This project contains Buildroot customizations for creating base container images. You can find pre-built JustEnough containers at GitHub's Container Registry.
- About
- Pre-built container images
- Directory Structure
- Customizing Container Images
- Contributing
- Resources
Being able to create and customize a base container image is important. Doing so let's us define which software is inside the container image, which limits the size of the container image. Another benifit is reducing the surface area for security issues. If the latest CVE targets a common command like sudo, and sudo doesn't exist within the container, there's no CVE for that container.
The idea for this project came from a 2015 Sysdig & CoreOS presentation by Brian Redbeard.
Container tags using the buildroot release version followed by the epoch time when the image was built. Latest will always point to the latest built image, regardless of the buildroot release.
Prebuilt container images can be found in the packages section of this project. Click on the package name for the container you want to use. There's a Github Container Registry link at the top of page. Either "docker pull" or using "FROM ghcr.io/amf3/..." in the Dockerfile will download the image.
The following images are currently offered.
Image Name | Image documentation | Docker or Podman pull | Dockerfile |
---|---|---|---|
just_enough_busybox | BusyBox | docker pull ghcr.io/amf3/just_enough_busybox:latest | FROM ghcr.io/amf3/just_enough_busybox:latest |
just_enough_openjdk11 | OpenJDK11 | docker pull ghcr.io/amf3/just_enough_openjdk11:latest | FROM ghcr.io/amf3/just_enough_openjdk11:latest |
just_enough_openjdk11_bash | OpenJDK11_Bash | docker pull ghcr.io/amf3/just_enough_openjdk11_bash:latest | FROM ghcr.io/amf3/just_enough_openjdk11_bash:latest |
just_enough_python3 | Python3 | docker pull ghcr.io/amf3/just_enough_python3:latest | FROM ghcr.io/amf3/just_enough_python3:latest |
just_enough_python3_bash | Python3_Bash | docker pull ghcr.io/amf3/just_enough_python3_bash:latest | FROM ghcr.io/amf3/just_enough_python3_bash:latest |
For now, the Container Image Manifest is published as an artifact. Click the container name under Build Status or click on the Actions tab. Find and click the latest build link and you will see a list of artifacts. The package_list.txt file will contain what packages and versions were used in building the container.
Better accessibility to the manifest is planned.
Buildroot is the upstrem project which allows for building custom Linux images. It's included in this repo as a submodule.
JustEnough container specifications
Helper Scripts for customizing containers.
Workflow definitions for building & distributing container images
Prepare the environment
$ mkdir $HOME/.buildroot-dl
$ git clone --recursive https://github.com/amf3/just_enough.git
$ cd just_enough
$ export BR2_EXTERNAL=$PWD # presumes bash is the environment
$ export BR2_DL_DIR=$HOME/.buildroot-dl
List container and load container definition for openjdk11. Entries starting with container_
are
part of this project. (If you would like to customize the busybox container instead of Open JDK, then
load the busybox_defconfig.)
$ make O=$PWD -C ./buildroot list-defconfigs
$ make O=$PWD -C ./buildroot container_openjdk11_defconfig
Customize and save container changes with menuconfig. Look for the packages menu inside menuconfig for adding or removing packages.
$ make O=$PWD -C ./buildroot menuconfig
$ make O=$PWD -C ./buildroot savedefconfig
Build the container with "all" and list dependencies with "external-deps".
$ time make O=$PWD -C ./buildroot source all
$ time make O=$PWD -C ./buildroot external-deps
Root file system will be found in the images directory which is turned into a container with "docker import".
- Fork the Repository
- Make changes and submit a PR
Buildroot documentation