-
-
Notifications
You must be signed in to change notification settings - Fork 43
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New image planning #44
Comments
Can i help for the alpine container ? |
Is this still something that's planned? Is RethinkDB something that's still maintained? Would it make sense to look at RebirthDB? (https://github.com/RebirthDB/rebirthdb) |
@nicodmf Yes, talk to the RebirthDB people. @tianon All the activity is with RebirthDB (except for a small amount of stuff I do to fix stuff, and the miscellaneous PR's you see, and that'll end up in RebirthDB anyway) but it looks like they're going to become the people in charge of RethinkDB real soon. You'll notice that the main rebirthers are now owners of the RethinkDB org: https://github.com/orgs/rethinkdb/people |
I like @daveisfera's work in #40 (comment) and currently that's probably the closest thing to what a new image would look like, but that is a hairy In any case, what we really need is a new pull request implementing a build on Alpine using either of these two approaches (if we can't get this going from scratch, which is what I'd really rather have) - I can't merge a thread comment. |
The |
Is there a way we could pull the build command by reference from an upstream source, like how Arch Linux has the ABS? In other words, if this is how the Alpine package is built, can we perform the build and install it as our own package? |
I'm not following. A |
I guess what I'm saying is, if this does the some thing as https://git.alpinelinux.org/aports/tree/community/rethinkdb/APKBUILD, why not just build from that aports tree source directly (which, from the looks of it, would also resolve #39 via https://git.alpinelinux.org/aports/tree/community/rethinkdb/rethinkdb.pre-install)? Why repeat ourselves? |
Oh, do you mean to run the |
I guess my original thinking behind this was that this was the only way to really pin a package release, since Alpine's repos only provide the latest version. The point of the Docker library seems to be about making the build process as deterministic as possible, though I'll admit that this seems like something of a farce when the first line of the Dockerfile bases the entire build on a mutable tag. |
Argh... ultimately, what this comes down to is that RethinkDB did their own packaging for Debian/Ubuntu/CentOS, and they packaged the full matrix of releases to package versions, and if we're relying on distro packaging (which only caters to the latest version), the ability to maintain images for previous versions using only upstream-provided infrastructure falls apart. I don't want the Dockerfiles repository to become a backports project, especially when RethinkDB upstream already maintains a backporting CI system for other distributions. I feel like the real solution would be to get Alpine added to https://github.com/rethinkdb/rethinkdb-nix, but that would require Alpine to get added to Nix's whole VM building system first... |
Agh, whatever, we don't list anything but the latest version in the library anyway (and I vaguely recall the exchange that led to this). I could argue that it's a bad idea to let old images' dependencies stagnate, but there's also an argument to be made for not making untested changes to obscure backports... whatever. Yeah, at this point I'm fine just using Alpine's package. When Alpine drops support for older versions, that's fine, because so does our building of them. Anybody who wants to keep an older image building will just have to invent their own CI system to support their specific blend of old and new, I guess! |
Or, really, reflecting on #45 (comment), I think what'd be more appropriate than Ubuntu or Alpine going forward would be for the RethinkDB image to be based on a package for Nix: rethinkdb/rethinkdb-nix#2 |
Having a set of packages for each of the OSes is really nice (like what Postgres provides), but it's a ton of work. Also, even they don't maintain packages for Alpine and they just build the software in the Alpine base image, like I've done. Basically, they have two versions:
I would vote that that be the same strategy that Rethink uses for the flexibility and control that it provides, because honestly being tied to whatever Alpine has limits the Docker images in a way that I believe will likely make them less useful than they should be. |
@stuartpb @daveisfera I was surprised this morning when I ran a docker pull command in my project and the The dockerhub page says the tag was updated 18 days ago. The Dockerfile in this repo hasn't been changed for 2 years. Given this: https://www.bankinfosecurity.com/docker-hub-breach-its-numbers-its-reach-a-12425, |
The base image was updated ( https://github.com/debuerreotype/docker-debian-artifacts/commits/fd138cb56a6a6a4fd9cb30c2acce9e8d9cccd28a/jessie/Dockerfile ). This is common to get security fixes and such out to all of the images and I don't believe that it has anything to do with the breach. |
Are you guys any close to having AArch64 (ARM64) support on DockerHub? |
Just to be clear, it's been ~623 days since the last actual Without some amount of image maintenance, we'll be adding a deprecation notice (which itself can be temporary, but we'd really much rather see the image updated 😄 ❤️). |
@tianon I have a PR that will update the docker images, namely #46. When I open the PR to change https://github.com/docker-library/official-images/blob/master/library/rethinkdb, should I open one to remove the deprecation warning or will you do it? |
For rethinkdb itself, it was AGPLv3 and after the transition, was changed to APL. The docker page for the official rethinkdb image is AGPLv3. Is there specific information as to what is still forcing the APGL license for the image? My team wants to use it, but due to our Legal department, AGPL is not a viable license for us. |
@brecko the license should be Apache 2.0. Any other licenses are just wrong. Thank you for raising this, I’ll update that info. |
@gabor-boros Thank you for the quick response and that is good news to hear. So that my team can better align, approximately when do you think this change will be made? |
@brecko I wanted to do that today morning but I had no time for that. Tomorrow morning I’ll try to adjust that 😇 |
Thank you @gabor-boros ! |
I came up with a recipe for building rethinkdb 2.4.2 on apline:3.15 which is a stable branch. It uses ARG directives that can be overridden from the build command and performs a multi-stage build across several layers. The final image is a minuscule 35.7MB (13.82MB compressed) and runs as a non-root user. Hopefully this meets the requirements to be used as the basis for an official rethinkdb:alpine image. For now, I've pushed this to docker hub under my account if anyone wants to try it out.
Or build it yourself from the latest/Dockerfile in my github repo. I've also added a version that includes python + the python rethinkdb driver (~79MB) which is tagged as |
So it gets the backtrace() with I think instead of using I think you also don't need icu-dev anymore. |
From my build log it looks like it ignored the installed boost-dev package (1.77.0-r1) anyway and instead built with the fetched version that you mentioned. None of the build dependencies end up in the final image anyway so having an extra one here and there won't hurt a whole lot. These can easily be fine-tuned in later builds. I'll try without icu-dev next time I need to do a full run. |
For whatever it's worth, here's a |
@daveisfera I based my Dockerfile partly on your example as well as others that I found. The difference with mine is that I use several RUN commands to create cached layers that way I can re-run builds with various tweaks without needing to install the deps, download and unpack the source, etc on each run. I also build the output image from a fresh copy of the alpine base image to completely discard any build artifacts. The python tagged image actually builds from a different base too because using python:alpine came out ~20MB smaller than installing python3 from apk. This could probably be reduced even more if the rethinkdb python module was installed some way other than with pip. |
This is a tracking issue to collect all the elements that are under consideration for a potential overhaul to the official RethinkDB image:
VOLUME
directive (Can we get a version of this which doesn't mount a volume? #14)Now, some of these have a larger potential for breaking changes than others (particularly removing the
VOLUME
directive), so I'm not necessarily going to do all of them immediately; however, many of these (like changing the user and packaging from scratch) shouldn't affect the daemon's normal operation, so I may tie them to the next minor bump for the official library. (Ideally, all this would be held off as potentially breaking changes that would only accompany a major version bump, but I don't see RethinkDB 3.0 happening any time in the foreseeable future.)The text was updated successfully, but these errors were encountered: