msc-thesis/README.md

# Package-Centric Source-Based Container Build System

## Why?
* There's no standardized way to create container images that include
  applications built from upstream sources.
* Application dependencies, which typically are libraries, are typically
  neglected when calculating container dependencies. This causes not knowing
  what libraries are installed
* Ad-Hoc source builds are time consuming

## What for?
* Fast source builds with lots of packages available
* Ad-Hoc source builds if required but defaulting to binary repository
* Reproducible and shareable builds
* Customized Source configuration flags
* Container dependencies reflect dependencies of container applications
* Easy assembling and configuring of containers based on application packages
* Integrable with CI
* Portable

## How?

## Like what?
* 100% descriptive build spec. Examples:
  * https://embedux.github.io/documentation/usage/rootfs/configuration.yml/index.html
  * http://nixos.org/nixos/about.html 
  * https://gitweb.gentoo.org/proj/releng.git/tree/releases/weekly/specs/amd64?id=HEAD
  * https://github.com/zefhemel/nix-docker
  * [nix build darm
    paper](http://www.researchgate.net/publication/228629017_The_Nix_Build_Farm_A_declarative_approach_to_continuous_integration)
  * https://github.com/jordansissel/fpm/wiki

# Usage

## Buildit configuration
**.builtit-config.yaml**
```
---
repository:
    name: mysuperbinhost
    upload-type: ssh
    upload-path: containers@mysuperbinhost.org/containers
    downnload-type: https
    download-path: mysuperbinhost.org/containers
```

## Sysadmin needs patched nginx


### Sysadmin
In case a sysadmin needs a patched and specifically configured version of it's favorite webserver nginx. 

1. Put directories and files in place

    ---
    Directory layout
    ```
    ├── nginx-prod
    │   ├── container.yaml
    │   ├── files
    │   │   └── nginx.conf
    │   └── pkgs
    │       └── nginx
    │           ├── patches
    │           │   └── https-only.patch
    │           └── pkg.yaml
    ```
    ---
    **pkg.yaml**
    ```
    ---
    base: www-servers/nginx-1.7.6
    author: Sysadmin42 <sys@admin42.org>
    patches:
        patches/https-only.patch: "This patch denies all plain http requests"
            https://github.com/nginx/nginx/commit/52e4dc2f74fd032dace01acbe5eb29ddf7c1ad96.patch:
            "Fix buffer overruns"
            use:
                with:
                    - ipv6
                    - selinux

    ```
    ---
    **container.yaml**
    ```
    ---
    - vars:
        author: Sysadmin42
        name: nginx-production
        version: 1.7.6-p1
        os: linux
        arch: amd64

    - package:
        type: embedded
        path: ./pkgs/nginx

    - sync:
        src: ./files/nginx.conf
        dest: /etc/nginx/nginx.conf
        recursive: True
        chmod: 0644

    - image:
        type: aci
        content: |
            {
                "acKind": "ImageManifest",
                "acVersion": "0.6.1",
                "name": "{{ name }}-{{ version }}",
                "labels": [
                    {"name": "os", "value": "{{ os }}"},
                    {"name": "arch", "value": {{ arch }}}
                ],
                "app": {
                    "exec": [
                        "/sbin/nginx"
                    ],
                    "user": "0",
                    "group": "0"
                }
            }
    ```
    
2. Build the container
    ```
    $ buildit --verbose nginx-prod/ --discover=github.com/sysadmin42/containers,push=True
    Building Sysadmin42/nginx-production-1.7.6-p1
    Building package from './pkgs/nginx' for linux/amd64. HASH: 86c8ef43-f4a4-49ba-a0ee-92900211c7b6
    Can't find 86c8ef43-f4a4-49ba-a0ee-92900211c7b6 in any repository or cache.
    Defaulting to local build...
    Finished after 1 minute 24 seconds.
    Uploading packages and container build to repository 'mysuperbinhost'
    ```
Initial move from gist 2015-07-29 16:07:51 +02:00			`# Package-Centric Source-Based Container Build System`

			`## Why?`
			`* There's no standardized way to create container images that include`
			`applications built from upstream sources.`
			`* Application dependencies, which typically are libraries, are typically`
			`neglected when calculating container dependencies. This causes not knowing`
			`what libraries are installed`
			`* Ad-Hoc source builds are time consuming`

			`## What for?`
			`* Fast source builds with lots of packages available`
			`* Ad-Hoc source builds if required but defaulting to binary repository`
			`* Reproducible and shareable builds`
			`* Customized Source configuration flags`
			`* Container dependencies reflect dependencies of container applications`
			`* Easy assembling and configuring of containers based on application packages`
			`* Integrable with CI`
			`* Portable`

			`## How?`

			`## Like what?`
			`* 100% descriptive build spec. Examples:`
			`* https://embedux.github.io/documentation/usage/rootfs/configuration.yml/index.html`
			`* http://nixos.org/nixos/about.html`
			`* https://gitweb.gentoo.org/proj/releng.git/tree/releases/weekly/specs/amd64?id=HEAD`
			`* https://github.com/zefhemel/nix-docker`
			`* [nix build darm`
			`paper](http://www.researchgate.net/publication/228629017_The_Nix_Build_Farm_A_declarative_approach_to_continuous_integration)`
			`* https://github.com/jordansissel/fpm/wiki`

			`# Usage`

			`## Buildit configuration`
			`.builtit-config.yaml`
			```
			`---`
			`repository:`
			`name: mysuperbinhost`
			`upload-type: ssh`
			`upload-path: containers@mysuperbinhost.org/containers`
			`downnload-type: https`
			`download-path: mysuperbinhost.org/containers`
			```

			`## Sysadmin needs patched nginx`


			`### Sysadmin`
syntax fixes 2015-07-29 16:09:32 +02:00			`In case a sysadmin needs a patched and specifically configured version of it's favorite webserver nginx.`
Initial move from gist 2015-07-29 16:07:51 +02:00
			`1. Put directories and files in place`
syntax fixes 2015-07-29 16:09:32 +02:00
			`---`
Initial move from gist 2015-07-29 16:07:51 +02:00			`Directory layout`
			```
			`├── nginx-prod`
			`│ ├── container.yaml`
			`│ ├── files`
			`│ │ └── nginx.conf`
			`│ └── pkgs`
			`│ └── nginx`
			`│ ├── patches`
			`│ │ └── https-only.patch`
			`│ └── pkg.yaml`
			```
syntax fixes 2015-07-29 16:09:32 +02:00			`---`
Initial move from gist 2015-07-29 16:07:51 +02:00			`pkg.yaml`
			```
			`---`
			`base: www-servers/nginx-1.7.6`
			`author: Sysadmin42 <sys@admin42.org>`
			`patches:`
			`patches/https-only.patch: "This patch denies all plain http requests"`
			`https://github.com/nginx/nginx/commit/52e4dc2f74fd032dace01acbe5eb29ddf7c1ad96.patch:`
			`"Fix buffer overruns"`
			`use:`
			`with:`
			`- ipv6`
			`- selinux`

			```
syntax fixes 2015-07-29 16:09:32 +02:00			`---`
Initial move from gist 2015-07-29 16:07:51 +02:00			`container.yaml`
			```
			`---`
			`- vars:`
			`author: Sysadmin42`
			`name: nginx-production`
			`version: 1.7.6-p1`
			`os: linux`
			`arch: amd64`

			`- package:`
			`type: embedded`
			`path: ./pkgs/nginx`

			`- sync:`
			`src: ./files/nginx.conf`
			`dest: /etc/nginx/nginx.conf`
			`recursive: True`
			`chmod: 0644`

			`- image:`
			`type: aci`
			`content: \|`
			`{`
			`"acKind": "ImageManifest",`
			`"acVersion": "0.6.1",`
			`"name": "{{ name }}-{{ version }}",`
			`"labels": [`
			`{"name": "os", "value": "{{ os }}"},`
			`{"name": "arch", "value": {{ arch }}}`
			`],`
			`"app": {`
			`"exec": [`
			`"/sbin/nginx"`
			`],`
			`"user": "0",`
			`"group": "0"`
			`}`
			`}`
			```

			`2. Build the container`
			```
			`$ buildit --verbose nginx-prod/ --discover=github.com/sysadmin42/containers,push=True`
			`Building Sysadmin42/nginx-production-1.7.6-p1`
			`Building package from './pkgs/nginx' for linux/amd64. HASH: 86c8ef43-f4a4-49ba-a0ee-92900211c7b6`
			`Can't find 86c8ef43-f4a4-49ba-a0ee-92900211c7b6 in any repository or cache.`
			`Defaulting to local build...`
			`Finished after 1 minute 24 seconds.`
			`Uploading packages and container build to repository 'mysuperbinhost'`
			```