distroless is not distro-less

[grepwood]

It's really disingenuous to call this "distroless" when there's so many staggering dependencies on Debian. I'm not a fan of pedantic quotations and counting, but what amounts to that can be found in my other post #292 (comment) to support my claim.

Why not switch to Linux From Scratch to really live up to the name of the project? What would it take to do this? Is this a good idea?

[dlorenc]

Why not switch to Linux From Scratch to really live up to the name of the project? What would it take to do this? Is this a good idea?

FWIW, myself and some of the original maintainers of this project have started a new distro designed for this purpose, called Wolfi: http://github.com/wolfi-dev/os

It's closer to what you're asking for here and is heavily inspired by Linux from Scratch, as well as Alpine, and this project of course!

[afbjorklund]

You can use another distribution such as Fedora, or you can use another buildsystem like LFS or Buildroot?

Here is an experiment that I did, to make a minimal distribution (1.5M): https://github.com/afbjorklund/ma

It is also possible to make a cryptoless* version, by removing the OpenSSL from the base image, to make it smaller...

static includes timezones, and base includes openssl - which makes them bigger, but small is not a distroless goal.

---

* the official name is base_nossl

See the documentation: https://github.com/GoogleContainerTools/distroless/blob/main/base/README.md

[afbjorklund]

It could be mentioned more explicitly in the documentation, but I guess it won't change to "debianless" any time soon...

If some Bazel expert ever makes a variant using CentOS and RPM, that would be interesting from a theoretical standpoint.

[grepwood]

Don't hold your breath for it, but I'm considering doing this even though I am not an expert. I need this only because container_run is non-deterministic and would make me rebuild all Docker images every time.