ublue-os / boxkit Goto Github PK
View Code? Open in Web Editor NEWBuild your own custom OCI distrobox container
Home Page: https://universal-blue.org
License: Apache License 2.0
Build your own custom OCI distrobox container
Home Page: https://universal-blue.org
License: Apache License 2.0
Distrobox assemble is out now and the main issue I'd found with it, some missing documentation regarding multiple init hooks has been corrected:
89luca89/distrobox#844 (comment)
So it seems like a user can create this container now with a simple distrobox.ini file and not need to rely on this ci/cd pipeline. I don't know if you want to add this in the documentation or something, but here's the file that would be needed
[Boxkit-Assemble]
additional_packages="age atuin btop bat chezmoi clipboard cosign dbus-x11 direnv exa ffmpeg fzf github-cli helix just make micro ncdu ncurses neofetch neovim npm plocate python3 ripgrep speedtest-cli starship vimdiff wl-clipboard zellij zstd"
image=quay.io/toolbx-images/alpine-toolbox:edge
init=false
init_hooks="apk update;"
init_hooks="apk upgrade;"
init_hooks="ln -fs /bin/sh /usr/bin/sh;"
init_hooks="ln -fs /usr/bin/distrobox-host-exec /usr/local/bin/podman;"
init_hooks="ln -fs /usr/bin/distrobox-host-exec /usr/local/bin/flatpak;"
init_hooks="ln -fs /usr/bin/distrobox-host-exec /usr/local/bin/docker;"
init_hooks="ln -fs /usr/bin/distrobox-host-exec /usr/local/bin/rpm-ostree;"
init_hooks="ln -fs /usr/bin/distrobox-host-exec /usr/local/bin/transactional-update;"
nvidia=false
pull=true
root=false
replace=true
start_now=true
The README is a bit vague. I forked the repo, cloned it to local. cosign generate-key-pair > pushed changes to github. Added repo key to settings > security > actions with the title COSIGN_PRIVATE_KEY. It builds an image, but fails on SIGN CONTAINER IMAGE.
The TLDR debug msg:
====================================================
Run echo "***
654 cosign.key
Error: signing [ghcr.io/dvogeldev/boxkit@sha256:ccb6142c9fd622bcefba11242614588da900c335c0343b4ff12ef03aeb926f89]: getting signer: reading key: decrypt: encrypted: decryption failed
main.go:74: error during command execution: signing [ghcr.io/dvogeldev/boxkit@sha256:ccb6142c9fd622bcefba11242614588da900c335c0343b4ff12ef03aeb926f89]: getting signer: reading key: decrypt: encrypted: decryption failed
Error: Process completed with exit code 1.
====================================================
**What am I doing wrong?**
A newb for sure when it comes to containers and cloud workflow.
Thanks for all the hard work with UBlue-OS.
The full debug log:
0s
Run echo "***
echo "***
***
***
***
***
***
***
***
***
***
***
" > cosign.key
wc -c cosign.key
cosign sign -y --key cosign.key ghcr.io/dvogeldev/boxkit@${TAGS}
shell: /usr/bin/bash -e {0}
env:
IMAGE_NAME: boxkit
IMAGE_TAGS: latest
IMAGE_REGISTRY: ghcr.io/dvogeldev
DOCKER_METADATA_OUTPUT_VERSION: main
DOCKER_METADATA_OUTPUT_TAGS: boxkit:main
DOCKER_METADATA_OUTPUT_LABELS: org.opencontainers.image.title=boxkit
org.opencontainers.image.description=
org.opencontainers.image.url=https://github.com/dvogeldev/boxkit
org.opencontainers.image.source=https://github.com/dvogeldev/boxkit
org.opencontainers.image.version=main
org.opencontainers.image.created=2023-04-[1](https://github.com/dvogeldev/boxkit/actions/runs/4732535787/jobs/8398831129#step:9:1)8T1[2](https://github.com/dvogeldev/boxkit/actions/runs/4732535787/jobs/8398831129#step:9:2):47:51.651Z
org.opencontainers.image.revision=b[3](https://github.com/dvogeldev/boxkit/actions/runs/4732535787/jobs/8398831129#step:9:3)9241d778c66af5e5b994389fb2ca3b4d25e6d2
org.opencontainers.image.licenses=Apache-2.0
io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/boxkit/main/README.md
DOCKER_METADATA_OUTPUT_JSON: {"tags":["boxkit:main"],"labels":{"org.opencontainers.image.title":"boxkit","org.opencontainers.image.description":"","org.opencontainers.image.url":"https://github.com/dvogeldev/boxkit","org.opencontainers.image.source":"https://github.com/dvogeldev/boxkit","org.opencontainers.image.version":"main","org.opencontainers.image.created":"2023-04-18T12:47:51.651Z","org.opencontainers.image.revision":"b39241d778c66af5e5b994389fb2ca3b4d25e6d2","org.opencontainers.image.licenses":"Apache-2.0","io.artifacthub.package.readme-url":"https://raw.githubusercontent.com/ublue-os/boxkit/main/README.md"}}
DOCKER_METADATA_OUTPUT_BAKE_FILE: /tmp/docker-actions-toolkit-8x5QTj/docker-metadata-action-bake.json
TAGS: sha256:ccb6142c9fd622bcefba11242614588da900c335c0343b4ff12ef03aeb926f89
COSIGN_EXPERIMENTAL: false
COSIGN_PRIVATE_KEY: ***
65[4](https://github.com/dvogeldev/boxkit/actions/runs/4732535787/jobs/8398831129#step:9:4) cosign.key
Error: signing [ghcr.io/dvogeldev/boxkit@sha2[5](https://github.com/dvogeldev/boxkit/actions/runs/4732535787/jobs/8398831129#step:9:5)[6](https://github.com/dvogeldev/boxkit/actions/runs/4732535787/jobs/8398831129#step:9:6):ccb6142c9fd622bcefba11242614588da900c335c0343b4ff12ef03aeb926f89]: getting signer: reading key: decrypt: encrypted: decryption failed
main.go:[7](https://github.com/dvogeldev/boxkit/actions/runs/4732535787/jobs/8398831129#step:9:7)4: error during command execution: signing [ghcr.io/dvogeldev/boxkit@sha256:ccb6142c9fd622bcefba112426145[8](https://github.com/dvogeldev/boxkit/actions/runs/4732535787/jobs/8398831129#step:9:8)8da[9](https://github.com/dvogeldev/boxkit/actions/runs/4732535787/jobs/8398831129#step:9:9)00c335c0343b4ff[12](https://github.com/dvogeldev/boxkit/actions/runs/4732535787/jobs/8398831129#step:9:12)ef03aeb9[26](https://github.com/dvogeldev/boxkit/actions/runs/4732535787/jobs/8398831129#step:9:26)f89]: getting signer: reading key: decrypt: encrypted: decryption failed
Error: Process completed with exit code 1.
Error: invalid entry point PID of container boxkit
I think I need /etc/timezone and /etc/localtime.
Maybe age, the encryption program, would be a good idea to be added by default in this, because some people rely on it to make their chezmoi configuration work properly.
Hey @castrojo I saw the new local LLM justfile in bluefin
https://github.com/ublue-os/bluefin/blob/6b58f9836bffb7ec0250296d2809e30e2c9325b6/just/bluefin-tools.just
I was wondering if it would make sense to use the Ollama + WebUI combo within a single distrobox based on bluefin-dx? I had a bad experience with justfiles and think that this feature would be a great use case for the Boxkit logic.
@p5 do you think that Boxkit is a better way to get ollama on ublue devices?
Many thanks!
I'm searching GH for all mentions of wl-clipboard and I came across 347647e. Adding wl-clipboard
limits the usefulness of copying things with boxkit to just Wayland systems, which isn't very inclusive. My project Clipboard has an Alpine package and works on X11/Wayland/headless, and so including it here would allow boxkit to work with all those systems and not just Wayland ones. I hope this helps! :)
Hi!
I saw the videos and I am a convert to the cloud-first container-based dev environment.
I've created a boxkit based on your template.
You have a systemd service and timer for updating the containers:
[Unit]
Description=Update alpine toolbox
[Service]
Type=simple
ExecStart=/usr/bin/podman pull ghcr.io/storopoli/edc:latest -q
[Install]
WantedBy=default.target
This updates the image, how to "rebase" the container on that image?
Or is that not possible, i.e. I need to destroy the box and create a new one from the image?
It would be nice if this template can also build aarch64, 32-bit x86, ARM 32-bit, and even riscv and powerpc.
well , i think it's more complicated to explain,
do we have a solution to put our dotfiles inside to toolbox in creation ?
i use it generally with distrobox and i change my homedir for each container
but i always have a scipt that i run after i start my container to get my dotfiles
and i don't see any obvious solution to have my dotfiles outof the box in the creation , does anyone have an idea ?
Maybe I'm being dense, but it isn't immediately obvious to me how to install something with curl or git.
Trying to setup oh-my-zsh for example, most of the install scripts burn something into the $USER/.local
directory, but since this is /root/ on build, it gets lost.
For example, to get oh-my-zsh, antigen and enhancd setup I need these three things:
RUN curl -L --create-dirs git.io/antigen ~/.config/antigen.zsh
RUN curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh
RUN git clone https://github.com/b4b4r07/enhancd
and I think there are in general a lot of 'packages' that are just a git clone or curl command away.
Enjoying the idea so far though, hope I can move to using this full time!
Opening Javascript files dont syntax highlight even after LSP installed.
Steps to reproduce:
hx something.js
Expected behavior:
Actual behavior:
What solved for me was:
# install c++ compiler
apk add build-base
# install helix grammars
hx --grammar fetch
hx --grammar build
The action here needs to be updated with what the other repos use so that the container signing works.
I'm using a forked build. I have changed the cosign keys and assigned a finegrain token to the repo with ALL groups set to Read/Write.
The Release builds, the Package build fails with the following error:
"Error: writing blob: initiating layer upload to /v2/dvogeldev/boxkit/blobs/uploads/ in ghcr.io: denied: permission_denied: write_package"
No other changes were made to the codebase other than a change to the repo name.
What am I missing? Thank you
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.