debian: add debian toolbox based on ubuntu

.github/workflows/build-debian-toolbox.yml

@@ -0,0 +1,108 @@
+name: Build and Push Debian Toolbox Image
+on:
+  schedule:
+    - cron: "20 22 * * *" # 10:20pm everyday
+  pull_request:
+  merge_group:
+  workflow_dispatch:
+env:
+  IMAGE_NAME: debian-toolbox
+  IMAGE_TAGS: latest
+  IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  push-ghcr:
+    name: Build and push image
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+    strategy:
+      fail-fast: false
+    steps:
+      # Checkout push-to-registry action GitHub repository
+      - name: Checkout Push to Registry action
+        uses: actions/checkout@v4
+
+      # - name: Verify Debian toolbox
+      #   uses: EyeCantCU/cosign-action/[email protected]
+      #   with:
+      #     containers: ubuntu-toolbox:22.04
+      #     pubkey: https://raw.githubusercontent.com/toolbx-images/images/main/quay.io-toolbx-images.pub
+      #     registry: quay.io/toolbx-images
+
+      # Build metadata
+      - name: Image Metadata
+        uses: docker/metadata-action@v5
+        id: meta
+        with:
+          images: |
+            ${{ env.IMAGE_NAME }}
+          labels: |
+            io.artifacthub.package.readme-url=https://raw.githubusercontent.com/ublue-os/boxkit/main/README.md
+
+      # Build image using Buildah action
+      - name: Build Image
+        id: build_image
+        uses: redhat-actions/buildah-build@v2
+        with:
+          containerfiles: |
+            ./toolboxes/debian-toolbox/Containerfile.debian
+          image: ${{ env.IMAGE_NAME }}
+          tags: ${{ env.IMAGE_TAGS }}
+          labels: ${{ steps.meta.outputs.labels }}
+          oci: false
+
+      # Workaround bug where capital letters in your GitHub username make it impossible to push to GHCR.
+      # https://github.com/macbre/push-to-ghcr/issues/12
+      - name: Lowercase Registry
+        id: registry_case
+        uses: ASzc/change-string-case-action@v6
+        with:
+          string: ${{ env.IMAGE_REGISTRY }}
+
+      # Push the image to GHCR (Image Registry)
+      - name: Push To GHCR
+        uses: redhat-actions/push-to-registry@v2
+        if: github.event_name != 'pull_request'
+        id: push
+        env:
+          REGISTRY_USER: ${{ github.actor }}
+          REGISTRY_PASSWORD: ${{ github.token }}
+        with:
+          image: ${{ steps.build_image.outputs.image }}
+          tags: ${{ steps.build_image.outputs.tags }}
+          registry: ${{ steps.registry_case.outputs.lowercase }}
+          username: ${{ env.REGISTRY_USER }}
+          password: ${{ env.REGISTRY_PASSWORD }}
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        if: github.event_name != 'pull_request'
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Sign container
+      - uses: sigstore/[email protected]
+        if: github.event_name != 'pull_request'
+
+      - name: Sign container image
+        if: github.event_name != 'pull_request'
+        run: |
+          echo "${{ env.COSIGN_PRIVATE_KEY }}" > cosign.key
+          wc -c cosign.key
+          cosign sign -y --key cosign.key ${{ steps.registry_case.outputs.lowercase }}/${{ env.IMAGE_NAME }}@${TAGS}
+        env:
+          TAGS: ${{ steps.push.outputs.digest }}
+          COSIGN_EXPERIMENTAL: false
+          COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
+
+      - name: Echo outputs
+        run: |
+          echo "${{ toJSON(steps.push.outputs) }}"

README.md

@@ -10,6 +10,7 @@ Centralized repository of containers designed for Toolbox/Distrobox with batteri
 ## Images
 
 - `ubuntu-toolbox` - an Ubuntu base image
+- `debian-toolbox` - a Debian base image
 - `fedora-toolbox` - a Fedora base image
 - `wolfi-toolbox` - a WolfiOS base image
 - `bluefin-cli` - a WolfiOS based image with Homebrew and a strongly opinionated default experience
@@ -60,7 +61,8 @@ Both `bluefin-cli` and `wolfi-toolbox` have Wolfi developer variants built from
 `powershell-toolbox` is based on `WolfiOS`. Its primary purpose is to be a dedicated container for Microsoft related technologies used during development. It contains [PowerShell](https://github.com/PowerShell/PowerShell), [Azure CLI](https://github.com/Azure/azure-cli) and [.NET](https://github.com/dotnet/core) (latest LTS) configured out of the box. It also includes a small selection of other useful CLI utilities to improve the overall experience.
 
 ### Incus and Docker Distrobox
-Both `incus-distrobox` and `docker-distrobox` are designed to be run with a rootful, init distrobox. [Incus](https://linuxcontainers.org/incus/) uses packages built by [Zabbly](https://github.com/zabbly/incus). [Docker](https://www.docker.com/) uses the [convience install script](https://docs.docker.com/engine/install/ubuntu/#install-using-the-convenience-script) from Docker.  Both are built from the ubuntu-toolbox built in this repo. Example distrobox-assemble files are with each of them. Both work well with a volume mount for their respective files in `/var/lib/{docker,incus}`. Both can be setup to autostart on boot with a `systemd service`. However, your user sockets for `Xorg`, `Wayland`, and `Pulseaudio` will not be setup until you login. For the `docker-distrobox` you can customize the group of the exported `docker socket` by setting an environment variable at distrobox creation time for `DOCKERGROUP`. The assemble file has more information. Both the `incus-distrobox` and `docker-distrobox` set the unix-groups. For incus, matching `incus-admin` inside the distrobox and on the host will enable you to use the `incus socket` from the host.
+
+Both `incus-distrobox` and `docker-distrobox` are designed to be run with a rootful, init distrobox. [Incus](https://linuxcontainers.org/incus/) uses packages built by [Zabbly](https://github.com/zabbly/incus). [Docker](https://www.docker.com/) uses the [convience install script](https://docs.docker.com/engine/install/ubuntu/#install-using-the-convenience-script) from Docker. Both are built from the ubuntu-toolbox built in this repo. Example distrobox-assemble files are with each of them. Both work well with a volume mount for their respective files in `/var/lib/{docker,incus}`. Both can be setup to autostart on boot with a `systemd service`. However, your user sockets for `Xorg`, `Wayland`, and `Pulseaudio` will not be setup until you login. For the `docker-distrobox` you can customize the group of the exported `docker socket` by setting an environment variable at distrobox creation time for `DOCKERGROUP`. The assemble file has more information. Both the `incus-distrobox` and `docker-distrobox` set the unix-groups. For incus, matching `incus-admin` inside the distrobox and on the host will enable you to use the `incus socket` from the host.
 
 # Stats
 

toolboxes/debian-toolbox/Containerfile.debian

@@ -0,0 +1,32 @@
+FROM docker.io/library/ubuntu:24.04
+# FROM https://hub.docker.com/_/ubuntu
+
+LABEL com.github.containers.toolbox="true" \
+    name="ubuntu-toolbox" \
+    usage="This image is meant to be used with the toolbox or distrobox command" \
+    summary="A cloud-native terminal experience powered by Ubuntu" \
+    maintainer="[email protected]"
+
+COPY ./toolboxes/ubuntu-toolbox/packages.ubuntu /toolbox-packages
+
+RUN rm /etc/apt/apt.conf.d/docker-gzip-indexes /etc/apt/apt.conf.d/docker-no-languages && \
+    sed -Ei 's/^(hosts:.*)(\<files\>)\s*(.*)/\1\2 myhostname \3/' /etc/nsswitch.conf && \
+    apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get -y install \
+    ubuntu-minimal ubuntu-standard \
+    libnss-myhostname \
+    flatpak-xdg-utils \
+    $(cat toolbox-packages | xargs) && \
+    rm -rd /var/lib/apt/lists/* && \
+    rm /toolbox-packages && \
+    mkdir /usr/share/empty && \
+    userdel --remove ubuntu && \
+    curl -sLo /usr/bin/host-spawn https://github.com/1player/host-spawn/releases/download/1.5.0/host-spawn-x86_64 && \
+    chmod +x /usr/bin/host-spawn && \
+    rm /etc/apt/apt.conf.d/20apt-esm-hook.conf && \
+    ln -s /usr/libexec/flatpak-xdg-utils/flatpak-spawn /usr/bin/ && \
+    ln -fs /usr/bin/distrobox-host-exec /usr/local/bin/docker && \
+    ln -fs /usr/bin/distrobox-host-exec /usr/local/bin/flatpak && \ 
+    ln -fs /usr/bin/distrobox-host-exec /usr/local/bin/podman && \
+    ln -fs /usr/bin/distrobox-host-exec /usr/local/bin/rpm-ostree && \
+    echo "ALL ALL = (ALL) NOPASSWD: ALL" >> /etc/sudoers

toolboxes/debian-toolbox/packages.debian

@@ -0,0 +1,118 @@
+apt-utils
+bash-completion
+bc
+bzip2
+ca-certificates
+curl
+dbus-x11
+dialog
+diffutils
+direnv
+dirmngr
+findutils
+fish
+fzf
+git
+gnupg
+gnupg2
+gnupg-l10n
+gnupg-utils
+gpg
+gpg-agent
+gpgconf
+gpgsm
+gpg-wks-client
+gpg-wks-server
+hostname
+iproute2
+iputils-ping
+keyutils
+less
+libbsd0
+libcap2-bin
+libdrm2
+libdrm-amdgpu1
+libdrm-common
+libdrm-nouveau2
+libdrm-radeon1
+libedit2
+libegl-mesa0
+libelf1
+libexpat1
+libgbm1
+libgl1
+libgl1-mesa-dri
+libglapi-mesa
+libglib2.0-bin
+libglvnd0
+libglx0
+libglx-mesa0
+libkrb5-3
+libksba8
+libllvm15
+libnpth0
+libnsl2
+libnss-mdns
+libnss-myhostname
+libpciaccess0
+libpython3-stdlib
+libsensors5
+libsensors-config
+libsqlite3-0
+libtirpc3
+libtirpc-common
+libvte-2.91-common
+libvte-common
+libvulkan1
+libwayland-client0
+libwayland-server0
+libx11-6
+libx11-data
+libx11-xcb1
+libxau6
+libxcb1
+libxcb-dri2-0
+libxcb-dri3-0
+libxcb-glx0
+libxcb-present0
+libxcb-randr0
+libxcb-shm0
+libxcb-sync1
+libxcb-xfixes0
+libxdmcp6
+libxext6
+libxfixes3
+libxml2
+locales
+lsof
+make
+man-db
+manpages
+media-types
+mesa-vulkan-drivers
+mtr
+ncurses-base
+neofetch
+openssh-client
+openssl
+passwd
+pigz
+pinentry-curses
+plocate
+procps
+progress
+rsync
+software-properties-common
+sudo
+tcpdump
+time
+traceroute
+tree
+tzdata
+unzip
+util-linux
+wget
+xauth
+xz-utils
+zip
+zsh