diff options
author | tomsweeneyredhat <tsweeney@redhat.com> | 2022-02-10 12:28:42 -0500 |
---|---|---|
committer | tomsweeneyredhat <tsweeney@redhat.com> | 2022-02-10 15:45:04 -0500 |
commit | 40ba9f10e5fbdd3c9d36389107b8bf1caec6cef0 (patch) | |
tree | 1aa7eda5aeb0d5aa44f3358d137568d04e892e29 | |
parent | 6d2b54a731cf5ac9a7e760709748ee96a636d65e (diff) | |
download | podman-40ba9f10e5fbdd3c9d36389107b8bf1caec6cef0.tar.gz podman-40ba9f10e5fbdd3c9d36389107b8bf1caec6cef0.tar.bz2 podman-40ba9f10e5fbdd3c9d36389107b8bf1caec6cef0.zip |
Make the hello image leaner
[NO TESTS NEEDED]
Change from using a bash script to a c file
for running the image. With thanks to discussions
with @afbjorklund, the Containerfile was rigged
up to make the final image be only KB's in size.
Also add USER 1000 to make the image test/run as
non-root, and update the README.md
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
-rw-r--r-- | contrib/helloimage/Containerfile | 13 | ||||
-rw-r--r-- | contrib/helloimage/README.md | 28 | ||||
-rwxr-xr-x | contrib/helloimage/podman_hello_world.bash | 23 | ||||
-rw-r--r-- | contrib/helloimage/podman_hello_world.c | 26 |
4 files changed, 59 insertions, 31 deletions
diff --git a/contrib/helloimage/Containerfile b/contrib/helloimage/Containerfile index bea71cae0..0cbf6d9a0 100644 --- a/contrib/helloimage/Containerfile +++ b/contrib/helloimage/Containerfile @@ -1,8 +1,11 @@ -FROM registry.access.redhat.com/ubi8-micro:latest +FROM docker.io/alpine as builder +RUN apk add gcc libc-dev +ADD podman_hello_world.c . +RUN gcc -O2 -static -o podman_hello_world podman_hello_world.c +FROM scratch LABEL maintainer="Podman Maintainers" LABEL artist="Máirín Ní Ḋuḃṫaiġ, Twitter:@mairin" -WORKDIR /tmp - -COPY podman_hello_world.bash . -ENTRYPOINT ./podman_hello_world.bash +USER 1000 +COPY --from=builder podman_hello_world /usr/local/bin/podman_hello_world +CMD ["/usr/local/bin/podman_hello_world"] diff --git a/contrib/helloimage/README.md b/contrib/helloimage/README.md index 93edcc527..ca69f87b4 100644 --- a/contrib/helloimage/README.md +++ b/contrib/helloimage/README.md @@ -19,7 +19,7 @@ Using this image is helpful to: The contents of this directory contain: * ./Containerfile - * ./podman_hello_world.bash + * ./podman_hello_world.c ## Sample Usage @@ -28,7 +28,7 @@ To simply run the image: ``` podman run quay.io/podman/hello -! ... Hello Podman World ...! +!... Hello Podman World ...! .--"--. / - - \ @@ -49,7 +49,29 @@ To build the image yourself, copy the files from this directory into a local directory and issue these commands: ``` -chmod 755 ./podman_hello_world.bash podman build -t myhello . podman run myhello ``` + +## Potential Issues: + +The image runs as a rootless user with the UID set to `1000`. +If the /etc/subuid and /etch/subgid values are not set appropriately to run as a +rootless user on the host, an error like this might be raised: + +``` +Copying blob acab339ca1e8 done +ERRO[0002] Error while applying layer: ApplyLayer exit status 1 stdout: stderr: potentially insufficient UIDs or GIDs available in user namespace (requested 0:12 for /var/spool/mail): Check /etc/subuid and /etc/subgid: lchown /var/spool/mail: invalid argument +Error: writing blob: adding layer with blob "sha256:ee0cde9de8a68f171a8c03b0e9954abf18576947e2f3187e84d8c31ccd8f6a09": ApplyLayer exit status 1 stdout: stderr: potentially insufficient UIDs or GIDs available in user namespace (requested 0:12 for /var/spool/mail): Check /etc/subuid and /etc/subgid: lchown /var/spool/mail: invalid argument +``` + +Please refer to this [blog post](https://www.redhat.com/sysadmin/rootless-podman) for further configuration information. + +## THANKS! + +Many Thanks to @afbjorklund for a great discussion during the +first revision of this container image that resulted in moving +from using bash to using C, and the ensuing changes to the +Containerfile. + +Also many thanks to @mairin for the awesome ASCII art! diff --git a/contrib/helloimage/podman_hello_world.bash b/contrib/helloimage/podman_hello_world.bash deleted file mode 100755 index a8919c92b..000000000 --- a/contrib/helloimage/podman_hello_world.bash +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -### -# ASCII art by the incomparable Máirín Duffy, -# duffy@redhat.com, Twitter: @mairin -# January 2022 -### -echo " " -echo "! ... Hello Podman World ... !" -echo " " -echo " .--\"--. " -echo " / - - \\ " -echo " / (O) (O) \\ " -echo " ~~~| -=(,Y,)=- | " -echo " .---. /\` \\ |~~ " -echo " ~/ o o \\~~~~.----. ~~ " -echo " | =(X)= |~ / (O (O) \\ " -echo " ~~~~~~~ ~| =(Y_)=- | " -echo " ~~~~ ~~~| U |~~ " -echo "" -echo "Project: https://github.com/containers/podman" -echo "Website: https://podman.io" -echo "Documents: https://docs.podman.io" -echo "Twitter: @Podman_io" diff --git a/contrib/helloimage/podman_hello_world.c b/contrib/helloimage/podman_hello_world.c new file mode 100644 index 000000000..ee574130d --- /dev/null +++ b/contrib/helloimage/podman_hello_world.c @@ -0,0 +1,26 @@ +//### +// ASCII art by the incomparable Máirín Duffy, +// duffy@redhat.com, Twitter: @mairin +// January 2022 +//### + +#include <stdio.h> +int main() { + puts("\ +!... Hello Podman World ...!\n\ +\n\ + .--\"--. \n\ + / - - \\ \n\ + / (O) (O) \\ \n\ + ~~~| -=(,Y,)=- | \n\ + .---. /` \\ |~~ \n\ + ~/ o o \\~~~~.----. ~~ \n\ + | =(X)= |~ / (O (O) \\ \n\ + ~~~~~~~ ~| =(Y_)=- | \n\ + ~~~~ ~~~| U |~~ \n\ +\n\ +Project: https://github.com/containers/podman\n\ +Website: https://podman.io\n\ +Documents: https://docs.podman.io\n\ +Twitter: @Podman_io"); +} |