# Package-Centric Source-Based Container Build System ## Why? * There's no standardized way to create container images that include applications built from upstream sources. * Application dependencies, which typically are libraries, are typically neglected when calculating container dependencies. This causes not knowing what libraries are installed * Ad-Hoc source builds are time consuming ## What for? * Fast source builds with lots of packages available * Ad-Hoc source builds if required but defaulting to binary repository * Reproducible and shareable builds * Customized Source configuration flags * Container dependencies reflect dependencies of container applications * Easy assembling and configuring of containers based on application packages * Integrable with CI * Portable ## How? ## Like what? * 100% descriptive build spec. Examples: * https://embedux.github.io/documentation/usage/rootfs/configuration.yml/index.html * http://nixos.org/nixos/about.html * https://gitweb.gentoo.org/proj/releng.git/tree/releases/weekly/specs/amd64?id=HEAD * https://github.com/zefhemel/nix-docker * [nix build darm paper](http://www.researchgate.net/publication/228629017_The_Nix_Build_Farm_A_declarative_approach_to_continuous_integration) * https://github.com/jordansissel/fpm/wiki # Usage ## Buildit configuration **.builtit-config.yaml** ``` --- repository: name: mysuperbinhost upload-type: ssh upload-path: containers@mysuperbinhost.org/containers downnload-type: https download-path: mysuperbinhost.org/containers ``` ## Sysadmin needs patched nginx ### Sysadmin In case a sysadmin needs a patched and specifically configured version of it's favorite webserver nginx. 1. Put directories and files in place --- Directory layout ``` ├── nginx-prod │   ├── container.yaml │   ├── files │   │   └── nginx.conf │   └── pkgs │   └── nginx │   ├── patches │   │   └── https-only.patch │   └── pkg.yaml ``` --- **pkg.yaml** ``` --- base: www-servers/nginx-1.7.6 author: Sysadmin42 patches: patches/https-only.patch: "This patch denies all plain http requests" https://github.com/nginx/nginx/commit/52e4dc2f74fd032dace01acbe5eb29ddf7c1ad96.patch: "Fix buffer overruns" use: with: - ipv6 - selinux ``` --- **container.yaml** ``` --- - vars: author: Sysadmin42 name: nginx-production version: 1.7.6-p1 os: linux arch: amd64 - package: type: embedded path: ./pkgs/nginx - sync: src: ./files/nginx.conf dest: /etc/nginx/nginx.conf recursive: True chmod: 0644 - image: type: aci content: | { "acKind": "ImageManifest", "acVersion": "0.6.1", "name": "{{ name }}-{{ version }}", "labels": [ {"name": "os", "value": "{{ os }}"}, {"name": "arch", "value": {{ arch }}} ], "app": { "exec": [ "/sbin/nginx" ], "user": "0", "group": "0" } } ``` 2. Build the container ``` $ buildit --verbose nginx-prod/ --discover=github.com/sysadmin42/containers,push=True Building Sysadmin42/nginx-production-1.7.6-p1 Processing package from './pkgs/nginx' for linux/amd64. HASH: 86c8ef43-f4a4-49ba-a0ee-92900211c7b6 Can't find 86c8ef43-f4a4-49ba-a0ee-92900211c7b6 in any repository or cache. Defaulting to local build... Done after 1min 24 [OK] Packaging Sysadmin42/nginx-production-1.7.6-p1 as ACI... in 1min 30s [OK] Uploading packages and container build to repository 'mysuperbinhost' [OK] ```