On Tue, Aug 27, 2019 at 3:27 PM John Harris wrote:
> On Tuesday, August 27, 2019 6:18:41 AM MST Christian Glombek wrote:
> > Right now, one can do something like `dnf
> > --installroot=/mnt/new-buildah-root group install custom-environment`
> > to create a root for a container and installed
On Tuesday, August 27, 2019 6:18:41 AM MST Christian Glombek wrote:
> Right now, one can do something like `dnf
> --installroot=/mnt/new-buildah-root group install custom-environment`
> to create a root for a container and installed group may include a package
> manager or not.
This would install
On Tue, Aug 27, 2019 at 2:09 PM Tristan Cacqueray
wrote:
>
> On Tue, Aug 27, 2019 at 01:22 John Harris wrote:
> [snip]
> > No online updates is the exact issue I see with this. That's a security
> nightmare.
> >
> > If you don't have a package manager there, it simply will not be
> updated.
> >
On Tue, Aug 27, 2019 at 01:22 John Harris wrote:
[snip]
> No online updates is the exact issue I see with this. That's a security
> nightmare.
>
> If you don't have a package manager there, it simply will not be updated.
> It'll be installed once, then either left there forever, un-updated,
On Monday, August 26, 2019 10:17:46 PM MST Samuel Sieb wrote:
> On 8/26/19 9:39 PM, John Harris wrote:
>
> > I'm not saying not to use containers. There is a right way to do it, and
> > a
> > wrong way to do it. A container should be as the name describes, a
> > containerized installation of the
On 8/26/19 9:39 PM, John Harris wrote:
I'm not saying not to use containers. There is a right way to do it, and a
wrong way to do it. A container should be as the name describes, a
containerized installation of the distro in question, with the utilities
needed to support a given role. Not
On Monday, August 26, 2019 9:39:47 PM MST John Harris wrote:
> On Monday, August 26, 2019 9:16:30 PM MST Tomasz Torcz wrote:
>
> > On Mon, Aug 26, 2019 at 06:46:29PM -0700, John Harris wrote:
> >
> >
> > > On Monday, August 26, 2019 5:50:53 AM MST Christian Glombek wrote:
> > >
> > >
> > > >
On Monday, August 26, 2019 9:16:30 PM MST Tomasz Torcz wrote:
> On Mon, Aug 26, 2019 at 06:46:29PM -0700, John Harris wrote:
>
> > On Monday, August 26, 2019 5:50:53 AM MST Christian Glombek wrote:
> >
> > >
> > > Wow, a model like _distroless_ is exactly what I think we need in and
> > > from
On Mon, Aug 26, 2019 at 06:46:29PM -0700, John Harris wrote:
> On Monday, August 26, 2019 5:50:53 AM MST Christian Glombek wrote:
> >
> > Wow, a model like _distroless_ is exactly what I think we need in and from
> > Fedora to enable making those minimal, purpose-built and service-specific
> >
On Monday, August 26, 2019 5:50:53 AM MST Christian Glombek wrote:
> On Wed, Aug 7, 2019 at 5:26 PM Colin Walters wrote:
> > On Tue, Jul 30, 2019, at 3:52 PM, Daniel Walsh wrote:
> > > If you want small images, just use buildah.
> >
> > Dockerfile-based multi-stage builds are significantly more
On Wed, Aug 7, 2019 at 5:26 PM Colin Walters wrote:
>
>
> On Tue, Jul 30, 2019, at 3:52 PM, Daniel Walsh wrote:
> > If you want small images, just use buildah.
>
> Dockerfile-based multi-stage builds are significantly more popular than
> this and should really be mentioned first.
>
> I'm not
On Wednesday, August 21, 2019 2:00:07 AM MST Tomasz Torcz wrote:
> On Tue, Aug 20, 2019 at 10:52:18PM -0700, John Harris wrote:
>
> > Having a container without a package manager sounds like the worst
> > possible thing to add to an already poorly implemented solution. In
> > reality,
On Wed, Aug 21, 2019 at 09:13 Colin Walters wrote:
> On Wed, Aug 21, 2019, at 7:34 AM, Daniel Walsh wrote:
>
>> I agree. Entering a container and doing a yum update is an
>> Anti-pattern.
>
> This is a complex discussion - I think we need both. Personally I
> live inside a "pet" container using
On Wed, Aug 21, 2019, at 7:34 AM, Daniel Walsh wrote:
> I agree. Entering a container and doing a yum update is an
> Anti-pattern.
This is a complex discussion - I think we need both. Personally I
live inside a "pet" container using https://github.com/cgwalters/coretoolbox
and I definitely
On 8/21/19 5:00 AM, Tomasz Torcz wrote:
> On Tue, Aug 20, 2019 at 10:52:18PM -0700, John Harris wrote:
>> Having a container without a package manager sounds like the worst possible
>> thing to add to an already poorly implemented solution. In reality,
>> containers, regardless of what they're
On Tue, Aug 20, 2019 at 10:52:18PM -0700, John Harris wrote:
> Having a container without a package manager sounds like the worst possible
> thing to add to an already poorly implemented solution. In reality,
> containers, regardless of what they're running, should be treated as what
> they
>
On Tuesday, July 30, 2019 9:05:31 AM MST Christian Glombek wrote:
> I would be especially interested in minimizing container images.
> I'd like to e.g. see purpose-built containers without an actual package
> manager inside. You just have the container, mount the config, and go.
> We're also
On Wed, Aug 14, 2019 at 8:49 PM Robbie Harwood wrote:
> > Here's the scriptlet:
> >
> > %triggerun libs -- krb5-libs < 1.15.1-5
> > if ! grep -q 'includedir /etc/krb5.conf.d' /etc/krb5.conf ; then
> > sed -i '1i # To opt out of the system crypto-policies
> > configuration of krb5,
> > remove
> Here's the scriptlet:
>
> %triggerun libs -- krb5-libs < 1.15.1-5
> if ! grep -q 'includedir /etc/krb5.conf.d' /etc/krb5.conf ; then
> sed -i '1i # To opt out of the system crypto-policies
> configuration of krb5,
> remove the\n# symlink at /etc/krb5.conf.d/crypto-policies which will
> not
On 8/7/19 11:24 AM, Colin Walters wrote:
>
> On Tue, Jul 30, 2019, at 3:52 PM, Daniel Walsh wrote:
>> If you want small images, just use buildah.
> Dockerfile-based multi-stage builds are significantly more popular than this
> and should really be mentioned first.
Buildah supports multi-stage
On Wed, Aug 7, 2019, at 11:25 AM, Colin Walters wrote:
>
>
> On Tue, Jul 30, 2019, at 3:52 PM, Daniel Walsh wrote:
> > If you want small images, just use buildah.
>
> Dockerfile-based multi-stage builds are significantly more popular than
> this and should really be mentioned first.
>
> I'm
> "IG" == Igor Gnatenko writes:
IG> We can actually get rid out of this using `libcurl-minimal`, but it
IG> is not easy to teach DNF to replace libcurl-minimal with libcurl
IG> without explicit --allowerasing on the command line.
That does prompt the question as to whether dnf itself is
On Tue, Jul 30, 2019, at 3:52 PM, Daniel Walsh wrote:
> If you want small images, just use buildah.
Dockerfile-based multi-stage builds are significantly more popular than this
and should really be mentioned first.
I'm not saying `buildah` is bad, but...what you're talking about here also
On Wed, Aug 7, 2019 at 1:17 PM Jason Tibbitts wrote:
>
> I'm on vacation and a few days behind on email, sorry.
>
> > "ZJ" == Zbigniew Jędrzejewski-Szmek writes:
>
> ZJ> Also, there are still some obvious packages to trim:
>
> I wonder if the rpm dependency on curl (the executable, not the
I'm on vacation and a few days behind on email, sorry.
> "ZJ" == Zbigniew Jędrzejewski-Szmek writes:
ZJ> Also, there are still some obvious packages to trim:
I wonder if the rpm dependency on curl (the executable, not the library)
is strictly necessary. I believe it's only because of the
On Wednesday, August 7, 2019, Igor Gnatenko <
ignatenkobr...@fedoraproject.org> wrote:
> This has been fixed almost a week ago..
>
Yeah, looking at the container image that's been released doesn't give us
freshest data...
I guess if we generate reports in reaction to Koji builds for example,
On Wed, 7 Aug 2019, 10:51 Adam Samalik, wrote:
>
>
> On Mon, Aug 5, 2019 at 1:30 PM Zbigniew Jędrzejewski-Szmek <
> zbys...@in.waw.pl> wrote:
>
>> On Sun, Aug 04, 2019 at 05:27:21PM +0200, Christian Glombek wrote:
>> > Whoop this is great!
>> > But I wonder why the scratch build sizes have gone
This has been fixed almost a week ago..
On Wed, Aug 7, 2019, 11:58 Adam Samalik wrote:
>
>
> On Mon, Aug 5, 2019 at 1:30 PM Zbigniew Jędrzejewski-Szmek <
> zbys...@in.waw.pl> wrote:
>
>> On Sun, Aug 04, 2019 at 05:27:21PM +0200, Christian Glombek wrote:
>> > Whoop this is great!
>> > But I
On Mon, Aug 5, 2019 at 1:30 PM Zbigniew Jędrzejewski-Szmek <
zbys...@in.waw.pl> wrote:
> On Sun, Aug 04, 2019 at 05:27:21PM +0200, Christian Glombek wrote:
> > Whoop this is great!
> > But I wonder why the scratch build sizes have gone up this dramatically
> in
> > f31?
>
> Also, there are still
On Tue, Aug 6, 2019 at 1:34 PM Martin Kolman wrote:
> On Sun, 2019-08-04 at 16:18 +0100, Peter Robinson wrote:
> > > > On Sat, 3 Aug 2019 at 20:34, Zbigniew Jędrzejewski-Szmek
> > > > wrote:
> > > > > On Thu, Aug 01, 2019 at 10:25:55AM +0200, Adam Samalik wrote:
> > > > > > I've already done
On Sun, 2019-08-04 at 16:18 +0100, Peter Robinson wrote:
> > > On Sat, 3 Aug 2019 at 20:34, Zbigniew Jędrzejewski-Szmek
> > > wrote:
> > > > On Thu, Aug 01, 2019 at 10:25:55AM +0200, Adam Samalik wrote:
> > > > > I've already done some experiments with that. I used multi-stage
> > > > > builds
>
On Sun, Aug 04, 2019 at 05:27:21PM +0200, Christian Glombek wrote:
> Whoop this is great!
> But I wonder why the scratch build sizes have gone up this dramatically in
> f31?
Also, there are still some obvious packages to trim:
No udev, but device-mapper, device-mapper-libs, which are not useful
On Mon, 5 Aug 2019 at 10:59, Alexander Bokovoy wrote:
>
> On ma, 05 elo 2019, Clement Verna wrote:
> >On Sun, 4 Aug 2019 at 18:17, Peter Robinson wrote:
> >>
> >> >> On Sat, 3 Aug 2019 at 20:34, Zbigniew Jędrzejewski-Szmek
> >> >> wrote:
> >> >> >
> >> >> > On Thu, Aug 01, 2019 at 10:25:55AM
On ma, 05 elo 2019, Clement Verna wrote:
On Sun, 4 Aug 2019 at 18:17, Peter Robinson wrote:
>> On Sat, 3 Aug 2019 at 20:34, Zbigniew Jędrzejewski-Szmek
>> wrote:
>> >
>> > On Thu, Aug 01, 2019 at 10:25:55AM +0200, Adam Samalik wrote:
>> > > I've already done some experiments with that. I
On Sun, 4 Aug 2019 at 18:17, Peter Robinson wrote:
>
> >> On Sat, 3 Aug 2019 at 20:34, Zbigniew Jędrzejewski-Szmek
> >> wrote:
> >> >
> >> > On Thu, Aug 01, 2019 at 10:25:55AM +0200, Adam Samalik wrote:
> >> > > I've already done some experiments with that. I used multi-stage builds
> >> > >
Whoop this is great!
But I wonder why the scratch build sizes have gone up this dramatically in
f31?
On Sun, Aug 4, 2019 at 10:59 AM Adam Samalik wrote:
>
>
> On Sat, Aug 3, 2019 at 11:24 PM Clement Verna
> wrote:
>
>> On Sat, 3 Aug 2019 at 20:34, Zbigniew Jędrzejewski-Szmek
>> wrote:
>> >
>> On Sat, 3 Aug 2019 at 20:34, Zbigniew Jędrzejewski-Szmek
>> wrote:
>> >
>> > On Thu, Aug 01, 2019 at 10:25:55AM +0200, Adam Samalik wrote:
>> > > I've already done some experiments with that. I used multi-stage builds
>> > > with podman, but it's the same in principle. And yes, the sizes are
On Sat, Aug 3, 2019 at 11:24 PM Clement Verna
wrote:
> On Sat, 3 Aug 2019 at 20:34, Zbigniew Jędrzejewski-Szmek
> wrote:
> >
> > On Thu, Aug 01, 2019 at 10:25:55AM +0200, Adam Samalik wrote:
> > > I've already done some experiments with that. I used multi-stage builds
> > > with podman, but
On Sat, 3 Aug 2019 at 20:34, Zbigniew Jędrzejewski-Szmek
wrote:
>
> On Thu, Aug 01, 2019 at 10:25:55AM +0200, Adam Samalik wrote:
> > I've already done some experiments with that. I used multi-stage builds
> > with podman, but it's the same in principle. And yes, the sizes are
> > smaller. What
On Thu, Aug 01, 2019 at 10:25:55AM +0200, Adam Samalik wrote:
> I've already done some experiments with that. I used multi-stage builds
> with podman, but it's the same in principle. And yes, the sizes are
> smaller. What was interesting though that some additional packages (ones
> that wouldn't
I've already done some experiments with that. I used multi-stage builds
with podman, but it's the same in principle. And yes, the sizes are
smaller. What was interesting though that some additional packages (ones
that wouldn't appear in the images using the Fedora base image) has been
dragged in
Thanks all of you who want to join! Welcome!
I'll add you to the team page [1] and follow up with some organisational
stuff — we might want a weekly meeting to sync, etc. I proposed some
communication channels on the team page as well, let me know if that works
for you.
Cheers!
Adam
[1]
I also want to join!
--
Jun Aruga | He - His - Him
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
Count me in! I'm not sure if I will have much time to do actual work,
but surely I can help people with advises :)
On Tue, Jul 30, 2019 at 4:58 PM Adam Samalik wrote:
>
> Hi everyone!
>
> I'm starting a Minimization Objective [1] focusing on minimising the
> installation size of some of the
I essentially want what Daniel suggested, as automatable infrastructure.
(There is is larger idea of having images without systemd as well; most
some-kind-of-server rpms that I consider applicable here would have to be
changed a little, too, as they all pull in systemd: e.g. %systemd_ordering
If you want small images, just use buildah.
ctr=$(buildah from scratch)
mnt=$(buildah mount $ctr)
COPY/DnF/make install into $mnt
buildah config ... $ctr
buildah commit $ctr NEWIMAGE
buildah push NEWIMAGE CONTAINERREGGISTY...
If you want to build off of base images, you can probably create them
On Tue, Jul 30, 2019 at 7:58 AM Adam Samalik wrote:
>
> Hi everyone!
>
> I'm starting a Minimization Objective [1] focusing on minimising the
> installation size of some of the popular apps, runtimes, and other pieces of
> software in Fedora.
>
> And there is a new Minimization Team [2]
I would be especially interested in minimizing container images.
I'd like to e.g. see purpose-built containers without an actual package
manager inside. You just have the container, mount the config, and go.
We're also trying to minimize Fedora CoreOS[1], so this is definitely a
topic of overall
On Tue, Jul 30, 2019 at 10:58 AM Adam Samalik wrote:
>
> Hi everyone!
>
> I'm starting a Minimization Objective [1] focusing on minimising the
> installation size of some of the popular apps, runtimes, and other pieces of
> software in Fedora.
>
> And there is a new Minimization Team [2]
49 matches
Mail list logo