[Buildroot] [All Systems Go!] Buildroot : Using embedded tools to build container images
arnout at mind.be
Sun Sep 22 16:46:28 UTC 2019
On 22/09/2019 17:47, Jérémy ROSEN wrote:
> Hey all, I'm glad you liked my talk :)
> Here are a couple of other notes that might be of more interest to the
> buildroot community in general...
> * There Is no tool I could find from the container world that actually
> build an image from scratch, they all are based on debian/redhat, this is
> not good and they don't really have an answer
> As a side-note, be carefull when you talk about building images with
> container people. It usually means the step of transforming files into a
> filesystem/disk image, not the compilation phase.
> * There was a talk about "rootless containers" i.e containers that are able
> to build other container images without being root, using a suid binary or
> talking to a root-owned daemon. Apparently nobody
> had heard of fakeroot and they didn't know it was actually possible to
> build an image without loopback-mounting images. (
Your talk was a lot more interesting :-)
But the one thing I took away from it is the pointer to umoci . That tool
seems to be capable of creating an OCI image without running docker. E.g. 'umoci
add-layer' seems to add a tarball as a layer to an image.
> * WRT portable services specifically, the only think that buildroot doesn't
> really do yet is being able to put .service files in images that do not use
> systemd as an init system. (which made perfect sense until portable
> services were introduces in v240)
Yeah, that would require a disconnect between the init system and the package
that provides it. But it's starting to diverge a lot from Buildroot's purpose
(creating full OS images).
Note BTW that you'll often still need systemd as a library during the build,
which is also something we don't support at the moment.
> I'll be in Lyon if you want to discuss this some more...
> Le dim. 22 sept. 2019 à 16:58, Arnout Vandecappelle <arnout at mind.be> a
> écrit :
>> On 22/09/2019 15:13, François Perrad wrote:
>>> Le sam. 21 sept. 2019 à 21:53, Romain Naour <romain.naour at smile.fr> a
>>> écrit :
>>>> My colleague Jeremy Rosen did a presentation at All Systems Go
>>>> building container images using Buildroot:
>> Really interesting talk, thanks for pointing this out!
>>>> It would be interesting to discuss with the community about building
>>>> container images like light container or systemd's portable services.
>>>> It's probably a topic for the next Buildroot Meeting :)
>>> It seems easy to create a Docker image artifact from a rootfs created by
>>> $ cat Dockerfile
>>> FROM scratch
>>> ADD rootfs.tar /
>>> $ docker build --tag br:my_proj .
>>> Sending build context to Docker daemon 4.233MB
>>> Step 1/2 : FROM scratch
>>> Step 2/2 : ADD rootfs.tar /
>>> ---> 60cb2207066c
>>> Successfully built 60cb2207066c
>>> Successfully tagged br:my_proj
>> Does this also work if the tarball is cross-compiled for a different
>> architecture? Probably it does, and it just SIGILLs when you try to run the
>>> $ docker images
>>> REPOSITORY TAG IMAGE ID CREATED
>>> br my_proj 60cb2207066c 2
>>> ago 1.74MB
>>> $ docker save -o br_my_proj.tar br:my_proj
>>> $ ls -1
>>> But, it could be nice to add "Docker image" as an option in "Filesystem
>>> images" choice.
>> Yeah, except unfortunately docker security sucks, so on most distros you
>> sudo to run any docker command, even 'docker build'.
>> So, it would be nice if we could generate the OCI image without docker.
>> Something was said about this in the questions of Jérémy's
>> presentation, but
>> there was no clear answer.
More information about the buildroot