Using Docker as chroot-on-steroids


chroot for programming

I use chroot environments quite a lot as a light way to develop/test/integrate software for different Linux distributions or even platforms (eg. Ubuntu 18.04 on ARM vs Debian 10 on x86), thanks to the Linux kernel stable ABI and qemu emulation.

However, it was always a little bit painful to setup: using eg. debootstrap or extracting ISO images to get the basic filesystem and some manual configuration of schroot, etc., etc.

Enter docker

Docker introduced a lot of different things, but among them is the fact that all major Linux distributions basic filesystem images are available on docker hub. To use it as a replacement for our good old chroot, it basically boils down to 3 steps:

  1. create the container, using host networking (ie no separate network namespace) and sharing your homedir
  2. make sure everything is up-to-date and add a user with the exact same login, uid, gid and homedir as yours but inside the container (so you can use your homedir seamlessly)
  3. log into the container

But wait, there's more

Some time ago a multiarch/qemu-user-static image was introduced to ease multiarch support with docker. This will automatically configure the right qemu support for your image automatically!

Examples

Ubuntu 18.04

    # step 1: create your chroot (must be done once - I am sharing my homedir with my chroot and same UID/GID)
    docker run --name u1804 --privileged --net host -v $HOME:$HOME -v /dev:/dev -v/lib/modules:/lib/modules/host:ro -td ubuntu:18.04 /bin/bash
    # step 2: update and add user inside container
    docker container exec u1804 sh -c "apt -qy update && apt dist-upgrade -qy && apt install -qy vim sudo && groupadd -g $(id -rg) $USER && useradd -u $(id -ru) -g $(id -rg) -M -d $HOME -s /bin/bash $USER && echo '$USER ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers && echo u1804 > /etc/debian_chroot"
    # step 3: log into chroot
    docker container exec -it u1804 /bin/login -f $USER

CentOS 7

    # step 1: create your chroot (must be done once - I am sharing my homedir with my chroot and same UID/GID)
    docker run --name centos7 --privileged --net host -v /dev:/dev -v $HOME:$HOME -v /lib/modules:/lib/modules:ro -td centos:7 /bin/bash
    # step 2: update and add user inside container
    docker container exec centos7 sh -c "yum -y makecache && yum -y install deltarpm && yum -y update && yum -y install vim sudo && groupadd -g $(id -rg) $USER && useradd -u $(id -ru) -g $(id -rg) -M -d $HOME -s /bin/bash $USER && echo '$USER ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers && echo centos7 > /etc/debian_chroot"
    # step 3: log into chroot
    docker container exec -it centos7 /bin/login -f $USER

Debian 10 (Buster) for ARM64

    # step 0: add support for multiarch (must be done once after reboot)
    docker run --rm --privileged multiarch/qemu-user-static --reset --persistent yes --credential yes
    # step 1: create your chroot (must be done once - I am sharing my homedir with my chroot and same UID/GID)
    docker run --name aarch64_deb10 --privileged --net host -v $HOME:$HOME -v /dev:/dev -v/lib/modules:/lib/modules/host:ro -td arm64v8/debian:10 /bin/bash
    # step 2: update and add user inside container
    docker container exec aarch64_deb10 sh -c "apt -qy update && apt dist-upgrade -qy && apt install -qy vim sudo make git && groupadd -g $(id -rg) $USER && useradd -u $(id -ru) -g $(id -rg) -M -d $HOME -s /bin/bash $USER && echo '$USER ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers && echo aarch64_deb10 > /etc/debian_chroot"
    # step 3: log into chroot
    docker container exec -it aarch64_deb10 /bin/login -f $USER

Last posts

Decompressing sparse files

When decompressing a sparse file with gzip, the file is not sparsed anymore. In order to decompress it as sparse, we can use dd:

zcat <sparsefile.bin.gz> | dd conv=sparse of=<sparsefile.bin>

Note that this is not specific to gzip. Also note that some utilities such as xz …

Useful commands, one-liners, etc.

I decided to record here useful bash fragments, commands, etc. I kept using and forgetting from time to time... I will enrich it as needed. There is no particular order nor specific explanation. Some might be useful to others. Maybe. Who knows.

Arbitrary file binary dump into C array

To …

Updating Thinkpad X61 BIOS

TL;DR

WARNING 1: the update is done at your own risk and may brick your computer.

WARNING 2: this will wipe all data on the target USB device.

WARNING 3: do not use SYSLINUX MEMDISK driver to boot it directly with eg. Grub. The Lenovo BIOS updater use the …

128-bits multiply with NumPy

128-bits multiply

For another on-going project, I needed to do 64-bits x 64-bits to 128-bits multiply, and I needed it in Python. When doing numerical work with Python, I always use NumPy which is a really awesome library. Unfortunately NumPy is heavily biased towards hardware native types, which makes sense …

Force NetworkManager to ignore an interface

Continuing my Bookmarks serie, here is how to tell NetworkManager to not manage an interface, thank you very much:

~# sudo cat >> /etc/NetworkManager/NetworkManager.conf << EOF
plugins+=keyfile
[keyfile]
unmanaged-devices=interface-name:IFNAME
EOF

Where IFNAME is the interface name. For example:

unmanaged-devices=interface-name:eth0

Will prevent NetworkManager to manage eth0 …