[Bug 1930686] Re: Do not include /dev device node filles in OCI rootfs tarballs

Tue Jun 8 20:30:36 UTC 2021

I did the following tests

1) build (with proposed enabled) a livefs with launchpad here:
https://code.launchpad.net/~toabctl/+livefs/ubuntu/bionic/proposed/+build/280226

the build passed and the build log shows that livecd-rootfs 2.525.55
(from proposed) is used.

2) Downloaded the tarball from launchpad and build a docker image and run a command
$ cat << EOF > Dockerfile
FROM scratch
ADD bionic-minimal-cloudimg-amd64-root.tar.gz /
CMD ["/bin/bash"]
EOF
$ docker build .
Sending build context to Docker daemon  26.08MB
Step 1/3 : FROM scratch
 ---> 
Step 2/3 : ADD bionic-minimal-cloudimg-amd64-root.tar.gz /
 ---> 52dfeec884c4
Step 3/3 : CMD ["/bin/bash"]
 ---> Running in abd576998a3e
Removing intermediate container abd576998a3e
 ---> 0f0bc046d3ad
Successfully built 0f0bc046d3ad
$ docker run -it 0f0bc046d3ad uname -a
Linux 0ff4969cb51f 5.11.0-17-generic #18-Ubuntu SMP Thu May 6 20:10:11 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

3) checked the size of the tarball (26077806). Looks good
4) check for device node files:
$ tar tfz bionic-minimal-cloudimg-amd64-root.tar.gz |grep ^dev
dev/

Looks good. So all tests passed and this can be moved to updates.

** Tags removed: verification-needed verification-needed-bionic
** Tags added: verification-done verification-done-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to livecd-rootfs in Ubuntu.
https://bugs.launchpad.net/bugs/1930686

Title:
  Do not include /dev device node filles in OCI rootfs tarballs

Status in livecd-rootfs package in Ubuntu:
  Invalid
Status in livecd-rootfs source package in Bionic:
  Fix Committed

Bug description:
  [Impact]

  Note: this only affects bionic - all other release don't have this
  problem.

  Currently, the official Ubuntu docker images are based on the core rootfs tarballs from https://partner-images.canonical.com/core/ .
  We want to switch to the newly created OCI tarballs from (https://partner-images.canonical.com/oci). See also LP:#1926732 for details about the OCI rootfs tarballs.

  While trying to switch the official ubuntu docker images on dockerhub
  to the newly created OCI rootfs tarballs, it poped up that for the
  bionic containers, there are device node entries in the rootfs (/dev
  files).

  The diff (see https://github.com/docker-library/official-
  images/pull/10287) looks like:

  --- a/ubuntu_bionic/ubuntu-bionic-core-cloudimg-amd64-root.tar.gz  'tar -t'
  +++ b/ubuntu_bionic/ubuntu-bionic-oci-amd64-root.tar.gz  'tar -t'
  @@ -86,6 +86,19 @@ bin/zmore
   bin/znew
   boot/
   dev/
  +dev/fd
  +dev/full
  +dev/null
  +dev/ptmx
  +dev/pts/
  +dev/random
  +dev/shm/
  +dev/stderr
  +dev/stdin
  +dev/stdout
  +dev/tty
  +dev/urandom
  +dev/zero

  This causes problems (see https://github.com/tianon/docker-brew-
  ubuntu-core/issues/62 ) and would be a regression when switching from
  the core rootfs tarballs to the oci rootfs tarball.

  Expected is that there are not /dev files in the rootfs tarball.

  [Test Plan]

  1) build ubuntu-oci project with launchpad
  2) do some basic tests with the rootfs tarball:
  cat << EOF > Dockerfile
  FROM scratch
  ADD hirsute-minimal-cloudimg-amd64-root.tar.gz /
  CMD ["/bin/bash"]
  EOF
  $ docker build .
  docker run -it $image-id uname -a
  3) check the tarball size (should not change significantly)
  4) check that there are not /dev files in the tarball

  [Where problems could occur]
  This change could break other livecd-rootfs projects which might lead to failed builds. But beside that, there is nothing I can think of that would be affected by this change. And it's very unlikely to break other livecd-rootfs builds.

  [Other Info]
  None

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/1930686/+subscriptions