Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FR]: Easy way to produce images from apk packages #309

Closed
alexeagle opened this issue Jul 23, 2023 · 6 comments
Closed

[FR]: Easy way to produce images from apk packages #309

alexeagle opened this issue Jul 23, 2023 · 6 comments
Assignees
@alexeagle

Comments

@alexeagle
Copy link
Collaborator

apk is Alpine package keeper

https://github.com/chainguard-dev/apko is the obvious tool to use for this purpose

Thank you to Chainguard for offering to fund this feature request!
@alexeagle alexeagle self-assigned this Jul 23, 2023
This was referenced Jul 23, 2023
Open
Closed
@farcop
Copy link

farcop commented Jul 24, 2023
edited
Loading

Its pity but does not work in bazel @ Mac M1

% bazel build //images/alpine:gen_apko
INFO: Analyzed target //images/alpine:gen_apko (0 packages loaded, 0 targets configured).
INFO: Found 1 target...
ERROR: /Users/farcop/Sources/kublr/images/alpine/BUILD.bazel:1:8: Executing genrule //images/alpine:gen_apko failed: (Exit 2): bash failed: error executing command (from target //images/alpine:gen_apko) /bin/bash -c ... (remaining 1 argument skipped)

Use --sandbox_debug to see verbose messages from the sandbox and retain the sandbox build root for debugging
ℹ️            | loading config file: images/alpine/alpine.yaml
ℹ️  aarch64   | Building images for 2 architectures: [amd64 arm64]
ℹ️  aarch64   | building tags [alpine:latest]
ℹ️            | loading config file: images/alpine/alpine.yaml
⚠️  x86_64    | "amd64" requires QEMU binfmt emulation to be configured (not compatible with "arm64")
ℹ️  x86_64    | build context:
ℹ️            | loading config file: images/alpine/alpine.yaml
ℹ️  x86_64    | build options:
{
        "withVCS": true,
        "workDir": "/var/folders/bb/_k53lmmn03vcfj7vsgxxy4_w0000gn/T/apko-1530455407/x86_64",
        "tarballPath": "/var/folders/bb/_k53lmmn03vcfj7vsgxxy4_w0000gn/T/apko-1530455407/image/apko-x86_64.tar.gz",
        "tags": [
                "alpine:latest"
        ],
        "sourceDateEpoch": "1970-01-01T00:00:00Z",
        "arch": "amd64",
        "Log": {
                "Out": {},
                "Fields": null,
                "Level": 4
        }
}
ℹ️  x86_64    | image configuration:
ℹ️  x86_64    |   contents:
ℹ️  x86_64    |     repositories: [https://dl-cdn.alpinelinux.org/alpine/edge/main https://dl-cdn.alpinelinux.org/alpine/edge/community]
ℹ️  x86_64    |     keyring:      []
ℹ️  x86_64    |     packages:     [ca-certificates bash procps libc6-compat git less openssh jq unzip curl cdrkit ethtool openssl iperf3 netcat-openbsd]
ℹ️  x86_64    |   accounts:
ℹ️  x86_64    |     runas:  
ℹ️  x86_64    |     users:
ℹ️  x86_64    |       - uid=1001(kublr) gid=0
ℹ️  x86_64    |     groups:
ℹ️  x86_64    |       - gid=1001(kublr) members=[]
ℹ️  x86_64    | doing pre-flight checks
ℹ️  x86_64    | building image fileystem in /var/folders/bb/_k53lmmn03vcfj7vsgxxy4_w0000gn/T/apko-1530455407/x86_64
ℹ️  aarch64   | build context:
ℹ️  aarch64   | build options:
{
        "withVCS": true,
        "workDir": "/var/folders/bb/_k53lmmn03vcfj7vsgxxy4_w0000gn/T/apko-1530455407/aarch64",
        "tarballPath": "/var/folders/bb/_k53lmmn03vcfj7vsgxxy4_w0000gn/T/apko-1530455407/image/apko-aarch64.tar.gz",
        "tags": [
                "alpine:latest"
        ],
        "sourceDateEpoch": "1970-01-01T00:00:00Z",
        "arch": "arm64",
        "Log": {
                "Out": {},
                "Fields": null,
                "Level": 4
        }
}
ℹ️  aarch64   | image configuration:
ℹ️  aarch64   |   contents:
ℹ️  aarch64   |     repositories: [https://dl-cdn.alpinelinux.org/alpine/edge/main https://dl-cdn.alpinelinux.org/alpine/edge/community]
ℹ️  aarch64   |     keyring:      []
ℹ️  aarch64   |     packages:     [ca-certificates bash procps libc6-compat git less openssh jq unzip curl cdrkit ethtool openssl iperf3 netcat-openbsd]
ℹ️  aarch64   |   accounts:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x20 pc=0x1029f611c]

goroutine 7 [running]:
github.com/chainguard-dev/go-apk/pkg/apk.(*APK).InitDB(0x0, {0x10347e560, 0x14000046040}, {0x140000804c0, 0x2, 0x2})
        github.com/chainguard-dev/go-apk@v0.0.0-20230630173347-b8abc44cc8ca/pkg/apk/implementation.go:204 +0x3c
chainguard.dev/apko/pkg/apk.(*APK).Initialize(0x1400019c480, 0x140000d3508)
        chainguard.dev/apko/pkg/apk/apk.go:80 +0x78
chainguard.dev/apko/pkg/build.(*buildImplementation).InitializeApk(0x1400025a640?, {0x103489850?, 0x140002a8ea0?}, 0x140002092e0?, 0x0?)
        chainguard.dev/apko/pkg/build/build_implementation.go:199 +0x94
chainguard.dev/apko/pkg/build.buildImage({0x103489850, 0x140002a8ea0}, 0x102fc39c8?, 0x140000d3710, 0x5?, 0x102fc46d8?)
        chainguard.dev/apko/pkg/build/build_implementation.go:266 +0x164
chainguard.dev/apko/pkg/build.(*Context).BuildImage(0x140000d3500)
        chainguard.dev/apko/pkg/build/build.go:122 +0x48
chainguard.dev/apko/pkg/build.(*Context).BuildLayer(0x140002bbbf0?)
        chainguard.dev/apko/pkg/build/build.go:156 +0x28
chainguard.dev/apko/internal/cli.buildImageComponents.func1()
        chainguard.dev/apko/internal/cli/build.go:273 +0x1ec
golang.org/x/sync/errgroup.(*Group).Go.func1()
        golang.org/x/sync@v0.3.0/errgroup/errgroup.go:75 +0x5c
created by golang.org/x/sync/errgroup.(*Group).Go
        golang.org/x/sync@v0.3.0/errgroup/errgroup.go:72 +0xa4
Target //images/alpine:gen_apko failed to build
Use --verbose_failures to see the command lines of failed build steps.
INFO: Elapsed time: 0.143s, Critical Path: 0.06s
INFO: 2 processes: 2 internal.
FAILED: Build did NOT complete successfully

alpine.yaml

contents:
  repositories:
    - https://dl-cdn.alpinelinux.org/alpine/edge/main
    - https://dl-cdn.alpinelinux.org/alpine/edge/community
  packages:
    - ca-certificates 
    - bash 
    - procps 
    - libc6-compat 
    - git 
    - less 
    - openssh 
    - jq 
    - unzip 
    - curl 
    - cdrkit 
    - ethtool 
    - openssl 
    - iperf3 
    - netcat-openbsd

accounts:
  groups:
    - groupname: kublr
      gid: 1001
  users:
    - username: kublr
      uid: 1001

archs:
 - amd64
 - arm64

but the same alpine.yaml builds with apko binary well

@farcop
Copy link

farcop commented Jul 24, 2023

Looks like the similar containers/podman#12923

@alexeagle
Copy link
Collaborator Author

Yeah I reported that in #311 - will get a fix from the maintainers.

@alexeagle
Copy link
Collaborator Author

Discussed with @thesayyn that this proposal is probably not wise, because of composability.

apko doesn't produce layers, it produces a whole image. That means you would use it as an alternative to oci_image, not along with it. If we can't make a compelling case for how some apko rule would interact with the other rules here, then it should probably go in some other repository.

@bazel-contrib bazel-contrib deleted a comment from alexeagle Jul 24, 2023
@farcop
Copy link

farcop commented Jul 25, 2023
edited
Loading

You would build hermetic base image with apko and consume it as base in oci_image I suppose.

@thesayyn
Copy link
Collaborator

Closing now that https://github.com/chainguard-dev/rules_apko exists and can be used with rules_oci. https://github.com/chainguard-dev/rules_apko/tree/main/examples/oci

@njlr njlr mentioned this issue Apr 15, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexeagle alexeagle

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alexeagle @farcop @thesayyn