We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
moby
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 56da020e6b
Branches Tags
moby
/
contrib
/
mkimage
/
debootstrap

debootstrap 8.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251 
  1. #!/usr/bin/env bash
    2. 

  2. set -e
    3. 

  3. 

  4. mkimgdeb="$(basename "$0")"
    5. 

  5. mkimg="$(dirname "$0").sh"
    6. 

  6. 

  7. usage() {
    8. 

  8. 	echo >&2 "usage: $mkimgdeb rootfsDir suite [debootstrap-args]"
    9. 

  9. 	echo >&2 " note: $mkimgdeb meant to be used from $mkimg"
    10. 

  10. 	exit 1
    11. 

  11. }
    12. 

  12. 

  13. rootfsDir="$1"
    14. 

  14. if [ -z "$rootfsDir" ]; then
    15. 

  15. 	echo >&2 "error: rootfsDir is missing"
    16. 

  16. 	echo >&2
    17. 

  17. 	usage
    18. 

  18. fi
    19. 

  19. shift
    20. 

  20. 

  21. # we have to do a little fancy footwork to make sure "rootfsDir" becomes the second non-option argument to debootstrap
    22. 

  22. 

  23. before=()
    24. 

  24. while [ $# -gt 0 ] && [[ "$1" == -* ]]; do
    25. 

  25. 	before+=( "$1" )
    26. 

  26. 	shift
    27. 

  27. done
    28. 

  28. 

  29. suite="$1"
    30. 

  30. if [ -z "$suite" ]; then
    31. 

  31. 	echo >&2 "error: suite is missing"
    32. 

  32. 	echo >&2
    33. 

  33. 	usage
    34. 

  34. fi
    35. 

  35. shift
    36. 

  36. 

  37. # get path to "chroot" in our current PATH
    38. 

  38. chrootPath="$(type -P chroot || :)"
    39. 

  39. if [ -z "$chrootPath" ]; then
    40. 

  40. 	echo >&2 "error: chroot not found. Are you root?"
    41. 

  41. 	echo >&2
    42. 

  42. 	usage
    43. 

  43. fi
    44. 

  44. 

  45. rootfs_chroot() {
    46. 

  46. 	# "chroot" doesn't set PATH, so we need to set it explicitly to something our new debootstrap chroot can use appropriately!
    47. 

  47. 

  48. 	# set PATH and chroot away!
    49. 

  49. 	PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' \
    50. 

  50. 		"$chrootPath" "$rootfsDir" "$@"
    51. 

  51. }
    52. 

  52. 

  53. # allow for DEBOOTSTRAP=qemu-debootstrap ./mkimage.sh ...
    54. 

  54. : ${DEBOOTSTRAP:=debootstrap}
    55. 

  55. 

  56. (
    57. 

  57. 	set -x
    58. 

  58. 	$DEBOOTSTRAP "${before[@]}" "$suite" "$rootfsDir" "$@"
    59. 

  59. )
    60. 

  60. 

  61. # now for some Docker-specific tweaks
    62. 

  62. 

  63. # prevent init scripts from running during install/update
    64. 

  64. echo >&2 "+ echo exit 101 > '$rootfsDir/usr/sbin/policy-rc.d'"
    65. 

  65. cat > "$rootfsDir/usr/sbin/policy-rc.d" <<-'EOF'
    66. 

  66. 	#!/bin/sh
    67. 

  67. 

  68. 	# For most Docker users, "apt-get install" only happens during "docker build",
    69. 

  69. 	# where starting services doesn't work and often fails in humorous ways. This
    70. 

  70. 	# prevents those failures by stopping the services from attempting to start.
    71. 

  71. 

  72. 	exit 101
    73. 

  73. EOF
    74. 

  74. chmod +x "$rootfsDir/usr/sbin/policy-rc.d"
    75. 

  75. 

  76. # prevent upstart scripts from running during install/update
    77. 

  77. (
    78. 

  78. 	set -x
    79. 

  79. 	rootfs_chroot dpkg-divert --local --rename --add /sbin/initctl
    80. 

  80. 	cp -a "$rootfsDir/usr/sbin/policy-rc.d" "$rootfsDir/sbin/initctl"
    81. 

  81. 	sed -i 's/^exit.*/exit 0/' "$rootfsDir/sbin/initctl"
    82. 

  82. )
    83. 

  83. 

  84. # shrink a little, since apt makes us cache-fat (wheezy: ~157.5MB vs ~120MB)
    85. 

  85. ( set -x; rootfs_chroot apt-get clean )
    86. 

  86. 

  87. # this file is one APT creates to make sure we don't "autoremove" our currently
    88. 

  88. # in-use kernel, which doesn't really apply to debootstraps/Docker images that
    89. 

  89. # don't even have kernels installed
    90. 

  90. rm -f "$rootfsDir/etc/apt/apt.conf.d/01autoremove-kernels"
    91. 

  91. 

  92. # Ubuntu 10.04 sucks... :)
    93. 

  93. if strings "$rootfsDir/usr/bin/dpkg" | grep -q unsafe-io; then
    94. 

  94. 	# force dpkg not to call sync() after package extraction (speeding up installs)
    95. 

  95. 	echo >&2 "+ echo force-unsafe-io > '$rootfsDir/etc/dpkg/dpkg.cfg.d/docker-apt-speedup'"
    96. 

  96. 	cat > "$rootfsDir/etc/dpkg/dpkg.cfg.d/docker-apt-speedup" <<-'EOF'
    97. 

  97. 		# For most Docker users, package installs happen during "docker build", which
    98. 

  98. 		# doesn't survive power loss and gets restarted clean afterwards anyhow, so
    99. 

  99. 		# this minor tweak gives us a nice speedup (much nicer on spinning disks,
    100. 

  100. 		# obviously).
    101. 

  101. 

  102. 		force-unsafe-io
    103. 

  103. 	EOF
    104. 

  104. fi
    105. 

  105. 

  106. if [ -d "$rootfsDir/etc/apt/apt.conf.d" ]; then
    107. 

  107. 	# _keep_ us lean by effectively running "apt-get clean" after every install
    108. 

  108. 	aptGetClean='"rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true";'
    109. 

  109. 	echo >&2 "+ cat > '$rootfsDir/etc/apt/apt.conf.d/docker-clean'"
    110. 

  110. 	cat > "$rootfsDir/etc/apt/apt.conf.d/docker-clean" <<-EOF
    111. 

  111. 		# Since for most Docker users, package installs happen in "docker build" steps,
    112. 

  112. 		# they essentially become individual layers due to the way Docker handles
    113. 

  113. 		# layering, especially using CoW filesystems.  What this means for us is that
    114. 

  114. 		# the caches that APT keeps end up just wasting space in those layers, making
    115. 

  115. 		# our layers unnecessarily large (especially since we'll normally never use
    116. 

  116. 		# these caches again and will instead just "docker build" again and make a brand
    117. 

  117. 		# new image).
    118. 

  118. 

  119. 		# Ideally, these would just be invoking "apt-get clean", but in our testing,
    120. 

  120. 		# that ended up being cyclic and we got stuck on APT's lock, so we get this fun
    121. 

  121. 		# creation that's essentially just "apt-get clean".
    122. 

  122. 		DPkg::Post-Invoke { ${aptGetClean} };
    123. 

  123. 		APT::Update::Post-Invoke { ${aptGetClean} };
    124. 

  124. 

  125. 		Dir::Cache::pkgcache "";
    126. 

  126. 		Dir::Cache::srcpkgcache "";
    127. 

  127. 

  128. 		# Note that we do realize this isn't the ideal way to do this, and are always
    129. 

  129. 		# open to better suggestions (https://github.com/docker/docker/issues).
    130. 

  130. 	EOF
    131. 

  131. 

  132. 	# remove apt-cache translations for fast "apt-get update"
    133. 

  133. 	echo >&2 "+ echo Acquire::Languages 'none' > '$rootfsDir/etc/apt/apt.conf.d/docker-no-languages'"
    134. 

  134. 	cat > "$rootfsDir/etc/apt/apt.conf.d/docker-no-languages" <<-'EOF'
    135. 

  135. 		# In Docker, we don't often need the "Translations" files, so we're just wasting
    136. 

  136. 		# time and space by downloading them, and this inhibits that.  For users that do
    137. 

  137. 		# need them, it's a simple matter to delete this file and "apt-get update". :)
    138. 

  138. 

  139. 		Acquire::Languages "none";
    140. 

  140. 	EOF
    141. 

  141. 

  142. 	echo >&2 "+ echo Acquire::GzipIndexes 'true' > '$rootfsDir/etc/apt/apt.conf.d/docker-gzip-indexes'"
    143. 

  143. 	cat > "$rootfsDir/etc/apt/apt.conf.d/docker-gzip-indexes" <<-'EOF'
    144. 

  144. 		# Since Docker users using "RUN apt-get update && apt-get install -y ..." in
    145. 

  145. 		# their Dockerfiles don't go delete the lists files afterwards, we want them to
    146. 

  146. 		# be as small as possible on-disk, so we explicitly request "gz" versions and
    147. 

  147. 		# tell Apt to keep them gzipped on-disk.
    148. 

  148. 

  149. 		# For comparison, an "apt-get update" layer without this on a pristine
    150. 

  150. 		# "debian:wheezy" base image was "29.88 MB", where with this it was only
    151. 

  151. 		# "8.273 MB".
    152. 

  152. 

  153. 		Acquire::GzipIndexes "true";
    154. 

  154. 		Acquire::CompressionTypes::Order:: "gz";
    155. 

  155. 	EOF
    156. 

  156. 

  157. 	# update "autoremove" configuration to be aggressive about removing suggests deps that weren't manually installed
    158. 

  158. 	echo >&2 "+ echo Apt::AutoRemove::SuggestsImportant 'false' > '$rootfsDir/etc/apt/apt.conf.d/docker-autoremove-suggests'"
    159. 

  159. 	cat > "$rootfsDir/etc/apt/apt.conf.d/docker-autoremove-suggests" <<-'EOF'
    160. 

  160. 		# Since Docker users are looking for the smallest possible final images, the
    161. 

  161. 		# following emerges as a very common pattern:
    162. 

  162. 

  163. 		#   RUN apt-get update \
    164. 

  164. 		#       && apt-get install -y <packages> \
    165. 

  165. 		#       && <do some compilation work> \
    166. 

  166. 		#       && apt-get purge -y --auto-remove <packages>
    167. 

  167. 

  168. 		# By default, APT will actually _keep_ packages installed via Recommends or
    169. 

  169. 		# Depends if another package Suggests them, even and including if the package
    170. 

  170. 		# that originally caused them to be installed is removed.  Setting this to
    171. 

  171. 		# "false" ensures that APT is appropriately aggressive about removing the
    172. 

  172. 		# packages it added.
    173. 

  173. 

  174. 		# https://aptitude.alioth.debian.org/doc/en/ch02s05s05.html#configApt-AutoRemove-SuggestsImportant
    175. 

  175. 		Apt::AutoRemove::SuggestsImportant "false";
    176. 

  176. 	EOF
    177. 

  177. fi
    178. 

  178. 

  179. if [ -z "$DONT_TOUCH_SOURCES_LIST" ]; then
    180. 

  180. 	# tweak sources.list, where appropriate
    181. 

  181. 	lsbDist=
    182. 

  182. 	if [ -z "$lsbDist" -a -r "$rootfsDir/etc/os-release" ]; then
    183. 

  183. 		lsbDist="$(. "$rootfsDir/etc/os-release" && echo "$ID")"
    184. 

  184. 	fi
    185. 

  185. 	if [ -z "$lsbDist" -a -r "$rootfsDir/etc/lsb-release" ]; then
    186. 

  186. 		lsbDist="$(. "$rootfsDir/etc/lsb-release" && echo "$DISTRIB_ID")"
    187. 

  187. 	fi
    188. 

  188. 	if [ -z "$lsbDist" -a -r "$rootfsDir/etc/debian_version" ]; then
    189. 

  189. 		lsbDist='Debian'
    190. 

  190. 	fi
    191. 

  191. 	# normalize to lowercase for easier matching
    192. 

  192. 	lsbDist="$(echo "$lsbDist" | tr '[:upper:]' '[:lower:]')"
    193. 

  193. 	case "$lsbDist" in
    194. 

  194. 		debian)
    195. 

  195. 			# updates and security!
    196. 

  196. 			if curl -o /dev/null -s --head --fail "http://security.debian.org/dists/$suite/updates/main/binary-$(rootfs_chroot dpkg --print-architecture)/Packages.gz"; then
    197. 

  197. 				(
    198. 

  198. 					set -x
    199. 

  199. 					sed -i "
    200. 

  200. 						p;
    201. 

  201. 						s/ $suite / ${suite}-updates /
    202. 

  202. 					" "$rootfsDir/etc/apt/sources.list"
    203. 

  203. 					echo "deb http://security.debian.org $suite/updates main" >> "$rootfsDir/etc/apt/sources.list"
    204. 

  204. 				)
    205. 

  205. 			fi
    206. 

  206. 			;;
    207. 

  207. 		ubuntu)
    208. 

  208. 			# add the updates and security repositories
    209. 

  209. 			(
    210. 

  210. 				set -x
    211. 

  211. 				sed -i "
    212. 

  212. 					p;
    213. 

  213. 					s/ $suite / ${suite}-updates /; p;
    214. 

  214. 					s/ $suite-updates / ${suite}-security /
    215. 

  215. 				" "$rootfsDir/etc/apt/sources.list"
    216. 

  216. 			)
    217. 

  217. 			;;
    218. 

  218. 		tanglu)
    219. 

  219. 			# add the updates repository
    220. 

  220. 			if [ "$suite" != 'devel' ]; then
    221. 

  221. 				(
    222. 

  222. 					set -x
    223. 

  223. 					sed -i "
    224. 

  224. 						p;
    225. 

  225. 						s/ $suite / ${suite}-updates /
    226. 

  226. 					" "$rootfsDir/etc/apt/sources.list"
    227. 

  227. 				)
    228. 

  228. 			fi
    229. 

  229. 			;;
    230. 

  230. 		steamos)
    231. 

  231. 			# add contrib and non-free if "main" is the only component
    232. 

  232. 			(
    233. 

  233. 				set -x
    234. 

  234. 				sed -i "s/ $suite main$/ $suite main contrib non-free/" "$rootfsDir/etc/apt/sources.list"
    235. 

  235. 			)
    236. 

  236. 			;;
    237. 

  237. 	esac
    238. 

  238. fi
    239. 

  239. 

  240. (
    241. 

  241. 	set -x
    242. 

  242. 

  243. 	# make sure we're fully up-to-date
    244. 

  244. 	rootfs_chroot sh -xc 'apt-get update && apt-get dist-upgrade -y'
    245. 

  245. 

  246. 	# delete all the apt list files since they're big and get stale quickly
    247. 

  247. 	rm -rf "$rootfsDir/var/lib/apt/lists"/*
    248. 

  248. 	# this forces "apt-get update" in dependent images, which is also good
    249. 

  249. 

  250. 	mkdir "$rootfsDir/var/lib/apt/lists/partial" # Lucid... "E: Lists directory /var/lib/apt/lists/partial is missing."
    251. 

  251. )
    252.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5