On 8/21/19 5:00 AM, Tomasz Torcz wrote: > On Tue, Aug 20, 2019 at 10:52:18PM -0700, John Harris wrote: >> Having a container without a package manager sounds like the worst possible >> thing to add to an already poorly implemented solution. In reality, >> containers, regardless of what they're running, should be treated as what they >> are, GNU/Linux installs. Each one should be self sufficient from the host >> system, so that they can be properly updated using a package manager. >> >> Each container should, realistically, be a self contained system. > You do not update the container. You rebuild it, creating new image > with updated components, then you test&roll out new image. > Package manager is only needed during the build (in fact, it > is indispensable at this step) but not during runtime. > I agree. Entering a container and doing a yum update is an Anti-pattern. The way container images updates is envisioned is when I need an updated container, I pull down a brand new image. Hopefully this image has gone through a thorough CI/CD system. The container image on the build system probably is built using dnf/yum, but those tools do not necessarily need to be in the final image. Preferably they would not be there. Unfortunately in the real world this is not true. And the default Dockerfile construct enforces base layers to have dnf installed. Buildah and Multi-Stage builds do allow you to eliminate these tools, but that is more difficult to do. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
