Having buildah available in some for for Atomic Host seems to make sense. How should/would we do this? Options include:
/cc @nalin @dwalsh @sdodson @dustymabe @miabbott
If the issues around running buildah inside an SPC are fixed, I don't see any reason to have it anywhere but a container.
@jberkus It looks like there is still conversation going on at https://github.com/projectatomic/buildah/issues/158
Buildah should definely work fine in a system container. The goal would be over time to tighten the security around this, but for now it will require SYS_ADMIN capability and /var/lib/containers volume mounted into the container.
my initial reaction is that I'd prefer not to have it in the base host because it is a go binary (typically these are large). More information about how large it is would be useful in helping us make this decision.
$ curl -LO https://kojipkgs.fedoraproject.org//packages/buildah/0.10/2.git129fb10.fc27/x86_64/buildah-0.10-2.git129fb10.fc27.x86_64.rpm % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 3650k 100 3650k 0 0 730k 0 0:00:05 0:00:05 --:--:-- 764k $ ls -lh buildah-0.10-2.git129fb10.fc27.x86_64.rpm -rw-rw-r--. 1 miabbott miabbott 3.6M Jan 3 12:02 buildah-0.10-2.git129fb10.fc27.x86_64.rpm
Under 4M is pretty lean
What is the extracted binary size? I think that is more what we need to look at, right?
$ rpm2cpio buildah-0.10-2.git129fb10.fc27.x86_64.rpm | cpio -idmv ./usr/bin/buildah ./usr/lib/.build-id ./usr/lib/.build-id/c9 ./usr/lib/.build-id/c9/bbc31617d6ef03ced921305915f32990b80ebd ./usr/share/bash-completion ./usr/share/bash-completion/completions ./usr/share/bash-completion/completions/buildah ./usr/share/doc/buildah ./usr/share/doc/buildah/README.md ./usr/share/licenses/buildah ./usr/share/licenses/buildah/LICENSE ./usr/share/man/man1/buildah-add.1.gz ./usr/share/man/man1/buildah-bud.1.gz ./usr/share/man/man1/buildah-commit.1.gz ./usr/share/man/man1/buildah-config.1.gz ./usr/share/man/man1/buildah-containers.1.gz ./usr/share/man/man1/buildah-copy.1.gz ./usr/share/man/man1/buildah-from.1.gz ./usr/share/man/man1/buildah-images.1.gz ./usr/share/man/man1/buildah-inspect.1.gz ./usr/share/man/man1/buildah-mount.1.gz ./usr/share/man/man1/buildah-push.1.gz ./usr/share/man/man1/buildah-rm.1.gz ./usr/share/man/man1/buildah-rmi.1.gz ./usr/share/man/man1/buildah-run.1.gz ./usr/share/man/man1/buildah-tag.1.gz ./usr/share/man/man1/buildah-umount.1.gz ./usr/share/man/man1/buildah-version.1.gz ./usr/share/man/man1/buildah.1.gz 24418 blocks $ ls -lh ./usr/bin/buildah -rwxr-xr-x. 1 miabbott miabbott 12M Dec 26 07:28 ./usr/bin/buildah
OK, so 12M extracted
Work issue created based off the outcome of today's meeting: https://pagure.io/atomic-wg/issue/406
Metadata Update from @smilner: - Issue assigned to smilner
Metadata Update from @smilner: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.