Official docker image #573
Comments
|
Why would people want to run sabotage linux in docker? Sabotage doesn't have any release cycle. Judging from the description, jprjr/docker-misc is an personal experiment and shouldn't be used in production, probably. |
|
@nero, that makes the build system guys lives easier. For example you can build and test your binaries on multiple musl-based systems without paying the cost of setting up an extra VM/physical hardware. Docker is one command away and you can spin up [m]any distros, build bins, run tests and shut it down. You can even hook it up in TravisCI without paying cost of setting up your own CI server, using Jenkins for example. cc @rofl0r |
|
i can see it being useful. we recently had a generous donor sponsoring a second build server so i may dedicate some of its cycles to building a docker image. |
|
https://docs.docker.com/docker-hub/official_repos/#how-do-i-create-a-new-official-repository @rofl0r, it will require sending PR to https://github.com/docker-library/official-images |
|
if i provide a rootfs tarball, can you help out in getting the docker scripts ? |
|
Sure i will give it a shot 👍 |
|
Can we seek sponsorship from fastly like https://github.com/gliderlabs/docker-alpine#sponsors? |
|
well, maybe if you ask nicely ? but i guess we should first getting step one done... |
|
I tried to build it: mkdir sabotage-build ; cd $_
curl -o rootfs.tar.xz http://ftp.barfooze.de/pub/sabotage/sabotage-1.1.14-x86_64-rootfs-core-2f51c8d0.tar.xz
cat > Dockerfile <<-"EOF"
FROM scratch
ADD rootfs.tar.xz /
CMD ["/bin/sh"]
EOF
docker build -t sabotage-builder .
docker run -it sabotage-builderbuild succeeds, but docker run throws:
any ideas how to produce the working docker image from rootfs tarball? cc @tianon, @andyshinn for help :) |
|
The tarball has an extra path at root: You likely want to go into |
|
@andyshinn, thanks. I am getting:
|
|
I tried with more selfcontained approach cat > Dockerfile <<-"EOF"
FROM scratch
ADD http://foss.aueb.gr/mirrors/linux/sabotage/sabotage-1.1.14-x86_64-rootfs-core-2f51c8d0.tar.xz /
CMD ["/bin/sh"]
EOF
docker build -t sabotage-builder .
docker run -it sabotage-builderand cat > Dockerfile <<-"EOF"
FROM scratch
ADD http://foss.aueb.gr/mirrors/linux/sabotage/sabotage-1.1.14-x86_64-rootfs-core-2f51c8d0.tar.xz /
CMD ["/sabotage-1.1.14-rootfs-core-2f51c8d0/bin/sh"]
EOF
docker build -t sabotage-builder .
docker run -it sabotage-buildersame error. :( |
|
The tarball is built wrong. It needs to be rebuilt without the |
|
man tar -> http://xkcd.com/1168/ |
|
the tarball is not "built wrong", it was built for general purpose, i.e. not specifically for docker. |
|
lets find out https://github.com/moby/moby/issues/36605. btw, |
|
@rofl0r, based on the comment https://github.com/moby/moby/issues/36605#issuecomment-373794369, would it be possible to permanently produce a tarball without a wrapper directory, so to avoid mismatch with other distro's tarballs? Perhaps an additional tarball, incurring ~40MBs on the servers (if changing the current rootfs tarball format is considered as a breaking change). |
|
That, or simply have whatever process is going to be downloading that tarball to commit it to this repository perform the necessary repacking. |
|
that may certainly be possible, but as you may recall my suggestion was you use the previous rootfs tarball for testing while i'm working on a new version. you also said you had it working at some point. so, what came out of that ? |
|
the previous rootfs download->untar->re-tar way works: # sitting in ubuntu
# setup
apt update
apt install -y apt-transport-https ca-certificates curl gnupg2 software-properties-common < /dev/null
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
apt update
apt install -y docker-ce < /dev/null
service docker start
# create an empty directory
mkdir test; cd $_
# fetch and curate archive
curl -O http://foss.aueb.gr/mirrors/linux/sabotage/sabotage-1.1.14-x86_64-rootfs-core-2f51c8d0.tar.xz
mkdir temp
tar -xf sabotage-1.1.14-x86_64-rootfs-core-2f51c8d0.tar.xz --strip-components=1 -C temp
tar -cJf rootfs.tar.xz -C temp .
rm -rf temp
# create a docker file
cat > Dockerfile <<-"EOF"
FROM scratch
ADD rootfs.tar.xz /
CMD ["/bin/sh"]
EOF
# docker build
docker build -t sabotage-builder .
# then run the built docker, enter sabotage
docker run -it sabotage-builderbtw, |
|
i don't where docker picks up the kernel, but it seems to use one that was compiled on alpine. the rootfs does not contain a kernel. |
|
The way containers work, the kernel comes from the host, so it'll never
report "sabotage" unless you're running Docker on a native sabotage host.
|
|
http://ftp.barfooze.de/pub/sabotage/sabotage-1.1.19-x86_64-rootfs-stage2-e0b6285a.tar.xz sha512 4b653382b366afdc0a9f0954cfd7b532e1c1e927fdc47464a9f306f6cbdcf73399a267eca8a8876bb4a5f684403d31897124c70d4a88e638aa9267ddcd389fe4 it's possible for anyone to reproduce the exact same packages inside by following these steps: the builds can be verified using |
|
FTR here's the output of the above butch checksum command: |
|
Pushed a commit to https://github.com/sabotage-linux/docker. Size comparison ⚖️ ubuntu:~/docker/builder$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
sabotage-builder latest c92724d8fc6d 15 minutes ago 158MB
debian latest 2b98c9851a37 11 days ago 100MB
ubuntu latest f975c5035748 2 weeks ago 112MB
alpine latest 3fd9065eaf02 2 months ago 4.15MBCompared to alpine, sabotage box is 38x bigger. There must be lots of stuff that can be dropped from tarball. |
|
thanks. sabotage does not (yet) feature binary packages, so the only way to install additional packages is by supplying a full toolchain (equivalent to debian base + build-essentials). that means sabotage install without toolchain would be worthless. |
|
could you please add some instructions how to start and use the docker image? i could run it before but i lost it. i can confirm that it did work, but now i don't know how to do it again. it was useful in a way to try sabotage linux without dedicating an entirety. |
|
Based on https://docs.docker.com/docker-hub/official_repos/#how-do-i-create-a-new-official-repository, I think the next (remaining) work is related to documentation for 'official docker image'. We can start a PR in docker-library/official-images repo (e.g. with title
Instructions added https://github.com/sabotage-linux/docker/blob/master/README.md |
Please configure docker image creation in CI/build machine after which it upload the official image to docker hub for each release.
Our current option is some unofficial/unmaintained channel
docker run -it jprjr/sabotagelinux shand nothing work in that box (butch update && butch install curlfails).https://hub.docker.com/r/jprjr/sabotagelinux/
while official one can go under https://hub.docker.com/r/library/
The text was updated successfully, but these errors were encountered: