#402 Using buildah in Atomic Host
Closed: Fixed 4 years ago Opened 4 years ago by smilner.

Having buildah available in some for for Atomic Host seems to make sense. How should/would we do this? Options include:

  • part of the base compose
  • as a container itself
  • require it be installed via rpm layering

/cc @nalin @dwalsh @sdodson @dustymabe @miabbott

If the issues around running buildah inside an SPC are fixed, I don't see any reason to have it anywhere but a container.

Buildah should definely work fine in a system container. The goal would be over time to tighten the security around this, but for now it will require SYS_ADMIN capability and /var/lib/containers volume mounted into the container.

my initial reaction is that I'd prefer not to have it in the base host because it is a go binary (typically these are large). More information about how large it is would be useful in helping us make this decision.

$ curl -LO https://kojipkgs.fedoraproject.org//packages/buildah/0.10/2.git129fb10.fc27/x86_64/buildah-0.10-2.git129fb10.fc27.x86_64.rpm
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 3650k  100 3650k    0     0   730k      0  0:00:05  0:00:05 --:--:--  764k
$ ls -lh buildah-0.10-2.git129fb10.fc27.x86_64.rpm 
-rw-rw-r--. 1 miabbott miabbott 3.6M Jan  3 12:02 buildah-0.10-2.git129fb10.fc27.x86_64.rpm

Under 4M is pretty lean

Under 4M is pretty lean

What is the extracted binary size? I think that is more what we need to look at, right?

$ rpm2cpio buildah-0.10-2.git129fb10.fc27.x86_64.rpm | cpio -idmv
24418 blocks
$ ls -lh ./usr/bin/buildah
-rwxr-xr-x. 1 miabbott miabbott 12M Dec 26 07:28 ./usr/bin/buildah

OK, so 12M extracted

Work issue created based off the outcome of today's meeting: https://pagure.io/atomic-wg/issue/406

Metadata Update from @smilner:
- Issue assigned to smilner

4 years ago

Metadata Update from @smilner:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

4 years ago

Login to comment on this ticket.