I am using docker v1.11.1-beta10 for Mac . Pulling the latest/16.04 ubuntu image hangs as shown below. I am able to pull other images just fine. Any suggestions to debug?

harsimran$ docker -D pull ubuntu:16.04
16.04: Pulling from library/ubuntu
6d28225f8d96: Downloading [=>                                                 ]  1.48 MB/48.35 MB
166102ec41af: Download complete 
d09bfba2bd6a: Download complete 
c80dad39a6c0: Download complete 

Did home directory change for root user ? Earlier it was /root . When I downloaded the latest, the home directory is "/".
I am using tag-> ubuntu:trusty

 # docker run -t -i ubuntu bash
 root@6b41e6049851:/# _filedir
 bash: _filedir: command not found

This causes bash autocompletion not work

I just installed ubuntu:14.04 on VPS and fall with problem: when I create a new user and su it, then sudo stops working with message sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set.

Log:

root@server:~/ejudge-docker# docker run -t -i ubuntu:14.04 bash
root@5c55117a425e:/# sudo ls
bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
root@5c55117a425e:/# aduser ejudge
bash: aduser: command not found
root@5c55117a425e:/# adduser ejudge
Adding user `ejudge' ...
...
root@5c55117a425e:/# su ejudge
ejudge@5c55117a425e:/$ sudo ls
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
ejudge@5c55117a425e:/$ exit
root@5c55117a425e:/# sudo ls
bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
root@5c55117a425e:/# which sudo
/usr/bin/sudo
root@5c55117a425e:/# ls -l /usr/bin/sudo
-rwxr-xr-x 1 root root 155008 Feb 10  2014 /usr/bin/sudo

On an SELinux capable host (Fedora 20), the fact that /sys is mounted RO is supposed to signal to the container that SELinux is not supported on the inside, so it doesn't try to do things that won't work. Perhaps surprisingly, Ubuntu ships various things linked with libselinux, but the version on 12.04 lacks the above check.

$ sudo docker run -ti ubuntu:12.04 
root@b55e77ab9ef4:/# useradd test
useradd: failure while writing changes to /etc/passwd
root@b55e77ab9ef4:/# vipw
vipw: setfscreatecon () failed: Permission denied
vipw: /etc/passwd is unchanged

It thinks SELinux is enabled:

root@b55e77ab9ef4:/# id -Z
system_u:system_r:svirt_lxc_net_t:s0:c14,c127

For comparison, CentOS 7 on the same host, working correctly:

$ sudo docker run -ti --rm centos:7 /bin/bash
[root@cdc99d8acf68 /]# id -Z
id: --context (-Z) works only on an SELinux-enabled kernel

RHEL 6 had the same problem; their fix was to update libselinux: https://bugzilla.redhat.com/show_bug.cgi?id=1112748

The official Ubuntu 10.04 server installer (ubuntu-12.04.4-server-amd64.iso) installs libc6_2.15-0ubuntu10.5.

user@ubuntu:~$ dpkg-query --show libc6
libc6   2.15-0ubuntu10.5

apt-get update && apt-get upgrade does not change this version.

The docker image ubuntu:10.04, however contains libc6_2.11.1-0ubuntu7.
On apt-get update && apt-get upgrade, an update to 2.11.1-0ubuntu7.13 is tried.
This fails:

root@5e356583b3ec:/# dpkg-query --show libc6
libc6   2.11.1-0ubuntu7

root@5e356583b3ec:/# apt-get update && apt-get upgrade
[...]
Preparing to replace libc6 2.11.1-0ubuntu7 (using .../libc6_2.11.1-0ubuntu7.13_amd64.deb) ...
[: 399: Illegal number: 3.14-1-amd64
/var/lib/dpkg/tmp.ci/preinst: 399: arithmetic expression: expecting EOF: "3.14-1-amd64"
dpkg: error processing /var/cache/apt/archives/libc6_2.11.1-0ubuntu7.13_amd64.deb (--unpack):
 subprocess new pre-installation script returned error exit status 2
Errors were encountered while processing:
 /var/cache/apt/archives/libc6_2.11.1-0ubuntu7.13_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)

This means that I cannot install IBM DB2 as described in http://public.dhe.ibm.com/software/dw/db2/express-c/whitepaper/DB2andUbuntuWhitepaper_p2.pdf because a dependency on libc6-dev triggers the failing update of libc6.

have a number of Dockerfiles that are based on a plain 'FROM ubuntu'. These containers depend on 'sudo' being installed, which up until 14.04.4 the latest image had.

When 16.04 became the latest, my containers broke. While I understand I can modify my containers to use 14.04 specifically or install sudo, it seems this change might cause problems for others, so I thought I'd report it.

% docker run ubuntu:14.04.4 sudo echo foo
foo

% docker run ubuntu:16.04 sudo echo foo
docker: Error response from daemon: Container command 'sudo' not found or does not exist..

Time for yakkety to be tagged?

On the ubuntu:14.04 image the HOME environment variable is set to / instead of /root. This causes scripts that rely on ~ to dereference the home path to scatter files across the root of the file system.

This can be duplicated by running:

sudo docker run -ti ubuntu:14.04 bash
echo $HOME

Running sudo su followed by echo $HOME on a standard Ubuntu installation (no container) results in /root.

Using the official 14.04.1 image. It lacks TLS1.2 support. Apache 2 is unable to provide TLS1.2 support even with the right directive. As per the link below, this is fixed in subsequent patches but docker needs the base image to be rebuilt. Can we get a new drop of 14.04.1 with current updates? See http://askubuntu.com/questions/477260/ubuntu-server-14-04-apache-2-4-tlsv1-2-tlsv1-1-support for related problem.

Looking at the history of the base image for ubuntu:14.04
docker history --no-trunc=true ubuntu:14.04

I noticed that in the last step when you did the apt-get update the
image grew 70MB. This made me remember one issue I posted in the
official docker issue tracker some months ago:

moby/moby#3110

In particular my last comment about how to compress and use compressed
indexes for APT.

echo 'Acquire::GzipIndexes "true"; Acquire::CompressionTypes::Order:: "gz";' > /etc/apt/apt.conf.d/02compress-indexes

I did this in the base image and it reduced the size of the folder
/var/lib/apt/lists from 70MB to 19MB.

I think it is a good idea to include this in the image. I also think
that other APT based images like the debian ones can benefit from this
change. What do you think ?

How to install ubuntu software inside this docker?

I tried this
$ docker run ubuntu:14.04 apt-get install openjdk-jre

It prompted error msg denpenancy is not going to installed.

I'm having issues getting i386 versions of libraries, which I need for my application.
For instance:
root@b332d51eec4d:/c10/install/c10/linuxi38664h# apt-get install libxm4:i386
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package libxm4

I've tried this on ubuntu:latest, and ubuntu:12,04.
The default amd64 version works, of course.

I can add in libraries from my host OS (which is Ubuntu 14.04) but this seems wrong.

Thanks
Graham

The trusty and 14.04 tags are different containers. Latest points to same container as trusty. Surely they should all be the same?

ubuntu  14.04   e54ca5efa2e9  13 days ago  276.5 MB
ubuntu  trusty  ef83896b7fb9  7 days ago   192.7 MB
ubuntu  latest  ef83896b7fb9  7 days ago   192.7 MB

It seems that even though you recently added Wily, none of the other images are getting the updates that Ubuntu is providing via the partner site core images. For example, vivid was recently updated on the 11th and on the 29th and lots of times in-between before and after you created the Wily image... yet Vivid received no update. Can we please get more standard updates to this image?

When I run apt-get update for first time while using ubuntu:trusty image, my command fails due to MD5 mismatch. After checking on Ubuntu channel , I was told that quite possibly the base image has broken packages cached and we might have to clean and re-publish the base image.

Command:

sudo docker run -i -t --rm ubuntu:trusty apt-get update

Output:

Ign http://archive.ubuntu.com trusty InRelease       
Ign http://archive.ubuntu.com trusty-updates InRelease
Ign http://archive.ubuntu.com trusty-security InRelease
Hit http://archive.ubuntu.com trusty Release.gpg
Get:1 http://archive.ubuntu.com trusty-updates Release.gpg [933 B]
Get:2 http://archive.ubuntu.com trusty-security Release.gpg [933 B]
Hit http://archive.ubuntu.com trusty Release                                                                                                     
Get:3 http://archive.ubuntu.com trusty-updates Release [58.5 kB]                                                                                 
Get:4 http://archive.ubuntu.com trusty-security Release [58.5 kB]              
Err http://archive.ubuntu.com trusty-security Release 

Hit http://archive.ubuntu.com trusty/main Sources
Hit http://archive.ubuntu.com trusty/restricted Sources
Hit http://archive.ubuntu.com trusty/universe Sources
Hit http://archive.ubuntu.com trusty/main amd64 Packages
Hit http://archive.ubuntu.com trusty/restricted amd64 Packages
Hit http://archive.ubuntu.com trusty/universe amd64 Packages
Get:5 http://archive.ubuntu.com trusty-updates/main Sources [83.9 kB]
Get:6 http://archive.ubuntu.com trusty-updates/restricted Sources [14 B]                                                                         
Get:7 http://archive.ubuntu.com trusty-updates/universe Sources [60.0 kB]                                                                        
Get:8 http://archive.ubuntu.com trusty-updates/main amd64 Packages [218 kB]                                                                      
Get:9 http://archive.ubuntu.com trusty-updates/restricted amd64 Packages [14 B]                                                                  
Get:10 http://archive.ubuntu.com trusty-updates/universe amd64 Packages [155 kB]                                                                 
Fetched 636 kB in 51s (12.4 kB/s)                                                                                                                
Reading package lists... Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://archive.ubuntu.com trusty-security Release: The following signatures were invalid: BADSIG 40976EAF437D05B5 Ubuntu Archive Automatic Signing Key <[email protected]>

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-security/Release  

W: Failed to fetch bzip2:/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_trusty-updates_main_source_Sources  Hash Sum mismatch

W: Failed to fetch bzip2:/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_trusty-updates_universe_source_Sources  Hash Sum mismatch

W: Failed to fetch bzip2:/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_trusty-updates_main_binary-amd64_Packages  Hash Sum mismatch

W: Failed to fetch bzip2:/var/lib/apt/lists/partial/archive.ubuntu.com_ubuntu_dists_trusty-updates_universe_binary-amd64_Packages  Hash Sum mismatch

W: Some index files failed to download. They have been ignored, or old ones used instead.

When trying to install nodejs-legacy and npm APT packages in Ubuntu 14.04 Docker image (after updating APT), it fails due to linux-libc-dev package not being found.

The installation command looks as follows:

RUN apt-get -y install npm nodejs-legacy

And it fails with this error:

E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/l/linux/linux-libc-dev_3.13.0-30.55_amd64.deb  404  Not Found [IP: 91.189.92.201 80]

Almost all images derivate from image id 511136ea3c5a (which could be labelled scratch, because it's the one choosen when using FROM scratch). At least since some docker version 0.x if I'm not mistaken.

And recently, the ubuntu image b7cf8f0d9e82 (tags: ubuntu:14.04 ubuntu:14.04.2 ubuntu:latest ubuntu:trusty ubuntu:trusty-20150320) didn't derive from "scrach".

Is it a bug in the image creation process ? Or a new direction/convention about root images ?

This image previously would remove the apt lists, so it forced downstream images to call apt-get update before attempting to install any packages. That was removed in 2b01015, as was the old call to apt-get update, which was so long ago that it's not relevant anymore.

So now this image includes support for universe packages, but the apt lists that are provided only cover the main packages. This is confusing for anyone who is used to running apt-get install to install standard packages (like git-core, for example), but then attempts to install a universe package only to see

E: Unable to locate package foo

It's even more confusing because the official sources.list file includes universe, and it's not clear that you should call apt-get update to refresh those lists.

Was netcat removed from the ubuntu:12.04 image recently? Since rebuilding some old images tonight, I got errors about netcat not being installed (though it shows up on the list of 12.04 minimal list).

Yep. Again. :(

http://www.openssl.org/news/secadv_20140806.txt

docker pull ubuntu:12.04.

docker run -t -i ubuntu:12.04 /bin/bash

It seems to be heavily lacking in basic functionality that appears to be in ubuntu 14.04. For example try "service networking status" you get nothing back. Sudo is missing and other stuff that should be included accoding the the ubuntu page for precise. http://packages.ubuntu.com/precise/ubuntu-minimal.

https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
https://weakdh.org/
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4000.html

Once upstream fixes drop (in the partner-images builds), an update will be in order. 👍

I build a new container using "FROM ubuntu16.04"and found that it was dev branch

 cat /etc/issue
Ubuntu Xenial Xerus (development branch) \n \l

$ docker run -i -t ubuntu:14.04 ping archive.ubuntu.com
PING archive.ubuntu.com (91.189.92.200) 56(84) bytes of data.
64 bytes from obake.canonical.com (91.189.92.200): icmp_seq=1 ttl=49 time=34.4 ms
64 bytes from obake.canonical.com (91.189.92.200): icmp_seq=2 ttl=49 time=34.5 ms
^C
--- archive.ubuntu.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 34.420/34.490/34.560/0.070 ms

$ docker run -i -t ubuntu:14.04 apt-get update
Ign http://archive.ubuntu.com trusty InRelease
Ign http://archive.ubuntu.com trusty-updates InRelease
Ign http://archive.ubuntu.com trusty-security InRelease
Ign http://archive.ubuntu.com trusty Release.gpg
Ign http://archive.ubuntu.com trusty-updates Release.gpg
Ign http://archive.ubuntu.com trusty-security Release.gpg
Ign http://archive.ubuntu.com trusty Release
Ign http://archive.ubuntu.com trusty-updates Release
Ign http://archive.ubuntu.com trusty-security Release
Ign http://archive.ubuntu.com trusty/main Sources/DiffIndex
Ign http://archive.ubuntu.com trusty/restricted Sources/DiffIndex
Ign http://archive.ubuntu.com trusty/universe Sources/DiffIndex
Ign http://archive.ubuntu.com trusty/main amd64 Packages/DiffIndex
Ign http://archive.ubuntu.com trusty/restricted amd64 Packages/DiffIndex
Ign http://archive.ubuntu.com trusty/universe amd64 Packages/DiffIndex
Ign http://archive.ubuntu.com trusty-updates/main Sources/DiffIndex
Ign http://archive.ubuntu.com trusty-updates/restricted Sources/DiffIndex
Ign http://archive.ubuntu.com trusty-updates/universe Sources/DiffIndex
Ign http://archive.ubuntu.com trusty-updates/main amd64 Packages/DiffIndex
Ign http://archive.ubuntu.com trusty-updates/restricted amd64 Packages/DiffIndex
Ign http://archive.ubuntu.com trusty-updates/universe amd64 Packages/DiffIndex
Ign http://archive.ubuntu.com trusty-security/main Sources/DiffIndex
Ign http://archive.ubuntu.com trusty-security/restricted Sources/DiffIndex
Ign http://archive.ubuntu.com trusty-security/universe Sources/DiffIndex
Ign http://archive.ubuntu.com trusty-security/main amd64 Packages/DiffIndex
Ign http://archive.ubuntu.com trusty-security/restricted amd64 Packages/DiffIndex
Ign http://archive.ubuntu.com trusty-security/universe amd64 Packages/DiffIndex
Err http://archive.ubuntu.com trusty/main Sources
404 Not Found [IP: 91.189.92.200 80]
Err http://archive.ubuntu.com trusty/restricted Sources
404 Not Found [IP: 91.189.92.200 80]
Err http://archive.ubuntu.com trusty/universe Sources
404 Not Found [IP: 91.189.92.200 80]
Err http://archive.ubuntu.com trusty/main amd64 Packages
404 Not Found [IP: 91.189.92.200 80]
Err http://archive.ubuntu.com trusty/restricted amd64 Packages
404 Not Found [IP: 91.189.92.200 80]
Err http://archive.ubuntu.com trusty/universe amd64 Packages
404 Not Found [IP: 91.189.92.200 80]
Err http://archive.ubuntu.com trusty-updates/main Sources
404 Not Found [IP: 91.189.92.200 80]
Err http://archive.ubuntu.com trusty-updates/restricted Sources
404 Not Found [IP: 91.189.92.200 80]
Err http://archive.ubuntu.com trusty-updates/universe Sources
404 Not Found [IP: 91.189.92.200 80]
Err http://archive.ubuntu.com trusty-updates/main amd64 Packages
404 Not Found [IP: 91.189.92.200 80]
Err http://archive.ubuntu.com trusty-updates/restricted amd64 Packages
404 Not Found [IP: 91.189.92.200 80]
Err http://archive.ubuntu.com trusty-updates/universe amd64 Packages
404 Not Found [IP: 91.189.92.200 80]
Err http://archive.ubuntu.com trusty-security/main Sources
404 Not Found [IP: 91.189.92.200 80]
Err http://archive.ubuntu.com trusty-security/restricted Sources
404 Not Found [IP: 91.189.92.200 80]
Err http://archive.ubuntu.com trusty-security/universe Sources
404 Not Found [IP: 91.189.92.200 80]
Err http://archive.ubuntu.com trusty-security/main amd64 Packages
404 Not Found [IP: 91.189.92.200 80]
Err http://archive.ubuntu.com trusty-security/restricted amd64 Packages
404 Not Found [IP: 91.189.92.200 80]
Err http://archive.ubuntu.com trusty-security/universe amd64 Packages
404 Not Found [IP: 91.189.92.200 80]
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/main/source/Sources 404 Not Found [IP: 91.189.92.200 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/restricted/source/Sources 404 Not Found [IP: 91.189.92.200 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/universe/source/Sources 404 Not Found [IP: 91.189.92.200 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/main/binary-amd64/Packages 404 Not Found [IP: 91.189.92.200 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/restricted/binary-amd64/Packages 404 Not Found [IP: 91.189.92.200 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/universe/binary-amd64/Packages 404 Not Found [IP: 91.189.92.200 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/main/source/Sources 404 Not Found [IP: 91.189.92.200 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/restricted/source/Sources 404 Not Found [IP: 91.189.92.200 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/universe/source/Sources 404 Not Found [IP: 91.189.92.200 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/main/binary-amd64/Packages 404 Not Found [IP: 91.189.92.200 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/restricted/binary-amd64/Packages 404 Not Found [IP: 91.189.92.200 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-updates/universe/binary-amd64/Packages 404 Not Found [IP: 91.189.92.200 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-security/main/source/Sources 404 Not Found [IP: 91.189.92.200 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-security/restricted/source/Sources 404 Not Found [IP: 91.189.92.200 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-security/universe/source/Sources 404 Not Found [IP: 91.189.92.200 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-security/main/binary-amd64/Packages 404 Not Found [IP: 91.189.92.200 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-security/restricted/binary-amd64/Packages 404 Not Found [IP: 91.189.92.200 80]

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty-security/universe/binary-amd64/Packages 404 Not Found [IP: 91.189.92.200 80]

E: Some index files failed to download. They have been ignored, or old ones used instead.

Steps to reproduce:

1. Compile openconnect in the 15.04 container
2. Run openconnect and get this error:

openconnect: error while loading shared libraries: libopenconnect.so.5: cannot open shared object file: No such file or directory

To fix, I added this to my Dockerfile:

ENV LD_LIBRARY_PATH /usr/local/lib:/usr/lib:/lib

Is there any reason not to make this the default?

The following packages have unmet dependencies:
git : Depends: liberror-perl but it is not going to be installed
E: Unable to correct problems, you have held broken packages.

http://www.ubuntu.com/usn/usn-2232-1/
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1332643

Hi,
thank you for this 14.04.04 Image from Ubuntu.
A short Question I am new and I try to connect by ssh to the running Server but the connection is always refused.
What can I do?
Or what I doing in the wrong way?
Also other synology users told me there having the same difficulties.
I run the Image on my synology Diskstaion.
I got this Errors:

ssh -p 65535 [email protected]

ssh -p 65535 [email protected] -v
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.1.118 [192.168.1.118] port 65535.
debug1: Connection established.
debug1: identity file /home/dufoy/.ssh/id_rsa type -1
debug1: identity file /home/dufoy/.ssh/id_rsa-cert type -1
debug1: identity file /home/dufoy/.ssh/id_dsa type -1
debug1: identity file /home/dufoy/.ssh/id_dsa-cert type -1
debug1: identity file /home/dufoy/.ssh/id_ecdsa type -1
debug1: identity file /home/dufoy/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/dufoy/.ssh/id_ed25519 type -1
debug1: identity file /home/dufoy/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6
ssh_exchange_identification: read: Connection reset by peer

Best Theo

Hello,

I've just tried replacing amd64 with i386 in the update.sh script, run update.sh trusty and got a perfectly fine 32-bit image. Would it be possible for you to also maintain 32-bit images this way? My use case is running wine inside, which seems to be quite a bit easier for me on i386.

Thanks,

I'm trying to debug an issue where a string of greek characters appears as ????? (in the output of a java app that fails), and I noticed I can't even type greek characters in bash.

I'm using the 14.04 base image at the moment, and if I try to type greek characters in bash I get some strange behavior where:

1. a diamond appears as the first character I type,
2. some of the previously typed (english) characters are erased, and
3. I can use backspace to delete part of the prompt.

If I try the same in sh or dash, no diamond appears, but again I can delete part of the prompt with backspace afterwards.

I also found this:
http://stackoverflow.com/questions/25637292/cannot-type-unicode-in-a-ubuntu14-04-container-can-type-just-fine-in-busybox

Installing linux-image-extra-virtual or fooling around with locale settings doesn't seem to work...

I'll test with different versions of ubuntu and with debian, and I'll report back if I find something meaningful...

Heyo, did some verifications against ubuntu:latest

$ docker pull ubuntu
Using default tag: latest
latest: Pulling from library/ubuntu
Digest: sha256:b53bb7b0d18842214ac7472c2a8801e8682c247d30f1ba4bab0083a2e2e091ea
Status: Image is up to date for ubuntu:latest

and found the following packages were out of date in the base:

isc-dhcp-client 4.2.4-7ubuntu12.3
isc-dhcp-common 4.2.4-7ubuntu12.3
libgnutls-openssl27 2.12.23-12ubuntu2.3
libgnutls26 2.12.23-12ubuntu2.3
libpng12-0 1.2.50-1ubuntu2.14.04.1

Can we refresh? Thanks!

Hello,
Did a pull request: #19
This makes image creation in one RUN

1. Make image smaller
2. Remove few layers from final image

Thanks,

Hi,

it would be great to have the latest Utopic Unicorn version as a tag.

Is it planned to be integrated?

Thanks in advance + regards,

Stefan

e9338b6#diff-853f229e404c9525584cef7936eeafadR110

The manifest shows that there are parts of Python 3.4.0 and parts of Python 3.4.3 installed. Further, when you attempt to apt-get install -y python3-dev it blows up miserably because of these 3.4.3 bits that are installed where python3-dev expects to install 3.4.0 instead.

Canonical doesn't even show Python 3.4.3 to be available for Trusty. How are these packages getting installed?

The following:

docker pull ubuntu:14.04.2
docker run -it ubuntu:14.04.2
$ apt-get update

fails with the following error:

...
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://archive.ubuntu.com trusty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 16126D3A3E5C1192

W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/trusty/Release

W: Some index files failed to download. They have been ignored, or old ones used instead.

[EDIT]

I should mention this happens on OSX with Boot2docker 1.8. For some reason I cannot recreate this on Linux. Things I've tried: upgrading boot2docker (which starts with a fresh ISO image, no docker images).

Err http://archive.ubuntu.com/ubuntu/ trusty-security/main openssl amd64 1.0.1f-1ubuntu2.3
404 Not Found [IP: 91.189.92.201 80]
Fetched 89.3 MB in 23s (3778 kB/s)
E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_1.0.1f-1ubuntu2.3_amd64.deb 404 Not Found [IP: 91.189.92.201 80]

The archive is not present on server

If you discard Git history, how do you keep version control? If I see a change in build or behavior across time in a Dockerfile based on these images, how can I find out what changed in the base image?

I tried to find any kind of description for the official docker images regarding security updates. Unfortunately I could not find any. Thing's I'm looking for are:

• is there any commitment to update the docker tags when security updates come in
• is there any commitment to maximum lag behind security update repos
• is there any description of best practices on:
  • keeping own images fresh
  • upgrading manually in case the first two points are not valid

The only thing I could find is worrying information about apt-get in docker file (basically don't run upgrade)

It would be good if the image docker hub description included this info. Even if it's "you're on your own".

Now that Xenial 16.04 is released, will that be tagged latest?

I used debootstrap to generate base images for several older ubuntu versions:

https://registry.hub.docker.com/u/mcandre/docker-ubuntu/tags/manage/

Could we tag these into the tianon repository on Docker Hub?

When i want to build a Dockerfile based on the ubuntu:16.04 baseimg i always get GPG errors during an apt-get update.
resulting in

E: There were unauthenticated packages error

when i want to install packages.

Example Dockerfile: http://sprunge.us/fETf
Example output: http://sprunge.us/hXWE

Is there a reason why I cannot use sshfs on this image (ubuntu 12.04)? I pulled it, installed sshfs but I am always getting an "operation not permitted" error. Cheers, Javier

Hello,
I believe some images need to be recreated after the glibc fix here:
http://changelogs.ubuntu.com/changelogs/pool/main/e/eglibc/eglibc_2.19-0ubuntu6.7/changelog

By default with ubuntu:14.04 we get:

$ /lib/x86_64-linux-gnu/libc.so.6
GNU C Library (Ubuntu EGLIBC 2.19-0ubuntu6.6) stable release version 2.19, by Roland McGrath et al.

But an upgrade is available for libc6 and afterwards we have:

lib/x86_64-linux-gnu/libc.so.6
GNU C Library (Ubuntu EGLIBC 2.19-0ubuntu6.7) stable release version 2.19, by Roland McGrath et al.

http://www.openwall.com/lists/oss-security/2014/09/24/10

docker run -it ubuntu:trusty env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
Unable to find image 'ubuntu:trusty' locally
Pulling repository ubuntu
53bf7a53e890: Download complete 
511136ea3c5a: Download complete 
134b5dc84bc7: Download complete 
692254366b1a: Download complete 
ed98671f0531: Download complete 
bffdbd3bc4b2: Download complete 
964692831e07: Download complete 
vulnerable
this is a test

More info here: http://www.reddit.com/r/netsec/comments/2hbxtc/cve20146271_remote_code_execution_through_bash/

Hello,

As per moby/moby#611 it would be nice if ubuntu containers were provided with 32-bit abi support - that is with dpkg --add-architecture i386 enabled and e.g. libc6:i386 installed. This would enable people to have 32-bit workloads on otherwise 64-bit-only docker hosts/containers.

This started out as a problem with Neo4j, but it has evolved into some kind of a problem with the Xenial build on DockerHub. This is a problem which only exists in the Docker image, and not any any known "real" installation. Details are provided here:

• neo4j/neo4j#7052

How can I enable tab completion ? I tried installing bash-completion using apt, but, it didn't work.

I tried to install tomcat7 on an ubuntu (image id 5506de2b643b) following instructions on this blog post: http://blog.trifork.com/2013/08/15/using-docker-to-efficiently-create-multiple-tomcat-instances. I noticed that the init.d script did not return successfully although the tomcat java process was running and tomcat was working. Further research showed that start-stop-daemon --test is not working correctly. Here's a bash session showing the bug.

#TOMCAT PID IS 43
root@a2cf26ade2a9:/# ps -eaf | grep tomcat7
tomcat7     43     1  0 14:06 ?        00:00:04 /usr/lib/jvm/java-7-oracle/bin/java -Djava.util.logging.config.file=/var/lib/tomcat7/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.awt.headless=true -Xmx128m -XX:+UseConcMarkSweepGC -Djava.endorsed.dirs=/usr/share/tomcat7/endorsed -classpath /usr/share/tomcat7/bin/bootstrap.jar:/usr/share/tomcat7/bin/tomcat-juli.jar -Dcatalina.base=/var/lib/tomcat7 -Dcatalina.home=/usr/share/tomcat7 -Djava.io.tmpdir=/tmp/tomcat7-tomcat7-tmp org.apache.catalina.startup.Bootstrap start

#PID FILE HAS CORRECT PID
root@a2cf26ade2a9:/#  cat /var/run/tomcat7.pid
43

#START-STOP-DAEMON --TEST REPORTS THAT IT WOULD START TOMCAT EVEN 
# THOUGH IT'S RUNNING 
root@a2cf26ade2a9:/#  start-stop-daemon --test --start --pidfile /var/run/tomcat7.pid --user tomcat7 --exec /usr/lib/jvm/java-7-oracle/bin/java
Would start /usr/lib/jvm/java-7-oracle/bin/java .

root@a2cf26ade2a9:/# echo $?
0

start-stop-daemon works as expected on my native Ubuntu install (Ubuntu 14.04.1 LTS)

When run it with -d, it'll exits immediately。The stat is:
NTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0401c5294f2d ubuntu:latest "/bin/bash" 15 seconds ago Exited (0) 14 seconds ago loving_nobel