Project Description

I recently used melange and apko to build a from scratch image. The result was a set of auditable and easy to use container and apk repository. The toolkit reduces the work need to make from scratch images with minimal work on the actual docker container(which can be quite painful if you've tried making a from scratch image on your own).

The end goal would be to produce 2 utilities. 1. A utility that can build rpms from yaml thus simplifying the rpm building process. This would not aim to replace the entire rpm spec but rather be a subset of functionality and will not include macros for now. The counterpart to this utility would another utility to produce a container image including a minimal set of dependencies from the opensuse repos.

As for the language used for the project, I believe rust will be a good choice, it provides enough flexibility along with a large collection of utilities we can use for this including but not limited to, rpm, oci-spec-rs along with compile time checks to speed up the development process

Goals for this Hackweek

The goals for this hackweek for the rpm utility are the following: 1. produce a signing keypair for packages 2. run a set of commands to produce a binary/lib that can be copied to a directory that will be converted to a rpm 3. output a rpm 4. make a rpm repository that can be used by the container utility

The goals for the container utility are the following: 1. build a container from a repository 2. output the container as a tarball 3. publish the container to a repo

Resources

Looking for hackers with the skills:

containers rust docker podman rpm packaging

This project is part of:

Hack Week 23

Activity

  • 8 months ago: vliaskovitis liked this project.
  • 8 months ago: amunoz liked this project.
  • 8 months ago: amunoz disliked this project.
  • 8 months ago: amunoz liked this project.
  • 8 months ago: Amrita42 liked this project.
  • 8 months ago: tschmitz joined this project.
  • 8 months ago: ygutierrez liked this project.
  • 8 months ago: gleidi liked this project.
  • 8 months ago: rsimai liked this project.
  • 10 months ago: hennevogel removed keyword rpms from this project.
  • 10 months ago: hennevogel added keyword "rpm" to this project.
  • 10 months ago: algir joined this project.
  • 10 months ago: ldragon liked this project.
  • 10 months ago: ldragon started this project.
  • 10 months ago: ldragon added keyword "containers" to this project.
  • 10 months ago: ldragon added keyword "rpms" to this project.
  • 10 months ago: ldragon added keyword "rust" to this project.
  • 10 months ago: ldragon added keyword "docker" to this project.
  • 10 months ago: ldragon added keyword "podman" to this project.
  • 10 months ago: ldragon originated this project.

  • Comments

    • ldragon
      8 months ago by ldragon | Reply

      @tschmitz and I are working on this together rpmo rpmo is what our tool to produce rpms from yamls is called. As of writing we are able to produce a build env for rpms and download the source(s). What is left is running a pipeline to build everything and finally producing a rpm rpm2container rpm2container should produce a minimal rootfs and turn it into a container using rpms. Currently it is able to produce a rootfs. Todo is generating a config.json to create a bundle to produce a tar ball which can be loaded by podman and executed.

      Under the hood both projects use the tumbleweed container via podman to avoid utilizing host tools and remain cross distro compatible. We did evaluate using bwrap but we needed to use the host for zypper using bind mounts and symlinks however the container already provides the environment we require to bootstrap a build env

    • ldragon
      8 months ago by ldragon | Reply

      As of writing rpmo is able to produce rpms. in the future this should be extended to produce a repo file along side the rpm. rpm2container is also nearing the finish line

    • ldragon
      8 months ago by ldragon | Reply

      at last rpm2container can also produce containers. Leading to the end of this POC. for future folks picking this up, here's a list of things you will want to add to both projects.

      rpmo:

      • it should output a directory complete with a .repo file and other bits needed to make it a valid repo for zypper

      • support for sources other than archives(eg git or the current directory) and support for local source(eg patches)

      • auto dynamic linking resolution. rpmo can only generate a rpm with a set of predefined dependencies. it should be possible to do elf parsing and determine sonames the binary is linked to and report them.

      • signing. Currently rpmo outputs non-signed rpms and the build env explicitly disabled gpg checks both should be resolved

      • reproducibility. it does work in a hack way. should be made more reliable

      rpm2container:

      • don't skip gpg checks

      • sbom generation

      • pushing image to a remote

      • more on the fly generation of json used in the container.

      along with these both should be made to be arch independent. many vars are hardcoded to the compiled arch. this should be changed and both should support building for non-native arches. Overall as a proof of concept I'm proud of how far in a week I managed to come, and how much i got working

    Similar Projects

    Hangar: tool for mirror container images & generate rancher image lists. by StarryWang

    Project Description

    Hangar is a tool for ...


    Predefined app security policy template for NeuVector by feih

    Project Description

    Idea is to predefin...


    Package MONAI Machine Learning Models for Medical Applications by jordimassaguerpla

    Project Description

    MONAI Deploy aims to ...


    Forklift - Text based GUI utility for dealing with containers by andreabenini

    [comment]: # (Please use the project descriptio...


    Containerized home mirror by lkocman

    I'm running a simple home mirror, but I managed...


    Relm4-based user interface for Agama by IGonzalezSosa

    Motivation

    Disclaimer: the idea of this pr...


    Kanidm - Account Policy by firstyear

    Project Description

    Kanidm is a identity ...


    toniowm by fabriziosestito

    toniowm is yet another window manager written i...


    Waysettings by dspinella

    [comment]: # (Please use the project descriptio...


    Create a new markup language with parser in rust by nkrapp

    Project Description

    Write a parser for my...


    Forklift - Text based GUI utility for dealing with containers by andreabenini

    [comment]: # (Please use the project descriptio...


    Switch software-o-o to parse repomd data by hennevogel

    Currently software.opensuse.org search is using...


    LSP server for SPEC files by mcepl

    Has anybody ever heard about RPM Spec LSP serve...


    Tumbleweed support for Raspberry Pi 4 with Quad SATA HAT by jbaier_cz

    [comment]: # (Please use the project descriptio...


    Investigate zypper/openSUSE repository refresh optimisations by dirkmueller

    [comment]: # (Please use the project descriptio...


    A CLI for Harvester by mohamed.belgaied

    [comment]: # Harvester does not officially come...


    LSP server for SPEC files by mcepl

    Has anybody ever heard about RPM Spec LSP serve...


    openSUSE on ZoL from OpenZFS project by jkohoutek

    Idea is to have SUSE system with OpenZFS as roo...


    SSH key distribution solution by vgrinco

    Project Description

    SSH key distribution so...


    Update Haskell ecosystem in Tumbleweed to GHC-9.6.x by psimons

    [comment]: # (Please use the project descriptio...