msc-thesis/README.md

# Package-Centric Source-Based Container Build System

## Reasons
* There's no standardized way to create container images that include
  applications built from upstream sources.
* Application dependencies, which typically are libraries, are typically
  neglected when calculating container dependencies. This causes not knowing
  what libraries are installed
* Ad-Hoc source builds are time consuming

## Goals
* Fast source builds with lots of packages available
* Ad-Hoc source builds if required but defaulting to binary repository
* Reproducible and shareable builds
* Customized Source configuration flags
* Container dependencies reflect dependencies of container applications
* Easy assembling and configuring of containers based on application packages
* Integrable with CI
* Portable

## Comparable
* Descriptive build spec. Examples:
  * https://embedux.github.io/documentation/usage/rootfs/configuration.yml/index.html
  * http://nixos.org/nixos/about.html 
  * https://gitweb.gentoo.org/proj/releng.git/tree/releases/weekly/specs/amd64?id=HEAD
  * https://github.com/zefhemel/nix-docker
  * [nix build darm
    paper](http://www.researchgate.net/publication/228629017_The_Nix_Build_Farm_A_declarative_approach_to_continuous_integration)
  * https://github.com/jordansissel/fpm/wiki

# Usage

## Buildit configuration
**.builtit-config.yaml**
```
---
repository:
    name: mysuperbinhost
    upload-type: ssh
    upload-path: containers@mysuperbinhost.org/containers
    downnload-type: https
    download-path: mysuperbinhost.org/containers
```

## Sysadmin needs patched nginx


### Sysadmin
In case a sysadmin needs a patched and specifically configured version of it's favorite webserver nginx. 

1. Put directories and files in place

    ---
    Directory layout
    ```
    ├── nginx-prod
    │   ├── container.yaml
    │   ├── files
    │   │   └── nginx.conf
    │   └── pkgs
    │       └── nginx
    │           ├── patches
    │           │   └── https-only.patch
    │           └── pkg.yaml
    ```
    ---
    **pkg.yaml**
    ```
    ---
    base: www-servers/nginx-1.7.6
    author: Sysadmin42 <sys@admin42.org>
    patches:
        patches/https-only.patch: "This patch denies all plain http requests"
            https://github.com/nginx/nginx/commit/52e4dc2f74fd032dace01acbe5eb29ddf7c1ad96.patch:
            "Fix buffer overruns"
            use:
                with:
                    - ipv6
                    - selinux

    ```
    ---
    **container.yaml**
    ```
    ---
    - vars:
        author: Sysadmin42
        name: nginx-production
        version: 1.7.6-p1
        os: linux
        arch: amd64

    - package:
        type: embedded
        path: ./pkgs/nginx

    - sync:
        src: ./files/nginx.conf
        dest: /etc/nginx/nginx.conf
        recursive: True
        chmod: 0644

    - image:
        type: aci
        content: |
            {
                "acKind": "ImageManifest",
                "acVersion": "0.6.1",
                "name": "{{ name }}-{{ version }}",
                "labels": [
                    {"name": "os", "value": "{{ os }}"},
                    {"name": "arch", "value": {{ arch }}}
                ],
                "app": {
                    "exec": [
                        "/sbin/nginx"
                    ],
                    "user": "0",
                    "group": "0"
                }
            }
    ```
    
2. Build the container
    ```
    $ buildit nginx-prod/ --discover=github.com/sysadmin42/containers,push=True
    Building Sysadmin42/nginx-production-1.7.6-p1
    Processing package from './pkgs/nginx' for linux/amd64.
        HASH: 86c8ef43-f4a4-49ba-a0ee-92900211c7b6
        Can't find HASH in any known location...
        Defaulting to local build...                                           [OK]
        Uploading packages to 'mysuperbinhost'                                 [OK]
    Packaging Sysadmin42/nginx-production-1.7.6-p1 as ACI...                   [OK]
    Uploading container spec and image(s) to 'mysuperbinhost'                  [OK]
    ```