechtold on 2021-04-30

add debian/changelog entry

387ae19... by Thomas Bechtold on 2021-04-20

add configure_oci function and use it in ubuntu-oci

With that, the Dockerfile modifications[0] currently done externally
are done now here. That means that the created rootfs tarball can be
directly used within a Dockerfile to create a container from scratch:

FROM scratch
ADD livecd.ubuntu-oci.rootfs.tar.gz /
CMD ["/bin/bash"]

[0]
https://github.com/tianon/docker-brew-ubuntu-core/blob/master/update.sh

(cherry picked from commit a81972a58b004897bf3e5c14ff371bc2f6b5e4b8)

bc6ae91... by Thomas Bechtold on 2021-04-20

Add new ubuntu-oci project

This is a copy of the ubuntu-base project.
Currently ubuntu-base is used as a base for the docker/OCI container
images. The rootfs tarball that is created with ubuntu-base is
published under [0]. That tarball is used in the FROM statement of the
Dockerfile as base and then a couple of modifications are done inside
of the Dockerfile[1].
The ubuntu-oci project will include the changes that are currently
done in the Dockerfile. With that:

1) a Dockerfile using that tarball will be just a 2 line thing:

   FROM scratch
   ADD ubuntu-hirsute-core-cloudimg-amd64-root.tar.gz /
   CMD ["/bin/bash"]

2) Ubuntu has the full control about the build process of the
docker/OCI container. No external sources (like [1]) need to be
modified anymore.
3) Ubuntu can publish containers without depending on the official
dockerhub containers[2]. Currently the containers for the AWS ECR
registry[3] use as a base[4] the official dockerhub containers. That's
no longer needed because a container just needs a Dockerfile described
in 1)

When the ubuntu-oci project has the modifications from [1] included,
we'll also update [1] to use the ubuntu-oci rootfs tarball as a base
and drop the modifications done at [1].

Note: Creating a new ubuntu-oci project instead of using ubuntu-base
will make sure that we don't break users who are currently using
ubuntu-base rootfs tarballs for doing their own thing.

[0] https://partner-images.canonical.com/core/
[1]
https://github.com/tianon/docker-brew-ubuntu-core/blob/master/update.sh
[2] https://hub.docker.com/_/ubuntu
[3] https://gallery.ecr.aws/ubuntu/ubuntu
[4]
https://launchpad.net/~ubuntu-docker-images/ubuntu-docker-images/+oci/ubuntu/+recipe/ubuntu-20.04

(cherry picked from commit ac4a95b9314cf1f8ce01f42016c271c0a6078372)

f1b2098... by Robert C Jennings on 2021-04-10

releasing package livecd-rootfs version 2.525.52

8039471... by Gauthier Jolly on 2021-03-17

ubuntu-cpc: secure esp mountpoint (LP: #1881006)

Change mount option for ubuntu-cpc images from "defaults" to
"umask=0077". ESP partitions might contain sensitive data and
non-root users shouldn't have read access on it.