From 568e9177b2215d3d56dc9fda4b7f5b432b6f5146 Mon Sep 17 00:00:00 2001
From: Mike Tesch <mitesch@github.com>
Date: Fri, 16 Jan 2026 08:30:30 -0500
Subject: [PATCH] [ubuntu-slim] Add docker-cli, fix apt sources, and keep apt
 lists (#13511)

---
 images/ubuntu-slim/Dockerfile                     |  5 +++++
 .../scripts/build/configure-apt-sources.sh        |  4 ++--
 images/ubuntu-slim/scripts/build/configure-apt.sh |  5 -----
 .../scripts/build/install-docker-cli.sh           | 15 +++++++++++++++
 images/ubuntu-slim/scripts/helpers/cleanup.sh     |  2 +-
 images/ubuntu-slim/test.sh                        |  3 +++
 6 files changed, 26 insertions(+), 8 deletions(-)
 create mode 100644 images/ubuntu-slim/scripts/build/install-docker-cli.sh

diff --git a/images/ubuntu-slim/Dockerfile b/images/ubuntu-slim/Dockerfile
index 82e7afc1e..44528477a 100644
--- a/images/ubuntu-slim/Dockerfile
+++ b/images/ubuntu-slim/Dockerfile
@@ -25,6 +25,8 @@ RUN find /tmp/scripts -name "*.sh" -type f -exec chmod +x {} \;
 COPY scripts/entrypoint.sh /opt/entrypoint.sh
 RUN chmod +x /opt/entrypoint.sh
 
+RUN echo 'set -eo pipefail' >> /etc/bash.bashrc
+
 RUN apt-get update && apt-get upgrade -y && apt-get install -y sudo lsb-release jq dpkg && \
     touch /run/.containerenv && \
     /tmp/scripts/build/configure-apt-sources.sh && \
@@ -52,9 +54,12 @@ RUN apt-get update && apt-get upgrade -y && apt-get install -y sudo lsb-release
     /tmp/scripts/build/install-python.sh && \
     /tmp/scripts/build/install-zstd.sh && \
     /tmp/scripts/build/install-pipx-packages.sh && \
+    /tmp/scripts/build/install-docker-cli.sh && \
     /tmp/scripts/build/configure-system.sh && \
     /tmp/scripts/helpers/cleanup.sh
 
+RUN sed -i '/set -eo pipefail/d' /etc/bash.bashrc
+
 ENTRYPOINT ["/opt/entrypoint.sh"]
 
 CMD [ "bash" ]
diff --git a/images/ubuntu-slim/scripts/build/configure-apt-sources.sh b/images/ubuntu-slim/scripts/build/configure-apt-sources.sh
index d1125cf60..8a1f10088 100644
--- a/images/ubuntu-slim/scripts/build/configure-apt-sources.sh
+++ b/images/ubuntu-slim/scripts/build/configure-apt-sources.sh
@@ -13,7 +13,7 @@ printf "https://archive.ubuntu.com/ubuntu/\tpriority:2\n" | tee -a /etc/apt/apt-
 printf "https://security.ubuntu.com/ubuntu/\tpriority:3\n" | tee -a /etc/apt/apt-mirrors.txt
 
 if is_ubuntu24; then
-    sed -i 's|http://azure\.archive\.ubuntu\.com/ubuntu/|mirror+file:/etc/apt/apt-mirrors.txt|' /etc/apt/sources.list.d/ubuntu.sources
+    sed -i 's|http://archive\.ubuntu\.com/ubuntu/|mirror+file:/etc/apt/apt-mirrors.txt|' /etc/apt/sources.list.d/ubuntu.sources
 else
-    sed -i 's|http://azure\.archive\.ubuntu\.com/ubuntu/|mirror+file:/etc/apt/apt-mirrors.txt|' /etc/apt/sources.list
+    sed -i 's|http://archive\.ubuntu\.com/ubuntu/|mirror+file:/etc/apt/apt-mirrors.txt|' /etc/apt/sources.list
 fi
diff --git a/images/ubuntu-slim/scripts/build/configure-apt.sh b/images/ubuntu-slim/scripts/build/configure-apt.sh
index 849a1449c..d109ce386 100644
--- a/images/ubuntu-slim/scripts/build/configure-apt.sh
+++ b/images/ubuntu-slim/scripts/build/configure-apt.sh
@@ -36,9 +36,6 @@ Acquire::https::No-Cache true;
 Acquire::BrokenProxy    true;
 EOF
 
-# Uninstall unattended-upgrades
-apt-get purge unattended-upgrades
-
 echo 'APT sources'
 if ! is_ubuntu24; then
     cat /etc/apt/sources.list
@@ -47,7 +44,5 @@ else
 fi
 
 apt-get update
-# Install jq
-apt-get install jq
 
 echo "ubuntu ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
diff --git a/images/ubuntu-slim/scripts/build/install-docker-cli.sh b/images/ubuntu-slim/scripts/build/install-docker-cli.sh
new file mode 100644
index 000000000..3b0a7a869
--- /dev/null
+++ b/images/ubuntu-slim/scripts/build/install-docker-cli.sh
@@ -0,0 +1,15 @@
+#!/bin/bash -e
+################################################################################
+##  File:  install-docker-cli.sh
+##  Desc:  Install docker cli, but not the engine
+################################################################################
+
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+
+echo \
+  "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
+  $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
+
+apt-get update
+
+apt-get install docker-ce-cli
diff --git a/images/ubuntu-slim/scripts/helpers/cleanup.sh b/images/ubuntu-slim/scripts/helpers/cleanup.sh
index 2b3daefba..5193aee28 100644
--- a/images/ubuntu-slim/scripts/helpers/cleanup.sh
+++ b/images/ubuntu-slim/scripts/helpers/cleanup.sh
@@ -9,4 +9,4 @@ find /var/log/ -type f -exec cp /dev/null {} \;
 
 rm -rf /tmp/downloads /tmp/installers
 
-apt-get clean && rm -rf /var/lib/apt/lists/*
\ No newline at end of file
+apt-get clean
diff --git a/images/ubuntu-slim/test.sh b/images/ubuntu-slim/test.sh
index bb9054f1f..c97575ae7 100755
--- a/images/ubuntu-slim/test.sh
+++ b/images/ubuntu-slim/test.sh
@@ -7,6 +7,8 @@
 # Usage: test.sh [IMAGE_NAME]
 # If IMAGE_NAME is not provided, defaults to ubuntu-slim:test
 
+set -eo pipefail
+
 show_help() {
     echo "Usage: $0 [IMAGE_NAME]"
     echo ""
@@ -91,6 +93,7 @@ run_test "zstd is installed" zstd --version
 run_test "google cloud SDK is installed" gcloud --version
 run_test "git lfs is installed" git lfs version
 run_test "powershell is installed" pwsh --version
+run_test "docker-cli is installed" docker --version
 
 # Quick check: ensure the imagedata JSON file was created during image build
 run_test "imagedata JSON file exists" test -f /imagegeneration/imagedata.json