I am trying to add some packages to distroless debian-11 python image (gcr.io/distroless/python3-debian11:debug). Bazel build is succeeding but when I run the generate image, the debian pacakges were not present.
In case if you like to clone for quick testing here is the project link git clone https://github.com/BhanuKiranChaluvadi/getting-started-with-bazel.git. Here is my project structure
├── BUILD
├── README.md
├── ros2
│ └── BUILD
└── WORKSPACE
ros2/BUILD
load("@io_bazel_rules_docker//container:container.bzl", "container_image")
load("@io_bazel_rules_docker//contrib:test.bzl", "container_test")
load("@io_bazel_rules_docker//docker/package_managers:download_pkgs.bzl", "download_pkgs")
load("@io_bazel_rules_docker//docker/package_managers:install_pkgs.bzl", "install_pkgs")
download_pkgs(
name = "ros2_humble_pkgs",
image_tar = "@debian11-slim//image",
packages = [
"libpython3.9",
"libtinyxml2-8",
"libfmt7",
],
)
'''
install_pkgs(
name = "ros2_pkgs_image",
image_tar = "@debian11-slim//image",
installables_tar = ":ros2_humble_pkgs.tar",
installation_cleanup_commands = "rm -rf /var/lib/apt/lists/*",
output_image_name = "debian11-slim/ros2",
)
'''
install_pkgs(
name = "ros2_pkgs_image",
image_tar = "@python3-debian11//image", # distroless image -- see WORKSPACE
installables_tar = ":ros2_humble_pkgs.tar",
installation_cleanup_commands = "rm -rf /var/lib/apt/lists/*",
output_image_name = "distroless/ros2-debian11",
)
If I uncomment the block with image_tar = "@debian11-slim//image" and comment the image_tar = "@python3-debian11//image". The generated image looks fine and all the packages were installed as expected. It has only issues with the python3-debian11 distroless image
WORKSPACE
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
http_archive(
name = "io_bazel_rules_docker",
sha256 = "b1e80761a8a8243d03ebca8845e9cc1ba6c82ce7c5179ce2b295cd36f7e394bf",
urls = ["https://github.com/bazelbuild/rules_docker/releases/download/v0.25.0/rules_docker-v0.25.0.tar.gz"],
)
load(
"@io_bazel_rules_docker//repositories:repositories.bzl",
container_repositories = "repositories",
)
container_repositories()
load(
"@io_bazel_rules_docker//repositories:go_repositories.bzl",
container_go_deps = "go_deps",
)
container_go_deps()
load(
"@io_bazel_rules_docker//repositories:deps.bzl",
container_deps = "deps",
)
container_deps()
load("@io_bazel_rules_docker//container:container.bzl", "container_pull")
load("@io_bazel_rules_docker//python3:image.bzl", _python_image_repos = "repositories")
_python_image_repos()
container_pull(
name = "python3-debian11",
registry = "gcr.io",
repository = "distroless/python3-debian11",
# digest = "sha256:89dbc1d37ecf23622c3c795a4e50035e7c550084291f789003da890653d19c25",
tag = "debug",
)
container_pull(
name = "debian11-slim",
registry = "docker.io",
repository = "library/debian",
digest = "sha256:d2285c63f42a27d633afa75929529c3761883faac292e7c1cf310d91c7399863",
tag = "11-slim",
)
After a little bit of searching through the files bazel build --logging 6 //... generated bazel-bin/ros2/ros2_pkgs_image.install
ros2_pkgs_image.install
#!/usr/bin/env bash
# This script installs debs in installables.tar through dpkg and apt-get.
# It expects to be volume-mounted inside a docker image, in /tmp/pkginstall
# along with the installables.tar.
set -e
pushd /tmp/pkginstall
tar -xvf bazel-out/k8-fastbuild/bin/ros2/ros2_humble_pkgs.tar
dpkg -i --force-depends ./*.deb
dpkg --configure -a
apt-get install -f
rm -rf /var/lib/apt/lists/*
# delete the files that vary build to build
rm -f /var/log/dpkg.log
rm -f /var/log/alternatives.log
rm -f /var/cache/ldconfig/aux-cache
rm -f /var/cache/apt/pkgcache.bin
mkdir -p /run/mount/ && touch /run/mount/utab
popd
umount -l /tmp/pkginstall
rm -rf /tmp/*
It looks like it is mounting the downloaded packages folder and unpacking using dpkg. But distroless python images doesn't have dpkg/apt install in them. Is that the reason the packages are not being installed ? If so why the bazel build //... is not failing ?
DEBUG: If you would like to debug generated image
docker run -it --rm --entrypoint sh distroless/ros2-debian11:latest
# example library from libfmt
ls /usr/lib/x86_64-linux-gnu/libfmt.so.7.1.3
install_pkgsstart the container and download all the necessary packages. Since distroless packages has not apt package installed inside them. The installation package might be failing.