cache apt packages cross-container

[banksean]

If we need to support Ubuntu, Debian etc images then we should provide some kind of caching for apt similar to the existing support for apk package caching.

IIUC, apt is a little trickier to cache in this cross-container environment since it clears out /var/cache/apt/archives after every install. Simply bind mounting it like we do for apk would just result in 100% cache misses for new sandbox containers.

There are at least two potential solutions to this problem, disable cache-clearing with a bind mount, or run a separate shared caching proxy for apt packages.

bind-mount, but disable cache-clearing

If we don't care about caching for apt installations post-container-creation, we can run apt-get for specific cases with a -o flag like so:

container <cmd> \
  --volume $SAND_BASE/caches/apt:/var/cache/apt/archives \
  sh -c "apt-get update && \
         apt-get install -y -o Binary::apt::APT::Keep-Downloaded-Packages=true curl git && \
         ./your-script.sh"

Or bake that -o flag into the image's config files so you don't have to specify it every time:

FROM ubuntu:latest

# 1. Prevent apt from deleting packages after install
# 2. Tell apt to store them in the standard archive location
RUN echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' > /etc/apt/apt.conf.d/01keep-debs && \
    echo 'Dir::Cache::archives "/var/cache/apt/archives";' >> /etc/apt/apt.conf.d/01keep-debs

# Optional: Pre-create the directory to avoid permission issues
RUN mkdir -p /var/cache/apt/archives/partial

Run a proxy for apt

Run a separate container for apt-cacher-ng and point sandbox containers at it by setting a -o flag like so:

container run ubuntu:latest \
  apt-get -o Acquire::http::Proxy="http://host.internal:3142" update

Or bake it into container image configs like so:

FROM ubuntu:latest
RUN echo 'Acquire::http::Proxy "http://host.internal:3142";' > /etc/apt/apt.conf.d/01proxy