Re: Best practices for creating an Arch Docker image

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

I've been maintaining minimal and hardened Arch images and container configurations for several years now that are updated regularly [1].
All my images are based on the image `nfnty/arch-mini` [2] which has been made to be as minimal and automated as possible. It is built from scratch using a bootstrap archive that is built inside another container using the image `nfnty/arch-bootstrap` [3]. The bootstrap archive can be built outside of the container using the same script [4] as the image does. 

You can find many of my images with automated builds on Docker Hub [5].

//nfnty


[1] https://github.com/nfnty/dockerfiles
[2] https://github.com/nfnty/dockerfiles/tree/master/images/arch-mini/latest
[3] https://github.com/nfnty/dockerfiles/tree/master/images/arch-bootstrap/latest [4] https://github.com/nfnty/dockerfiles/blob/master/images/arch-bootstrap/latest/scripts/build.sh 
[5] https://hub.docker.com/u/nfnty


On 2017-04-27 19:52, Giovanni Santini via arch-general wrote:

Good evening to everybody,
I got interested in Docker lately and I've decided to create an
ArchLinux image for it.
There's one suggested from the ArchWiki (*base/archlinux*) but I wanted
to learn from scratch.
So, I've then some questions:

1. As the root filesystem, I've made a repacked version of the bootstrap
tarball. Even though it is not so clean, it works and it is easy peasy
to do. Should I go still for a `pacstrap`?
2. Theorically, one step of the Dockerfile should be installing the
whole 'base' group, which includes also the kernel, which is not really
needed in a container.
So this questions splits up in 2 parts:
- which packages I can ignore of the 'base' group?
- which packages present in the bootstrap OS can be removed?
This is because I think the Docker image should contain only the least
number of packages of an Arch system; ideally, *pacman* and the needed
core utils.
3. I'm having a GPGME error with the i686 tarball... Upgrading GPGME
breaks pacman, upgrading pacman does the same. If someone is interested
in helping me, I would be glad to share the Dockerfile.

A first working code is here: https://github.com/ItachiSan/dockerfiles
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux