{"@attributes":{"version":"2.0"},"channel":{"title":"Charlz' Realm","description":"Just some random thoughts, experiments and discoveries","link":"https:\/\/www.charlz.net\/","item":[{"title":"How to Build an Incus Buster Image","description":"\n \n

It\u2019s always nice to have container images of Debian releases to test things,\nrun applications or explore a bit without polluting your host machine. From\nsome Brazilian friends (you know who you are ;-), I\u2019ve learned the best way to\ndebug a problem or test a fix is spinning up an incus container, getting to it\nand finding the minimum reproducer. So the combination incus + Debian is\nsomething that I\u2019m very used to, but the problem is there are no images for\nDebian ELTS and testing security fixes to see if they actually fix the\nvulnerability and don\u2019t break anything else is very important.<\/p>\n\n

Well, the regular images don\u2019t materialize out of thin air, right? So we can\nlearn how they are made and try to generate ELTS images in the same way -\nshouldn\u2019t be that difficult, right? Well, kinda ;-)<\/p>\n\n

The images available by default in incus come from\nimages.linuxcontainers.org<\/a> and are built\nby Jenkins using distrobuilder. If you follow the links, you will find the\nrepository containing the yaml image definitions used by distrobuilder at\ngithub.com\/lxc\/lxc-ci<\/a>. With a bit of\ninvestigation work, a fork<\/a>, an incus\nVM with distrobuilder installed and some magic (also called trial and error) I\nwas able to build a buster image! Whooray, but VM and stretch images are still\nwork in progress.<\/p>\n\n

Anyway, I wanted to share how you can build your images and document this\nprocess so I don\u2019t forget, so here we are\u2026<\/p>\n\n

Building Instructions<\/h2>\n\n

We will use an incus trixie VM to perform the build so we don\u2019t clutter our own\nmachine.<\/p>\n\n

incus launch images:debian\/trixie <instance-name> --vm<\/span>\n<\/code><\/pre><\/div><\/div>\n\n
Then let\u2019s hop into the machine and install the dependencies.<\/p>\n\n
incus shell <instance-name>\n<\/code><\/pre><\/div><\/div>\n\n
And\u2026<\/p>\n\n
apt install <\/span>git distrobuilder\n<\/code><\/pre><\/div><\/div>\n\n
Let\u2019s clone the repository with the yaml definition to build a buster\ncontainer.<\/p>\n\n
git clone --branch<\/span> support-debian-buster https:\/\/github.com\/charles2910\/lxc-ci.git\n# and cd into it<\/span>\ncd <\/span>lxc-ci\n<\/code><\/pre><\/div><\/div>\n\n
Then all we need is to pass the correct arguments to distrobuilder so it can build\nthe image. It can output the image in the current directory or in a pre-defined\nplace, so let\u2019s create an easy place for the images.<\/p>\n\n
mkdir<\/span> -p<\/span> \/tmp\/images\/buster\/container\n# and perform the build<\/span>\ndistrobuilder build-incus images\/debian.yaml \/tmp\/images\/buster\/container\/ \\<\/span>\n            -o<\/span> image.architecture=<\/span>amd64 \\<\/span>\n            -o<\/span> image.release=<\/span>buster \\<\/span>\n            -o<\/span> image.variant=<\/span>default  \\<\/span>\n            -o<\/span> source.url=<\/span>\"http:\/\/archive.debian.org\/debian\"<\/span>\n<\/code><\/pre><\/div><\/div>\n\n
It requires a build definition written in yaml format to perform the build. If\nyou are curious, check the images\/<\/code> subdir.<\/p>\n\n
If all worked correctly, you should have two files in your pre-defined target\ndirectory. In our case, \/tmp\/images\/buster\/container\/<\/code> contains:<\/p>\n\n
incus.tar.xz  rootfs.squashfs\n<\/code><\/pre><\/div><\/div>\n\n
Let\u2019s copy it to our host so we can add the image to our incus server.<\/p>\n\n
incus file pull <instance-name>\/tmp\/images\/buster\/container\/incus.tar.xz .<\/span>\nincus file pull <instance-name>\/tmp\/images\/buster\/container\/rootfs.squashfs .<\/span>\n# and import it as debian\/10<\/span>\nincus image import incus.tar.xz rootfs.squashfs --alias<\/span> debian\/10\n<\/code><\/pre><\/div><\/div>\n\n
If we are lucky, we can run our Debian buster container now!<\/p>\n\n
incus launch local<\/span>:debian\/10 <debian-buster-instance>\nincus shell <debian-buster-instance>\n<\/code><\/pre><\/div><\/div>\n\n
Well, now all that is left is to install Freexian\u2019s ELTS package\nrepository<\/a>\nand update the image to get a lot of CVE fixes.<\/p>\n\n
apt install<\/span> --assume-yes<\/span> wget\nwget https:\/\/deb.freexian.com\/extended-lts\/archive-key.gpg -O<\/span> \/etc\/apt\/trusted.gpg.d\/freexian-archive-extended-lts.gpg\ncat<\/span> <<<\/span>EOF<\/span> >\/etc\/apt\/sources.list.d\/extended-lts.list\ndeb http:\/\/deb.freexian.com\/extended-lts buster-lts main contrib non-free\n<\/span>EOF\n<\/span>apt update\napt --assume-yes<\/span> upgrade\n<\/code><\/pre><\/div><\/div>\n\n        ","pubDate":"Thu, 09 Oct 2025 00:01:09 -0300","link":"https:\/\/www.charlz.net\/2025-10-09-buster-incus-image\/","guid":"https:\/\/www.charlz.net\/2025-10-09-buster-incus-image\/"},{"title":"Making KGB less noisy","description":"\n          \n          
This past month I did setup KGB to send notifications to #debian-lts when new\nmerge requests were created in the LTS website\u2019s repo and I learned a couple\ncool things. I\u2019ve been trying to document things more so I don\u2019t have to\nresearch the same topic months later, hence the blog seemed like a good idea,\nspecially since many debianites have KGB set on their favorite IRC channel\nand this post will go to planet.debian.org.<\/p>\n\n
Selecting What Goes to IRC<\/h2>\n\n
Salsa (Debian\u2019s GitLab instance) can generate a lot of\nevents<\/a> for\nthings that happen on a repository and a lot of them can be pushed to KGB via\nwebhooks<\/a>. Generally I\nprefer a minimal set enabled otherwise it\u2019s too much clutter on the IRC side,\nbut it\u2019s important to go through each option to see what makes sense or not.\nFrom the experience I had, the following ones are the most useful to have it\non:<\/p>\n\n