{"id":21471828,"url":"https://github.com/brianredbeard/minimal_containers","last_synced_at":"2025-07-15T08:31:34.211Z","repository":{"id":35700464,"uuid":"39977817","full_name":"brianredbeard/minimal_containers","owner":"brianredbeard","description":null,"archived":false,"fork":false,"pushed_at":"2017-02-06T19:47:56.000Z","size":9954,"stargazers_count":82,"open_issues_count":1,"forks_count":7,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-09T00:41:28.761Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/brianredbeard.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-07-31T00:05:38.000Z","updated_at":"2024-12-25T03:11:20.000Z","dependencies_parsed_at":"2022-09-08T14:22:09.639Z","dependency_job_id":null,"html_url":"https://github.com/brianredbeard/minimal_containers","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/brianredbeard/minimal_containers","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brianredbeard%2Fminimal_containers","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brianredbeard%2Fminimal_containers/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brianredbeard%2Fminimal_containers/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brianredbeard%2Fminimal_containers/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/brianredbeard","download_url":"https://codeload.github.com/brianredbeard/minimal_containers/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brianredbeard%2Fminimal_containers/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265419694,"owners_count":23761858,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-23T09:45:48.911Z","updated_at":"2025-07-15T08:31:33.395Z","avatar_url":"https://github.com/brianredbeard.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Minimal Containers 101\n\n## About\n\nThis presentation is a primer on the process of building minimal Linux\ncontainers.  These directions should be taken with a grain of salt.\n\nAs mentioned (verbally) in the presentation, these directions are not for\neveryone.  While most folks involved with Linux will learn a thing or two about\nthe mechanisms used for containerization, these directions are for the folks\nwho wish to curate the content of their containers.\n\nWithin this repository you'll find the original slides in Libre Office Impress\n\"ODP\" format.  This is the canonical presentation.  There is also a copy of the\npresentation rendered into PDF for those who do not have access(?) to\nLibre Office.\n\nThis process began simply.  The `busybox` image curated by Docker Inc is\nbuilt using µLibC.  While this may be sufficient for many users, it was\ninsufficient for the author.  This required finding a different process for\nbuilding a busybox image, only using GLIBC.  Enter \"Buildroot\".\n\nWhen this talk was first done (München, 2015-02-03) there was very little in\nthe way of documentation around this process.  Back in June of 2015 Docker began\nproviding documentation around doing [this](https://github.com/docker/docker/blob/master/docs/userguide/eng-image/baseimages.md)\n(note: URL updated as the original file moved and seems to have been re-written).\n\nThe video for the presentation can be found here: [Getting weird with containers](https://www.youtube.com/watch?v=gMpldbcMHuI)\n\n## Basic Concept\n\nThe basic principal is that you're creating a \"chroot\" filesystem which will be\nput into a \"tape archive\" file ([TAR](https://en.wikipedia.org/wiki/Tar_(computing))).\nOnce the tar file is created it can be consumed by your containerization system\nof choice.\n\n## Using the images\n\n### [Docker](https://www.docker.com) \n\nDocker is a Linux containerization system written in Golang with a focus on a\neasy to use development experience.  The proccess for importing a tar image\ninto docker is as simple as:\n\n```\n$ cat image.tar | docker import - tagname\n```\n\nAt this point the user has a complete image.  While there is no metadata\nattached to the image, it can still be run as one would expect, simply add a\ncommand:\n\n```\n$ docker run -t -i tagname /bin/sh\n```\n\nWhile a user can attach a `Dockerfile` using the option `-c`, it's the opinion\nof the author that it's easier to follow the process in a step by step fashion.\n\nUsing the previously created docker image (tagged `tagname`) we would produce\nthe following `Dockerfile`:\n\n```\nFROM tagname\n\nCMD [\"/bin/sh\"]\n```\n\nAfter this step is performed, run the command:\n\n```\n$ docker build . tagname:v1.0\n```\n\nAt this point the image is ready to be used.\n\n\n### [ACI](https://github.com/appc/spec)\n\nThe process for generating an ACI from a derived rootfs can be done in a number\nof ways.  Most users will find it easiest to use the utility [`acbuild`]\n(https://github.com/appc/acbuild).  This utility emulates the step by step\nnature of a Dockerfile.  One issue with `acbuild` is it's heavy use of operator\nprivileged permissions.  Most users will find that they need to repeatedly \n\"`sudo`\" various commands in order to do useful work.  It's important to note\nthat this is related to `acbuild` and not ACI images in general.\n\nAs an example of this there is the utility `scripts/gentoo-stage3-aci.sh` which\nusers may use to generate an ACI image out of the current autobuild of the\nGentoo stage 3 image.  As this is a toolkit used for compiling operating systems\nit can be especially useful for automated compiles.  This image is used to build\nbase containers with Buildroot so as to have a consistent development\nenvironment.\n\n#### scripts/gentoo-stage3-aci.sh example:\n\nIt should be noted that the errors coming from attempted `mknod` commands are\nnot a problem for users running containerized workloads as these special/block\nfiles are already handled by the containerization engine.\n\n\n```\n$  ./gentoo-stage3-aci.sh \ngpg: requesting key F6CD6C97 from hkp server keys.gnupg.net\ngpg: key F6CD6C97: \"Gentoo-keys Team \u003cgkeys@gentoo.org\u003e\" not changed\ngpg: Total number processed: 1\ngpg:              unchanged: 1\ngpg: requesting key 2D182910 from hkp server keys.gnupg.net\ngpg: key 2D182910: \"Gentoo Linux Release Engineering (Automated Weekly Release Key) \u003creleng@gentoo.org\u003e\" not changed\ngpg: Total number processed: 1\ngpg:              unchanged: 1\nDownloading Gentoo Stage 3 (stage3-amd64-20160428.tar.bz2)\n  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current\n                                 Dload  Upload   Total   Spent    Left  Speed\n100  238M  100  238M    0     0  13.3M      0  0:00:17  0:00:17 --:--:-- 12.0M\nDownloading Gentoo digests\n  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current\n                                 Dload  Upload   Total   Spent    Left  Speed\n100   720  100   720    0     0   3133      0 --:--:-- --:--:-- --:--:--  3157\nDownloading Gentoo digests (detached signature)\n  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current\n                                 Dload  Upload   Total   Spent    Left  Speed\n100  1588  100  1588    0     0  12107      0 --:--:-- --:--:-- --:--:-- 12215\nValidating GPG signatures of digest hashes\ngpg: Signature made Fri Apr 29 14:28:46 2016 UTC using RSA key ID 2D182910\ngpg: Good signature from \"Gentoo Linux Release Engineering (Automated Weekly Release Key) \u003creleng@gentoo.org\u003e\" [unknown]\ngpg: WARNING: This key is not certified with a trusted signature!\ngpg:          There is no indication that the signature belongs to the owner.\nPrimary key fingerprint: 13EB BDBE DE7A 1277 5DFD  B1BA BB57 2E0E 2D18 2910\nValidating SHA512 hashes from GPG signed DIGESTS file\nstage3-amd64-20160428.tar.bz2: OK\nCreating rootfs\nExploding stage3 to rootfs\ntar: ./dev/sdd6: Cannot mknod: Operation not permitted\ntar: ./dev/sdc12: Cannot mknod: Operation not permitted\n...\n...\n...\ntar: ./dev/sdb2: Cannot mknod: Operation not permitted\ntar: ./dev/tty62: Cannot mknod: Operation not permitted\ntar: ./dev/hda15: Cannot mknod: Operation not permitted\ntar: ./dev/tty42: Cannot mknod: Operation not permitted\ntar: ./dev/sda12: Cannot mknod: Operation not permitted\ntar: Exiting with failure status due to previous errors\nSkipping sync of portage tree. Set environment variable GENTOO_PORTAGE= to a non empty value to sync.\nWriting ACI manifest\nBuilding ACI image\nBuilt Image stage3-amd64-20160428.aci\n$ sudo rkt run --interactive --insecure-options image --dns 8.8.8.8 --volume output,kind=host,source=/home/core,readOnly=false --mount volume=output,target=/srv stage3-amd64-20160428.aci \nimage: using image from local store for image name coreos.com/rkt/stage1-coreos:1.2.1\nimage: using image from file stage3-amd64-20160428.aci\nnetworking: loading networks from /etc/rkt/net.d\nnetworking: loading network default with type ptp\nrkt-623e5da6-7f1b-4252-9acd-33d34cb0b924 / #\n```\n\n## Relevant Links\n\n  * [Buildroot](http://www.buildroot.org) - A SDK for building minimal Linux distributions like OpenWRT.\n  * [Alpine](https://alpinelinux.org/) - A streamlined Linux distro focused on security, and lightweight footprint.  Compiled using [musl libc](http://www.musl-libc.org/) vs GLIBC.  Quite a bit of work around Alpine has been done by [Jeff Lindsay](https://github.com/progrium).\n  * [debootstrap](https://wiki.debian.org/Debootstrap) - A tool to build a Debian system into a subdirectory on a Linux host.\n  * [YUM](http://yum.baseurl.org/) / [DNF](http://dnf.baseurl.org/) - Similar principal to debootstrap.  Here are a couple of examples - [Example 1](https://web.archive.org/web/20150514123601/http://prefetch.net/articles/yumchrootlinux.html) \u0026 [Example 2](https://web.archive.org/web/20141203222350/http://zaufi.github.io/administration/2014/06/10/howto-make-a-centos-chroot/)\n  * [Gentoo](https://www.gentoo.org/downloads/) - You can directly import the Gentoo \"Stage 3 Archive\" image and work with it.  Emerge packages, do compiles, etc.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrianredbeard%2Fminimal_containers","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbrianredbeard%2Fminimal_containers","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrianredbeard%2Fminimal_containers/lists"}