Re: Debian and our frenemies of containers and userland repos

To: debian-devel@lists.debian.org
Subject: Re: Debian and our frenemies of containers and userland repos
From: Johannes Schauer <josch@debian.org>
Date: Wed, 24 Jul 2019 08:45:05 +0200
Message-id: <[🔎] 156395070580.30059.9124387446449581007@hoothoot>
Mail-followup-to: Marc Haber <mh+debian-devel@zugschlus.de>, debian-devel@lists.debian.org
In-reply-to: <[🔎] E1hqAaV-00035E-BG@drop.zugschlus.de>
References: <[🔎] 20190711152551.GA5279@madoka.m-wei.net> <[🔎] 24daedaa-2f29-d270-80a3-2b293a8abc74@metux.net> <[🔎] E1hqAaV-00035E-BG@drop.zugschlus.de>

Quoting Marc Haber (2019-07-24 08:17:19)
> On Mon, 22 Jul 2019 12:38:36 +0200, "Enrico Weigelt, metux IT consult"
> <lkml@metux.net> wrote:
> >Containerization is a valid approach for some kind of workloads
> >(eg. specific inhouse applications) that can be easily isolated from
> >the rest. But it comes with the price of huge redundancies (depending
> >on how huge some application stacks are). And unless everybody wants
> >to go back of maintaining everything on his own, we still need distros.
> 
> Compared to a full VM, a container _is_ smaller. I am not sure whether
> the difference is as huge in times where we have kernel same-page
> merging though.

You can create really small Debian chroots with mmdebstrap. In contrast to
debootstrap, you can create chroots with just all Essential:yes packages and
their dependencies (debootstrap cannot do less than Priority:required):

   $ mmdebstrap --variant=essential unstable debian-unstable.tar

and you can use the dpkg path-excluded feature to remove lots of stuff you
might not need inside a container:

   $ mmdebstrap --variant=essential \
       --dpkgopt='path-exclude=/usr/share/man/*' \
       --dpkgopt='path-include=/usr/share/man/man[1-9]/*' \
       --dpkgopt='path-exclude=/usr/share/locale/*' \
       --dpkgopt='path-include=/usr/share/locale/locale.alias' \
       --dpkgopt='path-exclude=/usr/share/doc/*' \
       --dpkgopt='path-include=/usr/share/doc/*/copyright' \
       --dpkgopt='path-include=/usr/share/doc/*/changelog.Debian.*' \
       unstable debian-unstable.tar

or even with less than the Essential:yes package set but busybox instead:

   $ mmdebstrap --variant=custom \
       --include=dpkg,busybox,libc-bin,base-files,base-passwd,debianutils \
       --setup-hook='mkdir -p "\$1/bin"' \
       --setup-hook='for p in awk cat chmod chown cp diff echo env grep less ln mkdir mount rm rmdir sed sh sleep sort touch uname; do ln -s busybox "\$1/bin/\$p"; done' \
       --setup-hook='echo root:x:0:0:root:/root:/bin/sh > "\$1/etc/passwd"' \
       --setup-hook='printf "root:x:0:\nmail:x:8:\nutmp:x:43:\n" > "\$1/etc/group"' \
       unstable debian-unstable.tar

Thanks!

cheers, josch

Attachment: signature.asc
Description: signature

Reply to:

References:
- Debian and our frenemies of containers and userland repos
  - From: Yao Wei <mwei@debian.org>
- Re: Debian and our frenemies of containers and userland repos
  - From: "Enrico Weigelt, metux IT consult" <lkml@metux.net>
- Re: Debian and our frenemies of containers and userland repos
  - From: Marc Haber <mh+debian-devel@zugschlus.de>

Prev by Date: Re: Debian and our frenemies of containers and userland repos
Next by Date: Re: Sorce only uploads with sbuild (was: Bits from the Release Team)
Previous by thread: Re: Debian and our frenemies of containers and userland repos
Next by thread: Bug#931882: ITP: kopano-webapp-plugin-desktopnotifications -- Kopano WebApp desktopnotifications plugin
Index(es):
- Date
- Thread