From 4a1c62f4c9ede0e888002931bdadbfd74878238f Mon Sep 17 00:00:00 2001
From: Igor Novgorodov <igor.novgorodov@dfinity.org>
Date: Wed, 2 Oct 2024 20:00:25 +0200
Subject: [PATCH] fix(BOUN-1250): ubuntu: add systemd-resolved (#1808)

In 24.04 it's shipped as a separate package
---
 ic-os/boundary-guestos/context/Dockerfile     | 35 +++++++++----------
 .../boundary-guestos/context/Dockerfile.base  |  2 ++
 2 files changed, 18 insertions(+), 19 deletions(-)

diff --git a/ic-os/boundary-guestos/context/Dockerfile b/ic-os/boundary-guestos/context/Dockerfile
index 2cbf960cda9..714b6ae2c73 100644
--- a/ic-os/boundary-guestos/context/Dockerfile
+++ b/ic-os/boundary-guestos/context/Dockerfile
@@ -32,10 +32,10 @@ RUN \
 # Second build stage:
 # - Construct base images with the differences between dev and prod (IC-OS root filesystem)
 #
-FROM $BASE_IMAGE as image-dev
+FROM $BASE_IMAGE AS image-dev
 # nns public key will be on the USB stick
 
-FROM $BASE_IMAGE as image-prod
+FROM $BASE_IMAGE AS image-prod
 USER root:root
 
 # Bake the nns public key into the image
@@ -118,6 +118,7 @@ RUN for SERVICE in /etc/systemd/system/*; do \
     if [ -f "$SERVICE" -a ! -L "$SERVICE" ] && grep -q '^.Install.' "$SERVICE" ; then systemctl enable "${SERVICE#/etc/systemd/system/}" ; fi ; \
     done && \
     systemctl enable \
+    ssh \
     chrony \
     nftables \
     systemd-networkd \
@@ -125,14 +126,7 @@ RUN for SERVICE in /etc/systemd/system/*; do \
     systemd-resolved \
     systemd-journal-gatewayd
 
-# Add user/group entries specified here: /usr/lib/sysusers.d/systemd.conf
-# E.g., systemd-timesync/coredump
-RUN systemd-sysusers && \
-    # Fix reproducibility issue. Notes in boundary-guestos/context/Dockerfile
-    usermod -p '!!' systemd-timesync && \
-    usermod -p '!!' systemd-coredump && \
-    # Set /bin/sh to point to /bin/bash instead of the default /bin/dash
-    echo "set dash/sh false" | debconf-communicate && dpkg-reconfigure -fnoninteractive dash
+RUN ln -sf /bin/bash /usr/bin/sh
 
 # Group accounts to which parts of the runtime state are assigned such that
 # user accounts can be granted individual access rights.
@@ -190,15 +184,18 @@ COPY opt /opt
 # Clear all files that may lead to indeterministic build.
 RUN apt-get clean && \
     rm -rf \
-        /var/cache/fontconfig/* /var/cache/ldconfig/aux-cache \
-        /var/log/alternatives.log /var/log/apt/history.log \
-        /var/log/apt/term.log /var/log/dpkg.log \
-        /var/lib/apt/lists/* /var/lib/dbus/machine-id \
-        /var/lib/initramfs-tools/5.8.0-50-generic && \
-    find /usr/local/share/fonts -name .uuid | xargs rm && \
-    find /usr/share/fonts -name .uuid | xargs rm && \
-    find /usr/lib -name "*.pyc" | xargs rm -rf&& \
-    find /usr/share -name "*.pyc" | xargs rm -rf&& \
+        /var/cache/fontconfig/* \
+        /var/cache/ldconfig/aux-cache \
+        /var/log/alternatives.log \
+        /var/log/apt/history.log \
+        /var/log/apt/term.log \
+        /var/log/dpkg.log \
+        /var/lib/apt/lists/* \
+        /var/lib/dbus/machine-id && \
+    find /usr/local/share/fonts -name .uuid -delete && \
+    find /usr/share/fonts -name .uuid -delete && \
+    find /usr/lib -name "*.pyc" -delete && \
+    find /usr/share -name "*.pyc" -delete && \
     truncate --size 0 /etc/machine-id
 
 # Update POSIX permissions in /opt
diff --git a/ic-os/boundary-guestos/context/Dockerfile.base b/ic-os/boundary-guestos/context/Dockerfile.base
index 3ef8a9df64f..6528449f3ce 100644
--- a/ic-os/boundary-guestos/context/Dockerfile.base
+++ b/ic-os/boundary-guestos/context/Dockerfile.base
@@ -62,6 +62,7 @@ RUN \
         iproute2 \
         iputils-ping \
         less \
+        linux-image-virtual-hwe-24.04 \
         logrotate \
         lshw \
         lvm2 \
@@ -78,6 +79,7 @@ RUN \
         systemd \
         systemd-sysv \
         systemd-journal-remote \
+        systemd-resolved \
         tcpdump \
         traceroute \
         mtr-tiny \