I am trying to build a custom ISO in docker using default ubuntu server ISO as a base. I unpack the base ISO and get its filesystem which I then unsquash. At this point I would normally use mount and chroot to simulate new root environment in the unquashed filesystem. Then I would update APT cache and install whatever packages were required.
But this process won't work in a docker container which isn't granted privileged access as both mount and chroot require running as root.
An alternative I came up with was using proot where the user running the command would be granted ownership of the unsquashed filesystem. Here's an example of how that looks like:
proot -0 -r "${MOUNT_ISO_ROOT}" -w / -b /proc -b /dev -b /sys -b /etc/resolv.conf \ /bin/bash -c "/bin/rm -rf /var/lib/apt/lists/*"proot -0 -r "${MOUNT_ISO_ROOT}" -w / -b /proc -b /dev -b /sys -b /etc/resolv.conf \ /bin/bash -c "/bin/apt-get update"To note, MOUNT_ISO_ROOT is where the filesystem of the base ISO is unsquashed. This ran into an issue where gpg key was reported as not existing despite manually moving it there before these commands. I checked permissions and ownership of the gpg key, both in and out of proot context:
ls -l "${MOUNT_ISO_ROOT}/etc/apt/keyrings"proot -0 -r "${MOUNT_ISO_ROOT}" -w / -b /proc -b /dev -b /sys -b /etc/resolv.conf \ /bin/bash -c "ls -l /etc/apt/keyrings"That returned:
total 8-rwxrwxrwx 1 jenkins jenkins 3817 Apr 11 08:45 docker.asc-rwxrwxrwx 1 jenkins jenkins 2760 Apr 11 08:45 docker.gpgls: cannot access '/etc/apt/keyrings/docker.gpg': No such file or directoryls: cannot access '/etc/apt/keyrings/docker.asc': No such file or directorytotal 0-????????? ? ? ? ? ? docker.asc-????????? ? ? ? ? ? docker.gpgHas anyone encountered such an issue before? Can someone can help explaining what the problem here is, how to solve it or even suggest a different way to build a custom ISO in docker container without privileged access?