-
Notifications
You must be signed in to change notification settings - Fork 99
Expand file tree
/
Copy pathUbuntu-22.04-base.Dockerfile
More file actions
298 lines (268 loc) · 9.27 KB
/
Copy pathUbuntu-22.04-base.Dockerfile
File metadata and controls
298 lines (268 loc) · 9.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
# Dockerfile (CLI)
# Stage 1: Build and customize the rootfs for development (Base - Ubuntu 22.04)
ARG TARGETPLATFORM
FROM ubuntu:22.04 AS customizer
ENV DEBIAN_FRONTEND=noninteractive
# Update base system
RUN apt-get update && apt-get upgrade -y
# Copy custom scripts first
COPY scripts/download-firmware /usr/local/bin/
# Copy our bashrc script to the rootfs
COPY scripts/bashrc.sh /etc/profile.d/ds-aliases.sh
# Make scripts executable
RUN chmod +x /usr/local/bin/download-firmware /etc/profile.d/ds-aliases.sh
# This is the main installation layer. All package installations, PPA additions,
# and setup are done here to minimize layers and maximize build speed.
RUN apt-get update && \
apt-get install -y --no-install-recommends \
# Essentials for adding PPAs
software-properties-common \
gnupg \
# Add PPAs for fastfetch and Firefox ESR
&& add-apt-repository ppa:zhangsongcui3371/fastfetch -y && \
# Update package lists again after adding PPAs
apt-get update && \
# Install all packages in a single command
apt-get install -y --no-install-recommends \
# Core utilities
bash \
dialog \
coreutils \
file \
findutils \
grep \
sed \
gawk \
curl \
wget \
ca-certificates \
locales \
bash-completion \
udev \
dbus \
systemd-sysv \
# Compression tools
zip \
unzip \
p7zip-full \
bzip2 \
xz-utils \
tar \
gzip \
# System tools
htop \
vim \
nano \
git \
sudo \
openssh-server \
net-tools \
iptables \
iputils-ping \
iproute2 \
dnsutils \
usbutils \
pciutils \
lsof \
psmisc \
procps \
fastfetch \
kmod \
# Wireless networking tools for hotspot functionality
iw \
# Logging & Rotation
logrotate \
# C/C++ Development
build-essential \
gcc \
g++ \
gdb \
make \
cmake \
autoconf \
automake \
libtool \
pkg-config \
# File system tools
dosfstools \
exfatprogs \
btrfs-progs \
ntfs-3g \
xfsprogs \
jfsutils \
hfsprogs \
reiserfsprogs \
cryptsetup \
nilfs-tools \
udftools \
f2fs-tools \
# Python Development
python3 \
python3-pip \
python3-dev \
python3-venv \
python-is-python3 \
# Additional dev tools
clang \
llvm \
valgrind \
strace \
ltrace \
# Docker
docker.io \
docker-compose-v2 \
&& apt-get purge -y gdm3 gnome-session gnome-shell whoopsie && \
apt-get autoremove -y && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
# Configure iptables-legacy (Required for Android compatibility)
RUN update-alternatives --set iptables /usr/sbin/iptables-legacy && \
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
# Configure locales, environment, SSH, Docker, and user setup in a single layer
RUN sed -i '/en_US.UTF-8/s/^# //' /etc/locale.gen && \
locale-gen && \
update-locale LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 && \
# Configure SSH (Disable Root Login)
mkdir -p /var/run/sshd && \
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/' /etc/ssh/sshd_config && \
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config && \
# Create default user directories
xdg-user-dirs-update && \
# Remove default ubuntu user if it exists
deluser --remove-home ubuntu || true
# Fix DHCP in the container
RUN mkdir -p /etc/systemd/network && \
cat <<'EOF' > /etc/systemd/network/10-eth-dhcp.network
[Match]
Name=eth*
[Network]
DHCP=yes
IPv6AcceptRA=yes
[DHCPv4]
UseDNS=yes
UseDomains=yes
RouteMetric=100
EOF
# Apply Android compatibility fixes (Systemd and Udev)
RUN <<EOF_RUN
# --- 1. General Fixes ---
# Android network group setup (required for socket access on Android kernels)
grep -q '^aid_inet:' /etc/group || echo 'aid_inet:x:3003:' >> /etc/group
grep -q '^aid_net_raw:' /etc/group || echo 'aid_net_raw:x:3004:' >> /etc/group
grep -q '^aid_net_admin:' /etc/group || echo 'aid_net_admin:x:3005:' >> /etc/group
# Root permissions for Android hardware access
usermod -a -G aid_inet,aid_net_raw,input,video,tty root || true
# _apt needs aid_inet as primary group so apt works on Android
grep -q '^_apt:' /etc/passwd && usermod -g aid_inet _apt || true
# Future users created with adduser automatically get network access
if [ -f /etc/adduser.conf ]; then
sed -i '/^EXTRA_GROUPS=/d; /^ADD_EXTRA_GROUPS=/d' /etc/adduser.conf
echo 'ADD_EXTRA_GROUPS=1' >> /etc/adduser.conf
echo 'EXTRA_GROUPS="aid_inet aid_net_raw input video tty"' >> /etc/adduser.conf
fi
# --- 2. Systemd-Specific Fixes ---
# Mask problematic services for Android kernels
ln -sf /dev/null /etc/systemd/system/systemd-networkd-wait-online.service
ln -sf /dev/null /etc/systemd/system/systemd-journald-audit.socket
# Journald configuration (skip Audit, KMsg, etc)
cat >> /etc/systemd/journald.conf << 'EOT'
[Journal]
ReadKMsg=no
Audit=no
Storage=volatile
EOT
mkdir -p /etc/systemd/journald.conf.d
cat > /etc/systemd/journald.conf.d/ds-logging.conf << 'EOT'
[Journal]
SystemMaxUse=200M
RuntimeMaxUse=200M
MaxRetentionSec=7day
MaxLevelStore=info
EOT
# Enable essential services
mkdir -p /etc/systemd/system/multi-user.target.wants
GUEST_SYSTEMD_PATH="/lib/systemd/system"
for service in dbus.service systemd-udevd.service systemd-resolved.service systemd-networkd.service NetworkManager.service; do
if [ -f "$GUEST_SYSTEMD_PATH/$service" ]; then
ln -sf "$GUEST_SYSTEMD_PATH/$service" "/etc/systemd/system/multi-user.target.wants/$service"
fi
done
# Disable power button handling in systemd-logind
mkdir -p /etc/systemd/logind.conf.d
cat > /etc/systemd/logind.conf.d/99-power-key.conf << 'EOF'
[Login]
HandlePowerKey=ignore
HandleSuspendKey=ignore
HandleHibernateKey=ignore
HandlePowerKeyLongPress=ignore
HandlePowerKeyLongPressHibernate=ignore
EOF
# Apply udev overrides
# 1. Trigger override (Prevents coldplugging Android hardware)
mkdir -p /etc/systemd/system/systemd-udev-trigger.service.d
cat > /etc/systemd/system/systemd-udev-trigger.service.d/override.conf << 'EOF'
[Service]
ExecStart=
ExecStart=-/usr/bin/udevadm trigger --subsystem-match=usb --subsystem-match=block --subsystem-match=input --subsystem-match=tty --subsystem-match=net
EOF
# 2. Read-only path overrides to prevent failures
for unit in systemd-udevd.service systemd-udev-trigger.service systemd-udev-settle.service systemd-udevd-kernel.socket systemd-udevd-control.socket; do
mkdir -p "/etc/systemd/system/${unit}.d"
printf "[Unit]\nConditionPathIsReadWrite=\n" > "/etc/systemd/system/${unit}.d/99-readonly-fix.conf"
done
# Limit specific network services to only start in NAT mode
# Prevents cellular network breakage when running in host network mode
for unit in NetworkManager.service dhcpcd.service systemd-resolved.service systemd-networkd.service; do
if [ -f "$GUEST_SYSTEMD_PATH/$unit" ] || [ -f "/etc/systemd/system/multi-user.target.wants/$unit" ]; then
mkdir -p "/etc/systemd/system/${unit}.d"
cat > "/etc/systemd/system/${unit}.d/99-netmode-limit.conf" << 'EOF'
[Service]
ExecCondition=
ExecCondition=/bin/sh -c "grep -qE 'net_mode=(nat|gateway)' /run/droidspaces/container.config"
EOF
fi
done
# Configure logrotate for Android
if [ -f /etc/logrotate.conf ]; then
sed -i 's/^#maxsize.*/maxsize 50M/' /etc/logrotate.conf
if ! grep -q "maxsize 50M" /etc/logrotate.conf; then
echo "maxsize 50M" >> /etc/logrotate.conf
fi
fi
# Mark fixes as completed
echo "Post-extraction fixes applied on $(date)" > /etc/droidspaces
EOF_RUN
# Copy binfmt scripts
COPY scripts/binfmt/qemu-binfmt-register.sh /usr/local/bin/
COPY scripts/binfmt/qemu-binfmt-register.service /etc/systemd/system/
RUN chmod +x /usr/local/bin/qemu-binfmt-register.sh && \
chmod 644 /etc/systemd/system/qemu-binfmt-register.service && \
ln -sf /etc/systemd/system/qemu-binfmt-register.service /etc/systemd/system/multi-user.target.wants/qemu-binfmt-register.service
# Purge and reinstall qemu and binfmt in the exact order specified
RUN apt-get purge -y qemu-* binfmt-support || true && \
apt-get autoremove -y && \
apt-get autoclean && \
# Remove any leftover config files
rm -rf /var/lib/binfmts/* && \
rm -rf /etc/binfmt.d/* && \
rm -rf /usr/lib/binfmt.d/qemu-* && \
# Update package lists
apt-get update && \
# Install ONLY these packages (in this specific order)
apt-get install -y qemu-user-static && \
apt-get install -y binfmt-support && \
# Add amd64 architecture and install libc6:amd64
dpkg --add-architecture amd64 && \
sed -i 's/^deb /deb [arch=arm64,armhf] /g' /etc/apt/sources.list && \
echo "deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ jammy main restricted universe multiverse" >> /etc/apt/sources.list && \
echo "deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ jammy-updates main restricted universe multiverse" >> /etc/apt/sources.list && \
echo "deb [arch=amd64] http://archive.ubuntu.com/ubuntu/ jammy-security main restricted universe multiverse" >> /etc/apt/sources.list && \
apt-get update && \
apt-get install -y libc6:amd64
# Final cleanup of APT cache
RUN apt-get clean && \
rm -rf /var/lib/apt/lists/*
# Stage 2: Export to scratch for extraction
FROM scratch AS export
# Copy the entire filesystem from the customizer stage
COPY --from=customizer / /