overthinkos/ubuntu-builder
distros/skills/ubuntu-builder/SKILL.md
Minimal Ubuntu 24.04 builder image (pixi + Node.js + build-toolchain) used as the multi-stage builder for Ubuntu-based boxes — currently ubuntu-coder. Runs as uid 1000 `ubuntu` (adopted from the upstream ubuntu:24.04 base image via build.yml's base_user declaration). MUST be invoked before building, deploying, configuring, or troubleshooting the ubuntu-builder box.
tools
Updated Jun 11, 2026
$ install --global
skillsauthnpx skillsauth add overthinkos/overthink-plugins ubuntu-builderInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 11, 2026, 7:06 AM147.6s1 file scanned
SKILL.md
- name:
- ubuntu-builder
- description:
- |
- ubuntu:
- 24.04 base image via build.yml's base_user declaration).
ubuntu-builder
Ubuntu 24.04 (noble) counterpart of /charly-distros:fedora-builder and /charly-distros:debian-builder. Same role — pixi/npm/cargo multi-stage builder — with one important difference: the builder runs as ubuntu (uid 1000) because the upstream ubuntu:24.04 base image ships a pre-existing ubuntu:ubuntu account at uid 1000, and build.yml distro.ubuntu.base_user adopts it.
Lives in the overthinkos/ubuntu repo (git submodule at box/ubuntu).
Build it from the submodule: charly -C box/ubuntu box build ubuntu-builder
(normally builds implicitly as a dependency of ubuntu-coder). Its
pixi/nodejs/build-toolchain candies are pulled by github reference from the
main repo.
Box Properties
| Property | Value |
|----------|-------|
| Base | ubuntu (which = ubuntu:24.04 + our bootstrap) |
| Layers | pixi, nodejs, build-toolchain |
| Platforms | linux/amd64 |
| Registry | ghcr.io/overthinkos |
| User | ubuntu / uid 1000 (adopt mode — see /charly-image:image "user_policy") |
| Home | /home/ubuntu |
Full candy stack
/charly-distros:ubuntu— Ubuntu 24.04 + bootstrap. Inherits Debian'sapt-get update && apt-get install -y --no-install-recommends curl ca-certificates gnupgpattern becausebuild.yml distro.ubuntudeclaresinherits: debian. Ubuntu-specific:base_user: { name: ubuntu, uid: 1000, gid: 1000, home: /home/ubuntu }— nouseraddstep emitted./charly-languages:pixi— pixi package manager + env paths (/home/ubuntu/.pixi)./charly-coder:nodejs— Node.js + npm (genericnodejs)./charly-coder:build-toolchain— same Debian-devpackages as/charly-distros:debian-builder.
Adopt-mode semantics
When the generator emits the Containerfile for this image, the bootstrap section contains:
# User ubuntu (uid=1000) adopted from base image (declared in build.yml distro.base_user) — no useradd needed
WORKDIR /home/ubuntu
USER 1000
No useradd, no groupadd, no usermod -l rename. The upstream ubuntu:ubuntu account is honored verbatim — HOME, npm prefix, pixi env, cargo home, sudoers all derive from resolved.User = "ubuntu". See /charly-image:image "user_policy" and /charly-internals:generate-source "writeBootstrap".
Role in the build system
Declares builds: [pixi, npm, cargo] and is referenced from ubuntu: as:
ubuntu:
builder:
pixi: ubuntu-builder
npm: ubuntu-builder
cargo: ubuntu-builder
During charly box build ubuntu-coder, cargo/npm/pixi-owning candies get their FROM ubuntu-builder AS <layer>-<type>-build stages from this image, then COPY --from=<stage> --chown=1000:1000 /home/ubuntu /home/ubuntu into the final ubuntu-coder. (The --chown=1000:1000 numeric form works uniformly regardless of user name — see /charly-coder:build-toolchain for the builder-artifact COPY pattern.)
Cross-distro sibling builders
/charly-distros:fedora-builder— RPM-family,user:useruid 1000 (create)./charly-distros:debian-builder— deb-family, Debian 13,user:user(create — Debian 13 ships no pre-existing uid-1000 user)./charly-distros:arch-builder— pacman-family,user:user+yayfor AUR.
The three builders have near-identical candy stacks (pixi + nodejs + build-toolchain). The only meaningful divergence is this box's adopt-mode ubuntu:ubuntu identity.
Quick start
charly -C box/ubuntu box build ubuntu-builder
charly shell ubuntu-builder # drops you into /home/ubuntu as uid 1000
id # uid=1000(ubuntu) gid=1000(ubuntu)
Typically not invoked directly — it's a build-time dependency of /charly-coder:ubuntu-coder.
Verification
charly -C box/ubuntu box list | grep ubuntu-buildercharly shell ubuntu-builder -- id→uid=1000(ubuntu) gid=1000(ubuntu)charly shell ubuntu-builder -- pixi --version && node --version && gcc --version
Related boxes
/charly-distros:ubuntu— parent base; declaresbase_user:inbuild.yml./charly-coder:ubuntu-coder— the consumer that this builder serves./charly-distros:debian-builder— deb-family sibling without adopt mode./charly-distros:fedora-builder— canonical RPM-family sibling.
Related candies
/charly-languages:pixi,/charly-coder:nodejs,/charly-coder:build-toolchain
Related commands
/charly-build:build—base_user:declaration format inbuild.yml distro.*/charly-image:image—user_policy:field (auto / adopt / create) and the decision table/charly-build:generate— adopt-vs-create writeBootstrap emission modes
When to use this skill
MUST be invoked when:
- Building or troubleshooting
ubuntu-builderitself. - Debugging multi-stage COPY-from errors or permission issues in a
ubuntu-coderbuild (this is the source stage; uid 1000 =ubuntuby adoption). - Understanding why
${HOME}=/home/ubuntu(not/home/user) inside builder stages.
Related Skills
overthinkos/charly
tools
VerifiedTrustedCommunity
OpenCharly CLI (charly) binary installed into container/VM images for in-container use. Use when working with charly binary deployment inside containers, native D-Bus support, or the full charly toolchain (charly binary + virtualization + gocryptfs + socat).
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-cachyos
development
VerifiedTrustedCommunity
Operator CachyOS workstation profile — a kind:local template + target:local deploy that installs the full dev stack (30 candies) onto a CachyOS host via ShellExecutor. Lives in the overthinkos/cachyos submodule. MUST be invoked before editing or applying the charly-cachyos workstation profile.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-fedora
tools
VerifiedTrustedCommunity
Fedora box with the full charly toolchain using shared candies. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Same candy list as charly-arch. Includes NVIDIA GPU runtime. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-fedora box.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-arch
tools
VerifiedTrustedCommunity
Arch Linux box with the full charly toolchain. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Composes /charly-coder:charly-mcp so the box is reachable as an MCP gateway on port 18765. NVIDIA GPU runtime composed in. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-arch box.
SKILL.mdUpdated Jun 10, 2026