An image for a fedora-toolbox container


#1

As part of the Silverblue effort, we are working on some tools to provide users with pet toolbox containers. This is similar to coreos/toolbox, except that we are using buildah, podman, etc. and are aiming to run rootless.

The idea is to:

  1. Create a container that’s tailored to the user’s host environment - same user name and UID, shared HOME and XDG_RUNTIME_DIR, etc.; and is optimized for an interactive CLI experience that’s at par with the host.
  2. Have a simple command that can be used as SHELL on the locked down Silverblue host to get an actual shell inside the RPM-based container.

To simplify creating this container, I’m planning to have a more generic fedora-toolbox image hosted on the Fedora registry that doesn’t have any of the user-specific bits, but takes care of adding all the necessary RPMs to bring the stock fedora image closer to the Silverblue host in terms of the CLI. I wonder if you’d have any comments on the recipe for this image.

Here’s the Dockerfile:

FROM docker://registry.fedoraproject.org/fedora:28

ENV NAME=fedora-toolbox VERSION=28 RELEASE=1
LABEL com.redhat.component="$NAME" \
      name="$FGC/$NAME" \
      version="$VERSION" \
      release="$RELEASE.$DISTTAG" \
      summary="Base image for creating Fedora toolbox containers"

RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf
RUN dnf -y upgrade
RUN dnf -y swap coreutils-single coreutils-full

COPY extra-packages /
RUN packages=; while read -r package; do packages="$packages $package"; done \
        <extra-packages; \
    dnf -y install $packages
RUN rm /extra-packages

Here’s the list of packages (ie. extra-packages) that get added to the stock fedora image:

bash-completion
bzip2
diffutils
findutils
git-core
hostname
iputils
jwhois
keyutils
less
lsof
man-db
man-pages
mlocate
mtr
openssh-clients
passwd
pigz
procps-ng
sudo
time
traceroute
tree
vte-profile
wget
which
words
xz
zip

Comments welcome.


#2

What’s the size of the image?

Please drop release label and env var, we are in a process of moving away from those.

Also I’m not sure if images build in Fedora are squashed. If not, then this is pointless to do:

RUN rm /extra-packages

The file would still be present in the previous layer.


#3

The size of the image is 541 MB.


#4

Ok, I have removed the release label and the RELEASE environment variable locally.

I am happy to embed the list of package names in the Dockerfile itself, if that’s better. I used a separate text file because I thought it would be easier to tweak the list, but I am not very attached to it.


#5

OSBS is squashing the images :monkey_face:


#6

LGTM, feel free to open a container review request.


#7

Thanks. Review submitted:
https://bugzilla.redhat.com/show_bug.cgi?id=1628914