Commit 314190c1 authored by Tails developers's avatar Tails developers
Browse files

Docker notes++

parent 9f57cb2c
......@@ -83,4 +83,39 @@ Test run
live-config -generated `config/*` files. That's because the current
directory is shared read-write with the container somehow.
This bind-mount should be read-only, but we still need to get the
build artifacts back on the host.
build artifacts back on the host:
- see [Managing data in
- use `VOLUME` to share (read-write) the place where the build
artifacts shall be copied
* We're currently using the `debian:wheezy` template, that likely we
should not trust. How should we build, maintain, publish and use
our own?
* Being in the `docker` group is basically equivalent to having full
root access. Do we want to encourage contributors to do that, or
to run `docker` commands with `sudo`, or to use Docker in
a virtual machine?
* Move our Dockerfile(s) to the `docker` directory in the Git tree.
Then we can pass the path to that directory, instead of `.`, to
`docker build`.
* We currently pass `--privileged` to `docker run`. Should we remove
it, and if yes, how?
- According to
"many of the “essential” packages from the base images will fail
to upgrade inside an unprivileged container". It seems that
the best practice is to publish _and regularly update_ a base
image, so that the most common usecases can avoid the APT upgrade
steps, and then run unprivileged.
* Split the `RUN` command into several ones, so that cached intermediary
images are [reused](
* Adding `.git` to the `.dockerignore` file would speed up the build,
but some code in our build process wants to know what branch or
commit we're building from => maybe we could pre-compute this
information, and pass it to the build command in some way?
* What execution environment do we want to support? Only LXC
via libcontainer? Any usecase for e.g. the systemd- or
libvirt-based ones?
* Move more stuff from `Makefile` to `Dockerfile`? E.g. `DOCKER_MOUNT`
could be specified as `VOLUME`. Can we specify the build command as
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment