Now that the official Ubuntu containers have gotten down to around 50MB for an image [1], can the case still be made for using Alpine?
Admittedly, Alpine images are just 2MB [2], but I kept running into so many edge cases with musl, apk didn't always have the packages I wanted and often lagged behind critical security updates, and documentation/community was much smaller than I'd like. It's a genuine question. I'm wondering if the case can be made to prefer Alpine as your default Docker base image.
I personally find the package system on Alpine to be much more suited for container-like environments compared to Ubuntu. For one thing, it's trivial in Alpine to install a package without having to 'apt update' and remove the cache after installing. Additionally, the process of installing a bunch of build dependencies under a temporary namespace and uninstalling them after the build process is really streamlined.
Mostly for these reasons I prefer a (slightly modified) Alpine base. I do at times run into musl compatibility issues, in those cases I most often fall back to Ubuntu.
I don't think Alpine uses systemd, so there's that.
I attempted Alpine for my router, but at the time there was no UEFI support (grub2-efi was in the unstable tree). That made me turn to Void Linux, which is totally worth checking out. I use it on my current x86 based router:
Well 48MB is a lot. Also Musl Libc has advantages, eg it has an emphasis on correctness, it is easy to understand (read the code, it is great, Glibc is very hard to understand). Plus if you want to make statically linked binaries you pretty much need to use Musl, as Glibc has many cases that do not work.
Which security updates? Generally these are pretty quick, and the processes are improving.
I hope the processes keep improving. They recently introduced Alpine SecDB[0], which is their database (YAML files) of CVEs. I've been told from one of their developers that it may not be actively maintained. I hope they stick with it since now we can use that in Clair[1] to improve the transparency of containers.
Alpine Linux is great and I wish they would do more to upstream their build fixes so that stuff works out of the box with musl. I also wish Rust and then rustup will work out of the box on Alpine soon, as this will make it very easy to use generally and in docker images for ci specifically. No complaints, just a small wish list for a distro that's already very useful. Huge thanks to all alpine devs!
Most of the build fixes are offered upstream, not every upstream is interested in supporting non glibc Linux platforms alas. But gradually things are getting upstreamed.
Sadly it's outdated, only a single version, and missing all the other important rustup features. Ultimately rustup's Linux binaries would benefit from either optionally or exclusively being available in a version that's linked dynamically - or more practically - statically against musl. These would work in default docker images, Ubuntu, Red Hat, Alpine, Void Linux, anywhere that has Linux 2.6 ABI. Stack has started doing this for their GHC builds. Of course, a prerequisite is upstream support for hosting rust in a musl (no glibc) environment. Since Rust has a musl target for static compilation, it's natural to be hosted as well.
Well, hosted is trickier due to compiler plugins, but yes. It's workable. In general, please submit bugs upstream or comment on any open issues; this package was created by someone who was working on exactly that!
> Well, hosted is trickier due to compiler plugins, but yes.
This has been discussed multiple times in tickets and it's pending. Hopefully soon :).
> please submit bugs upstream or comment on any open issues
Of course but there's nothing I can add to already existing and open issues that hasn't already been discussed. There's a need for rustc dev focus on this just like msvc support in the past.
> Once you get rustc, rustup should be fine.
What do you mean? Being able to build rustup doesn't give you access to rustup toolchains/targets that run on Alpine, if that's what you mean. Or?
I meant that in most distros (I know more about Debian than Alpine), the first step is packaging rustc + cargo, then applications built with it. So I imagined it'd go the same way. rustc and cargo are much harder to package, so after that's done, other applications in Rust tend to be easier.
Alpine Linux is the easiest/quickest way to create containers that have a manageable size (which is pretty important if you are hosting your own registery that charges you for space instead of containers)
Admittedly, Alpine images are just 2MB [2], but I kept running into so many edge cases with musl, apk didn't always have the packages I wanted and often lagged behind critical security updates, and documentation/community was much smaller than I'd like. It's a genuine question. I'm wondering if the case can be made to prefer Alpine as your default Docker base image.
[1] https://hub.docker.com/r/library/ubuntu/tags/
[2] https://hub.docker.com/r/library/alpine/tags/