It would be advantageous to ensure Dobby can run OCI images based on the Alpine linux distribution (https://alpinelinux.org/). Initial testing shows a few potential issues with Alpine based images that need further investigation.
Images based on alpine that may be applicable to embedded devices:
- Home Assistant: https://hub.docker.com/r/homeassistant/home-assistant
Plugin Issues The startContainer hook runs inside the container namespace, meaning the Dobby PluginLauncher, all plugin .so files and any dependant libraries must be available within the container namespace for the hook to execute and run. This causes an issue with alpine as it uses musl libc and the host uses glibc. There are also issues with overriding libraries in the container with ones from the host - e.g. libstdc++.so, as they likely have different symbols. Static Link Plugins & Plugin Launcher Statically linking both plugins & plugin launcher would remove the need to mount in all the dependant libs into the container. Downsides: Increased size Statically linking glibc has issues - dlopen calls may cause issues: https://stackoverflow.com/questions/57476533/why-is-statically-linking-glibc-discouraged Mount Plugin Libs in private location Mount the dependencies for all plugins into a non-standard directory, and set the LD_LIBRARY_PATH env var in the startContainer hook to this directory. This means the hook would use the libraries bind mounted from the host over any included in the container Downsides: Still need to enumerate a list of all dependencies needed by plugins for bundlegen Could miss a necessary dependency, causing failure to run plugins
^^ Fixed by removing the startContainer hook https://github.com/rdkcentral/Dobby/pull/66
Initial testing shows a potential issue with alpine images where the user in the container shows as root, but does not actually have root permissions. Commands that require root permissions fail. User namespaces were disabled for this test container, so the container is running as root:
This is possibly related to not having enough UID/GIDs available within the container - need to investigate shadow-utils (https://github.com/shadow-maint/shadow and https://git.yoctoproject.org/cgit.cgi/poky/tree/meta/recipes-extended/shadow)