-
-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add miniforge3 simple base image #129
Conversation
A slim miniforge3 image, equivalent to miniconda3 but with some slightly different choices. - Use ubuntu LTS as base instead of debian - Keep $HOME clean, so folks can mount volumes into it Ref conda-forge/miniforge#20
This is currently 286M, compared to 430M for miniconda3 |
We just need the docker commandline tool, but using python3 since we might want py.test later
- Put activate commands in user's .bashrc, since this is where PS1 is set. If we put the activate commands in /etc/bash.bashrc, the environments are set up properly but PS1 is not. This is very confusing. - Put activate commands in /etc/skel as well, so any new non-root users created also get base activated by default - Stop using 'login' shells, as they are no longer needed.
|
I'm going to write tests for:
|
Ok, so the tests I wanted are in now. How does tagging work for miniforge releases? Is that done manually or automatically? Ideally for miniforge, I'd like automatic releases on miniforge tagging. Maybe that means this should be in the miniforge repo and not here? Happy to move it if that's what is needed. Excited for this to get going! |
I do wanna add a test that checks if (base) is activated even when $HOME is an empty volume with no .bashrc, since that is what happens when you use it in a JupyterHub style setting. |
@@ -0,0 +1,44 @@ | |||
FROM ubuntu:bionic |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why does it matter that it is ubuntu over debian?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The primary reason is that Ubuntu has timed long term support releases (every 2y), while debian does not. When people want to use this base image, but add new packages from apt, it should ideally be as up to date as possible. Longer term, this is more likely with Ubuntu than Debian, primarily because of the release cadence. You can get around this to some extent with using their rolling releases, but that makes reproducibility very hard by default.
Jupyter's docker-stacks base images switched from debian to ubuntu in jupyter/docker-stacks#428 for these reasons. repo2docker (and hence binder) use ubuntu as base default for these reasons as well.
Some of this is definitely personal preference of course, so am happy to move to debian if people would like to - although I'd personally prefer to not!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
MAC (Mandatory Access Control) > Implementations:
- Debian: seccomp, optional SELinux w/ incomplete policy set
- Ubuntu: AppArmor, seccomp, optional SELinux w/ incomplete policy set
- Fedora/CentOS/RHEL: seccomp, SELinux in enforcing mode
- Android (aarch64/x86; termux): seccomp, SELinux in enforcing mode
yum:
FROM centos:7
# RUN yum update -y
RUN yum install -y wget bzip2 ca-certificates git && yum clean all && rm -rf /var/cache/yum
dnf:
FROM centos:8
# FROM fedora:32
# ...
# RUN dnf update -y
RUN dnf install -y wget bzip2 ca-certificates git && dnf clean all && rm -rf /var/cache/yum /var/cache/dnf
miniforge3/tests/Dockerfile.root
Outdated
for f in /tmp/tests/*; do \ | ||
echo "Executing $f"; \ | ||
$f; \ | ||
done |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All the files here seem to be lacking a single newline at the end
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed!
Thanks for putting this in @yuvipanda! CC @conda-forge/core |
Glad to help, @scopatz! |
Thanks @yuvipanda! CC @isuruf and @jakirkham for thoughts |
I like this and would also use it. For efficiency reasons, could we merge all |
This post contains some tips for reduced conda docker images too: https://jcristharif.com/conda-docker-tips.html |
@xhochy, we already squash all images as part of the build process on CI. |
Awesome! @jakirkham I would then merge, any objections? |
We can always improve it later. Let's go ahead and merge 😉 |
This wasn't uploaded to the best of my knowledge. It seems it needs an entry in the |
Made a PR at #131 |
A slim miniforge3 image, equivalent to miniconda3 but with some
slightly different choices.
Ref conda-forge/miniforge#20
TODO: