MemesKangie 3 months ago • 100%
The "tank" has an immobile or mostly immobile turret, depending on the particular design of this piece of battlefield ingenuity. Units appear to be making these modifications at the frontline to improve survivability against FPV drones but there isn't a standard package.
AsklemmyKangie 3 months ago • 85%
Look at that, an OP who is just a prick.
Kangie 3 months ago • 66%
Why? If you say to limit the spread of bacteria we have some studies that suggest it makes no difference at all
FirefoxKangie 3 months ago • 66%
What a hot take. I bet you're real fun at parties.
raspberrypi
How to save an old printer from the e-waste pile with a Raspberry Pi
Kangie 3 months ago • 100%
Some HP printers require proprietary firmware be loaded over USB. You could try hplip but I found that although my printer is explicitly supported it couldn't identify it via device ID.
UK Politics
Nigel Farage: Objects thrown at Reform leader while campaigning
Kangie 3 months ago • 83%
Really? I think you should punch Nazis in the fucking face.
Memes @ Reddthat
It’s quicker
Kangie 3 months ago • 50%
A microwave does not use resistive heating and works on a completely different principle and therefore the amount of power available is much less importance.
Insane troll logic
Kangie 3 months ago • 33%
Pay them for a public ipv4.
Arch Linux
Is it common for KDE to crash?
Kangie 4 months ago • 100%
It's pretty uncommon. I've been using prerelease KDE for quite a while and rarely see any issues.
If it's any consolation, Plasma 6 will recover from crashes like that.
Animals and Pets
Is what my dog doing while asleep normal or should I worry?
Kangie 4 months ago • 100%
Your dog is probably just dreaming.
Mine does it and she sometimes starts making small barks in her sleep and twitching her legs while she does so. I assume that she's dreaming about a long fun chase.
Do keep an eye on it and reach out to a vet if you're concerned, but it sounds pretty normal based on what you've described.
LinuxKangie 4 months ago • 66%
Some easy display rules, and a couple of plugins and it's perfect.
196
XboxKangie 4 months ago • 80%
You could probably fit something inside the chassis, but why? It doesn't have standard mounting hardware for any ATX form factor, you'll need to source a slim PSU, and at the end of the day, without a ton of effort to make the build work, and additional thought put into the cooling (etc) you're going to destroy a working console for a pretty average result with a lot of trade-offs.
TL;DR, bad idea. You can do better.
Kangie 4 months ago • 37%
It doesn't matter. Put it in ~/foo/bar/Baz for all the shell cares.
Kangie 4 months ago • 93%
If you don't have root is it really a VPS?
Anyway, unpack the binaries to ~/local/usr/bin and add that to your PATH.
Programming
Dumb question: how do I know if an open source project is trustworthy?
Kangie 4 months ago • 100%
I'd trust also the official Arch repo.
Yeah they've only rolled out a version of curl that broke the package manager a few times.
Kangie 4 months ago • 100%
It's not quite what you've asked for here, but as a Dev I'd be remiss if I didn't shill for Gentoo.
It ticks your rolling release box, has fantastic docs, a huge package repository (and the community repo Guru), and by design enables almost infinite configurability and customisation. We also have a binary package repository now for popular architectures, so you can choose to avoid compiling if you don't want to deviate from sane defaults (or only compile in cases where you do!)
On the hardware side, we have fantastic support for a number of architectures, I recently brought up a SPARC system and have some arch64 and riscv in the past.
Finally, even if you just decide to check the distro out, the process of installing, configuring, and maintaining a Linux system is outlined in detail within our handbook, and can provide a peek behind the scenes at what some other distros abstract; it's a fantastic learning experience for those interested.
Finally, we have fantastic support through volunteers in official IRC channels and forums, as well as unofficial hubs like discord.
Hopefully I've planted a seed and you'll check it out down the line. :)
European Space Agency
Mars rover mission will use pioneering nuclear power source
Kangie 4 months ago • 100%
Don't worry too much about it: it's not the 80s and we're not the Soviets.
Once it's in orbit it doesn't matter and if there's issues during ascent the source will be hardened to prevent catastrophic release.
Realistically though, just send it up on a falcon 9, the track record on those things is _ astounding_.
TechTakes
The Google AI isn’t hallucinating about glue in pizza, it’s just over indexing an 11 year old Reddit post by a dude named fucksmith.
Kangie 4 months ago • 100%
Sync didn't like the link.
PC GamingKangie 4 months ago • 92%
It depends. I'm glad that we have tools like proton, but when this was an explicit stretch goal that was met during funding it's a bit different.
I'm disappointed in Nightdive. Not just because they cancelled the port, but because they made a promise and they broke it, and they just remained silent about it instead of being transparent about any challenges that they were facing over the preceding years.
GamingKangie 4 months ago • 100%
The same day as they announce they're not doing the system shock native client eh?
Kangie 4 months ago • 66%
Contrast that with CLI where if you forgot or don't know any command there is little help or indicator of what's available and what can be done without external help.
man would like to have words with your strawman.
Kangie 4 months ago • 100%
No, this is egregious, even for Dan. Don't feel bad. I called him out on the forums/article comments.
Kangie 4 months ago • 100%
I'm looking at bringing Dillo back into Gentoo atm. I had to read 15k lines of code, and that's just what's different since the last release....
Kangie 4 months ago • 100%
I'm a huge proponent of Gentoo Linux as a learning experience. It's a great way to learn how the components of a system work together and the distro enables an amazing amount of configurability for your system.
Even following a handbook install in a VM can be a good experience if you're interested.
Programming
Why I Left NixOS for Ubuntu
Kangie 5 months ago • 100%
I may be a touch biased, but I feel like you might enjoy trying Gentoo one day, especially with the recent official binary package host.
Kangie 5 months ago • 100%
I once spent a month automating the production of repositories for each kernel version supported on our HPC and rested every step exhaustively in isolation.
When I was satisfied I ran it with root permissions and hosed the VMs it was running on because a recursive chmod evaluated to /.
Oops.
Kangie 5 months ago • 100%
Pipewire is great .
Kangie 5 months ago • 100%
Write out syslogs to disk or better yet mirror to grayling or something, there might be valuable information right before the reboot.
I've also had weirdness where the CPU/iGPU was just faulty and the IME would halt the system. That took weeks to diagnose.
Definitely reach out to support!
Learn Programming
How to efficiently package CLI application on linux
Kangie 5 months ago • 87%
You don't have to!
If a downstream distribution wants your software they will build and package it themselves and maintain that infrastructure.
You could provide an example rpm spec (etc) to make their lives easier but it's not on you to provide a binary package that works everywhere; you released the source code so any given user / distro can compile it for themselves.
Just make sure that your build infrastructure and docs are up to speed, and ideally implement some CI/CD and testing to catch any breaking changes.
BitwardenKangie 6 months ago • 100%
It should work with 'host' match detection. If it isn't working check your URIs.
Or do the sane thing and run everything on a different DNS and share 80/443.
Programming.dev Meta
The President of the United States is blocked on this instance
Kangie 6 months ago • 100%
You don't think that by just putting the name of a license in some prose that LLM companies will ignore it and not use it in training data, right?
They most certainly will not. For all they know you're just helpfully linking to the creative commons.
I don't think your plan is workable, but if you're going to persist at least add some boilerplate: "the above content of this comment is licensed under..."
LinuxKangie 6 months ago • 100%
Could you elaborate?
Kangie 6 months ago • 50%
What? Bitwarden doesn't give a shit about non standard ports on services you're accessing. They're a valid part of the URI string.
Try changing your match detection settings in the add-on.
If you're talking about bitwarden not supporting being run from container on a non standard port, we'll, you're doing it wrong. Expose whatever port on the container then Add a proper reverse proxy / edge router like traefik, then set up some DNS and Let's encrypt and only use 80 and 443 for all of your services.
Explain Like I'm Five
ELI5: The Linux xz backdoor situation
Kangie 6 months ago • 100%
TL;DR don't worry (for now) - it only impacts rpm and deb builds and impacted releases only really made it into OpenSuSe tumbleweed - if you're running bleeding edge maybe you need to worry a little.
A laymans explanation about what happens is that the malicious package uses an indirect linkage (via systemd) to openssh and overrides a crypto function which either:
- allows access to the system to a particular key
- allows remote code execution with a particular key
Or both!
I have secondhand info that privately the reverse engineering is more advanced, but nobody wants to lead with bad info.
As for what you should do? Unless you're running an rpm or deb based distro and you have version 5.6.0 or 5.6.1 of xz-utils installed, not much. If you are, well, that comes down to your threat model and paranoia level: either upgrade (downgrade) the package to a non-vulnerable version or dust off and nuke the site from orbit; it's the only way to be sure.
BecomeMeKangie 6 months ago • 100%
Wow. What fucking garbage.
PoliticsKangie 6 months ago • 100%
there is no good answer
There is clearly a worst option.
Australia
Extreme conditions for renters described as 'needle in a haystack type stuff' as housing crisis deepens
Kangie 6 months ago • 100%
Fascinating take on Mongolian basket weaving! Though I'm not sure how it relates to the price of tea in China...
UkraineKangie 6 months ago • 100%
Sanctions. Russia is still short critical materiel.
EuropeKangie 6 months ago • 33%
Just to be a pedant, you know that deserts don't have to be hot, right? The definition of a desert comes down to the amount of precipitation that a region gets, not how hot it is - Antarctica is a desert, the largest one on Earth.
cross-posted from: https://lemmy.srcfiles.zip/post/2231272 > I've been interested in switching away from `$PROPRIETARY_VENDOR`'s HPC node / cluster management offering for a while, and the opportunity has finally arisen - `$VENDOR` has decided to massively hike up their prices, so it's time to look at alternatives. > > The top option on my list is [Warewulf](https://warewulf.org/). Warewulf is a _stateless_ node management tool, where stateless means "we boot any image you want into memory" (compared with competing implementations which do 'magic' to image a node's disk every boot). There are advantages and disadvantages to each approach. > > The thing that attracts me most to Warewulf is that they've come to the conclusion that most HPC "disk images" are basically container images. Rather than using a `chroot` directory as an image (as do so many competing implementations) Warewulf have leaned wholeheartedly into the concept, and have adopted the [OCI](https://opencontainers.org/) image tooling to [define HPC images](https://github.com/hpcng/warewulf-node-images)! > > This offers an astounding amount of flexibility that the current `$VENDOR` solution does not - the ability to define, build, and run _any_ (reasonable) flavour of Linux as an image for HPC nodes; images need only the kernel, networking, systemd, and (optionally) a nfs client (this is for convenience, it's not _required_ for node functionality). > > Based on that I've taken it upon myself to have some fun and investigate the current state of Warewulf as a node management tool - the first step, of course, was creating a Gentoo ebuild for Warewulf that compiles and installs. I'm happy to say that, after fixing some bugs in the offline build process, I have a [working ebuild](https://github.com/Kangie/kangie-tools/blob/master/sys-cluster/warewulf). > > If you're a Gentooer with an interest in Node Management or HPC, please give my [Warewulf ebuild](https://github.com/Kangie/kangie-tools/blob/master/sys-cluster/warewulf/) a try; it compiles and installs but I haven't yet had a chance to do any real cluster management and I'm interested in hearing about any bugs you encounter! > > Next Week(-ish): Gentoo HPC Base Images - I'm going to have to dig into Gentoo Networking to update the `wwinit` image. >
cross-posted from: https://lemmy.srcfiles.zip/post/32334 > What is Kubler? > --------------- > > [Kubler](https://github.com/edannenberg/kubler) is a generic, extendable build orchestrator, written in Bash. It can be used to take advantage of Portage’s features to build lightweight Docker or Podman images without needing to mess with crossdev, or as a tool to assist with ebuild development. > > Why should you use it? > ---------------------- > > * You like lightweight, easy-to-create, containers > * You want to reduce the attack surface by including only what’s required > * You want to take advantage of [`USE` flags](https://wiki.gentoo.org/wiki/USE_flag) to manage package features > * You want the awesome package library offered by the Gentoo ebuild repository (and other ebuild repos) > * You want up-to-date containers > * You want a containerised environment for building and testing ebuilds > > A real-world example > -------------------- > > I recently needed to integrate a containerised application with a vendor-managed openldap instance that uses mTLS authentication. Unfortunately the containerised application does not work with mTLS and the vendor managed openldap instance can’t be easily configured to use anything else. > > I came up with the solution of using openldap’s `lloadd` LDAP load balancer daemon to proxy connections from an encrypted internal network to the LDAP server but was left with the issue that I didn’t have a working openldap container that contained `lloadd` - of the existing containers that I tried the _only_ one that actually had an `lloadd` bin didn’t actually include required dependencies! > > Glossing over a recent ebuild update to openldap to enable the building of `lloadd`, enter Kubler - It’s turned out to be an incredibly flexible and hands-off tool compared to trying to accomplish the same thing with (e.g.) Dockerfiles. > > ### Kubler in action > > This (lightly sanitised) real-world example creates create a new namespace called ‘larry’ which may contain multiple images. > > Use the `new` command to take care of the boilerplate; choose ‘multi’ when asked for the namespace type:\` > > $ kubler new namespace larry > »»» > »»» to accept default value > »»» > »»» Working dir type? Choices: > »»» single - You can't add further namespaces to the created working dir, it only holds images > »»» multi - Creates a working dir that can hold multiple namespaces > »[?]» Type (single): multi > »»» > »»» Top level directory name for new namespace 'larry'? The directory is created at /data/development/gentoo-containers/ > »[?]» Namespaces Dir (kubler-images): > »»» > »»»»» Initial image tag, a.k.a. version? > »[?]» Image Tag (20230706): > »»» > »[!]» New namespace location: /data/development/gentoo-containers/kubler-images/larry > »»» > »»»»» Who maintains the new namespace? > »[?]» Name (Your Name): Larry the Cow > »[?]» EMail (your@mail.org): Larry.the.Cow@gentoo.zip > »»» > »»»»» Default build engine? > »[?]» Engine (docker): > »»» > »[✔]» Successfully created "larry" namespace at /data/development/gentoo-containers/kubler-images > »»» > »[!]» Configuration file: /data/development/gentoo-containers/kubler-images/larry/kubler.conf > »»» > »[!]» To manage the new namespace with GIT you may want to run: > »»» > »»» $ git init /data/development/gentoo-containers/kubler-images/larry > »»» > »[!]» To create images in the new namespace run: > »»» > »»» $ cd /data/development/gentoo-containers/kubler-images/larry > $ kubler new image larry/ > > > Although not strictly required, installing Kubler’s example images is a good idea. > > $ cd larry/ > $ kubler update > > > It is worthwhile to begin tracking this new namespace with Git so that images can be tracked as they are created and updated. Kubler has already placed a prepopulated a `.gitignore` file for convenience. > > pushd /data/development/gentoo-containers/kubler-images/larry > git init . > git add . > git commit -m "Initial commit" > popd > > > Create the new ‘openldap’ within the existing ‘larry’ namespace, based on the ‘kubler/busybox’ image. > > kubler new image larry/openldap > »»» > »»» to accept default value > »»» > »»» Extend an existing Kubler managed image? Fully qualified image id (i.e. kubler/busybox) or scratch > »[?]» Parent Image (scratch): kubler/busybox > »»» > »»» Add test template(s)? Possible choices: > »»» hc - Add a stub for Docker's HEALTH-CHECK, recommended for images that run daemons > »»» bt - Add a stub for a custom build-test.sh script, a good choice if HEALTH-CHECK is not suitable > »»» yes - Add stubs for both test types > »»» no - Fck it, we'll do it live! > »[?]» Tests (hc): yes > »»» > »[✔]» Successfully created new image at /data/development/gentoo-containers/kubler-images/larry/images/openldap > »»» > > > > **Note**: This step is ‘‘not’’ required; it is possible to directly edit the `build.sh` file if you are familiar with Portage. > > Kubler brings a unique feature to the table when constructing an container image: the `--interactive` build argument. As the name implies, this launches the build container in an interactive manner, enabling users to investigate the current / inherited configuration. > > $ kubler build larry/openldap -i > > > This will build any missing parent images/builders; the first run may take quite a bit of time - once the local binary package cache and build containers are seeded future runs will be much faster. Once the prerequisite images are ready the build container will present a shell. > > For first-time users it may be convenient to search for the openldap package to ensure that the correct atom is selected and investigate any USE flags that are of interest: > > # eix openldap > * net-nds/openldap > Available versions: 2.4.59-r2^t 2.5.14(0/2.5)^t 2.6.3-r7(0/2.6)^t ~2.6.4-r1(0/2.6)^t ~2.6.4-r2(0/2.6)^t {argon2 autoca +berkdb +cleartext crypt cxx debug experimental gnutls iodbc ipv6 kerberos kinit minimal odbc overlays pbkdf2 perl samba sasl selinux sha2 smbkrb5passwd ssl static-libs +syslog systemd tcpd test ABI_MIPS="n32 n64 o32" ABI_S390="32 64" ABI_X86="32 64 x32"} > Homepage: https://www.openldap.org/ > Description: LDAP suite of application and development tools > > > Edit the image’s build script: > > nano /config/build.sh > > > > **Note**: The `/config` directory in the build container is the host mounted image directory at `larry/images/openldap/`. Feel free to use a local IDE/editor to edit `build.sh` instead. > > Add the `net-nds/openldap` and `net-misc/curl` packages to the `_packages` variable in `build.sh`, update cURL USE flags, enable the `~arch` (~amd64 - the Gentoo ‘testing’ keyword) for packages we care about: > > _packages="net-nds/openldap net-misc/curl" > ... > configure_rootfs_build() > { > # Update a Gentoo package use flag. > update_use 'net-misc/curl' '+ldap' > # ..or a Gentoo package keyword > update_keywords 'net-misc/curl' '+~amd64' > update_keywords 'net-nds/openldap' '+~amd64' > ... > } > > > > **Note**: If using the busybox image as a parent, unset the `su` USE flag from `sys-apps/util-linux` in the `build.sh`. > > Perform a test run of the first build phase: > > $ kubler-build-root > > > Once this completes successfully exit the interactive builder using `exit`. > > #### Building the image > > Assuming that `build.sh` has been configured as described above, it should be safe to attempt to build the image. > > $ kubler build larry/openldap -nF > »[✘]»[larry/openldap]» fatal: build-test.sh for image larry/openldap:20230704 failed with exit signal: 1 > > > > **Note**: The arguments are short hand for `--no-deps` and `--force-full-image-build`, omitting `-n` would also rebuild all parent images, which is waste of time in this case. > > The build will fail, as expected, due to the `build-test.sh` script not being implemented. This is a good time to implement the `build-test.sh` script, which will be used to verify that the image is functional. > > > **Note**: `pipefail` will cause [build-test.sh](http://build-test.sh) to fail on busybox-based images > > #!/usr/bin/env sh > > set -eo > > # Do some tests and exit with either 0 for healthy or 1 for unhealthy > # Check that the openldap bin launches and provides some expected output > /usr/lib/openldap/lloadd -VV 2>&1 | grep "OpenLDAP" || exit 1 > > exit 0 > > > Unfortunately this image is not suitable for a build-time docker health check via the `docker-healthcheck.sh` mechanism, so must be disabled in `larry/images/openldap/build.conf`: > > POST_BUILD_HC=false > > > A health check suitable for your environment should be provided using standard docker syntax in the image’s `Dockerfile.template` instead. Ensure that the provided `docker-healthcheck.sh` script iS updated (or commented out of the dockerfile) as the default _will_ fail. > > Modify the image’s `Dockerfile.template` to add any finishing touches, such as the `ENTRYPOINT` or `CMD` directives. In this example the container will act as an LDAP proxy via `lloadd`; additional configuration will be provided at runtime by mounting the configuration into the container. > > FROM ${IMAGE_PARENT} > LABEL maintainer="${MAINTAINER}" > > ADD rootfs.tar / > > COPY docker-healthcheck.sh /usr/bin/docker-healthcheck > HEALTHCHECK --interval=60s --timeout=5s --start-period=5s --retries=3 CMD ["docker-healthcheck"] > > CMD ["/usr/lib/openldap/lloadd"] > > > Re-run the build: > > $ kubler build larry/openldap -nF > »[✔]»[larry/openldap]» done. > > > At this point the image should exist in the local Docker/Podman registry and be ready for use: > > docker images > REPOSITORY TAG IMAGE ID CREATED SIZE > larry/openldap 20230704 09347c55282b 2 minutes ago 56.4MB > larry/openldap latest 09347c55282b 2 minutes ago 56.4MB > > > Hopefully this has been useful and you are now ready to build your own images! I’ve been _incredibly_ impressed with how easy it is to use the tool (and it it’ll run from any distro with a recent version of Docker/Podman), and the quality of the resulting images. I’m a recent convert, but have updated the Gentoo Wiki [with the above information](https://wiki.gentoo.org/wiki/Kubler) (and some extra info on using it for ebuild development) and will be using Kubler in future wherever I need to create images. > > Happy containering!
cross-posted from: https://lemmy.srcfiles.zip/post/3841 > ## What is Kubler? > > [Kubler](https://github.com/edannenberg/kubler) is a generic, extendable build orchestrator, written in Bash. It can be used to take advantage of Portage's features to build lightweight Docker or Podman images without needing to mess with crossdev, or as a tool to assist with ebuild development. > > ## Why should you use it? > > - You like lightweight, easy-to-create, containers > - You want to reduce the attack surface by including only what's required > - You want to take advantage of [`USE` flags](https://wiki.gentoo.org/wiki/USE_flag) to manage package features > - You want the awesome package library offered by the Gentoo ebuild repository (and other ebuild repos) > - You want up-to-date containers > - You want a containerised environment for building and testing ebuilds > > ## A real-world example > > I recently needed to integrate a containerised application with a vendor-managed openldap instance that uses mTLS authentication. Unfortunately the containerised application does not work with mTLS and the vendor managed openldap instance can't be easily configured to use anything else. > > I came up with the solution of using openldap's `lloadd` LDAP load balancer daemon to proxy connections from an encrypted internal network to the LDAP server but was left with the issue that I didn't have a working openldap container that contained `lloadd` - of the existing containers that I tried the _only_ one that actually had an `lloadd` bin didn't actually include required dependencies! > > Glossing over a recent ebuild update to openldap to enable the building of `lloadd`, enter Kubler - It's turned out to be an incredibly flexible and hands-off tool compared to trying to accomplish the same thing with (e.g.) Dockerfiles. > > ### Kubler in action > > This (lightly sanitised) real-world example creates create a new namespace called 'larry' which may contain multiple images. > > Use the `new` command to take care of the boilerplate; choose 'multi' when asked for the namespace type:` > > ```bash > $ kubler new namespace larry > »»» > »»» <enter> to accept default value > »»» > »»» Working dir type? Choices: > »»» single - You can't add further namespaces to the created working dir, it only holds images > »»» multi - Creates a working dir that can hold multiple namespaces > »[?]» Type (single): multi > »»» > »»» Top level directory name for new namespace 'larry'? The directory is created at /data/development/gentoo-containers/ > »[?]» Namespaces Dir (kubler-images): > »»» > »»»»» Initial image tag, a.k.a. version? > »[?]» Image Tag (20230706): > »»» > »[!]» New namespace location: /data/development/gentoo-containers/kubler-images/larry > »»» > »»»»» Who maintains the new namespace? > »[?]» Name (Your Name): Larry the Cow > »[?]» EMail (your@mail.org): Larry.the.Cow@gentoo.zip > »»» > »»»»» Default build engine? > »[?]» Engine (docker): > »»» > »[✔]» Successfully created "larry" namespace at /data/development/gentoo-containers/kubler-images > »»» > »[!]» Configuration file: /data/development/gentoo-containers/kubler-images/larry/kubler.conf > »»» > »[!]» To manage the new namespace with GIT you may want to run: > »»» > »»» $ git init /data/development/gentoo-containers/kubler-images/larry > »»» > »[!]» To create images in the new namespace run: > »»» > »»» $ cd /data/development/gentoo-containers/kubler-images/larry > $ kubler new image larry/<image_name> > ``` > > Although not strictly required, installing Kubler's example images is a good idea. > > ```bash > $ cd larry/ > $ kubler update > ``` > > It is worthwhile to begin tracking this new namespace with Git so that images can be tracked as they are created and updated. Kubler has already placed a prepopulated a `.gitignore` file for convenience. > > ```bash > pushd /data/development/gentoo-containers/kubler-images/larry > git init . > git add . > git commit -m "Initial commit" > popd > ``` > Create the new 'openldap' within the existing 'larry' namespace, based on the 'kubler/busybox' image. > > ```bash > kubler new image larry/openldap > »»» > »»» <enter> to accept default value > »»» > »»» Extend an existing Kubler managed image? Fully qualified image id (i.e. kubler/busybox) or scratch > »[?]» Parent Image (scratch): kubler/busybox > »»» > »»» Add test template(s)? Possible choices: > »»» hc - Add a stub for Docker's HEALTH-CHECK, recommended for images that run daemons > »»» bt - Add a stub for a custom build-test.sh script, a good choice if HEALTH-CHECK is not suitable > »»» yes - Add stubs for both test types > »»» no - Fck it, we'll do it live! > »[?]» Tests (hc): yes > »»» > »[✔]» Successfully created new image at /data/development/gentoo-containers/kubler-images/larry/images/openldap > »»» > ``` > > >**Note**: This step is ''not'' required; it is possible to directly edit the `build.sh` file if you are familiar with Portage. > > Kubler brings a unique feature to the table when constructing an container image: the `--interactive` build argument. As the name implies, this launches the build container in an interactive manner, enabling users to investigate the current / inherited configuration. > > ```bash > $ kubler build larry/openldap -i > ``` > > This will build any missing parent images/builders; the first run may take quite a bit of time - once the local binary package cache and build containers are seeded future runs will be much faster. Once the prerequisite images are ready the build container will present a shell. > > For first-time users it may be convenient to search for the openldap package to ensure that the correct atom is selected and investigate any USE flags that are of interest: > > ```bash > # eix openldap|output=<pre> > * net-nds/openldap > Available versions: 2.4.59-r2^t 2.5.14(0/2.5)^t 2.6.3-r7(0/2.6)^t ~2.6.4-r1(0/2.6)^t ~2.6.4-r2(0/2.6)^t {argon2 autoca +berkdb +cleartext crypt cxx debug experimental gnutls iodbc ipv6 kerberos kinit minimal odbc overlays pbkdf2 perl samba sasl selinux sha2 smbkrb5passwd ssl static-libs +syslog systemd tcpd test ABI_MIPS="n32 n64 o32" ABI_S390="32 64" ABI_X86="32 64 x32"} > Homepage: https://www.openldap.org/ > Description: LDAP suite of application and development tools > ``` > > Edit the image's build script: > > ```bash > nano /config/build.sh > ``` > > >**Note**: The `/config` directory in the build container is the host mounted image directory at `larry/images/openldap/`. Feel free to use a local IDE/editor to edit `build.sh` instead. > > Add the `net-nds/openldap` and `net-misc/curl` packages to the `_packages` variable in `build.sh`, update cURL USE flags, enable the `~arch` (~amd64 - the Gentoo 'testing' keyword) for packages we care about: > > ```bash > _packages="net-nds/openldap net-misc/curl" > ... > configure_rootfs_build() > { > # Update a Gentoo package use flag. > update_use 'net-misc/curl' '+ldap' > # ..or a Gentoo package keyword > update_keywords 'net-misc/curl' '+~amd64' > update_keywords 'net-nds/openldap' '+~amd64' > ... > } > ``` > > >**Note**: If using the busybox image as a parent, unset the `su` USE flag from `sys-apps/util-linux` in the `build.sh`. > > Perform a test run of the first build phase: > > ```bash > $ kubler-build-root > ``` > > Once this completes successfully exit the interactive builder using `exit`. > > #### Building the image > > Assuming that `build.sh` has been configured as described above, it should be safe to attempt to build the image. > > ```bash > $ kubler build larry/openldap -nF > »[✘]»[larry/openldap]» fatal: build-test.sh for image larry/openldap:20230704 failed with exit signal: 1 > ``` > > >**Note**: The arguments are short hand for `--no-deps` and `--force-full-image-build`, omitting `-n` would also rebuild all parent images, which is waste of time in this case. > > The build will fail, as expected, due to the `build-test.sh` script not being implemented. This is a good time to implement the `build-test.sh` script, which will be used to verify that the image is functional. > > >**Note**: `pipefail` will cause build-test.sh to fail on busybox-based images > > ```bash > #!/usr/bin/env sh > > set -eo > > # Do some tests and exit with either 0 for healthy or 1 for unhealthy > # Check that the openldap bin launches and provides some expected output > /usr/lib/openldap/lloadd -VV 2>&1 | grep "OpenLDAP" || exit 1 > > exit 0 > ``` > > Unfortunately this image is not suitable for a build-time docker health check via the `docker-healthcheck.sh` mechanism, so must be disabled in `larry/images/openldap/build.conf`: > > ```bash > POST_BUILD_HC=false > ``` > > A health check suitable for your environment should be provided using standard docker syntax in the image's `Dockerfile.template` instead. Ensure that the provided `docker-healthcheck.sh` script iS updated (or commented out of the dockerfile) as the default _will_ fail. > > Modify the image's `Dockerfile.template` to add any finishing touches, such as the `ENTRYPOINT` or `CMD` directives. In this example the container will act as an LDAP proxy via `lloadd`; additional configuration will be provided at runtime by mounting the configuration into the container. > > ```Dockerfile > FROM ${IMAGE_PARENT} > LABEL maintainer="${MAINTAINER}" > > ADD rootfs.tar / > > COPY docker-healthcheck.sh /usr/bin/docker-healthcheck > HEALTHCHECK --interval=60s --timeout=5s --start-period=5s --retries=3 CMD ["docker-healthcheck"] > > CMD ["/usr/lib/openldap/lloadd"] > ``` > > Re-run the build: > > ```bash > $ kubler build larry/openldap -nF > »[✔]»[larry/openldap]» done. > ``` > > At this point the image should exist in the local Docker/Podman registry and be ready for use: > > ```bash > docker images > REPOSITORY TAG IMAGE ID CREATED SIZE > larry/openldap 20230704 09347c55282b 2 minutes ago 56.4MB > larry/openldap latest 09347c55282b 2 minutes ago 56.4MB > ``` > > Hopefully this has been useful and you are now ready to build your own images! I've been _incredibly_ impressed with how easy it is to use the tool (and it it'll run from any distro with a recent version of Docker/Podman), and the quality of the resulting images. I'm a recent convert, but have updated the Gentoo Wiki [with the above information](https://wiki.gentoo.org/wiki/Kubler) (and some extra info on using it for ebuild development) and will be using Kubler in future wherever I need to create images. > > Happy containering!
A neofetch screenshot from the machine I just unpacked and am finally ready to do actual work on. I swear I have a 6.4 kernel pending a reboot!