Dockerfile, Docker image and reproducible environment

desktop-environmentdockerreproducible-build

The usual documentation and notes on docker mention version controlling and sharing the Dockerfile, which should let anyone build an identical image. This sounds great, however, we typically have commands like this one.

RUN apt-get update
pip install..

Which could install different things/versions/patches based on the time of the run and make debugging difficult.

On the other hand, sharing docker images does not give you benefits like version control and seeing what's exactly different between two images.

Which of these (dockerfile vs image) is supposed to be the reference to use for development and deployment?
Should the Dockerfile instead have more details on exact updates? even then the base image might be different based on when you are running it.

Best Answer

I think I would prefer sharing the Dockerfile. Obviously you need to specifiy a version in the FROM statement in your Dockerfile. Since for example different Ubuntu versions will have different packages available.

For system or -dev dependencies, you might want to actually let the version float freely to always installed the latest one.

Debian/Ubuntu packages

For any program installed with apt-get, for example curl, you can get the version number with

apt-cache policy curl | grep -oP 'Installed: \K\S+'

and then edit your Dockerfile to read something like

RUN apt-get install curl=7.47.0-1ubuntu2.2

Python

Python versions are easily handled with pip. Extract all version numbers of installed packaged and store them in a requirements file like this:

pip freeze > requirements.txt

Then in your Dockerfile run

RUN pip install -r requirements.txt

Related Solutions

Linux – How to get the source code used to build the packages of the base alpine linux docker image

Alpines package manager APK has no equivalent to the dpkg source command (apt-get source <PACKAGE_NAME>).

To get the exact source code matching the installed packages on alpine linux you can use a combination of apk and alpine-sdk commands.

Steps to get the exact source code of the installed packages on alpine linux:

Get a list of all installed packages:
```
apk info
```
Install the alpine-sdk (for more information read the alpine wiki):
```
apk --update add alpine-sdk
```

Clone your current alpine version from aports:

git clone --depth 1 --branch v3.13.1 git://git.alpinelinux.org/aports

Loop over the installed packages and find the correct folder within the aports folder (beware the package version that you can get with apk version <PACKAGE_NAME> is equal to <PACKAGE_NAME>-<PACKAGE_BUILD_VERSION>-<PACKGAE_RELEASE_VERSION>).
Fetch the package source code (includes alpine specific patch files and config files)
1. (Optional) you can set a custom destination for the source files with export SRCDEST="/path/to/my/custom/src/destination" otherwise a src folder within the current package folder will be created
2. Within the folder matching the package name (e.g. aports/main/git for the git package) run abuild -F fetch verify as root or abuild fetch verify as a normal user (this will fetch the source files referenced in the APKBUILD script)
3. Packages that contain GPL licensed code: To comply with the GPL you have to provide the fetched source files and the APKBUILD script itself. You also have to provide the source files and APKBUILD script for packages listed in the makedepends variable of the APKBUILD script (most of the time these packages e.g. openssl-dev are sub-packages (see point 6) of the runtime dependencies e.g. openssl) see this question about GPL and build dependencies.
Not every package has its own folder within aports, because sometimes a package listed by apk info will be a sub package of another package.

In this case you have to fetch the source code for the package referenced in the origin variable within the .PKGINFO file which you can obtain by using the apk fetch <sub-packagename> command.

Best Answer

Debian/Ubuntu packages

Python

Related Solutions

Linux – How to get the source code used to build the packages of the base alpine linux docker image

Related Question