On 8/21/19 5:00 AM, Tomasz Torcz wrote:
> On Tue, Aug 20, 2019 at 10:52:18PM -0700, John Harris wrote:
>> Having a container without a package manager sounds like the worst possible
>> thing to add to an already poorly implemented solution. In reality,
>> containers, regardless of what they're running, should be treated as what
>> they
>> are, GNU/Linux installs. Each one should be self sufficient from the host
>> system, so that they can be properly updated using a package manager.
>>
>> Each container should, realistically, be a self contained system.
> You do not update the container. You rebuild it, creating new image
> with updated components, then you test&roll out new image.
> Package manager is only needed during the build (in fact, it
> is indispensable at this step) but not during runtime.
>
I agree. Entering a container and doing a yum update is an
Anti-pattern. The way container images updates is envisioned is when I
need an updated container, I pull down a brand new image. Hopefully
this image has gone through a thorough CI/CD system. The container
image on the build system probably is built using dnf/yum, but those
tools do not necessarily need to be in the final image. Preferably they
would not be there. Unfortunately in the real world this is not true.
And the default Dockerfile construct enforces base layers to have dnf
installed. Buildah and Multi-Stage builds do allow you to eliminate
these tools, but that is more difficult to do.
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
