The package manager would not be part of the container image. The package manager is only used to build it. The container image will only include the packages the user specifies.
combining portions of images as multi-stage builds
That’s something I am making use of for this, actually :)
What you’re describing not only already exists…
Can you please give an example of a tool that can build a container image by being given only a list of packages it needs to have?
My tool would be as simple as doing something like this:
Did not know about apko. I am not attached to distroless, just thought it was a nice to have. So apko might be a reason I don’t pursue this project anymore. Thanks for showing me!
Your comment is very insightful for other reasons too. Thanks a lot :)
I had a feeling nixos would have something, but I avoided it because it seemed more than a day’s worth of learning (and also its a bit opinionated). But I will revisit it one day!
Which has its own dockerfile. My proposed tool would allow using other images as base too, but that is not the problem it is solving.
copy your app
Well you’d have to have it compiled or built if that is required in your case. With my system, the build recipe would be a gentoo ebuild (shell-script-like) that you would just reference.
The example I gave is pretty simple, you’re right. Say in another case, you list the following packages:
You could start with a nodejs base or an nginx base, and then write the steps to install the other. You’d also have to make sure to get all the deps if they have them.
You’re unlikely to find a ready image that has all what you want. But with my method, you can compose different ones however you like, rather than having to find an image that matches your exact use case.
Please demonstrate how the example I gave above can be done with common scripting tools, such it would mimic the declarative experience I described. I don’t think it is possible as you claim.
Can you please point to where I deflected any questions? I looked and could not find any instances of such.
I actually answered the question “why”, please refer to previous comments. It is also answered in the main post. But I will rephrase and summarize again here:
when creating a container image that requires certain applications installed, most dockerfiles explicitly install the dependencies of said applications as well. With my tool, you only declare the package you need, and it will resolve dependencies automatically and install them for you.
the above would work with distroless containers too, as the package manager used is outside of the produced container.
Bspwm has many appeals, and I do not want to focus on those. I want to focus on binary-tree separation of windows and its benefits vs alternatives. What’s the appeal?...
Iran said it launched dozens of drones and ballistic missiles towards Israel on Saturday in a major attack following days of acute tension building up in the region and warnings from the US and elsewhere about a wider conflict erupting....
Unfortunately, I’m not certain it’s in Israel’s best interest that this doesn’t escalate. They can probably do serious damage to Iran whereas the reverse is far less certain (evidently from this attack). And they knew very well that their embassy attack will bring Iranian retaliation. Now they’ll just use that for an even greater response.
Painting Israel as a victim just for having a small population / geography… I don’t know about that. They’ve committed far too many massscres since their inception to be portrayed like that.
If we keep going back, Israel has committed far too many hostilities that were never responded to. Hell, they bomb syria most weeks without any retaliation form Syria. They commit horrors against west bank citizens all the time.
No one reading your comment will take you seriously when you claim OP said something they didn’t say. You realize the comment is right there for us to read, right?
I think I understand your point of confusion. The original comment said this has been going on for thousands of years, and I meant to say that it only began around 1917. Although there was an Ottoman occupation before the brief Arab rule period, the Ottoman occupation did not have the turmoil and issues associated with the Zionist occupation.
Didn’t say you can’t whatever you want. I said “by your logic”. That was assuming you don’t contradict your own logic, but of course you can otherwise :)
I see people talking about doas saying it’s just like sudo but with less features. I’m just wondering if there is any situation where you should use doas or if it’s just personal preference.
When I thought about this question, I decided to ditch both sudo and doas entirely. I am certain this is an unpopular opinion, but I preferred setting up a granular permission + user system instead, and keeping root privileges for only a handful of use cases (primarily for system updates and package installations).
For anything else, a dedicated user is created, and given only permissions to do that exact thing only. Many of these users have no shell access at all, and for the ones that do, I use a password manager so I don’t have to memorize passwords for all of these users.
The short answer is that my distro did not let me do this easily. But that was for good reason.
A system update would require too many privileges that it would be almost indistinguishable from root.
Currently, every user I have is restricted in what files it has access to. A system update user would need access to so many files, including install locations of all binaries, and non-binary installation paths of all current and future programs I install (some package installs modify /var, many modify /etc, and so on).
This user will also have access to all these programs, down to system applications. It can trivially break a permission system I come up with.
It may be possible to restrict system updates to a user, but it would be such a powerful user that its not really worth it.
Yes I did, and that’s a very good point. What sudo does not allow me to do is grant a user access to modify or read specific files or directories. I can get both that and access to executing specific programs using a users/groups permission system.
Another thing I don’t like about sudo is that you end up using the same password for everything, which is also the password for logging in. Putting higher privileges behind my same login password opens me to a single point of failure.
I see. I have little knowledge, but I bet that the “root privileges” part of this process is the reboot. Upon rebooting, system updates are applied from the new image via some privileged process.
That’s pretty neat. Unfortunately I haven’t ventured deeply enough into that type of system yet (was it called immutable distro or something?). I use gentoo, which doesn’t support this out of the box.
I daily drive wayland with nvidia and I play games modestly. I have Xorg installed as backup for when issues happen, but it’s been pretty rare in the last couple months.
Since nvidia drivers do not properly implement implicit sync, this protocol not existing is the root cause of flickering with nvidia graphics on Wayland. This MR being merged means that Wayland might finally be usable with nvidia graphics with the next driver release....
4 GB RAM is not enough if you plan on using multiple tabs on a browser. And I don’t mean a ridiculous number of tabs. You might run out from 4 tabs or so.
I use foot because it’s wayland native and the developer is a very nice person. Only thing missing from it for me is ligature support.
A close second for me is WezTerm. It is very full featured, although I do not use a lot of its features. Developer is also extremely nice and helpful. It does have ligature support.
I personally use tiling window managers, so I have no need for built-in tiling / tabbing features.
I’m used to using Linux from the terminal. I have a new machine which I plan to use mostly headless but would occasionally like to run a desktop environment and play games with GPU acceleration. I know I don’t have to launch the desktop environment on startup, but I was wondering if it’s possible to have that entire...
I ask because I’ve been thinking of trying Guix or Nix. I lean more towards nix due to popularity but also because theoretically a language tailored for package recipes may do better than guille.
Stopped hopping when I realized most distros are just debian with certain things pre-installed or pre-configured. Decided to compare base distros, and settled on Gentoo for its powerful features, transparency and customizability.
I’ve created one project that no one uses. I’ve found a lot of friction contributing to existing projects. There has to be:
something to do
the maintainer is cool with having it done
the maintainer is okay not doing it themselves
is within my expertise or requires an acceptable amount of ramp up learning
Then I have to make sure to learn their code of conduct and do it exactly the way they want. Do they want testing? Do they want me to update the docs? So I have to get green light from maintainer to start? Etc.
It looks to be similar. I’m not sure how trivial it is to add this. For nginx it’s basically built in. You just give it the Lua code. It’s also pretty capable. You can basically write a whole API back-end in it, which is pretty good for small APIs or functionalities, like an image resizing API.
Should I make this: (distroless) containers builder, by taking list of packages or a gentoo ebuild file
I am thinking to make the following tool, but wanted to get opinions before I embark on this journey....
Wayland tiling compositor that will work okay with nvidia?
I understand that nvidia support for wayland is lacking, but I know it’s possible....
What is the appeal of a binary-tree only in a tiling window manager (bspwm) vs. nested splits (i3 and sway)?
Bspwm has many appeals, and I do not want to focus on those. I want to focus on binary-tree separation of windows and its benefits vs alternatives. What’s the appeal?...
NixOS forked (aux.computer)
hachyderm.io/
Switching to Wayland as a WM user (feddit.cl)
Hi guys,...
LXQt 2.0.0 released (lxqt-project.org)
Iran launches drone attack against Israel as Biden rushes to White House (www.theguardian.com)
Iran said it launched dozens of drones and ballistic missiles towards Israel on Saturday in a major attack following days of acute tension building up in the region and warnings from the US and elsewhere about a wider conflict erupting....
Iran launches dozens of drones toward Israel (www.jpost.com)
Inb4 lemmy supports Iran
Glaucus Linux - simple and lightweight distribution based on musl and toybox. (glaucuslinux.org)
Probably a long way from being daily-driven, but I really love the idea....
Is there an advantage of using doas over sudo
I see people talking about doas saying it’s just like sudo but with less features. I’m just wondering if there is any situation where you should use doas or if it’s just personal preference.
Do you daily drive Wayland, if so since when, if not when will you?
I’ve been on Wayland for the past two years exclusively (Nvidia)....
DuckDB as the New jq (www.pgrs.net)
Explicit sync Wayland protocol has finally been merged! (gitlab.freedesktop.org)
Since nvidia drivers do not properly implement implicit sync, this protocol not existing is the root cause of flickering with nvidia graphics on Wayland. This MR being merged means that Wayland might finally be usable with nvidia graphics with the next driver release....
Firefox "tabs" in a tiling WM (sopuli.xyz)
In the image, these are not tabs. These are firefox windows, being rendered as tabs (and as stacks) by sway....
Which new laptop under $300 with upgradeable parts should I be looking at?
Hi,...
What's your favorite terminal?
I’m looking for a new terminal. What’s your favorite one and why? Which one is popular?
Does anyone run their desktop environment containerized?
I’m used to using Linux from the terminal. I have a new machine which I plan to use mostly headless but would occasionally like to run a desktop environment and play games with GPU acceleration. I know I don’t have to launch the desktop environment on startup, but I was wondering if it’s possible to have that entire...
Former distrohoppers, where did you settle down?
Which one(s) and why?
How often do you contribute to open source projects?
I'm working on a distro recommendation flowchart/ list for newcomers and need your input please! (Post is not only this picture btw and is mainly text)
We often get the same question with...
Is there a downside to Flatpak?
Basically title....
announcing freenginx.org (mailman.nginx.org)
Maxim Dounin announces the freenginx project....