Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
Signed-off-by: Carlos Rodríguez Hernández <carlosrh@vmware.com>
  • Loading branch information
carrodher authored Mar 15, 2024
1 parent da5ba16 commit 122cd7c
Showing 1 changed file with 15 additions and 15 deletions.
30 changes: 15 additions & 15 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,13 +33,13 @@ FROM bitnami/minideb:bookworm
```

# Why use Minideb
* This image aims to strike a good balance between having small images, and having many quality packages available for easy integration.
* The image is based on glibc for wide compatibility, and has apt for access to a large number of packages. In order to reduce size of the image, some things that aren't required in containers are removed:
* Packages that aren't often used in containers (hardware related, init systems etc.)
* This image aims to strike a good balance between having small images and having many quality packages available for easy integration.
* The image is based on glibc for wide compatibility and is apt for access to a large number of packages. To reduce the size of the image, some things that aren't required in containers are removed:
* Packages that aren't often used in containers (hardware-related, init systems, etc.)
* Some files that aren't usually required (docs, man pages, locales, caches)
* These images also include an `install_packages` command that you can use instead of apt. This takes care of some things for you:
* Install the named packages, skipping prompts etc.
* Clean up the apt metadata afterwards to keep the image small.
* Install the named packages, skipping prompts, etc.
* Clean up the apt metadata afterward to keep the image small.
* Retrying if apt fails. Sometimes a package will fail to download due to a network issue, and this may fix that, which is particularly useful in an automated build pipeline.

For example:
Expand All @@ -51,26 +51,26 @@ FROM bitnami/minideb:bookworm
The minideb container image is the base image for many Bitnami-maintained language runtimes including [php](https://github.com/bitnami/containers/tree/main/bitnami/php-fpm), [nodejs](https://github.com/bitnami/containers/tree/main/bitnami/node), [ruby](https://github.com/bitnami/containers/tree/main/bitnami/ruby) and infrastructure components including [mariadb](https://github.com/bitnami/containers/tree/main/bitnami/mariadb), [redis](https://github.com/bitnami/containers/tree/main/bitnami/redis), [nginx](https://github.com/bitnami/containers/tree/main/bitnami/nginx) and [mongodb](https://github.com/bitnami/containers/tree/main/bitnami/mongodb).

# Compatibility
The image points to the Debian archive, so you are free to install packages from there that you need. However because some `Essential` packages have been removed they may not always install or work correctly.
The image points to the Debian archive, so you are free to install the packages from there that you need. However, because some `Essential` packages have been removed they may not always install or work correctly.

In those cases you can figure out which package is needed and manually specify to install it along with your desired packages. Please feel free to submit an issue request so that we can reach out and help you quickly.
In those cases, you can figure out which package is needed and manually specify to install it along with your desired packages. Please feel free to submit an issue request so that we can reach out and help you quickly.

# Security
Minideb is based on Debian and relies on their security updates. The images are built daily and have the security release enabled, so will contain any security updates released more than 24 hours ago.

Note that Debian [does not fix every CVE that affects their packages](https://www.debian.org/security/faq#cvedsa), which means that CVE scanners may detect unfixed vulnerabilities in Minideb images. In those cases, you can check the [Debian security tracker](https://security-tracker.debian.org/tracker/) to see whether Debian intends to release an update to fix it.

In order to keep compatibility with Debian, we will not patch any vulnerabilities in Minideb directly. If Debian does not fix the CVE then it will also remain in Minideb. If you find a vulnerability that is fixed in Debian but not in the latest images of Minideb then please file an issue as that is not intentional.
To keep compatibility with Debian, we will not patch any vulnerabilities in Minideb directly. If Debian does not fix the CVE then it will also remain in Minideb. If you find a vulnerability that is fixed in Debian but not in the latest images of Minideb then please file an issue as that is not intentional.

On [this page](https://docs.bitnami.com/kubernetes/open-cve-policy/), you can find more information about the Bitnami policy regarding CVEs. In the same way, if you find a security issue with how the Minideb images are built or published then please report it to us.

# Building Minideb
We provide a Makefile to help you build Minideb locally. It should be run on a Debian based machine and requires sudo privileges.
We provide a Makefile to help you build Minideb locally. It should be run on a Debian-based machine and requires sudo privileges.
```
$ sudo make
```

To build an individual release (buster, bullseye or bookworm)
To build an individual release (buster, bullseye, or bookworm)
```
$ sudo make bookworm
```
Expand All @@ -82,20 +82,20 @@ $ sudo make test-bookworm

## Building Minideb for foreign architecture
Make commands shown above will build an image for the architecture you are currently working on.
To build an image for a foreign architecture (for example to build a multiarch image), we provide a
simple script which run a QEMU instance for the target architecture and build the image inside it.
To build an image for a foreign architecture (for example to build a multi-arch image), we provide a
simple script that runs a QEMU instance for the target architecture and builds the image inside it.

To build and test a bookworm image for arm64:
```
$ ./qemu_build bookworm arm64
```

The image will be then imported locally through the docker cli with `$distribution-$architecture` tag
The image will be then imported locally through the docker CLI with the `$distribution-$architecture` tag
(example: `bitnami/minideb:bookworm-arm64`)

Current limitations of `qemu_build` script:
Current limitations of the `qemu_build` script:

- Can be run only on debian-based distributions
- Can be run only on Debian-based distributions
- Support `AMD64` and `ARM64` target architectures only

# Contributing
Expand Down

0 comments on commit 122cd7c

Please sign in to comment.