#402 Using buildah in Atomic Host
Closed: Fixed 3 years ago Opened 3 years ago by smilner.

Having buildah available in some for for Atomic Host seems to make sense. How should/would we do this? Options include:

  • part of the base compose
  • as a container itself
  • require it be installed via rpm layering

/cc @nalin @dwalsh @sdodson @dustymabe @miabbott


If the issues around running buildah inside an SPC are fixed, I don't see any reason to have it anywhere but a container.

Buildah should definely work fine in a system container. The goal would be over time to tighten the security around this, but for now it will require SYS_ADMIN capability and /var/lib/containers volume mounted into the container.

my initial reaction is that I'd prefer not to have it in the base host because it is a go binary (typically these are large). More information about how large it is would be useful in helping us make this decision.

$ curl -LO https://kojipkgs.fedoraproject.org//packages/buildah/0.10/2.git129fb10.fc27/x86_64/buildah-0.10-2.git129fb10.fc27.x86_64.rpm
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 3650k  100 3650k    0     0   730k      0  0:00:05  0:00:05 --:--:--  764k
$ ls -lh buildah-0.10-2.git129fb10.fc27.x86_64.rpm 
-rw-rw-r--. 1 miabbott miabbott 3.6M Jan  3 12:02 buildah-0.10-2.git129fb10.fc27.x86_64.rpm

Under 4M is pretty lean

Under 4M is pretty lean

What is the extracted binary size? I think that is more what we need to look at, right?

$ rpm2cpio buildah-0.10-2.git129fb10.fc27.x86_64.rpm | cpio -idmv
./usr/bin/buildah
./usr/lib/.build-id
./usr/lib/.build-id/c9
./usr/lib/.build-id/c9/bbc31617d6ef03ced921305915f32990b80ebd
./usr/share/bash-completion
./usr/share/bash-completion/completions
./usr/share/bash-completion/completions/buildah
./usr/share/doc/buildah
./usr/share/doc/buildah/README.md
./usr/share/licenses/buildah
./usr/share/licenses/buildah/LICENSE
./usr/share/man/man1/buildah-add.1.gz
./usr/share/man/man1/buildah-bud.1.gz
./usr/share/man/man1/buildah-commit.1.gz
./usr/share/man/man1/buildah-config.1.gz
./usr/share/man/man1/buildah-containers.1.gz
./usr/share/man/man1/buildah-copy.1.gz
./usr/share/man/man1/buildah-from.1.gz
./usr/share/man/man1/buildah-images.1.gz
./usr/share/man/man1/buildah-inspect.1.gz
./usr/share/man/man1/buildah-mount.1.gz
./usr/share/man/man1/buildah-push.1.gz
./usr/share/man/man1/buildah-rm.1.gz
./usr/share/man/man1/buildah-rmi.1.gz
./usr/share/man/man1/buildah-run.1.gz
./usr/share/man/man1/buildah-tag.1.gz
./usr/share/man/man1/buildah-umount.1.gz
./usr/share/man/man1/buildah-version.1.gz
./usr/share/man/man1/buildah.1.gz
24418 blocks
$ ls -lh ./usr/bin/buildah
-rwxr-xr-x. 1 miabbott miabbott 12M Dec 26 07:28 ./usr/bin/buildah

OK, so 12M extracted

Work issue created based off the outcome of today's meeting: https://pagure.io/atomic-wg/issue/406

Metadata Update from @smilner:
- Issue assigned to smilner

3 years ago

Metadata Update from @smilner:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.

Metadata