PR proposal: Docker image

[pascalandy]

I have written a simple Dockerfile for XKCD. If someone from the project is giving me his go to review it, I'll create a PR :)

[redacted]

Thanks @pascalandy - I'd be more than happy for the PR!

[pascalandy]

Great :)

Would it be possible to compile XKCD as a binary? Just like a Go app? I'm asking as this would make the final docker much smaller.

I tried

# https://pyinstaller.readthedocs.io/en/stable/usage.html

pip3 install pyinstaller && \
pyinstaller --noconfirm --log-level=WARN --onefile --nowindow

but could not make it work. Cheers!

[pascalandy]

At this point the dockerfile is:

FROM python:3.7.4-alpine3.9 AS builder

RUN set -eux && \
    pip3 install xkcdpass
    # installed in /usr/local/bin/xkcdpass;

CMD [ "xkcdpass", "--count=90", "--min=4", "--max=8", "--valid-chars='[a-z]'" ]

It works but the dockerimage size is:

xkcd-v3                     latest                      84c584b99dcc        29 hours ago        116MB

[jwfh]

@pascalandy I am interested in the Docker image, however I am curious whether using

ENTRYPOINT ['xkcdpass']

would work better. This way a user may simply execute

$ docker run -t ${DOCKER_IMAGE_AUTHOR}/xkcdpass:latest [-h] \
                [-w WORDFILE] [--min MIN_LENGTH] [--max MAX_LENGTH]
                [-n NUM_WORDS | -a ACROSTIC] [-i] [-v VALID_CHARS] [-V]
                [-c COUNT] [-d DELIM] [-s SEP] [-C CASE] [--allow-weak-rng]

instead of relying on command-line options passed to the XKCD script in the Dockerfile's CMD line. An additional CMD may be used to specify default command-line arguments if desired (perhaps -h?).

You may find this link helpful.

[pascalandy]

I tested using ENTRYPOINT ['xkcdpass'] and it created issues.

I like to use CMD as you can override it.

New Dockerfile:

FROM python:3.7.4-alpine3.9 AS builder

RUN set -eux && \
    pip3 install xkcdpass
    # installed in /usr/local/bin/xkcdpass;

CMD [ "xkcdpass" ]

simple run

docker run --rm -it xkcd:v14

singular iodize undying agile overreact mandarin

with arguments:

docker run --rm -it xkcd:v14 \
    sh -c "xkcdpass --count=5 --min=4 --max=8 --valid-chars='[a-z]'"

mouth distrust unpicked salaried vantage scorn
magma twirl chaplain enzyme kindred purr
outdated devotion frame angular tyke observer
naturist tigress unmasked lecturer magnetic ideally
sludge shorten squash slinky sharper cornea

What do you think ?

[pascalandy]

Also, any ideas about the binary question > https://github.com/redacted/XKCD-password-generator/issues/114#issuecomment-522286784

[strayer]

Building static python apps is not as easy as with Go. Nuitka can do it, but will still require a libc in the image running the compiled application.

Quick and dirty example:

FROM alpine:3.10 AS build

RUN apk --no-cache add python3-dev curl gcc musl-dev chrpath

RUN pip3 install nuitka==0.6.5

RUN curl -o xkcdpass.tar.gz -L https://github.com/redacted/XKCD-password-generator/archive/xkcdpass-1.17.3.tar.gz && \
      tar xf xkcdpass.tar.gz && \
      mv XKCD-password-generator* /xkcdpass

WORKDIR /xkcdpass/

RUN python3 -m nuitka --standalone --recurse-all --output-dir=/dist xkcdpass/xkcd_password.py

FROM alpine:3.10

# fix ascii decode errors when running without tty/stdin
ENV PYTHONIOENCODING UTF-8

COPY --from=build /dist/xkcd_password.dist /dist
COPY --from=build /xkcdpass/xkcdpass/static /dist/static

ENTRYPOINT [ "/dist/xkcd_password" ]

$ docker build -t xkcdpass-test-alpine .
...
$ docker run --rm xkcdpass-test-alpine -w ger-anlx -n 5
melden kümmert udssr tourismus scheinbar

Its not much, but probably still worth the effort:

docker image ls | grep xkcdpass
xkcdpass-test-alpine ... 31.6MB

System libraries required by nuitka-compiled xkcdpass:

/dist # ldd xkcd_password
        /lib/ld-musl-x86_64.so.1 (0x7fb74ce9f000)
        libpython3.7m.so.1.0 => ./libpython3.7m.so.1.0 (0x7fb74c53e000)
        libc.musl-x86_64.so.1 => /lib/ld-musl-x86_64.so.1 (0x7fb74ce9f000)

I'm not sure if pyinstaller or cx_Freeze are able to build actual static images that statically link to libc and friends.

Note: I didn't test this much except the ger word list command above, just mushed it together for fun. The Dockerfile also shouldn't pull xkcdpass via curl but instead reside in this repository and just copy the sourcecode in the build container, but I guess that goes without saying.

[pascalandy]

Will test this. Don't be shy to buzz me if I forget.

[pascalandy]

@redacted do you like the idea of using Nuitka? If so I'll PR