This repository has been archived by the owner on Oct 22, 2024. It is now read-only.
Dockerfile: include copyleft source code of extra packages #765
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
avalluri
reviewed
Oct 2, 2020
Dockerfile
Outdated
| grep ^Get: /usr/local/share/package-install.log | cut -d ' ' -f 5,7 | \ | ||
| while read pkg version; do \ | ||
| if ! [ -f /tmp/runtime-doc/$pkg/copyright ]; then \ | ||
| echo "ERROR: missing copyfight file for $pkg"; exit 1; \ |
There was a problem hiding this comment.
Oh, nice typo! Will fix.
avalluri
approved these changes
Oct 2, 2020
Our "apt-get upgrade" + "apt-get install" layer is something where we pull binaries from Debian and publish on Docker Hub, i.e. we re-distribute binaries under their respective licenses. To fulfill the obligation of making the source code available we download the source code from Debian and include it in the image. This is easier than maintaining a separate download location for the source code and the extra size is small enough (10MB for the production image, 100MB for the test image).
We are required to track all packages that get installed. This cannot be done easily with "apt-get upgrade". Instead of installing all available updated packages, we'll only do so for those that we know to be needed.
The long list of dependencies is causing additional work during releases (maintaining the bill of material...). It was added as a convenience for users, but that doesn't justify the extra work and image size, in particular now that we started to include source code for those extra packages in the image itself.
|
@avalluri please take another look - I added two more commits. |
This is useful to compile a bill of materials.
avalluri
approved these changes
Oct 5, 2020
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Our "apt-get upgrade" + "apt-get install" layer is something where we
pull binaries from Debian and publish on Docker Hub, i.e. we
re-distribute binaries under their respective licenses. To fulfill the
obligation of making the source code available we download the source
code from Debian and include it in the image.
This is easier than maintaining a separate download location for the
source code and the extra size is small enough (10MB for the
production image, 100MB for the test image).