Docker imagebuilder custom files arent copied

I am trying to build a custom image in the imagebuilder docker image and I must be doing something wring with my custom files because they are never copied. I have tried both relative and absolute file paths in FILES="...", but neither seem to work.

Per https://openwrt.org/docs/guide-user/additional-software/imagebuilder#custom_files and https://openwrt.org/docs/guide-developer/uci-defaults#integrating_custom_settings : I have created the folder /builder/files/etc/uci-defaults inside the docker image and put my script in there.

here is the script I am trying to add:

cat << "EOF" > /etc/uci-defaults/90-mxi-defaults
uci -q batch << EOI

# Configure network interface for Docker
uci set network.dockerlan=interface
uci set network.dockerlan.proto='none'
uci set network.dockerlan.device='docker1'

# Configure firewall zone for Docker
uci set firewall.docker=zone
uci set firewall.docker.input='ACCEPT'
uci set firewall.docker.output='ACCEPT'
uci set firewall.docker.forward='ACCEPT'
uci set firewall.docker.name='docker'
uci set firewall.docker.network='dockerlan' 'docker'

# Configure firewall forwards for Docker zone
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='docker'
uci set firewall.@forwarding[-1].dest='lan'

uci add firewall forwarding
uci set firewall.@forwarding[-1].src='docker'
uci set firewall.@forwarding[-1].dest='wan'

uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].dest='docker'

# Add redirect rule for luci-http
uci add firewall redirect
uci set firewall.@redirect[-1].target='DNAT'
uci set firewall.@redirect[-1].name='luci-http'
uci set firewall.@redirect[-1].src='wan'
uci set firewall.@redirect[-1].src_dport='8180'
uci set firewall.@redirect[-1].dest_port='80'

# Add redirect rule for ssh-wan
uci add firewall redirect
uci set firewall.@redirect[-1].target='DNAT'
uci set firewall.@redirect[-1].name='ssh-wan'
uci set firewall.@redirect[-1].src='wan'
uci set firewall.@redirect[-1].src_dport='2200'
uci set firewall.@redirect[-1].dest_port='22'

# Add firewall rule for code-server
uci add firewall rule
uci set firewall.@rule[-1].name='code-server'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].dest_port='8443'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='0'

# Add firewall rule for mxi-agent
uci add firewall rule
uci set firewall.@rule[-1].name='mxi-agent'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].dest_port='5000'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='0'

# Add redirect rule for dozzle
uci add firewall redirect
uci set firewall.@redirect[-1].target='DNAT'
uci set firewall.@redirect[-1].name='dozzle'
uci set firewall.@redirect[-1].src='wan'
uci set firewall.@redirect[-1].src_dport='8880'
uci set firewall.@redirect[-1].dest_port='8080'
uci set firewall.@redirect[-1].enabled='0'

# Add firewall rule for mxi-config
uci add firewall rule
uci set firewall.@rule[-1].name='mxi-config'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].dest_port='8000'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='0'

# Add firewall rule for ttyd (webtty) on port 7681
uci add firewall rule
uci set firewall.@rule[-1].name='ttyd'
uci set firewall.@rule[-1].src='wan'
uci set firewall.@rule[-1].dest_port='7681'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].enabled='1'

# Set system time zone and hostname
uci set system.@system[0].zonename='America/Los_Angeles'
uci set system.@system[0].hostname='OpenWrt'

# Commit the changes
uci commit
EOI
EOF

I launch the build with

make image PROFILE=friendlyarm_nanopi-r5s ROOTFS_PARTSIZE="512" PACKAGES="luci luci-app-dockerman luci-app-ttyd nano docker dockerd docker-compose block-mount git-http lsblk fdisk" FILES="/builder/files/"

(Have also tried FILES="files" relative path)
The build goes fine, I grab the resulting image and flash my device.
...after flashing... the uci settings arent applied and both /etc/uci-defaults and /rom/etc/uci-defaults are both empty.

Am I adding custom files correctly? or am i doing something wrong?

I always supply a full path, but it has to be the real full path. Is your /builder directory really at root?

$ here=`pwd`
$ mkdir -p $here/files/etc/uci-defaults
$ cp 50-my-init.sh $here/files/etc/uci-defaults/
$ make image ... FILES="$here/files"

ya, its at root. im using https://hub.docker.com/layers/openwrt/imagebuilder/rockchip-armv8/images/sha256-58027e8801df752ec9f8b160467fada0c86416c02827b3286314b522a9498b61?context=explore which provides /builder at root

buildbot@226fcb790438:~/files/etc/uci-defaults$ ls
90-mxi-defaults
buildbot@226fcb790438:~/files/etc/uci-defaults$ pwd
/builder/files/etc/uci-defaults

(90-mxi-defaults is the script im trying to copy) i feel like im going crazy. crossing my fingers someone spots a typo or something

I just did a few (x86, as that's what I've got laying around) imagebuilder runs and I can't see anything wrong with what you're doing.

I added /etc/stuff/stuff.txt so I'd have an easy name to search. Here's what it looks like, in the off chance it helps...

$ pwd
~/openwrt/image_builder/openwrt-imagebuilder-x86-64.Linux-x86_64

$ find files/
files/
files/etc
files/etc/stuff
files/etc/stuff/stuff.txt

$ make image PROFILE=generic FILES="files"
... snip all that log output ...

$ find . -iname '*stuff*'
./build_dir/target-x86_64_musl/root-x86/etc/stuff
./build_dir/target-x86_64_musl/root-x86/etc/stuff/stuff.txt
./files/etc/stuff
./files/etc/stuff/stuff.txt

i see the same:

$ find . -iname '90-mxi*'
./files/etc/uci-defaults/90-mxi-defaults
./build_dir/target-aarch64_generic_musl/root-rockchip/etc/uci-defaults/90-mxi-defaults

but i cant find the script on the device after flashing. it is neither in /rom/etc/uci-defaults nor /etc/uci-defaults, and the settings arent applied. if its in ./build_dir/target-aarch64_generic_musl/root-rockchip/etc/uci-defaults after building, then why isnt it in the resulting image?

from here, i am copying the .img.gz image from /builder/bin/targets/rockchip/armv8 for flashing. is that right?!

Yeah, if the files make it into the build_dir, then they certainly should be included in the image with all the other uci-defaults files...

Yes, that's right. But just to confirm, you're grabbing one of the sysupgrade images? (I'm not familiar with that platform, but not one of the factory or rootfs or whatever else gets built...)

1 Like

yup; only sysupgrade gets built for this profile anyways. even if the script was present and ran, the original would be present in /rom/etc/uci-defaults post-flash and post-boot, correct?

I tried mounting the img in wsl/ubuntu, but ran into issues about bad sector or something. admittedly i dont know enough about the img construction and therefore dont know much about mounting it like that (as in not the root). Can I mount the output img to inspect its contents?

Yeah, everything you've mentioned thus far in the thread is correct as far as I can tell including this, that directory and its contents should remain forever in the 'ro' partition.

Apparently some people can. I've never gotten it to work, what with all the losetups and mounts and other disk/partition stuff, I'm not a Real Sysadmin™, I just write code. :grin:

1 Like

well - it was me.

uci set firewall.docker.network='dockerlan' 'docker'

is not valid due to multiple networks. you must use uci add_list in order to add multiple args.

so it looks like my scripts were failing, preventing all of the changes in the script being applied. however, the original scripts are not being copied to /rom/ folder as described in the docs, so i assumed the script wasnt running.