From: Esben Haabendal <esben@geanix.com>
To: buildroot@busybox.net
Subject: [Buildroot] [All Systems Go!] Buildroot : Using embedded tools to build container images
Date: Mon, 23 Sep 2019 09:40:51 +0200 [thread overview]
Message-ID: <87tv935ukc.fsf@geanix.com> (raw)
In-Reply-To: <f8bc8621-31de-e542-657e-575fbaa2d48c@mind.be> (Arnout Vandecappelle's message of "Sun, 22 Sep 2019 16:58:26 +0200")
Arnout Vandecappelle <arnout@mind.be> writes:
> On 22/09/2019 15:13, Fran?ois Perrad wrote:
>> Le sam. 21 sept. 2019 ? 21:53, Romain Naour <romain.naour@smile.fr> a
>> ?crit :
>>
>>> Hello,
>>>
>>> My colleague Jeremy Rosen did a presentation at All Systems Go conferences
>>> about
>>> building container images using Buildroot:
>>>
>>> https://www.youtube.com/watch?v=-CVuBLDpulo
>
> Really interesting talk, thanks for pointing this out!
>
>
>>> It would be interesting to discuss with the community about building such
>>> container images like light container or systemd's portable services.
>>>
>>> It's probably a topic for the next Buildroot Meeting :)
>>>
>>>
>> It seems easy to create a Docker image artifact from a rootfs created by
>> Buildroot
>>
>> $ cat Dockerfile
>> FROM scratch
>> ADD rootfs.tar /
>>
>> $ docker build --tag br:my_proj .
>> Sending build context to Docker daemon 4.233MB
>> Step 1/2 : FROM scratch
>> --->
>> Step 2/2 : ADD rootfs.tar /
>> ---> 60cb2207066c
>> Successfully built 60cb2207066c
>> Successfully tagged br:my_proj
>
> Does this also work if the tarball is cross-compiled for a different
> architecture? Probably it does, and it just SIGILLs when you try to run the
> container...
>
>>
>> $ docker images
>> REPOSITORY TAG IMAGE ID CREATED
>> SIZE
>> br my_proj 60cb2207066c 2 minutes
>> ago 1.74MB
>>
>> $ docker save -o br_my_proj.tar br:my_proj
>> $ ls -1
>> br_my_proj.tar
>> Dockerfile
>> rootfs.tar
>>
>> But, it could be nice to add "Docker image" as an option in "Filesystem
>> images" choice.
>
> Yeah, except unfortunately docker security sucks, so on most distros you need
> sudo to run any docker command, even 'docker build'.
>
> So, it would be nice if we could generate the OCI image without docker.
You can do that with buildah:
https://github.com/containers/buildah
It allows building OCI images from scratch without root priveleges.
It supports both building from Dockerfile and using a CLI that is more
convenient for scripting.
/Esben
prev parent reply other threads:[~2019-09-23 7:40 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-21 19:53 [Buildroot] [All Systems Go!] Buildroot : Using embedded tools to build container images Romain Naour
2019-09-22 13:13 ` François Perrad
2019-09-22 14:58 ` Arnout Vandecappelle
2019-09-22 15:47 ` Jérémy ROSEN
2019-09-22 16:46 ` Arnout Vandecappelle
2019-09-22 21:48 ` Jérémy ROSEN
2019-09-22 18:07 ` François Perrad
2019-09-23 7:17 ` Arnout Vandecappelle
2019-09-22 18:22 ` Peter Korsgaard
2019-09-23 7:44 ` Esben Haabendal
2019-09-23 7:49 ` Arnout Vandecappelle
2019-09-23 8:10 ` Esben Haabendal
2019-09-23 7:40 ` Esben Haabendal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tv935ukc.fsf@geanix.com \
--to=esben@geanix.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox