This might be a little detailed for most, feel free to don your peril-sensitive sunglasses.

So, no offence to Debian 9.6 Stretch, but the rest of the fleet runs Ubuntu, which is very similar, but, well, some packages are different.

So lets see how we can make the Chromebook run a Ubuntu image and still have Wayland support and file sharing. There are a bunch of pages (cros-*) that add these things ‘sommelier’, ‘garcon’, ‘wayland’, etc. When your image is loaded in lxc, a /dev/.ssh mount is loaded which contains well-known keys for the username that matches the name of your *first* login account. For me, ‘db’. I think you are kind of stuck with this name. The ssh keys are used for ‘sshfs’ which is how the Files app gets to your home dir within the container.

Now, lets try building a container that matches expectations.

lxc image copy ubuntu:18.04 local: --alias bionic
lxc launch bionic cros

lxc exec cros -- bash

Now we are in the being-prepped container, run:

echo "deb stretch main" > /etc/apt/sources.list.d/cros.list
if [ -f /dev/.cros_milestone ]; then sudo sed -i "s?packages?packages/$(cat /dev/.cros_milestone)?" /etc/apt/sources.list.d/cros.list; fi
apt-key adv --keyserver --recv-keys 1397BC53640DB551
apt update
apt install -y binutils adwaita-icon-theme-full 

apt download cros-ui-config
ar x cros-ui-config_0.12_all.deb data.tar.gz
gunzip data.tar.gz
tar f data.tar --delete ./etc/gtk-3.0/settings.ini
gzip data.tar
ar r cros-ui-config_0.12_all.deb data.tar.gz
rm -rf data.tar.gz

mkdir -p /opt/google/cros-containers/bin/sommelier
mkdir -p /opt/google/cros-containers/lib/
apt install -y libgl1-mesa-dri
cp /usr/lib/x86_64-linux-gnu/dri/ /opt/google/cros-containers/lib/

apt install -y cros-adapta cros-apt-config cros-garcon cros-guest-tools cros-sftp cros-sommelier cros-sommelier-config cros-sudo-config cros-systemd-overrides ./cros-ui-config_0.12_all.deb cros-unattended-upgrades cros-wayland
rm -rf cros-ui-config_0.12_all.deb
sed -i 's/Ambiance/CrosAdapta/' /etc/gtk-3.0/settings.ini
sed -i 's/ubuntu-mono-dark/CrosAdapta/' /etc/gtk-3.0/settings.ini
sed -i 's/gtk-sound-theme-name = ubuntu/gtk-font-name = Roboto 11/' /etc/gtk-3.0/settings.ini
sed -i '5d' /etc/gtk-3.0/settings.ini
sed -i -n '2{h;n;G};p' /etc/gtk-3.0/settings.ini
echo chronos-access:x:1001:db >> /etc/group

echo penguin > /etc/hostname

killall -u ubuntu
groupmod -n db ubuntu
usermod -md /home/db -l db ubuntu
usermod -aG users db
loginctl enable-linger db
sed -i 's/ubuntu/db/' /etc/sudoers.d/90-cloud-init-users
shutdown -h now

Now we are back to the host, run:

lxc publish cros --alias cros
lxc image export cros cros

Now, manually, put on USB, move to chromebook, copy to the default ‘penguin’ using the Files app

Now from the Termina:

lxc file pull penguin/home/db/cros.tar.gz $LXD_CONF

lxc stop --force penguin
lxc rename penguin google

lxc image import $LXD_CONF/cros.tar.gz --alias cros
lxc init cros penguin

OK we are done. And it worked. I now have a Ubuntu 18.04 image running, with file-sharing, and wayland for X-like stuff. I installed ‘rxvt-unicode’, and added a .Xdefaults file with a suitably large font (34) to overcome the DPI.


All of this is done in the ‘penguin’ container of ‘termina’ (e.g. enable ‘linux’ on the chrome settings). By default its Debian 9.6, and runs Python 3.5. But you might want to run e.g. Quart, which wants a newer rev for some asyncio. So, here goes.

Step 1: Install dev essentials, as root (e.g. sudo)

apt-get update
apt-get install -y build-essential libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev zlib1g-dev

Step 2: Install clang/llvm, as root (e.g. sudo)

echo deb llvm-toolchain-stretch-7 main > /etc/apt/sources.list.d/llvm.list
wget -O -|sudo apt-key add -

apt-get update
apt-get install -y libllvm-7-ocaml-dev libllvm7 llvm-7 llvm-7-dev llvm-7-doc llvm-7-examples llvm-7-runtime clang-7 clang-tools-7 clang-7-doc libclang-common-7-dev libclang-7-dev libclang1-7 clang-format-7 python-clang-7 libfuzzer-7-dev lldb-7 lld-7 libc++-7-dev libc++abi-7-dev libomp-7-dev

update-alternatives --install /usr/bin/llvm-profdata llvm-profdata /usr/bin/llvm-profata-7 90
update-alternatives --install /usr/bin/clang clang /usr/bin/clang-7 90
update-alternatives --install /usr/bin/clang++ clang++ /usr/bin/clang++-7 90

Step 3: Get & Install Python

tar -xzvf Python-3.7.1.tgz
./configure --enable-optimizations
make -j4
make install

And you have yourself some Python 3.7! Pip on!

Years ago I read this book “The Many Minds of Billy Milligan“. Its non-fiction, and quite good. The general gist of it is about an individual with multiple-personalities.

So lets talk about the new entry to my fleet, the Google Slate. Its a chromebook. And it has all kinds of split personalities that are walled off in enclaves inside its mind, just like Billy did.

For starters, Chromeos is based on GNU/Linux. But then it makes the UI (and all really) be Chrome. With secure enclaves. So all apps are ‘chrome’ apps. Nothing weirder than having to open an ssh terminal within a browser tab, but OK.

And then people started to want more. So, well, Android was brought to the table. Some sort of namespaced container interface. And it works reasonably well, but you end up with this weirdness (e.g. two copies of Google Drive, each needs to be separately logged in, and syncs separately). But OK, progress. Now we have lots of apps.

And then, well, people want more. They are going into ‘developer’ mode to enable Linux, or just flat out dual-booting. So why not give them what they want? So sure, instead of just running qemu on kvm like a normal personal, Google invents their own qemu replacement (crosvm). And, well, um. It works. It launches a locked down VM inside a tab in Chrome, and from that, runs Linux again. And from that, it runs LXC so you get another Linux container inside the vm instead the tab inside the… Well, its a matrovska russian nesting doll arrangement.

And there is light integration (courtesy of SSHFS) into that inner-most container from the chrome land.

So you end up with your files all over, some in Android-space, some in Linux-space, some in Chrome space, and some attempt by Google Drive to stitch this together.

Now Billy might have committed some crimes and gone to jail and had some questionable sanity. And I think the slate is heading this way if it doesn’t sort out some uniform filesystem etc.

But, progress.