Search by Tags

Debian Containers for Torizon


Article updated at 03 Jun 2020
Compare with Revision

Subscribe for this article updates


Toradex provides Debian based container images that derive from a minimal variant of the buster release of Debian. The purpose is to provide for our costumers a light image with disabled manual pages and suggested package installation, limiting dependencies only to required ones.

Our objective is also to provide development tools for pin configuration, display settings, performance monitoring and more, with both local and web-based remote UIs. Please refer to Torizon Related Articles to have more information.

This article complies to the Typographic Conventions for Torizon Documentation.


To have a better understanding of this article the following prerequisites are recommended:

To get the most from this article and test things in practice, we recommend that you clone the torizon-samples repository to your computer:

$ cd ~
$ git clone
$ cd torizon-samples/debian-container

Debian Containers

We provide a set of Debian-based container images with different features:

  • Console only base container

  • Container which makes use of a modern Wayland based graphics stack using the Wayland protocol and a compositor (Weston) running in a separate container

  • Qt-Wayland based container, a full graphics stack container image

  • Debian based docker container with development tools to run on the module (a.e. device tree overlay)

Each container image is based on a Debian distribution so you can pull in alternative components with apt, just need to make sure that they have the Arm architecture variant.

  • Debian based container images

    Debian based container images

Warning: If you find some issues while testing any arm64v8 container image on Apalis iMX8 and Colibri iMX8X, please don't hesitate to report them. Toradex appreciates your feedback since iMX8 modules are not a very well tested platform on Torizon.

Details about our Images

Attention: please use the tag buster-20200415 if you are using the TorizonCore Monthly release from April, a.k.a 4.0.0-devel-202004+build.3. At the moment you should only use the tag buster if you are using a newer release of TorizonCore.

This section is going to give you more details about our Debian based images and how they can improve your development process. Please take a look at our base Dockerfile hosted on GitHub.

We use the Debian slim Image to create our container.

FROM $IMAGE_ARCH/debian:10.2-slim

In these two lines, a user group ID to match those used by host OS were added.

RUN groupadd --gid 1000 torizon \
    && useradd --gid 1000 --uid 1000 --create-home torizon

In the box below, a custom repository feed provided by Toradex with some useful packages was added.

RUN if [ "$ADD_TORADEX_REPOSITORY" = "1" ]; then \
    echo "deb buster main" >> /etc/apt/sources.list ; \
    echo "Package: *\nPin: origin\nPin-Priority: 900" > /etc/apt/preferences.d/toradex-feeds ; \

Debian With Weston Wayland Compositor

Weston is a Wayland based compositing window manager, basically the piece of software which makes sure that graphical application can be drawn alongside each other. Weston comes with a minimal launcher that allows starting a terminal, but in embedded configurations, the launcher is often disabled/hidden.

The container is Debian buster release based, featuring the Weston Wayland compositor. To pull the container and start it on the module, choose your hardware from the tabs below and follow the instructions given:

Start weston using the torizon/arm32v7-debian-weston:buster container image:

# docker run -d --rm --name=weston --net=host --cap-add CAP_SYS_TTY_CONFIG \
             -v /dev:/dev -v /tmp:/tmp -v /run/udev/:/run/udev/ \
             --device-cgroup-rule='c 4:* rmw' --device-cgroup-rule='c 13:* rmw'  --device-cgroup-rule='c 226:* rmw'\
              torizon/arm32v7-debian-weston:buster --developer weston-launch --tty=/dev/tty7 --user=torizon

Start weston using the torizon/arm32v7-debian-weston:buster container image:

# docker run -d --rm --name=weston --net=host --cap-add CAP_SYS_TTY_CONFIG \
             -v /dev:/dev -v /tmp:/tmp -v /run/udev/:/run/udev/ \
             --device-cgroup-rule='c 4:* rmw'  --device-cgroup-rule='c 13:* rmw' --device-cgroup-rule='c 226:* rmw' \
              torizon/arm32v7-debian-weston:buster --developer weston-launch --tty=/dev/tty7 --user=torizon -- --use-pixman

Start weston using the torizon/arm64v8-debian-weston-vivante:buster container image:

Attention: Please, note that by executing the following line you are accepting the terms and conditions of the NXP's End-User License Agreement (EULA)

# docker run -e ACCEPT_FSL_EULA=1 -d --rm --name=weston --net=host --cap-add CAP_SYS_TTY_CONFIG \
             -v /dev:/dev -v /tmp:/tmp -v /run/udev/:/run/udev/ \
             --device-cgroup-rule='c 4:* rmw'  --device-cgroup-rule='c 13:* rmw' --device-cgroup-rule='c 199:* rmw' --device-cgroup-rule='c 226:* rmw' \
              torizon/arm64v8-debian-weston-vivante:buster --developer weston-launch --tty=/dev/tty7 --user=torizon

Since the container image is not preinstalled, Docker will download it from Docker Hub and store it on the module. This will require an internet connection on the device and may take a few minutes. It will start Weston (HDMI on Apalis SoMs, parallel RGB on Colibri SoMs, MIPI-DSI on Verdin SoMs). The container will be started in the background, you can look at the Weston output for debugging by using the Docker logs subcommand:

# docker logs weston

Most of the arguments in this command line make sure that the container can access the necessary hardware (display controller, GPU and input devices) and be notified about hardware changes (through TorizonCore's udev daemon).

On modules without GPU like Colibri iMX7 we add weston-launch --tty=/dev/tty7 --user=torizon -- --use-pixman to start Weston with Pixman.

Weston creates a Unix socket file so graphical client applications can communicate with it (typically in the 1000-runtime-dir directory under /tmp). By bind mounting /tmp into a second container, a Wayland client application can access the Wayland compositor despite being in separate containers. The Wayland client application will talk to Weston (the Wayland Compositor) through the Unix socket file and draw in a window on Weston.

As an example, let's start a second container that reuses the same image, but brings up an application on top of the Wayland compositor. Select your module from the tabs below and follow the instructions:

In order to launch a container named wayland-app and start es2gears, run this command:

# docker run -d --rm --name=wayland-app --user=torizon \
             -v /dev/dri:/dev/dri -v /tmp:/tmp \
             --device-cgroup-rule='c 226:* rmw' \
             torizon/arm32v7-debian-weston:buster es2gears_wayland

In order to launch a container named wayland-app and start the weston-terminal, run this command:

Attention: Please, note that by executing the following line you are accepting the terms and conditions of the NXP's End-User License Agreement (EULA)

# docker run -e ACCEPT_FSL_EULA=1 -d --rm --name=wayland-app --user=torizon \
             -v /dev/dri:/dev/dri -v /dev/galcore:/dev/galcore -v /tmp:/tmp \
             --device-cgroup-rule='c 199:* rmw' --device-cgroup-rule='c 226:* rmw' \
             torizon/arm64v8-debian-weston-vivante:buster weston-terminal

Note: you are also giving access to /dev/galcore, meaning you can leverage the Vivante graphics acceleration inside the container.

To get a shell inside the container docker exec can be used:

# docker ps
CONTAINER ID        IMAGE                                  COMMAND                  CREATED             STATUS              PORTS               NAMES
ab83ec23855e        torizon/arm32v7-debian-weston:buster   "/usr/bin/ e…"   31 seconds ago      Up 28 seconds                           wayland-app
f4a426310353        torizon/arm32v7-debian-weston:buster   "/usr/bin/ -…"   3 minutes ago       Up 3 minutes                            weston
# docker exec -it weston /bin/bash

This will create a prompt with root privileges inside the container.


Before we move into the explain section, go to the demonstration folder:

$ cd demonstration

On the board, make sure that all containers are stopped:

# docker stop $(docker ps -a -q)

Docker-compose is used to start multiple containers at the same time, providing shared data volumes, mount points, resource usage limitations and other advantages. You can have a good experience using docker compose to start our containers and take a glimpse of the development environment, in this case, the demo is showing a browser in kiosk-mode using three containers:

  • Weston: Wayland compositor

  • Portainer: provides the data that should be displayed by the UI

  • Kiosk-mode-browser: based on torizon- arm32v7-debian-wayland container, that can be used to run a browser in a kiosk-mode, allowing implementation of web-based UIs

Select your hardware in the box below:

Note: Use "-e ACCEPT_FSL_EULA=1" to accept the NXP EULA or set the environment variable on every invocation by uncommenting the corresponding line in "docker-compose.arm64.yml".

Then you can start the demo with a single command:

# docker-compose -f <your-docker-compose-file> up

Note: With the above command, you directly attach to the containers you are about to start. To start in detached-mode, you can append -d to the above command. Note: To use the device_cgroup_rules configuration option we have to use Compose file version 2.4 currently.

Next Steps