Open pombredanne opened 3 years ago
There are some issues on the observability of Distroless images in particular this https://github.com/GoogleContainerTools/distroless/issues/741 And there are regression even on this lack observability with https://github.com/GoogleContainerTools/distroless/issues/787 where the names of the status files in the status.d directory are now base64-encoded e.g. mangled.
This is blocked by lack of observability of Distroless images package files.
I think we can now move forward based on comments and PRs posted:
Note that rules_docker has been archived and replaced by rules_oci:
And rules_oci does not know about Debian-specific package files.
In the end, distroless instead uses this shell script in rules_distroless https://github.com/GoogleContainerTools/rules_distroless/blob/35a7d5a37b34e68f1d58d7e452147afe941f3e5a/apt/private/dpkg_statusd.sh#L10
The format spec is:
For instance with get:
Package: libssl3
Source: openssl
Version: 3.0.14-1~deb12u2
Architecture: amd64
Maintainer: Debian OpenSSL Team <pkg-openssl-devel@alioth-lists.debian.net>
Installed-Size: 6021
Depends: libc6 (>= 2.34)
Section: libs
Priority: optional
Multi-Arch: same
Homepage: https://www.openssl.org/
Description: Secure Sockets Layer toolkit - shared libraries
This package is part of the OpenSSL project's implementation of the SSL
and TLS cryptographic protocols for secure communication over the
Internet.
.
It provides the libssl and libcrypto shared libraries.
41f2830840762278c3eea9f210d766bb usr/lib/x86_64-linux-gnu/engines-3/afalg.so
cf0b11ae7ebc72735b07f66ca9689ff0 usr/lib/x86_64-linux-gnu/engines-3/loader_attic.so
120a42bed88d3307c29c399e54afdf6a usr/lib/x86_64-linux-gnu/engines-3/padlock.so
5538de8b84c0804f36598ecc307279fd usr/lib/x86_64-linux-gnu/libcrypto.so.3
8128c7581b84dbce11cbaee835e2a4cc usr/lib/x86_64-linux-gnu/libssl.so.3
51f6c8e9e460a9cd16a761a37f4b4f6b usr/lib/x86_64-linux-gnu/ossl-modules/legacy.so
d01f389114a4319471b487544ef32a85 usr/share/doc/libssl3/changelog.Debian.gz
3345b69c1ee497bb55492eeca358d3fb usr/share/doc/libssl3/changelog.gz
6264b3617e9bd0092102a2ab8db06adb usr/share/doc/libssl3/copyright
@thesayyn @loosebazooka Thanks for having fixed this upstream.
distroless images are really based on Debian with a slightly different layout for installed packages data.
See also: