1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • Docker tutorial

    From Borden@21:1/5 to All on Sat Jun 28 06:00:01 2025
    I'm new to Docker and tried to follow the guide at https://wiki.debian.org/Docker, which links to https://wiki.debian.org/Cloud/CreateDockerImage. On the latter, I hit a hard stop at the first command, `sudo .../mkimage.sh -t $USER/minbase debootstrap --
    variant=minbase stable` because the mkimage.sh script isn't anywhere in the docker.io package.

    Could someone guide me to a working tutorial to build a “recommended” Debian Docker image, and I'll see if I can revise the Wiki to reflect that?

    With thanks,

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Geert Stappers@21:1/5 to Borden on Sat Jun 28 07:50:01 2025
    On Sat, Jun 28, 2025 at 05:33:31AM +0200, Borden wrote:
    I'm new to Docker and tried to follow the guide
    at https://wiki.debian.org/Docker, which links to https://wiki.debian.org/Cloud/CreateDockerImage. On the latter, I hit a
    hard stop at the first command, `sudo .../mkimage.sh -t $USER/minbase debootstrap --variant=minbase stable` because the mkimage.sh script
    isn't anywhere in the docker.io package.

    That is indeed outdated information.

    <screenshot>
    stappers@paddy:~
    $ apt-file search mkimage.sh
    stappers@paddy:~
    $ dpkg -l docker\* Gevraagd=(U)onbekend/(I)nstalleren/ve(R)wijderen/(P)wissen/(H)ouden
    | Status=Niet/Inst/Conf/Uitgep/halF-geconf/Halfgeïnst/verWacht-trig/Trig-bezig |/ Fout?=(geen)/heRinst. nodig/ (Status,Fout: hoofdletter=ernstig)
    ||/ Naam Versie Architectuur Omschrijving +++-=========================-=================-============-==================>
    un docker-ce <geen> <geen> (geen beschrijving>
    un docker-ce-cli <geen> <geen> (geen beschrijving>
    un docker-ce-rootless-extras <geen> <geen> (geen beschrijving>
    ii docker-cli 26.1.5+dfsg1-2+b1 amd64 Linux container ru>
    ii docker-compose 1.29.2-6.3 all define and run mul>
    un docker-doc <geen> <geen> (geen beschrijving>
    ii docker.io 26.1.5+dfsg1-2+b1 amd64 Linux container ru>
    stappers@paddy:~
    $ dpkg -L docker.io | grep image # shows image, doesn't show mkimage /usr/share/man/man1/docker-image-build.1.gz /usr/share/man/man1/docker-image-history.1.gz /usr/share/man/man1/docker-image-import.1.gz /usr/share/man/man1/docker-image-inspect.1.gz /usr/share/man/man1/docker-image-load.1.gz /usr/share/man/man1/docker-image-ls.1.gz /usr/share/man/man1/docker-image-prune.1.gz /usr/share/man/man1/docker-image-pull.1.gz /usr/share/man/man1/docker-image-push.1.gz /usr/share/man/man1/docker-image-rm.1.gz /usr/share/man/man1/docker-image-save.1.gz /usr/share/man/man1/docker-image-tag.1.gz
    /usr/share/man/man1/docker-image.1.gz
    /usr/share/man/man1/docker-images.1.gz
    stappers@paddy:~
    $
    </screenshot>

    Could someone guide me to a working tutorial to build a
    “recommended” Debian Docker image

    Check https://github.com/debuerreotype/debuerreotype


    and I'll see if I can revise the Wiki to reflect that?

    Removing the outdated information is an inprovement.


    Groeten
    Geert Stappers
    --
    Silence is hard to parse

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Borden@21:1/5 to All on Mon Jun 30 01:40:01 2025
    Thank you both, John & Geert, for your comments.

    In general, https://wiki.debian.org/Docker warns that, for the images at https://hub.docker.com/_/debian, "you may not trust their maintainer on having done the right thing for you."  That sounds awfully like a security warning. Yet Tianon and Paul
    Tagliamonte maintain those repos, so they should be perfectly safe and reliable, no?

    If so, I'll tone down the language to say that the images are general purpose, and the reader may want to customise their own.

    If I understand Geert's advice, the official Docker images use debuerreotype⁠, so your link to the GitHub repo would, in theory, allow me to roll my own containers virtually identical to the official images. As not to duplicate effort, I may just link
    the wiki/Docker page to GitHub.

    Tying in John's commentary, it appears mkimage.sh got moved out of docker.io. In fairness, I had no way of knowing that mkimage.sh referred to the mkimage package and not some custom script in docker.io. Based on the official images, debuerreotype⁠
    would be the "recommended way" to build an image over mkimage.sh, right?

    I just want to make sure my foundations are correct before I start breaking things.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jonathan Dowland@21:1/5 to Borden on Mon Jun 30 14:40:01 2025
    I was startled to discover the wiki page Cloud/CreateDockerImage even recommended some scripts *I* wrote, because I'd added them to the page a decade ago. I've just removed those sections, as those scripts are unmaintained and so it was misleading.

    On Mon Jun 30, 2025 at 12:16 AM BST, Borden wrote:
    If I understand Geert's advice, the official Docker images use debuerreotype⁠, so your link to the GitHub repo would, in
    theory, allow me to roll my own containers virtually identical to the official images. As not to duplicate effort, I may just link the
    wiki/Docker page to GitHub.

    Based on the official images, debuerreotype would be the "recommended
    way" to build an image over mkimage.sh, right?

    Yes that's the method I would attempt: It's at least currently in use,
    so it should work, although I don't know how "friendly" it will be.
    Fingers crossed.


    --
    Please do not CC me for listmail.

    👱🏻 Jonathan Dowland
    jmtd@debian.org
    🔗 https://jmtd.net

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Tianon Gravi@21:1/5 to Borden on Tue Jul 1 10:50:01 2025
    On Sun, 29 Jun 2025 at 19:39, Borden <borden_c@tutanota.com> wrote:
    In general, https://wiki.debian.org/Docker warns that, for the images at https://hub.docker.com/_/debian, "you may not trust their maintainer on having done the right thing for you." That sounds awfully like a security warning. Yet Tianon and Paul
    Tagliamonte maintain those repos, so they should be perfectly safe and reliable, no?

    Oof, this was definitely extremely outdated; the way the images are
    built has changed dramatically since that note was added more than ten
    years ago, so I've just removed that entire paragraph now. 🙇

    If I understand Geert's advice, the official Docker images use debuerreotype⁠, so your link to the GitHub repo would, in theory, allow me to roll my own containers virtually identical to the official images. As not to duplicate effort, I may just
    link the wiki/Docker page to GitHub.

    Yeah, the whole goal of debuerreotype is that you could recreate not
    just virtually identical images, but exactly identical images. If
    that's something you want to do and you're not able to do so
    successfully, I'd consider that a bug and would welcome a filing with
    details so I can investigate and fix it. ❤

    Tying in John's commentary, it appears mkimage.sh got moved out of docker.io. In fairness, I had no way of knowing that mkimage.sh referred to the mkimage package and not some custom script in docker.io. Based on the official images, debuerreotype⁠
    would be the "recommended way" to build an image over mkimage.sh, right?

    Whoops, that's actually technically my bad: https://github.com/moby/moby/pull/41440
    (see also https://bugs.debian.org/969940#22)

    As noted in that upstream PR, those scripts were long-since
    unmaintained and really shouldn't be used.

    If you'd like to create your own images, I'd suggest debootstrap,
    mmdebstrap, or debuerreotype (depending on what you're trying to
    accomplish by creating your own and what your goals are). If you want
    to reproduce the images maintained at https://hub.docker.com/_/debian
    by paultag and I, debuerreotype is designed for that, but if you just
    need minimal images of a modern release, mmdebstrap is probably the
    best bet.

    As a consequence of this, I'm not sure https://wiki.debian.org/Cloud/CreateDockerImage provides any value
    anymore over the content that already exists at
    https://wiki.debian.org/Docker, save for *maybe* that initial
    paragraph, and I'd honestly consider deleting it entirely but I'm not
    sure what the consequences of that might be, so deleting most of the
    content is probably a safer first pass?

    I just want to make sure my foundations are correct before I start breaking things.

    ♥,
    - Tianon
    4096R / B42F 6819 007F 00F8 8E36 4FD4 036A 9C25 BF35 7DD4

    (please feel free to keep me in explicit CC - I'm not subscribed to "debian-user" but I'm happy to discuss this further 👍)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jonathan Dowland@21:1/5 to Tianon Gravi on Tue Jul 1 11:20:01 2025
    On Tue Jul 1, 2025 at 9:29 AM BST, Tianon Gravi wrote:
    As a consequence of this, I'm not sure https://wiki.debian.org/Cloud/CreateDockerImage provides any value
    anymore over the content that already exists at https://wiki.debian.org/Docker, save for *maybe* that initial
    paragraph, and I'd honestly consider deleting it entirely but I'm not
    sure what the consequences of that might be, so deleting most of the
    content is probably a safer first pass?

    It should probably go; I've marked it to propose it for deletion.


    Thanks,

    --
    Please do not CC me for listmail.

    👱🏻 Jonathan Dowland
    jmtd@debian.org
    🔗 https://jmtd.net

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Borden@21:1/5 to All on Wed Jul 2 11:20:02 2025
    Amazing! Thank you for everyone who chipped in. Two wiki pages fixed, and I barely lifted a finger. I'll fiddle with Docker and update the wiki with my experiences for the benefit of future generations.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)