From: Esben Haabendal <esben@geanix.com>
To: buildroot@busybox.net
Subject: [Buildroot] [All Systems Go!] Buildroot : Using embedded tools to build container images
Date: Mon, 23 Sep 2019 09:40:51 +0200 [thread overview]
Message-ID: <87tv935ukc.fsf@geanix.com> (raw)
In-Reply-To: <f8bc8621-31de-e542-657e-575fbaa2d48c@mind.be> (Arnout Vandecappelle's message of "Sun, 22 Sep 2019 16:58:26 +0200")
Arnout Vandecappelle <arnout@mind.be> writes:
> On 22/09/2019 15:13, Fran?ois Perrad wrote:
>> Le sam. 21 sept. 2019 ? 21:53, Romain Naour <romain.naour@smile.fr> a
>> ?crit :
>>
>>> Hello,
>>>
>>> My colleague Jeremy Rosen did a presentation at All Systems Go conferences
>>> about
>>> building container images using Buildroot:
>>>
>>> https://www.youtube.com/watch?v=-CVuBLDpulo
>
> Really interesting talk, thanks for pointing this out!
>
>
>>> It would be interesting to discuss with the community about building such
>>> container images like light container or systemd's portable services.
>>>
>>> It's probably a topic for the next Buildroot Meeting :)
>>>
>>>
>> It seems easy to create a Docker image artifact from a rootfs created by
>> Buildroot
>>
>> $ cat Dockerfile
>> FROM scratch
>> ADD rootfs.tar /
>>
>> $ docker build --tag br:my_proj .
>> Sending build context to Docker daemon 4.233MB
>> Step 1/2 : FROM scratch
>> --->
>> Step 2/2 : ADD rootfs.tar /
>> ---> 60cb2207066c
>> Successfully built 60cb2207066c
>> Successfully tagged br:my_proj
>
> Does this also work if the tarball is cross-compiled for a different
> architecture? Probably it does, and it just SIGILLs when you try to run the
> container...
>
>>
>> $ docker images
>> REPOSITORY TAG IMAGE ID CREATED
>> SIZE
>> br my_proj 60cb2207066c 2 minutes
>> ago 1.74MB
>>
>> $ docker save -o br_my_proj.tar br:my_proj
>> $ ls -1
>> br_my_proj.tar
>> Dockerfile
>> rootfs.tar
>>
>> But, it could be nice to add "Docker image" as an option in "Filesystem
>> images" choice.
>
> Yeah, except unfortunately docker security sucks, so on most distros you need
> sudo to run any docker command, even 'docker build'.
>
> So, it would be nice if we could generate the OCI image without docker.
You can do that with buildah:
https://github.com/containers/buildah
It allows building OCI images from scratch without root priveleges.
It supports both building from Dockerfile and using a CLI that is more
convenient for scripting.
/Esben
prev parent reply other threads:[~2019-09-23 7:40 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-21 19:53 [Buildroot] [All Systems Go!] Buildroot : Using embedded tools to build container images Romain Naour
2019-09-22 13:13 ` François Perrad
2019-09-22 14:58 ` Arnout Vandecappelle
2019-09-22 15:47 ` Jérémy ROSEN
2019-09-22 16:46 ` Arnout Vandecappelle
2019-09-22 21:48 ` Jérémy ROSEN
2019-09-22 18:07 ` François Perrad
2019-09-23 7:17 ` Arnout Vandecappelle
2019-09-22 18:22 ` Peter Korsgaard
2019-09-23 7:44 ` Esben Haabendal
2019-09-23 7:49 ` Arnout Vandecappelle
2019-09-23 8:10 ` Esben Haabendal
2019-09-23 7:40 ` Esben Haabendal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tv935ukc.fsf@geanix.com \
--to=esben@geanix.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.