第 7 章 从头开始创建 bootc 镜像

• 由于严格的认证和合规性要求，您需要使用特定的软件包版本。
• 您需要使用特定的软件版本，以支持关键依赖项。

先决条件

• 一个标准的 bootc 基础镜像。

流程

• 以下示例从头开始创建一个具有固定内容的 bootc 镜像：

  # Begin with a standard bootc base image that serves as a "builder" for our custom image.
  FROM registry.redhat.io/rhel10/rhel-bootc:latest
  # Configure and override source RPM repositories, if necessary. The following step is required when referencing specific content views or target mirrored/snapshotted/pinned versions of content.
  RUN rm -vf /etc/yum.repos.d
  COPY mypinnedcontent.repo /etc/yum.repos
  # Add additional repositories to apply customizations to the image. However, referencing a custom manifest in this step is not currently supported without forking the code.
  # Build the root file system by using the specified repositories and non-RPM content from the "builder" base image.
  # If no repositories are defined, the default build will be used. You can modify the scope of packages in the base image by changing the manifest between the "standard" and "minimal" sets.
  RUN /usr/libexec/bootc-base-imagectl build-rootfs --manifest=standard /target-rootfs
  # Create a new, empty image from scratch.
  FROM scratch
  # Copy the root file system built in the previous step into this image.
  COPY --from=builder /target-rootfs/ /
  # Apply customizations to the image. This syntax uses "heredocs" https://www.docker.com/blog/introduction-to-heredocs-in-dockerfiles/ to pass multi-line arguments in a more readable format.
  RUN <<EORUN
  # Set pipefail to display failures within the heredoc and avoid false-positive successful builds.
  set -xeuo pipefail
  # Install necessary packages, run scripts, etc.
  dnf -y install NetworkManager emacs
  # Remove leftover build artifacts from installing packages in the final built image.
  dnf clean all
  rm /var/{log,cache,lib}/* -rf
  EORUN
  # Define required labels for this bootc image to be recognized as such.
  LABEL containers.bootc 1
  LABEL ostree.bootable 1
  # Optional labels that only apply when running this image as a container. These keep the default entry point running under systemd.
  STOPSIGNAL SIGRTMIN+3
  CMD ["/sbin/init"]
  # Run the bootc linter to avoid encountering certain bugs and maintain content quality. Place this command last in your Containerfile.
  RUN bootc container lint