Hacker News new | ask | show | jobs
by c0l0 871 days ago 

   [...]
   COPY --from=ugit-ops /usr/bin/tr /usr/bin/tr
   COPY --from=ugit-ops /bin/bash /bin/
   COPY --from=ugit-ops /bin/sh /bin/
   
   # copy lib files
   COPY --from=ugit-ops /usr/lib/libncursesw.so.6 /usr/lib/
   COPY --from=ugit-ops /usr/lib/libncursesw.so.6.4 /usr/lib/
   COPY --from=ugit-ops /usr/lib/libpcre* /usr/lib/
   COPY --from=ugit-ops /usr/lib/libreadline* /usr/lib/
   [...]
For me, insane sh*t like this proves that those who do not learn from distribution and package management infrastructure engineering history are condemned to reinvent it, poorly.
2 comments
bhupesh 871 days ago
Hey author here.

I understand that you might have some context about package managers that I am missing. Would genuinely like some resources about your comment or maybe a bit of explanation.

Thanks

link
c0l0 871 days ago
Hey there Bhupesh - apologies for the snark! I was just venting some of the frustration I feel every day with modern "devops" tooling ;)

I am in a bit of a rush right now (which is why I try my absolute best to keep procrastinating on HN at the the absolute minimum, I swear! ;)), but I will try to share some insight later (potentially as a comment on your blog).

link
codethief 871 days ago
I'd be interested in this, too, so I'd be grateful if you could notify us here, wherever you end up posting your comment!
link
bhupesh 871 days ago
Thanks, appreciate the help!
link
gbN025tt2Z1E2E4 871 days ago
I explained a bit here in my reply to your other comment:

https://news.ycombinator.com/item?id=39243450

link
tiziano88 871 days ago
It may be worth looking at Nix if you haven't already
link
crabique 870 days ago
At this point, why not just build statically linked binaries of those utils in the build stage and just copy them over? Or even better, have a static build of busybox with all of the non-dependencies disabled. Those filename bytes add up fast!

On unrelated note, --chmod parameter of the COPY instruction provides a way to avoid additional layers just to set the executable bits:

  # instead of
  COPY ugit .
  RUN chmod +x ugit && mv ugit /usr/local/bin/
  COPY --from=builder /usr/local/bin/ugit /usr/bin/

  # could just be this
  COPY ugit --chmod=755 /usr/bin/
In all seriousness though, that Dockerfile is basically one big uglified red flag, please don't do this, people.
link