Add Ubuntu-Slim image definition (#13423)

Add ubuntu-slim image definition

images/ubuntu-slim/scripts/build/configure-apt-sources.sh

@@ -0,0 +1,19 @@
+#!/bin/bash -e
+################################################################################
+##  File:  configure-apt-sources.sh
+##  Desc:  Configure apt sources with failover from Azure to Ubuntu archives.
+################################################################################
+
+source $HELPER_SCRIPTS/os.sh
+
+touch /etc/apt/apt-mirrors.txt
+
+printf "http://azure.archive.ubuntu.com/ubuntu/\tpriority:1\n" | tee -a /etc/apt/apt-mirrors.txt
+printf "https://archive.ubuntu.com/ubuntu/\tpriority:2\n" | tee -a /etc/apt/apt-mirrors.txt
+printf "https://security.ubuntu.com/ubuntu/\tpriority:3\n" | tee -a /etc/apt/apt-mirrors.txt
+
+if is_ubuntu24; then
+    sed -i 's|http://azure\.archive\.ubuntu\.com/ubuntu/|mirror+file:/etc/apt/apt-mirrors.txt|' /etc/apt/sources.list.d/ubuntu.sources
+else
+    sed -i 's|http://azure\.archive\.ubuntu\.com/ubuntu/|mirror+file:/etc/apt/apt-mirrors.txt|' /etc/apt/sources.list
+fi

images/ubuntu-slim/scripts/build/configure-apt.sh

@@ -0,0 +1,53 @@
+#!/bin/bash -e
+################################################################################
+##  File:  configure-apt.sh
+##  Desc:  Configure apt, install jq and apt-fast packages.
+################################################################################
+
+source $HELPER_SCRIPTS/os.sh
+
+# Stop and disable apt-daily upgrade services;
+# systemctl stop apt-daily.timer
+# systemctl disable apt-daily.timer
+# systemctl disable apt-daily.service
+# systemctl stop apt-daily-upgrade.timer
+# systemctl disable apt-daily-upgrade.timer
+# systemctl disable apt-daily-upgrade.service
+
+# Enable retry logic for apt up to 10 times
+echo "APT::Acquire::Retries \"10\";" > /etc/apt/apt.conf.d/80-retries
+
+# Configure apt to always assume Y
+echo "APT::Get::Assume-Yes \"true\";" > /etc/apt/apt.conf.d/90assumeyes
+
+# APT understands a field called Phased-Update-Percentage which can be used to control the rollout of a new version. It is an integer between 0 and 100.
+# In case you have multiple systems that you want to receive the same set of updates, 
+# you can set APT::Machine-ID to a UUID such that they all phase the same, 
+# or set APT::Get::Never-Include-Phased-Updates or APT::Get::Always-Include-Phased-Updates to true such that APT will never/always consider phased updates.
+# apt-cache policy pkgname
+echo 'APT::Get::Always-Include-Phased-Updates "true";' > /etc/apt/apt.conf.d/99-phased-updates
+
+# Fix bad proxy and http headers settings
+cat <<EOF >> /etc/apt/apt.conf.d/99bad_proxy
+Acquire::http::Pipeline-Depth 0;
+Acquire::http::No-Cache true;
+Acquire::https::Pipeline-Depth 0;
+Acquire::https::No-Cache true;
+Acquire::BrokenProxy    true;
+EOF
+
+# Uninstall unattended-upgrades
+apt-get purge unattended-upgrades
+
+echo 'APT sources'
+if ! is_ubuntu24; then
+    cat /etc/apt/sources.list
+else
+    cat /etc/apt/sources.list.d/ubuntu.sources
+fi
+
+apt-get update
+# Install jq
+apt-get install jq
+
+echo "ubuntu ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers

images/ubuntu-slim/scripts/build/configure-dpkg.sh

@@ -0,0 +1,42 @@
+#!/bin/bash -e
+################################################################################
+##  File:  configure-dpkg.sh
+##  Desc:  Configure dpkg
+################################################################################
+
+# Source the helpers for use with the script
+source $HELPER_SCRIPTS/etc-environment.sh
+source $HELPER_SCRIPTS/os.sh
+# This is the anti-frontend. It never interacts with you  at  all,
+# and  makes  the  default  answers  be used for all questions. It
+# might mail error messages to root, but that's it;  otherwise  it
+# is  completely  silent  and  unobtrusive, a perfect frontend for
+# automatic installs. If you are using this front-end, and require
+# non-default  answers  to questions, you will need to pre-seed the
+# debconf database
+set_etc_environment_variable "DEBIAN_FRONTEND" "noninteractive"
+
+# dpkg can be instructed not to ask for confirmation
+# when replacing a configuration file (with the --force-confdef --force-confold options)
+cat <<EOF >> /etc/apt/apt.conf.d/10dpkg-options
+Dpkg::Options {
+  "--force-confdef";
+  "--force-confold";
+}
+EOF
+
+# hide information about packages that are no longer required
+cat <<EOF >> /etc/apt/apt.conf.d/10apt-autoremove
+APT::Get::AutomaticRemove "0";
+APT::Get::HideAutoRemove "1";
+EOF
+
+# Install libicu70 package for Ubuntu 24
+if  is_ubuntu24 ; then
+  wget https://archive.ubuntu.com/ubuntu/pool/main/i/icu/libicu70_70.1-2_amd64.deb
+
+  EXPECTED_LIBICU_SHA512="a6315482d93606e375c272718d2458870b95e4ed4b672ea8640cf7bc2d2c2f41aea13b798b1e417e1ffc472a90c6aad150d3d293aa9bddec48e39106e4042807"
+  ACTUAL_LIBICU_SHA512="$(sha512sum "./libicu70_70.1-2_amd64.deb" | awk '{print $1}')"
+  [ "$EXPECTED_LIBICU_SHA512" = "$ACTUAL_LIBICU_SHA512" ] || { echo "libicu checksum mismatch in configure-dpkg.sh"; exit 1;}
+  sudo apt-get install -y ./libicu70_70.1-2_amd64.deb
+fi

images/ubuntu-slim/scripts/build/configure-environment.sh

@@ -0,0 +1,72 @@
+#!/bin/bash -e
+################################################################################
+##  File:  configure-environment.sh
+##  Desc:  Configure system and environment
+################################################################################
+
+# Source the helpers for use with the script
+source $HELPER_SCRIPTS/os.sh
+source $HELPER_SCRIPTS/etc-environment.sh
+
+whoami
+
+# Set ImageVersion and ImageOS env variables
+set_etc_environment_variable "ImageVersion" "${IMAGE_VERSION}"
+set_etc_environment_variable "ImageOS" "${IMAGE_OS}"
+
+# Set the ACCEPT_EULA variable to Y value to confirm your acceptance of the End-User Licensing Agreement
+set_etc_environment_variable "ACCEPT_EULA" "Y"
+
+# This directory is supposed to be created in $HOME and owned by user(https://github.com/actions/runner-images/issues/491)
+mkdir -p /etc/skel/.config/configstore
+set_etc_environment_variable "XDG_CONFIG_HOME" '$HOME/.config'
+
+# Prepare directory and env variable for toolcache
+echo "Setting up AGENT_TOOLSDIRECTORY and RUNNER_TOOL_CACHE variable to /opt/hostedtoolcache"
+AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache
+mkdir $AGENT_TOOLSDIRECTORY
+set_etc_environment_variable "AGENT_TOOLSDIRECTORY" "${AGENT_TOOLSDIRECTORY}"
+set_etc_environment_variable "RUNNER_TOOL_CACHE" "${AGENT_TOOLSDIRECTORY}"
+chmod -R 777 $AGENT_TOOLSDIRECTORY
+
+# https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html
+# https://www.suse.com/support/kb/doc/?id=000016692
+echo 'vm.max_map_count=262144' | tee -a /etc/sysctl.conf
+
+# https://kind.sigs.k8s.io/docs/user/known-issues/#pod-errors-due-to-too-many-open-files
+echo 'fs.inotify.max_user_watches=655360' | tee -a /etc/sysctl.conf
+echo 'fs.inotify.max_user_instances=1280' | tee -a /etc/sysctl.conf
+
+# https://github.com/actions/runner-images/issues/9491
+echo 'vm.mmap_rnd_bits=28' | tee -a /etc/sysctl.conf
+
+# https://github.com/actions/runner-images/pull/7860
+netfilter_rule='/etc/udev/rules.d/50-netfilter.rules'
+rules_directory="$(dirname "${netfilter_rule}")"
+mkdir -p $rules_directory
+touch $netfilter_rule
+echo 'ACTION=="add", SUBSYSTEM=="module", KERNEL=="nf_conntrack", RUN+="/usr/sbin/sysctl net.netfilter.nf_conntrack_tcp_be_liberal=1"' | tee -a $netfilter_rule
+
+# Remove fwupd if installed. We're running on VMs in Azure and the fwupd package is not needed.
+# Leaving it enable means periodic refreshes show in network traffic and firewall logs
+# Check if fwupd-refresh.timer exists in systemd
+if systemctl list-unit-files fwupd-refresh.timer &>/dev/null; then
+    echo "Masking fwupd-refresh.timer..."
+    systemctl mask fwupd-refresh.timer
+fi
+
+# This is a legacy check, leaving for earlier versions of Ubuntu
+# If fwupd config still exists, disable the motd updates
+if [[ -f "/etc/fwupd/daemon.conf" ]]; then
+    sed -i 's/UpdateMotd=true/UpdateMotd=false/g' /etc/fwupd/daemon.conf
+fi
+
+# Disable to load providers
+# https://github.com/microsoft/azure-pipelines-agent/issues/3834
+if is_ubuntu22; then
+    sed -i 's/openssl_conf = openssl_init/#openssl_conf = openssl_init/g' /etc/ssl/openssl.cnf
+fi
+
+# # Disable man-db auto update
+# echo "set man-db/auto-update false" | debconf-communicate
+# dpkg-reconfigure man-db

images/ubuntu-slim/scripts/build/configure-image-data-file.sh

@@ -0,0 +1,40 @@
+#!/bin/bash -e
+
+function create_imagedata_json() {
+
+  arch=$(uname -m)
+  if [[ $arch == "x86_64" ]]; then
+    arch="x64"
+  elif [[ $arch == "aarch64" ]]; then
+    arch="arm64"
+  else
+    echo "Unsupported architecture: $arch"
+    exit 1
+  fi
+
+  if [[ -n "$IMAGEDATA_INCLUDED_SOFTWARE" ]]; then
+    included_software="- Included Software: ${IMAGEDATA_INCLUDED_SOFTWARE}"
+  fi
+
+  imagedata_file="/imagegeneration/imagedata.json"
+
+  cat <<EOF > $imagedata_file
+[
+  {
+    "group": "VM Image",
+    "detail": "- OS: Linux (${arch})\n- Source: Docker\n- Name: ${IMAGEDATA_NAME}\n- Version: ${IMAGE_VERSION}\n${included_software}"
+  }
+]
+EOF
+
+}
+
+mkdir -p /imagegeneration
+
+# Generate the imagedata JSON file displayed on workflow initialization
+if [[ -n "$IMAGEDATA_NAME" ]]; then
+  echo "Generating imagedata JSON file"
+  create_imagedata_json
+else
+  echo "IMAGEDATA_NAME is null or empty. Skipping imagedata JSON generation."
+fi

images/ubuntu-slim/scripts/build/configure-system.sh

@@ -0,0 +1,20 @@
+#!/bin/bash -e
+################################################################################
+##  File: configure-system.sh
+##  Desc: Post deployment system configuration actions
+################################################################################
+
+source $HELPER_SCRIPTS/etc-environment.sh
+source $HELPER_SCRIPTS/os.sh
+
+echo "chmod -R 777 /opt"
+chmod -R 777 /opt
+echo "chmod -R 777 /usr/share"
+chmod -R 777 /usr/share
+
+# Remove quotes around PATH
+ENVPATH=$(grep 'PATH=' /etc/environment | head -n 1 | sed -z 's/^PATH=*//')
+ENVPATH=${ENVPATH#"\""}
+ENVPATH=${ENVPATH%"\""}
+replace_etc_environment_variable "PATH" "${ENVPATH}"
+echo "Updated /etc/environment: $(cat /etc/environment)"

images/ubuntu-slim/scripts/build/install-actions-cache.sh

@@ -0,0 +1,22 @@
+#!/bin/bash -e
+################################################################################
+##  File:       install-actions-cache.sh
+##  Desc:       Download latest release from https://github.com/actions/action-versions
+##  Maintainer: #actions-runtime and @TingluoHuang
+################################################################################
+
+# Source the helpers for use with the script
+source $HELPER_SCRIPTS/install.sh
+source $HELPER_SCRIPTS/etc-environment.sh
+
+# Prepare directory and env variable for ACTIONS_RUNNER_ACTION_ARCHIVE_CACHE
+ACTION_ARCHIVE_CACHE_DIR=/opt/actionarchivecache
+mkdir -p $ACTION_ARCHIVE_CACHE_DIR
+chmod -R 777 $ACTION_ARCHIVE_CACHE_DIR
+echo "Setting up ACTIONS_RUNNER_ACTION_ARCHIVE_CACHE variable to ${ACTION_ARCHIVE_CACHE_DIR}"
+set_etc_environment_variable "ACTIONS_RUNNER_ACTION_ARCHIVE_CACHE" "${ACTION_ARCHIVE_CACHE_DIR}"
+
+# Download latest release from github.com/actions/action-versions and untar to /opt/actionarchivecache
+download_url=$(resolve_github_release_asset_url "actions/action-versions" "endswith(\"action-versions.tar.gz\")" "latest")
+archive_path=$(download_with_retry "$download_url")
+tar -xzf "$archive_path" -C $ACTION_ARCHIVE_CACHE_DIR

images/ubuntu-slim/scripts/build/install-apt-common.sh

@@ -0,0 +1,18 @@
+#!/bin/bash -e
+################################################################################
+##  File:  install-apt-common.sh
+##  Desc:  Install basic command line utilities and dev packages
+################################################################################
+
+# Source the helpers for use with the script
+source $HELPER_SCRIPTS/install.sh
+
+common_packages=$(get_toolset_value .apt.common_packages[])
+cmd_packages=$(get_toolset_value .apt.cmd_packages[])
+
+apt-get install --no-install-recommends $common_packages $cmd_packages
+
+# for package in $common_packages $cmd_packages; do
+#     echo "Install $package"
+#     apt-get install --no-install-recommends $package
+# done

images/ubuntu-slim/scripts/build/install-apt-vital.sh

@@ -0,0 +1,12 @@
+#!/bin/bash -e
+################################################################################
+##  File:  install-apt-vital.sh
+##  Desc:  Install vital command line utilities
+################################################################################
+
+# Source the helpers for use with the script
+source $HELPER_SCRIPTS/install.sh
+
+vital_packages=$(get_toolset_value .apt.vital_packages[])
+apt-get install --no-install-recommends $vital_packages
+

images/ubuntu-slim/scripts/build/install-aws-tools.sh

@@ -0,0 +1,30 @@
+#!/bin/bash -e
+################################################################################
+##  File:  install-aws-tools.sh
+##  Desc:  Install the AWS CLI, Session Manager plugin for the AWS CLI, and AWS SAM CLI
+##  Supply chain security: AWS SAM CLI - checksum validation
+################################################################################
+
+# Source the helpers for use with the script
+source $HELPER_SCRIPTS/install.sh
+
+awscliv2_archive_path=$(download_with_retry "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip")
+unzip -qq "$awscliv2_archive_path" -d /tmp/installers/
+/tmp/installers/aws/install -i /usr/local/aws-cli -b /usr/local/bin
+
+smplugin_deb_path=$(download_with_retry "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb")
+apt-get install "$smplugin_deb_path"
+
+# Download the latest aws sam cli release
+aws_sam_cli_archive_name="aws-sam-cli-linux-x86_64.zip"
+sam_cli_download_url=$(resolve_github_release_asset_url "aws/aws-sam-cli" "endswith(\"$aws_sam_cli_archive_name\")" "latest")
+aws_sam_cli_archive_path=$(download_with_retry "$sam_cli_download_url")
+
+# Supply chain security - AWS SAM CLI
+aws_sam_cli_hash=$(get_checksum_from_github_release "aws/aws-sam-cli" "${aws_sam_cli_archive_name}.. " "latest" "SHA256")
+use_checksum_comparison "$aws_sam_cli_archive_path" "$aws_sam_cli_hash"
+
+# Install the latest aws sam cli release
+mkdir -p /tmp/installers/aws-sam-cli
+unzip "$aws_sam_cli_archive_path" -d /tmp/installers/aws-sam-cli
+/tmp/installers/aws-sam-cli/install -i /usr/local/aws-sam-cli -b /usr/local/bin

images/ubuntu-slim/scripts/build/install-azcopy.sh

@@ -0,0 +1,16 @@
+#!/bin/bash -e
+################################################################################
+##  File:  install-azcopy.sh
+##  Desc:  Install AzCopy
+################################################################################
+
+# Source the helpers for use with the script
+source $HELPER_SCRIPTS/install.sh
+
+# Install AzCopy10
+archive_path=$(download_with_retry "https://aka.ms/downloadazcopy-v10-linux")
+tar xzf "$archive_path" --strip-components=1 -C /tmp
+install /tmp/azcopy /usr/local/bin/azcopy
+
+# Create azcopy 10 alias for backward compatibility
+ln -sf /usr/local/bin/azcopy /usr/local/bin/azcopy10

images/ubuntu-slim/scripts/build/install-azure-cli.sh

@@ -0,0 +1,13 @@
+#!/bin/bash -e
+################################################################################
+##  File:  install-azure-cli.sh
+##  Desc:  Install Azure CLI (az)
+################################################################################
+
+# Install Azure CLI (instructions taken from https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
+curl -fsSL https://aka.ms/InstallAzureCLIDeb | sudo bash
+
+echo "azure-cli https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt" >> $HELPER_SCRIPTS/apt-sources.txt
+
+rm -f /etc/apt/sources.list.d/azure-cli.list
+rm -f /etc/apt/sources.list.d/azure-cli.list.save

images/ubuntu-slim/scripts/build/install-azure-devops-cli.sh

@@ -0,0 +1,16 @@
+#!/bin/bash -e
+################################################################################
+##  File:  install-azure-devops-cli.sh
+##  Desc:  Install Azure DevOps CLI (az devops)
+################################################################################
+
+# Source the helpers for use with the script
+source $HELPER_SCRIPTS/etc-environment.sh
+
+# AZURE_EXTENSION_DIR shell variable defines where modules are installed
+# https://docs.microsoft.com/en-us/cli/azure/azure-cli-extensions-overview
+export AZURE_EXTENSION_DIR=/opt/az/azcliextensions
+set_etc_environment_variable "AZURE_EXTENSION_DIR" "${AZURE_EXTENSION_DIR}"
+
+# install azure devops Cli extension
+az extension add -n azure-devops

images/ubuntu-slim/scripts/build/install-bicep.sh

@@ -0,0 +1,15 @@
+#!/bin/bash -e
+################################################################################
+##  File:  install-bicep.sh
+##  Desc:  Install bicep cli
+################################################################################
+
+# Source the helpers for use with the script
+source $HELPER_SCRIPTS/install.sh
+
+# Install Bicep CLI
+download_url=$(resolve_github_release_asset_url "Azure/bicep" "endswith(\"bicep-linux-x64\")" "latest")
+bicep_binary_path=$(download_with_retry "${download_url}")
+
+# Mark it as executable
+install "$bicep_binary_path" /usr/local/bin/bicep

images/ubuntu-slim/scripts/build/install-git-lfs.sh

@@ -0,0 +1,20 @@
+#!/bin/bash -e
+################################################################################
+##  File:  install-git-lfs.sh
+##  Desc:  Install Git-lfs
+################################################################################
+
+# Source the helpers for use with the script
+source $HELPER_SCRIPTS/install.sh
+
+GIT_LFS_REPO="https://packagecloud.io/install/repositories/github/git-lfs"
+
+# Install git-lfs
+curl -fsSL $GIT_LFS_REPO/script.deb.sh | bash
+apt-get install git-lfs
+
+# Remove source repo's
+rm /etc/apt/sources.list.d/github_git-lfs.list
+
+# Document apt source repo's
+echo "git-lfs $GIT_LFS_REPO" >> $HELPER_SCRIPTS/apt-sources.txt

images/ubuntu-slim/scripts/build/install-git.sh

@@ -0,0 +1,34 @@
+#!/bin/bash -e
+################################################################################
+##  File:  install-git.sh
+##  Desc:  Install Git and Git-FTP
+################################################################################
+
+# Source the helpers for use with the script
+source $HELPER_SCRIPTS/install.sh
+
+GIT_REPO="ppa:git-core/ppa"
+
+## Install git
+add-apt-repository $GIT_REPO -y
+apt-get update
+apt-get install git
+
+# Git version 2.35.2 introduces security fix that breaks action\checkout https://github.com/actions/checkout/issues/760
+cat <<EOF >> /etc/gitconfig
+[safe]
+        directory = *
+EOF
+
+# Install git-ftp
+apt-get install git-ftp
+
+# Remove source repo's
+add-apt-repository --remove $GIT_REPO
+
+# Document apt source repo's
+echo "git-core $GIT_REPO" >> $HELPER_SCRIPTS/apt-sources.txt
+
+# Add well-known SSH host keys to known_hosts
+ssh-keyscan -t rsa,ecdsa,ed25519 github.com >> /etc/ssh/ssh_known_hosts
+ssh-keyscan -t rsa ssh.dev.azure.com >> /etc/ssh/ssh_known_hosts

images/ubuntu-slim/scripts/build/install-github-cli.sh

@@ -0,0 +1,22 @@
+#!/bin/bash -e
+################################################################################
+##  File:  install-github-cli.sh
+##  Desc:  Install GitHub CLI
+##         Must be run as non-root user after homebrew
+##  Supply chain security: GitHub CLI - checksum validation
+################################################################################
+
+# Source the helpers for use with the script
+source $HELPER_SCRIPTS/install.sh
+
+# Download GitHub CLI
+gh_cli_url=$(resolve_github_release_asset_url "cli/cli" "contains(\"linux\") and contains(\"amd64\") and endswith(\".deb\")" "latest")
+gh_cli_deb_path=$(download_with_retry "$gh_cli_url")
+
+# Supply chain security - GitHub CLI
+hash_url=$(resolve_github_release_asset_url "cli/cli" "endswith(\"checksums.txt\")" "latest")
+external_hash=$(get_checksum_from_url "$hash_url" "linux_amd64.deb" "SHA256")
+use_checksum_comparison "$gh_cli_deb_path" "$external_hash"
+
+# Install GitHub CLI
+apt-get install "$gh_cli_deb_path"

images/ubuntu-slim/scripts/build/install-google-cloud-cli.sh

@@ -0,0 +1,20 @@
+#!/bin/bash -e
+################################################################################
+##  File:  install-google-cloud-cli.sh
+##  Desc:  Install the Google Cloud CLI
+################################################################################
+
+REPO_URL="https://packages.cloud.google.com/apt"
+
+# Install the Google Cloud CLI
+echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] $REPO_URL cloud-sdk main" > /etc/apt/sources.list.d/google-cloud-sdk.list
+wget -qO- https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor > /usr/share/keyrings/cloud.google.gpg
+apt-get update
+apt-get install google-cloud-cli
+
+# remove apt
+rm /etc/apt/sources.list.d/google-cloud-sdk.list
+rm /usr/share/keyrings/cloud.google.gpg
+
+# add repo to the apt-sources.txt
+echo "google-cloud-sdk $REPO_URL" >> $HELPER_SCRIPTS/apt-sources.txt

images/ubuntu-slim/scripts/build/install-ms-repos.sh

@@ -0,0 +1,16 @@
+#!/bin/bash -e
+################################################################################
+##  File:  install-ms-repos.sh
+##  Desc:  Install official Microsoft package repos for the distribution
+################################################################################
+
+os_label=$(lsb_release -rs)
+
+# Install Microsoft repository
+wget https://packages.microsoft.com/config/ubuntu/$os_label/packages-microsoft-prod.deb
+dpkg -i packages-microsoft-prod.deb
+
+# update
+apt-get install apt-transport-https ca-certificates curl software-properties-common
+apt-get update
+apt-get dist-upgrade

images/ubuntu-slim/scripts/build/install-nodejs.sh

@@ -0,0 +1,29 @@
+#!/bin/bash -e
+################################################################################
+##  File:  install-nodejs.sh
+##  Desc:  Install Node.js LTS and related tooling (Gulp, Grunt)
+################################################################################
+
+# Source the helpers for use with the script
+source $HELPER_SCRIPTS/install.sh
+
+# Install default Node.js
+default_version=$(get_toolset_value '.node.default')
+
+curl -fsSL https://raw.githubusercontent.com/tj/n/master/bin/n -o ~/n
+sudo bash ~/n $default_version
+
+# Install node modules
+node_modules=$(get_toolset_value '.node_modules[].name')
+if [ -n "$node_modules" ]; then
+    npm install -g $node_modules
+else
+    echo "No node modules to install"
+fi
+
+# fix global modules installation as regular user
+# related issue https://github.com/actions/runner-images/issues/3727
+sudo chmod -R 777 /usr/local/lib/node_modules 
+sudo chmod -R 777 /usr/local/bin
+
+rm -rf ~/n

images/ubuntu-slim/scripts/build/install-nvm.sh

@@ -0,0 +1,22 @@
+#!/bin/bash -e
+################################################################################
+##  File:  install-nvm.sh
+##  Desc:  Install Nvm
+################################################################################
+
+# Source the helpers for use with the script
+source $HELPER_SCRIPTS/etc-environment.sh
+
+export NVM_DIR="/etc/skel/.nvm"
+mkdir ${NVM_DIR}
+nvm_version=$(curl -fsSL https://api.github.com/repos/nvm-sh/nvm/releases/latest | jq -r '.tag_name')
+curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/$nvm_version/install.sh | bash
+set_etc_environment_variable "NVM_DIR" '$HOME/.nvm'
+
+echo '[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm' | tee -a /etc/skel/.bash_profile
+[ -s "${NVM_DIR}/nvm.sh" ] && \. "${NVM_DIR}/nvm.sh"
+
+echo "source ${NVM_DIR}/nvm.sh" | tee -a /etc/skel/.bashrc
+
+# set system node.js as default one
+nvm alias default system

images/ubuntu-slim/scripts/build/install-pipx-packages.sh

@@ -0,0 +1,28 @@
+#!/bin/bash -e
+################################################################################
+##  File:  install-pipx-packages.sh
+##  Desc:  Install tools via pipx
+################################################################################
+
+# Source the helpers for use with the script
+source $HELPER_SCRIPTS/install.sh
+
+export PATH="$PATH:/opt/pipx_bin"
+
+pipx_packages=$(get_toolset_value ".pipx[] .package")
+
+if [ -z "$pipx_packages" ]; then  
+    echo "No pipx packages defined in toolset. Skipping pipx installation."  
+    exit 0  
+fi 
+
+for package in $pipx_packages; do
+    echo "Install $package into default python"
+    pipx install $package
+
+    # https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html
+    # Install ansible into an existing ansible-core Virtual Environment
+    if [[ $package == "ansible-core" ]]; then
+        pipx inject $package ansible
+    fi
+done

images/ubuntu-slim/scripts/build/install-powershell.sh

@@ -0,0 +1,15 @@
+#!/bin/bash -e
+################################################################################
+##  File:  install-powershell.sh
+##  Desc:  Install PowerShell Core
+################################################################################
+
+# Source the helpers for use with the script
+source $HELPER_SCRIPTS/install.sh
+source $HELPER_SCRIPTS/os.sh
+
+pwsh_version=$(get_toolset_value .pwsh.version)
+
+# Install Powershell
+
+    apt-get install powershell=$pwsh_version*

images/ubuntu-slim/scripts/build/install-python.sh

@@ -0,0 +1,37 @@
+#!/bin/bash -e
+################################################################################
+##  File:  install-python.sh
+##  Desc:  Install Python 3
+################################################################################
+
+set -e
+# Source the helpers for use with the script
+source $HELPER_SCRIPTS/etc-environment.sh
+source $HELPER_SCRIPTS/os.sh
+
+# Install Python, Python 3, pip, pip3
+apt-get install -y --no-install-recommends python3 python3-dev python3-pip python3-venv
+
+if is_ubuntu24; then
+# Create temporary workaround to allow user to continue using pip
+    sudo cat <<EOF > /etc/pip.conf
+[global]
+break-system-packages = true
+EOF
+fi
+
+# Install pipx
+# Set pipx custom directory
+export PIPX_BIN_DIR=/opt/pipx_bin
+export PIPX_HOME=/opt/pipx
+
+python3 -m pip install pipx
+python3 -m pipx ensurepath
+
+# Update /etc/environment
+set_etc_environment_variable "PIPX_BIN_DIR" $PIPX_BIN_DIR
+set_etc_environment_variable "PIPX_HOME" $PIPX_HOME
+prepend_etc_environment_path $PIPX_BIN_DIR
+
+# Adding this dir to PATH will make installed pip commands are immediately available.
+prepend_etc_environment_path '$HOME/.local/bin'

images/ubuntu-slim/scripts/build/install-yq.sh

@@ -0,0 +1,22 @@
+#!/bin/bash -e
+################################################################################
+##  File:  install-yq.sh
+##  Desc:  Install yq - a command-line YAML, JSON and XML processor
+##  Supply chain security: yq - checksum validation
+################################################################################
+
+# Source the helpers for use with the script
+source $HELPER_SCRIPTS/install.sh
+
+# Download yq
+yq_url=$(resolve_github_release_asset_url "mikefarah/yq" "endswith(\"yq_linux_amd64\")" "latest")
+binary_path=$(download_with_retry "${yq_url}")
+
+# Supply chain security - yq
+hash_url=$(resolve_github_release_asset_url "mikefarah/yq" "endswith(\"checksums\")" "latest")
+external_hash=$(get_checksum_from_url "${hash_url}" "yq_linux_amd64 " "SHA256" "true" " " "19")
+use_checksum_comparison "$binary_path" "$external_hash"
+
+# Install yq
+install "$binary_path" /usr/bin/yq
+

images/ubuntu-slim/scripts/build/install-zstd.sh

@@ -0,0 +1,36 @@
+#!/bin/bash -e
+################################################################################
+##  File:  install-zstd.sh
+##  Desc:  Install zstd
+##  Supply chain security: zstd - checksum validation
+################################################################################
+
+# Source the helpers for use with the script
+source $HELPER_SCRIPTS/install.sh
+
+# Download zstd
+release_tag=$(curl -fsSL https://api.github.com/repos/facebook/zstd/releases/latest | jq -r '.tag_name')
+release_name="zstd-${release_tag//v}"
+download_url="https://github.com/facebook/zstd/releases/download/${release_tag}/${release_name}.tar.gz"
+archive_path=$(download_with_retry "${download_url}")
+
+# Supply chain security - zstd
+external_hash=$(get_checksum_from_url "${download_url}.sha256" "${release_name}.tar.gz" "SHA256")
+use_checksum_comparison "$archive_path" "$external_hash"
+
+# Install zstd
+apt-get install liblz4-dev
+tar xzf "$archive_path" -C /tmp
+
+make -C "/tmp/${release_name}/contrib/pzstd" -j $(nproc) all
+make -C "/tmp/${release_name}" -j $(nproc) zstd-release
+
+for copyprocess in zstd zstdless zstdgrep; do
+    cp "/tmp/${release_name}/programs/${copyprocess}" /usr/local/bin/
+done
+
+cp "/tmp/${release_name}/contrib/pzstd/pzstd" /usr/local/bin/
+
+for symlink in zstdcat zstdmt unzstd; do
+    ln -sf /usr/local/bin/zstd /usr/local/bin/${symlink}
+done