Base Images

To ensure proper version control we will be taking full control of the following two public images:

Ubuntu 20.04

version: '3.8'

      image: seed/ubuntu/focal:1.0.0
      build: .
FROM scratch
ADD ubuntu-focal-oci-amd64-root.tar.gz /
CMD ["bash"]
40795f39d0f4d3187c0132c5c1d0cb73195caaa8097e0486d75f8edc8cd109b0  ubuntu-focal-oci-amd64-root.manifest
908896fee17c7c3c7b35981d3e5030afa066f2a757a00df9521390308e15275c  ubuntu-focal-oci-amd64-root.tar.gz
afde2e714e09e78ca4bbeb2700ac706cd7b174fab0b5525edc5fec0458c0bfab  ubuntu-focal-oci-arm64-root.manifest
2099d1899e7e6b110a2bb269edb7e2322e4f75a266f6e562ae3c1c189e06394d  ubuntu-focal-oci-arm64-root.tar.gz
45bfb3d20ad9797fd3442e4179ef4bc28a7681c77bd3c74b8e2484a8afd67e3b  ubuntu-focal-oci-armhf-root.manifest
1cdd75754be4bbb65155133d91d0521cf206839ce5ad41fa0cef1b0df74ad9ac  ubuntu-focal-oci-armhf-root.tar.gz
979c58ab736eaf720ae1244e396590a271ddac602208b28223de53c06efeca81  ubuntu-focal-oci-ppc64el-root.manifest
d3f7688ce2d1bb682783f6b10d37ca0d77e1115384932f29d9bf8b98b973c4ef  ubuntu-focal-oci-ppc64el-root.tar.gz
e5b5dfc3ffe3168e28b965a64f5c8643d619f612268dabd9cd17029f1feeab2d  ubuntu-focal-oci-riscv64-root.manifest
126291630fbacebacfec221e0d3f12653f4857ad989257dc17fe78300dd5d7b0  ubuntu-focal-oci-riscv64-root.tar.gz
d9a475e2eddc1bec1fc75a257095aeced3156f17c0d0a1c0a72309bfe70575ae  ubuntu-focal-oci-s390x-root.manifest
c834e3f65025b7cb79e0f5749ba496fda8e5233ce5a37641ddc0ff7a832a62a9  ubuntu-focal-oci-s390x-root.tar.gz
adduser	3.118ubuntu2
apt	2.0.9
base-files	11ubuntu5.5
base-passwd	3.5.47
bash	5.0-6ubuntu1.2
bsdutils	1:2.34-0.1ubuntu9.3
bzip2	1.0.8-2
coreutils	8.30-3ubuntu2
debconf	1.5.73
debianutils	4.9.1
diffutils	1:3.7-3
dpkg	1.19.7ubuntu3.2
e2fsprogs	1.45.5-2ubuntu1.1
fdisk	2.34-0.1ubuntu9.3
findutils	4.7.0-1ubuntu1
gcc-10-base:amd64	10.3.0-1ubuntu1~20.04
gpgv	2.2.19-3ubuntu2.2
grep	3.4-1
gzip	1.10-0ubuntu4.1
hostname	3.23
init-system-helpers	1.57
libacl1:amd64	2.2.53-6
libapt-pkg6.0:amd64	2.0.9
libattr1:amd64	1:2.4.48-5
libaudit-common	1:2.8.5-2ubuntu6
libaudit1:amd64	1:2.8.5-2ubuntu6
libblkid1:amd64	2.34-0.1ubuntu9.3
libbz2-1.0:amd64	1.0.8-2
libc-bin	2.31-0ubuntu9.9
libc6:amd64	2.31-0ubuntu9.9
libcap-ng0:amd64	0.7.9-2.1build1
libcom-err2:amd64	1.45.5-2ubuntu1.1
libcrypt1:amd64	1:4.4.10-10ubuntu4
libdb5.3:amd64	5.3.28+dfsg1-0.6ubuntu2
libdebconfclient0:amd64	0.251ubuntu1
libext2fs2:amd64	1.45.5-2ubuntu1.1
libfdisk1:amd64	2.34-0.1ubuntu9.3
libffi7:amd64	3.3-4
libgcc-s1:amd64	10.3.0-1ubuntu1~20.04
libgcrypt20:amd64	1.8.5-5ubuntu1.1
libgmp10:amd64	2:6.2.0+dfsg-4
libgnutls30:amd64	3.6.13-2ubuntu1.6
libgpg-error0:amd64	1.37-1
libhogweed5:amd64	3.5.1+really3.5.1-2ubuntu0.2
libidn2-0:amd64	2.2.0-2
liblz4-1:amd64	1.9.2-2ubuntu0.20.04.1
liblzma5:amd64	5.2.4-1ubuntu1.1
libmount1:amd64	2.34-0.1ubuntu9.3
libncurses6:amd64	6.2-0ubuntu2
libncursesw6:amd64	6.2-0ubuntu2
libnettle7:amd64	3.5.1+really3.5.1-2ubuntu0.2
libp11-kit0:amd64	0.23.20-1ubuntu0.1
libpam-modules:amd64	1.3.1-5ubuntu4.3
libpam-modules-bin	1.3.1-5ubuntu4.3
libpam-runtime	1.3.1-5ubuntu4.3
libpam0g:amd64	1.3.1-5ubuntu4.3
libpcre2-8-0:amd64	10.34-7
libpcre3:amd64	2:8.39-12ubuntu0.1
libprocps8:amd64	2:3.3.16-1ubuntu2.3
libseccomp2:amd64	2.5.1-1ubuntu1~20.04.2
libselinux1:amd64	3.0-1build2
libsemanage-common	3.0-1build2
libsemanage1:amd64	3.0-1build2
libsepol1:amd64	3.0-1ubuntu0.1
libsmartcols1:amd64	2.34-0.1ubuntu9.3
libss2:amd64	1.45.5-2ubuntu1.1
libstdc++6:amd64	10.3.0-1ubuntu1~20.04
libsystemd0:amd64	245.4-4ubuntu3.17
libtasn1-6:amd64	4.16.0-2
libtinfo6:amd64	6.2-0ubuntu2
libudev1:amd64	245.4-4ubuntu3.17
libunistring2:amd64	0.9.10-2
libuuid1:amd64	2.34-0.1ubuntu9.3
libzstd1:amd64	1.4.4+dfsg-3ubuntu0.1
login	1:4.8.1-1ubuntu5.20.04.2
logsave	1.45.5-2ubuntu1.1
lsb-base	11.1.0ubuntu2
mount	2.34-0.1ubuntu9.3
ncurses-base	6.2-0ubuntu2
ncurses-bin	6.2-0ubuntu2
passwd	1:4.8.1-1ubuntu5.20.04.2
perl-base	5.30.0-9ubuntu0.2
procps	2:3.3.16-1ubuntu2.3
sed	4.7-1
sensible-utils	0.0.12+nmu1
sysvinit-utils	2.96-2.1ubuntu1
tar	1.30+dfsg-7ubuntu0.20.04.2
ubuntu-keyring	2020.02.11.4
util-linux	2.34-0.1ubuntu9.3
zlib1g:amd64	1:1.2.11.dfsg-2ubuntu1.3

As we are now managing the source for ubuntu ourselves, we need to add some minor clarifications on the content of the repo at We are leveraging the dist-amd64 branch that changes on each update and gets re-published. The build-info.txt contains the specific time stamp of the entire remote ubuntu package. So as you download the source files, know that they are based on the build of that specific time stamp. The actual content of the image is contained within the binary file ubuntu-focal-core-cloudimg-amd64-root.tar.gz and described in the ubuntu-focal-core-cloudimg-amd64.manifest.

As we move the source into its own repo from, the following files are managed:

  • Dockerfile - of course the actual docker file
  • build-info.txt - reference to time of the build (using SERIAL=20210827 above)
  • SHA256SUMS - quick reference to shas to be used for integrity checks
  • ubuntu-focal-oci-amd64.manifest - what is inside the tar with versions etc
  • ubuntu-focal-oci-amd64-root.tar.gz - the tar of the actual distro

Note: the Dockerfile is used as is, without any changes.

OpenJDK 8

version: '3.8'

      image: seed/java/openjdk-8:1.0.0
      build: .
FROM seed/ubuntu/focal:1.0.0


RUN apt-get update \
    && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata curl ca-certificates fontconfig locales \
    && echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen \
    && locale-gen en_US.UTF-8 \
    && rm -rf /var/lib/apt/lists/*

ENV JAVA_VERSION jdk8u292-b10

RUN set -eux; \
    ARCH="$(dpkg --print-architecture)"; \
    case "${ARCH}" in \
       aarch64|arm64) \
         ESUM='a29edaf66221f7a51353d3f28e1ecf4221268848260417bc562d797e514082a8'; \
         BINARY_URL=''; \
         ;; \
       armhf|armv7l) \
         ESUM='0de107b7df38314c1daab78571383b8b39fdc506790aaef5d870b3e70048881b'; \
         BINARY_URL=''; \
         ;; \
       ppc64el|ppc64le) \
         ESUM='7ecf00e57033296fd23201477a64dc13a1356b16a635907e104d079ddb544e4b'; \
         BINARY_URL=''; \
         ;; \
       s390x) \
         ESUM='276a431c79b7e94bc1b1b4fd88523383ae2d635ea67114dfc8a6174267f8fb2c'; \
         BINARY_URL=''; \
         LIBFFI_SUM='05e456a2e8ad9f20db846ccb96c483235c3243e27025c3e8e8e358411fd48be9'; \
         LIBFFI_URL=''; \
         curl -LfsSo /tmp/libffi6.deb ${LIBFFI_URL}; \
         echo "${LIBFFI_SUM} /tmp/libffi6.deb" | sha256sum -c -; \
         apt-get install -y --no-install-recommends /tmp/libffi6.deb; \
         rm -rf /tmp/libffi6.deb; \
         ;; \
       amd64|x86_64) \
         ESUM='0949505fcf42a1765558048451bb2a22e84b3635b1a31dd6191780eeccaa4ada'; \
         BINARY_URL=''; \
         ;; \
       *) \
         echo "Unsupported arch: ${ARCH}"; \
         exit 1; \
         ;; \
    esac; \
    curl -LfsSo /tmp/openjdk.tar.gz ${BINARY_URL}; \
    echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \
    mkdir -p /opt/java/openjdk; \
    cd /opt/java/openjdk; \
    tar -xf /tmp/openjdk.tar.gz --strip-components=1; \
    rm -rf /tmp/openjdk.tar.gz;

ENV JAVA_HOME=/opt/java/openjdk \

Based on Dockerfile.hotspot.releases.full inside and no changes applied besides using our versioned ubuntu base image in the FROM statement.


As we are introducing this as our first set of images, we want to clarify that we use docker-compose for both building and running containers as its declarative nature makes it easier to understand, change and use. Bonus points: it makes Code Reviews significantly simpler too.

It further visualizes specifically how ports, networks, volumes, environment variables are managed as they will differ from where you run it. While the Dockerfile remains constant "Build Once run Anywhere" (almost), the compose file is what ties it to your run environment.

To build the base images we will be leveraging the build compose file for each image.

docker-compose -f seed/ubuntu-focal/docker-compose.yml build
docker-compose -f seed/openjdk-8/docker-compose.yml build