aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortomsweeneyredhat <tsweeney@redhat.com>2022-02-10 12:28:42 -0500
committertomsweeneyredhat <tsweeney@redhat.com>2022-02-10 15:45:04 -0500
commit40ba9f10e5fbdd3c9d36389107b8bf1caec6cef0 (patch)
tree1aa7eda5aeb0d5aa44f3358d137568d04e892e29
parent6d2b54a731cf5ac9a7e760709748ee96a636d65e (diff)
downloadpodman-40ba9f10e5fbdd3c9d36389107b8bf1caec6cef0.tar.gz
podman-40ba9f10e5fbdd3c9d36389107b8bf1caec6cef0.tar.bz2
podman-40ba9f10e5fbdd3c9d36389107b8bf1caec6cef0.zip
Make the hello image leaner
[NO TESTS NEEDED] Change from using a bash script to a c file for running the image. With thanks to discussions with @afbjorklund, the Containerfile was rigged up to make the final image be only KB's in size. Also add USER 1000 to make the image test/run as non-root, and update the README.md Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
-rw-r--r--contrib/helloimage/Containerfile13
-rw-r--r--contrib/helloimage/README.md28
-rwxr-xr-xcontrib/helloimage/podman_hello_world.bash23
-rw-r--r--contrib/helloimage/podman_hello_world.c26
4 files changed, 59 insertions, 31 deletions
diff --git a/contrib/helloimage/Containerfile b/contrib/helloimage/Containerfile
index bea71cae0..0cbf6d9a0 100644
--- a/contrib/helloimage/Containerfile
+++ b/contrib/helloimage/Containerfile
@@ -1,8 +1,11 @@
-FROM registry.access.redhat.com/ubi8-micro:latest
+FROM docker.io/alpine as builder
+RUN apk add gcc libc-dev
+ADD podman_hello_world.c .
+RUN gcc -O2 -static -o podman_hello_world podman_hello_world.c
+FROM scratch
LABEL maintainer="Podman Maintainers"
LABEL artist="Máirín Ní Ḋuḃṫaiġ, Twitter:@mairin"
-WORKDIR /tmp
-
-COPY podman_hello_world.bash .
-ENTRYPOINT ./podman_hello_world.bash
+USER 1000
+COPY --from=builder podman_hello_world /usr/local/bin/podman_hello_world
+CMD ["/usr/local/bin/podman_hello_world"]
diff --git a/contrib/helloimage/README.md b/contrib/helloimage/README.md
index 93edcc527..ca69f87b4 100644
--- a/contrib/helloimage/README.md
+++ b/contrib/helloimage/README.md
@@ -19,7 +19,7 @@ Using this image is helpful to:
The contents of this directory contain:
* ./Containerfile
- * ./podman_hello_world.bash
+ * ./podman_hello_world.c
## Sample Usage
@@ -28,7 +28,7 @@ To simply run the image:
```
podman run quay.io/podman/hello
-! ... Hello Podman World ...!
+!... Hello Podman World ...!
.--"--.
/ - - \
@@ -49,7 +49,29 @@ To build the image yourself, copy the files from this directory into
a local directory and issue these commands:
```
-chmod 755 ./podman_hello_world.bash
podman build -t myhello .
podman run myhello
```
+
+## Potential Issues:
+
+The image runs as a rootless user with the UID set to `1000`.
+If the /etc/subuid and /etch/subgid values are not set appropriately to run as a
+rootless user on the host, an error like this might be raised:
+
+```
+Copying blob acab339ca1e8 done
+ERRO[0002] Error while applying layer: ApplyLayer exit status 1 stdout: stderr: potentially insufficient UIDs or GIDs available in user namespace (requested 0:12 for /var/spool/mail): Check /etc/subuid and /etc/subgid: lchown /var/spool/mail: invalid argument
+Error: writing blob: adding layer with blob "sha256:ee0cde9de8a68f171a8c03b0e9954abf18576947e2f3187e84d8c31ccd8f6a09": ApplyLayer exit status 1 stdout: stderr: potentially insufficient UIDs or GIDs available in user namespace (requested 0:12 for /var/spool/mail): Check /etc/subuid and /etc/subgid: lchown /var/spool/mail: invalid argument
+```
+
+Please refer to this [blog post](https://www.redhat.com/sysadmin/rootless-podman) for further configuration information.
+
+## THANKS!
+
+Many Thanks to @afbjorklund for a great discussion during the
+first revision of this container image that resulted in moving
+from using bash to using C, and the ensuing changes to the
+Containerfile.
+
+Also many thanks to @mairin for the awesome ASCII art!
diff --git a/contrib/helloimage/podman_hello_world.bash b/contrib/helloimage/podman_hello_world.bash
deleted file mode 100755
index a8919c92b..000000000
--- a/contrib/helloimage/podman_hello_world.bash
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-###
-# ASCII art by the incomparable Máirín Duffy,
-# duffy@redhat.com, Twitter: @mairin
-# January 2022
-###
-echo " "
-echo "! ... Hello Podman World ... !"
-echo " "
-echo " .--\"--. "
-echo " / - - \\ "
-echo " / (O) (O) \\ "
-echo " ~~~| -=(,Y,)=- | "
-echo " .---. /\` \\ |~~ "
-echo " ~/ o o \\~~~~.----. ~~ "
-echo " | =(X)= |~ / (O (O) \\ "
-echo " ~~~~~~~ ~| =(Y_)=- | "
-echo " ~~~~ ~~~| U |~~ "
-echo ""
-echo "Project: https://github.com/containers/podman"
-echo "Website: https://podman.io"
-echo "Documents: https://docs.podman.io"
-echo "Twitter: @Podman_io"
diff --git a/contrib/helloimage/podman_hello_world.c b/contrib/helloimage/podman_hello_world.c
new file mode 100644
index 000000000..ee574130d
--- /dev/null
+++ b/contrib/helloimage/podman_hello_world.c
@@ -0,0 +1,26 @@
+//###
+// ASCII art by the incomparable Máirín Duffy,
+// duffy@redhat.com, Twitter: @mairin
+// January 2022
+//###
+
+#include <stdio.h>
+int main() {
+ puts("\
+!... Hello Podman World ...!\n\
+\n\
+ .--\"--. \n\
+ / - - \\ \n\
+ / (O) (O) \\ \n\
+ ~~~| -=(,Y,)=- | \n\
+ .---. /` \\ |~~ \n\
+ ~/ o o \\~~~~.----. ~~ \n\
+ | =(X)= |~ / (O (O) \\ \n\
+ ~~~~~~~ ~| =(Y_)=- | \n\
+ ~~~~ ~~~| U |~~ \n\
+\n\
+Project: https://github.com/containers/podman\n\
+Website: https://podman.io\n\
+Documents: https://docs.podman.io\n\
+Twitter: @Podman_io");
+}