On Sun, 20 Apr 2025 at 12:48:08 +0200, Simon Josefsson wrote:
has anyone considered if Debian should have official containers
without apt and dpkg?
What would those containers be useful for? I would have expected that in
any use-case for a container without apt and dpkg, what you would really
want is whatever "payload" packages are the actual purpose of the
container (for example that might be a database or a web server), plus
the Essential set, minus dpkg and any other Essential packages that are
unnecessary for the use-case - but on the way to preparing that, you'd
temporarily need apt and dpkg, in order to install the "payload". It
isn't really feasible to do that without knowing in advance what the
"payload" is going to be.
For example, an equivalent of the pseudo-official debian:bookworm image
on Dockerhub, but without dpkg, is unlikely to be directly useful on its
own, because it has neither a "payload" nor a way to install one; but an
equivalent of the Debian-based postgres:latest image on Dockerhub
*would* be useful, because the database is useful in its own right.
However, I suspect that Debian is unlikely to want to get into preparing
an image for every possible choice of "payload", or choosing which
servers are important enough to get an official container image and
which ones don't. (It's hard enough to draw a reasonable line between
the desktop environments that get an entry in tasksel and the environments
that don't, and we have a lot more servers than desktop environments.)
As some prior art for this, the Steam Linux Runtime containers that I
help to maintain for Valve are Debian derivatives containing various
libraries that are necessary or useful for games, but no dpkg and apt.
The process we use to prepare them is to bootstrap a minbase-like
container, add apt sources for backported packages, install metapackages
that pull in all the libraries we want to support, and finally `dpkg
--purge` any Essential packages that have already served their purpose
(for example we explicitly delete perl-base), with the last package
management step being something along the lines of
`dpkg --force-depends --force-remove-essential --purge dpkg`.
smcv
