Sandwiching Docker Between Devuan

I had been using Docker on Debian for quite a while already when I chose init freedom and switched to Devuan. I use it to keep my development environments from getting in each others way and prevent my Free Software Explorations from making a mess of my carefully configured machine(s). So it was only natural (for me) that I wanted to run Docker on top of Devuan and then run Devuan containers on top of Docker. The result? A delicious Devuan-Docker-Devuan sandwich.

Docker On Devuan

There already was a docker package when some Debian maintainers started packaging Docker. Since docker was already taken, they had to pick something else and settled on docker.io. Naturally, the situation on Devuan is the same and looking through its package repositories I found two versions.

$ apt-cache policy docker.io
docker.io:
  Installed: (none)
  Candidate: 1.13.1~ds1-2
  Version table:
     1.13.1~ds1-2 0
        500 http://auto.mirror.devuan.org/merged/ ceres/main amd64 Packages
     1.6.2~dfsg1-1~bpo8+1 0
        100 http://auto.mirror.devuan.org/merged/ jessie-backports/main amd64 Packages

Docker, like so many exciting projects, changes rapidly and releases often. Seeing that upstream released 1.6.2 on 2015-05-14 was not exactly encouraging. Especially 1.12.0 (released 2016-07-28) has greatly improved networking support and embeds Swarm mode, both features I'd like to use.

So should I then run something from ceres (i.e. unstable)? That prospect didn't seem particularly inviting, so I went for the upstream Docker CE for Debian package instead. Notwithstanding the fact it targets Debian, I have found that it runs without problems on Devuan (keeping fingers crossed).

Note

I guess I should mention that I use docker-ce with the btrfs storage driver. This works with both the stock 3.16 Linux image from jessie as well as the 4.9 version from jessie-backports. Note, the 4.9 Linux image does not support the default AUFS storage driver. I've purged the recommended aufs-tools package because of that.

Devuan On Docker

We have Docker Engine up and running so now we can just

docker run --rm -it devuan /bin/bash

right? Not so fast Watson. First of all, as of writing, there is no such image. Lacking official images, I had a look at the unofficial ones. The search results included five images that were Devuan plus some application, one image for i386 and the remaining nine were either stale or so devoid of details that I didn't feel comfortable using them. Call me paranoid but if there's no way to check how an image is made short of running it I prefer to roll my own. So that's exactly what I did.

I had wanted to use one of the Devuan virtual machine images but after re-discovering that my Libreboot T400 does not do hardware virtualization without blobs and finding software emulation excruciatingly slow, I opted for applying the migration route to a Debian Docker image. The migrated image can then be used to create a real Devuan image using the native debootstrap.

Using debootstrap to build Docker base images is well-documented in the docker-ce package's contributed scripts (take a peek in /usr/share/docker-ce/contrib/) and the debuerreotype utility's implementation. The latter tool is used to create the official Debian Docker images using the Debian project's snapshot package archives. Because the Devuan infrastructure doesn't have something like that, I could not just use debuerreotype and change a few URLs. Besides, I also wanted to make sure that there wouldn't be any systemd-isms in my images.

After a couple of iterations, I now have a decent Devuan Docker base image for stable. It has all tweaks from the Docker CE contrib scripts and debuerreotype that I thought relevant applied. You can pull it with

docker pull registry.gitlab.com/paddy-hack/devuan

There is also a builder "flavour" and I am thinking of making a helper "flavour" as well so you can get started with d1h in a jiffy. In addition, having testing and unstable versions would be neat too.

The gory details can be found at my docker-devuan project over at GitLab.com. By all means check out the project's registry for what is available.