10
submitted 10 months ago* (last edited 10 months ago) by trevor@lemmy.blahaj.zone to c/docker@programming.dev

I am looking for something that can take a Dockerfile, like the following as an input:


FROM --platform=linux/amd64 debian:latest
ENV DEBIAN_FRONTEND=noninteractive

RUN apt update && apt install -y curl unzip libsecret-1-0 jq
COPY entrypoint.sh .
ENTRYPOINT [ "/entrypoint.sh" ]

And produce a a multi-stage Dockerfile where the last stage is built from scratch, with the dependencies for the script in the ENTRYPOINT (or CMD) copied over, like this:


FROM --platform=linux/amd64 debian:latest as builder
ENV DEBIAN_FRONTEND=noninteractive

RUN apt update && apt install -y curl unzip libsecret-1-0 jq

FROM --platform=linux/amd64 scratch as app
SHELL ["/bin/bash"]

# the binaries executed in entrypoint.sh
COPY --from=builder /bin/bash /bin/bash
COPY --from=builder /usr/bin/curl /usr/bin/curl
COPY --from=builder /usr/bin/jq /usr/bin/jq
COPY --from=builder /usr/bin/sleep /usr/bin/sleep

# shared libraries of the binaries
COPY --from=builder /lib/x86_64-linux-gnu/libjq.so.1 /lib/x86_64-linux-gnu/libjq.so.1
COPY --from=builder /lib/x86_64-linux-gnu/libcurl.so.4 /lib/x86_64-linux-gnu/libcurl.so.4
COPY --from=builder /lib/x86_64-linux-gnu/libz.so.1 /lib/x86_64-linux-gnu/libz.so.1
# ...a bunch of other shared libs...

# entrypoint
COPY entrypoint.sh /entrypoint.sh

ENTRYPOINT [ "/entrypoint.sh" ]

I've had pretty decent success creating images like this manually (using ldd to find the dependencies) based on this blog. To my knowledge, there's nothing out there that automates producing an image built from scratch, specifically. If something like this doesn't exist, I'm willing to build it myself.

you are viewing a single comment's thread
view the rest of the comments
[-] Kangie@lemmy.srcfiles.zip 2 points 10 months ago* (last edited 10 months ago)

We have Kubler which makes Gentoo -based images. It does a great job of enabling you to toggle dependencies that you need and building a slim, hardened image.

Edit: lddsucks, try libtree instead.

this post was submitted on 06 Feb 2024
10 points (100.0% liked)

Docker

966 readers
1 users here now

founded 2 years ago
MODERATORS