Make the hello image leaner

[NO TESTS NEEDED] Change from using a bash script to a c file for running the image. With thanks to discussions with @afbjorklund, the Containerfile was rigged up to make the final image be only KB's in size. Also add USER 1000 to make the image test/run as non-root, and update the README.md Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
2022-02-10 12:28:42 -05:00 · 2022-02-10 12:28:42 -05:00 · 40ba9f10e5
parent 6d2b54a731
commit 40ba9f10e5
4 changed files with 59 additions and 31 deletions
--- a/contrib/helloimage/Containerfile
+++ b/contrib/helloimage/Containerfile
@ -1,8 +1,11 @@
-FROM registry.access.redhat.com/ubi8-micro:latest
+FROM docker.io/alpine as builder
+RUN apk add gcc libc-dev
+ADD podman_hello_world.c .
+RUN gcc -O2 -static -o podman_hello_world podman_hello_world.c

+FROM scratch
 LABEL maintainer="Podman Maintainers"
 LABEL artist="Máirín Ní Ḋuḃṫaiġ, Twitter:@mairin"
-WORKDIR /tmp
-
-COPY podman_hello_world.bash .
-ENTRYPOINT ./podman_hello_world.bash
+USER 1000
+COPY --from=builder podman_hello_world /usr/local/bin/podman_hello_world
+CMD ["/usr/local/bin/podman_hello_world"]
--- a/contrib/helloimage/README.md
+++ b/contrib/helloimage/README.md
@ -19,7 +19,7 @@ Using this image is helpful to:

 The contents of this directory contain:
 * ./Containerfile
- * ./podman_hello_world.bash
+ * ./podman_hello_world.c

 ## Sample Usage

@ -28,7 +28,7 @@ To simply run the image:
 ```
 podman run quay.io/podman/hello

-! ... Hello Podman World ...!
+!... Hello Podman World ...!

         .--"--.
       / -     - \
@ -49,7 +49,29 @@ To build the image yourself, copy the files from this directory into
 a local directory and issue these commands:

 ```
-chmod 755 ./podman_hello_world.bash
 podman build -t myhello .
 podman run myhello
 ```
+
+## Potential Issues:
+
+The image runs as a rootless user with the UID set to `1000`.
+If the /etc/subuid and /etch/subgid values are not set appropriately to run as a
+rootless user on the host, an error like this might be raised:
+
+```
+Copying blob acab339ca1e8 done
+ERRO[0002] Error while applying layer: ApplyLayer exit status 1 stdout:  stderr: potentially insufficient UIDs or GIDs available in user namespace (requested 0:12 for /var/spool/mail): Check /etc/subuid and /etc/subgid: lchown /var/spool/mail: invalid argument
+Error: writing blob: adding layer with blob "sha256:ee0cde9de8a68f171a8c03b0e9954abf18576947e2f3187e84d8c31ccd8f6a09": ApplyLayer exit status 1 stdout:  stderr: potentially insufficient UIDs or GIDs available in user namespace (requested 0:12 for /var/spool/mail): Check /etc/subuid and /etc/subgid: lchown /var/spool/mail: invalid argument
+```
+
+Please refer to this [blog post](https://www.redhat.com/sysadmin/rootless-podman) for further configuration information.
+
+## THANKS!
+
+Many Thanks to @afbjorklund for a great discussion during the
+first revision of this container image that resulted in moving
+from using bash to using C, and the ensuing changes to the
+Containerfile.
+
+Also many thanks to @mairin for the awesome ASCII art!
--- a/contrib/helloimage/podman_hello_world.bash
+++ b/contrib/helloimage/podman_hello_world.bash
@ -1,23 +0,0 @@
-#!/bin/sh
-###
-#  ASCII art by the incomparable Máirín Duffy,
-#  duffy@redhat.com, Twitter: @mairin
-#  January 2022
-###
-echo "                              "
-echo "! ... Hello Podman World ... !"
-echo "                              "
-echo "         .--\"--.             "
-echo "       / -     - \\           "
-echo "      / (O)   (O) \\          "
-echo "   ~~~| -=(,Y,)=- |           "
-echo "    .---. /\`  \\   |~~       "
-echo " ~/  o  o \\~~~~.----. ~~     "
-echo "  | =(X)= |~  / (O (O) \\     "
-echo "   ~~~~~~~  ~| =(Y_)=-  |     "
-echo "  ~~~~    ~~~|   U      |~~   "
-echo ""
-echo "Project:   https://github.com/containers/podman"
-echo "Website:   https://podman.io"
-echo "Documents: https://docs.podman.io"
-echo "Twitter:   @Podman_io"
--- a/contrib/helloimage/podman_hello_world.c
+++ b/contrib/helloimage/podman_hello_world.c
@ -0,0 +1,26 @@
+//###
+//  ASCII art by the incomparable Máirín Duffy,
+//  duffy@redhat.com, Twitter: @mairin
+//  January 2022
+//###
+
+#include <stdio.h>
+int main() {
+    puts("\
+!... Hello Podman World ...!\n\
+\n\
+         .--\"--.           \n\
+       / -     - \\         \n\
+      / (O)   (O) \\        \n\
+   ~~~| -=(,Y,)=- |         \n\
+    .---. /`  \\   |~~      \n\
+ ~/  o  o \\~~~~.----. ~~   \n\
+  | =(X)= |~  / (O (O) \\   \n\
+   ~~~~~~~  ~| =(Y_)=-  |   \n\
+  ~~~~    ~~~|   U      |~~ \n\
+\n\
+Project:   https://github.com/containers/podman\n\
+Website:   https://podman.io\n\
+Documents: https://docs.podman.io\n\
+Twitter:   @Podman_io");
+}