From cfffb72fb0c275bfe32318c044a408603ca769f9 Mon Sep 17 00:00:00 2001 From: Debarshi Ray Date: Mon, 29 Nov 2021 17:46:50 +0100 Subject: [PATCH] images: Remove misleading and redundant CMD There's no need to specify a CMD in a Toolbox image because it's specified by 'toolbox create', through 'podman create', when creating a container. A CMD was specified [1] because the Fedora Container Guidelines requires it [2]. The idea behind the guidelines is that the right thing should happen when one runs: $ podman run However, that only makes sense for images targeting single service containers. Toolbox containers and images are different - they are not meant to be used like that to run a single one-off service. Conceptually, 'running' a Toolbox container is expected to provide the user with a reasonable interactive command line experience. Arguably, that means offering something like /bin/bash, not /bin/sh. Also, note that when the CMD was introduced [1], Toolbox containers were actually created, through 'podman create', with /bin/sh as their entry points. So, it did make some sense. However, things have changed since then [3]. The entry point is now 'toolbox init-container'. It's not possible to mention it in the Toolbox image because the /usr/bin/toolbox binary isn't present in the image, and it's not meant to be present. Therefore, today, /bin/sh is simply not the right fit for a Toolbox image's CMD. A better option would be /bin/bash. Note that the fedora base images have their CMD set to /bin/bash, which is inherited by the fedora-toolbox images. So, there are two options. Either repeat the same CMD in the fedora-toolbox images and satisfy the guidelines, or take some liberties and let the CMD be inherited from the fedora base images. This commit takes the latter option. People tend to use the fedora-toolbox images as the starting point for other custom Toolbox images, sometimes for other operating system distributions. It's better to keep them minimal to avoid implying extra requirements. In this case, the CMD is an abstract concept, and the actual entry point is 'toolbox init-container' as specified by 'toolbox create'. Specifying /bin/bash might discourage people from creating custom images that are only meant to have /bin/zsh. Also, note that the current CMD was actually '/bin/sh -c /bin/sh', not /bin/sh. Unless a CMD is specified as an array of command line arguments, it's passed as a single argument to '/bin/sh -c' [4]. So, this: CMD foo bar ... is the same as: CMD [ "/bin/sh", "-c", "foo bar" ] Only the images for currently maintained Fedoras (ie., 34 and 35) were updated. This reverts commit 5cc2678a3677af44b47c4c4e769692c7bf466252. [1] Commit 5cc2678a3677af44 [2] https://docs.fedoraproject.org/en-US/containers/guidelines/creation/ [3] Commit 8b84b5e4604921fa https://github.com/containers/toolbox/pull/160 [4] https://docs.docker.com/engine/reference/builder/#cmd https://github.com/containers/toolbox/issues/885 --- images/fedora/f34/Containerfile | 2 -- images/fedora/f35/Containerfile | 2 -- images/fedora/f36/Containerfile | 2 -- 3 files changed, 6 deletions(-) diff --git a/images/fedora/f34/Containerfile b/images/fedora/f34/Containerfile index fc5de5f..8208c44 100644 --- a/images/fedora/f34/Containerfile +++ b/images/fedora/f34/Containerfile @@ -23,5 +23,3 @@ RUN dnf -y install $(