Because Ubuntu has removed support for the i386 arch, I was exploring to use a Debian rootfs in order to install wine for temporary usage (wine doesn't work well with musl libc because it depends on non-portable glibc dlclose() semantics) and last time I tried to compile it it was a huge shitfest. If I was to use a 64-bit Ubuntu rootfs for this, I'd have to install many libs that are already installed for 64bit in a 32bit version, i.e. double- bloat.
Debian, unlike Ubuntu, doesn't ship a minimal base rootfs. However, one can quite easily create his own using the debootstrap tool, which consists of a single portable shell script and a directory with some shared data.
1) acquire debootstrap.
2) run the following command as root in your host distro:
DEBOOTSTRAP_DIR=XXX/usr/share/debootstrap/ XXX/usr/sbin/debootstrap --arch=i386 --variant=minbase sid DIRECTORY http://deb.debian.org/debian/
where XXX is the prefix you installed deboot and DIRECTORY where stuff is being installed to. The resulting rootfs will be around 220MB in size. Output from the above command
3) trim the fat part1, installation leftovers:
rm DIRECTORY/var/cache/apt/archives/*.deb
rm DIRECTORY/var/cache/apt/*cache.bin
rm DIRECTORY/var/cache/debconf/*.dat-old
rm -rf DIRECTORY/var/lib/apt/lists/*
4) trim the fat part2, unneeded documentation and translation:
rm -rf DIRECTORY/usr/share/doc/*
rm -rf DIRECTORY/usr/share/locale/*
rm -rf DIRECTORY/usr/share/man/*
Now your rootfs is tidied up and should be around 90MB.
6) edit DIRECTORY/etc/dpkg/dpkg.cfg and add the following 3 lines:
path-exclude=/usr/share/doc/*
path-exclude=/usr/share/locale/*
path-exclude=/usr/share/man/*
this will prevent future package installs to install unneeded things.
I have manually diffed the contents of ubuntu-base rootfs and the one created
using these instructions (by looking at /var/lib/dpkg/status), and the
following packages are only in the debian rootfs:
gcc-11-base gcc-9-base libcap2 libext2fs2 libgssapi-krb5-2 libk5crypto3
libkeyutils1 libkrb5-3 libkrb5support0 libnsl2 libssl1.1 libtirpc-common
libtirpc3 libxxhash0 tzdata.
These might not actually be needed and you may want to try to remove these on first usage of the rootfs and see whether something breaks. At least removing tzdata seems to be safe.
In order to use the rootfs with a tool like bubblewrap, the following additional steps are necessary:
remove bogus _apt user that gets into the way when running inside a container by editing DIRECTORY/etc/passwd and removing the last line.
patch gnu tar to prevent it from trying to chown files.
process is documented here.
In case of a i386 rootfs at the time of this writing, you gotta replace
e81decfeff8d93782400008dbb7424000085c00f94c0 with
e81decfeff8d93782400008dbb7424000031c0909090 in the /usr/bin/tar binary
using a hexeditor (recommended: hexedit).
If you have chown-related problems installing a specific program with apt, use
my tool idfake (link in the above article).