[Buildroot] [PATCH] support/dockerfile: add directives to run as non-root

Cam Hutchison cam at camh.ch
Mon Feb 5 03:52:30 UTC 2018


On 4 February 2018 at 21:04, Yann E. MORIN <yann.morin.1998 at free.fr> wrote:
> Peter, All,
>
> On 2018-02-03 22:47 +0100, Peter Korsgaard spake thusly:
>> >>>>> "Yann" == Yann E MORIN <yann.morin.1998 at free.fr> writes:
> [--SNIP--]
>>  > diff --git a/support/docker/Dockerfile b/support/docker/Dockerfile
>>  > index d45b23dc23..ebb471f7e5 100644
>>  > --- a/support/docker/Dockerfile
>>  > +++ b/support/docker/Dockerfile
>>  > @@ -28,3 +28,10 @@ RUN apt-get -q -y clean
>>  >  RUN sed -i 's/# \(en_US.UTF-8\)/\1/' /etc/locale.gen
>>  >  RUN /usr/sbin/locale-gen
>>
>>  > +RUN useradd -ms /bin/bash br-user
>>  > +RUN chown -R br-user:br-user /home/br-user
>>
>> I don't know much about Docker, but I was of the understanding that each
>> run statement creates a new layer and the number of layers should be
>> minimized, which is why you normally see stuff like:
>>
>> RUN foo && \
>>     bar && \
>>     foz && \
>>     baz
>
> Well, I am no docker expert either, and I just mimicked whatever the
> file already looked like, as you can see for the previous two lines...

Minimizing the number of layers for simple layers like the "RUN useradd"
and "RUN chown" really doesn't save very much.

Where the big win comes in (and is not mentioned in the official
documentation) is when you keep the "install && build && clean" commands
in a single RUN command. This matters because if you split it up over
multiple layers, the earlier layers still contain all the stuff the
later layers try to clean. The end result is a fat image that contains
the stuff you wanted to remove in a lower layer, with whiteout entries
in a higher layer, so it only looks like the files have been removed.

Your patch set does the right thing WRT the debian install/clean, so all
good, but I thought I'd mention this because it did not come up in any
discussions here or in the linked docs.


More information about the buildroot mailing list