As part of the Silverblue effort, we are working on some tools to provide users with pet toolbox containers. This is similar to coreos/toolbox, except that we are using
podman, etc. and are aiming to run rootless.
The idea is to:
- Create a container that’s tailored to the user’s host environment - same user name and UID, shared
XDG_RUNTIME_DIR, etc.; and is optimized for an interactive CLI experience that’s at par with the host.
- Have a simple command that can be used as SHELL on the locked down Silverblue host to get an actual shell inside the RPM-based container.
To simplify creating this container, I’m planning to have a more generic
fedora-toolbox image hosted on the Fedora registry that doesn’t have any of the user-specific bits, but takes care of adding all the necessary RPMs to bring the stock
fedora image closer to the Silverblue host in terms of the CLI. I wonder if you’d have any comments on the recipe for this image.
Here’s the Dockerfile:
FROM docker://registry.fedoraproject.org/fedora:28 ENV NAME=fedora-toolbox VERSION=28 RELEASE=1 LABEL com.redhat.component="$NAME" \ name="$FGC/$NAME" \ version="$VERSION" \ release="$RELEASE.$DISTTAG" \ summary="Base image for creating Fedora toolbox containers" RUN sed -i '/tsflags=nodocs/d' /etc/dnf/dnf.conf RUN dnf -y upgrade RUN dnf -y swap coreutils-single coreutils-full COPY extra-packages / RUN packages=; while read -r package; do packages="$packages $package"; done \ <extra-packages; \ dnf -y install $packages RUN rm /extra-packages
Here’s the list of packages (ie.
extra-packages) that get added to the stock
bash-completion bzip2 diffutils findutils git-core hostname iputils jwhois keyutils less lsof man-db man-pages mlocate mtr openssh-clients passwd pigz procps-ng sudo time traceroute tree vte-profile wget which words xz zip