How to build an Ubuntu chroot environment

chroot is a feature in Linux that changes the root directory for a set of processes, isolating the environment from the rest of the system. This setup is commonly used for development, debugging, and system recovery tasks. The contained environment can run software and interact with its own libraries, effectively shielding the host from unintended modifications.

In Ubuntu, the debootstrap utility sets up a minimal filesystem for a desired release. This approach allows creation of a stable, consistent environment dedicated to a particular version of Ubuntu. The result is a controlled space that can be customized with packages or configurations without affecting the host operating system.

Mounting the proc, sys, and dev filesystems within the chroot provides essential system interfaces for tasks that require a fully functional Linux environment. Combining these directories with the minimal base system ensures a robust environment well-suited for software builds, testing, or repairs. Advanced configurations like copying resolv.conf can further enhance network functionality.

1. Launch terminal application.
2. Update apt's package repository.

   $ sudo apt update
   [sudo] password for user:
   Hit:1 http://jp.archive.ubuntu.com/ubuntu focal InRelease
   Hit:2 http://jp.archive.ubuntu.com/ubuntu focal-updates InRelease
   Hit:3 http://jp.archive.ubuntu.com/ubuntu focal-backports InRelease
   Hit:4 http://jp.archive.ubuntu.com/ubuntu focal-security InRelease
   Reading package lists... Done
   Building dependency tree
   Reading state information... Done
   All packages are up to date.

3. Install debootstrap using apt.

   $ sudo apt install --assume-yes debootstrap
   Reading package lists... Done
   Building dependency tree
   Reading state information... Done
   Suggested packages:
     arch-test squid-deb-proxy-client
   The following NEW packages will be installed:
     debootstrap
   0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
   Need to get 39.4 kB of archives.
   After this operation, 299 kB of additional disk space will be used.
   Get:1 http://jp.archive.ubuntu.com/ubuntu focal-updates/main amd64 debootstrap all 1.0.118ubuntu1.1 [39.4 kB]
   Fetched 39.4 kB in 1s (66.1 kB/s)
   Selecting previously unselected package debootstrap.
   (Reading database ... 107133 files and directories currently installed.)
   Preparing to unpack .../debootstrap_1.0.118ubuntu1.1_all.deb ...
   Unpacking debootstrap (1.0.118ubuntu1.1) ...
   Setting up debootstrap (1.0.118ubuntu1.1) ...
   Processing triggers for man-db (2.9.1-1) ...

4. Create a chroot folder.

   $ mkdir chroot-ubuntu

5. Create a base Ubuntu system using debootstrap in the chroot folder.

    $ sudo debootstrap --variant=buildd focal chroot-ubuntu
   I: Retrieving InRelease
   I: Checking Release signature
   I: Valid Release signature (key id F6ECB3762474EDA9D21B7022871920D1991BC93C)
   I: Retrieving Packages
   I: Validating Packages
   I: Resolving dependencies of required packages...
   I: Resolving dependencies of base packages...
   I: Checking component main on http://archive.ubuntu.com/ubuntu...
   I: Retrieving adduser 3.118ubuntu2
   I: Validating adduser 3.118ubuntu2
   I: Retrieving apt 2.0.2
   I: Validating apt 2.0.2
   I: Retrieving base-files 11ubuntu5
   I: Validating base-files 11ubuntu5
   ##### snipped

   Change focal to any Ubuntu release code name that's still supported.
   Related: List of Ubuntu releases

   More options for debootstrap.

   $ debootstrap --help
   Usage: debootstrap [OPTION]... <suite> <target> [<mirror> [<script>]]
   Bootstrap a Debian base system into a target directory.
   
         --help                 display this help and exit
         --version              display version information and exit
         --verbose              don't turn off the output of wget
   
         --download-only        download packages, but don't perform installation
         --print-debs           print the packages to be installed, and exit
   
         --arch=A               set the architecture to install (use if no dpkg)
                                  [ --arch=powerpc ]
   
         --include=A,B,C        adds specified names to the list of base packages
         --exclude=A,B,C        removes specified packages from the list
         --extra-suites=A,B,C   also use packages from the listed suites of the
                                archive
         --components=A,B,C     use packages from the listed components of the
                                archive
         --variant=X            use variant X of the bootstrap scripts
                                (currently supported variants: buildd, fakechroot,
                                 minbase)
         --no-merged-usr        do not make /{bin,sbin,lib}/ symlinks to /usr/
         --keyring=K            check Release files against keyring K
         --no-check-gpg         avoid checking Release file signatures
         --force-check-gpg      force checking Release file signatures
                                (also disables automatic fallback to HTTPS in case
                                of a missing keyring), aborting otherwise
         --no-resolve-deps      don't try to resolve dependencies automatically
         --log-extra-deps       record extra dependency info in debootstrap.log
         --cache-dir=DIR        Use specified directory as package cache directory
   
         --unpack-tarball=T     acquire .debs from a tarball instead of http
         --make-tarball=T       download .debs and create a gzipped tarball
         --second-stage-target=DIR
                                Run second stage in a subdirectory instead of root
                                  (can be used to create a foreign chroot)
                                  (requires --second-stage)
         --extractor=TYPE       override automatic .deb extractor selection
                                  (supported: dpkg-deb ar)
         --debian-installer     used for internal purposes by debian-installer
         --private-key=file     read the private key from file
         --certificate=file     use the client certificate stored in file (PEM)
         --no-check-certificate do not check certificate against certificate authorities

6. Mount proc, sys and dev filesystems to the base system.

   $ sudo mount -t proc /proc chroot-ubuntu/proc
   $ sudo mount --rbind /sys chroot-ubuntu/sys
   $ sudo mount --rbind /dev chroot-ubuntu/dev

7. Enter the chroot environment using the chroot command.

   $ sudo chroot chroot-ubuntu /bin/bash
   bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
   root@host:/#

8. Use the chroot environment as required.

   root@host:/# ls
   bin  boot  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  srv  sys  tmp  usr  var
   root@host:/# uname -a
   Linux host 5.4.0-33-generic #37-Ubuntu SMP Thu May 21 12:53:59 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
   root@host:/# df -h
   Filesystem      Size  Used Avail Use% Mounted on
   tmpfs           2.0G     0  2.0G   0% /sys/fs/cgroup
   udev            1.9G     0  1.9G   0% /dev
   tmpfs           2.0G     0  2.0G   0% /dev/shm

9. Unmount the proc, sys, and dev filesystems once exiting the chroot environment.

   $ sudo umount chroot-ubuntu/proc chroot-ubuntu/sys chroot-ubuntu/dev 

10. Remove the chroot folder if necessary.

    $ sudo rm -rf chroot-folder