Installing Apt packages is one of the supported features of the Toolforge build service. However, the apt buildpack it’s apparently based on doesn’t work very well in my experience, for a variety of reasons.
The listed Apt packages aren’t actually “installed” in the container image, like one might expect. They are extracted in /layers/fagiani_apt/apt/, with a little shell script in /layers/fagiani_apt/apt/.profile.d/000_apt.sh to add that directory to certain environment variables (PATH, LD_LIBRARY_PATH, LIBRARY_PATH, INCLUDE_PATH, CPATH, CPPPATH, and PKG_CONFIG_PATH). As far as I can tell, 000_apt.sh isn’t sourced automatically, you just have to know it’s there.
Because the packages are only extracted, postinst scripts don’t run and, for instance, the “alternatives” system isn’t updated. Putting default-jre-headless in the Aptfile will install a Java (including a java binary in /layers/fagiani_apt/apt/usr/lib/jvm/java-11-openjdk-amd64/bin/java), but no symlink in …/usr/bin/java nor …/etc/alternatives/java; thus, there is no java in the $PATH.
Various things break because the packages are not extracted in the root directory. As far as I’m aware, arbitrary Debian/Ubuntu packages aren’t expected to work like this, and may reference absolute paths, such as:
- Even if you set up the right $PATH and $JAVA, java -help will crash. It loads /layers/fagiani_apt/apt/usr/lib/jvm/java-11-openjdk-amd64/conf/security/java.security, which is a symbolic link to /etc/java-11-openjdk/security/java.security, which doesn’t exist.
- Maven likewise crashes because it tries to read /layers/fagiani_apt/apt/usr/share/maven/bin/m2.conf, a symlink to /etc/maven/m2.conf.
The installed packages may be installed without dependencies. For instance, installing jq doesn’t work – the libjq1 dependency is missing. As far as I can tell from the toolforge build output, this seems to be because the host system where the image is built (but not the final image) already has jq installed:
[step-build] 2023-12-20T19:09:48.082631756Z -----> Fetching .debs for jq [step-build] 2023-12-20T19:09:48.831877811Z Reading package lists... [step-build] 2023-12-20T19:09:48.995784697Z Building dependency tree... [step-build] 2023-12-20T19:09:49.368174928Z 0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 26 not upgraded. [step-build] 2023-12-20T19:09:49.368233497Z Need to get 52.5 kB of archives. [step-build] 2023-12-20T19:09:49.368390189Z After this operation, 0 B of additional disk space will be used. [step-build] 2023-12-20T19:09:49.368679183Z Get:1 http://archive.ubuntu.com/ubuntu jammy/main amd64 jq amd64 1.6-2.1ubuntu3 [52.5 kB] [step-build] 2023-12-20T19:09:49.559276166Z Fetched 52.5 kB in 0s (132 kB/s) [step-build] 2023-12-20T19:09:49.559340818Z Download complete and in download only mode
jq is reinstalled, and its dependency isn’t downloaded, so it’s missing from the custom apt cache directory where the buildpack would later extract it from.