minideb VS docker-debian-artifacts

postgres:15-bullseye 2bb008a38e7c 379MB

[1] https://github.com/bitnami/minideb

However, it is sometimes a good idea to benchmark the speed of different images, as sometimes a significant speed loss is possible.

as is stated initially, that goes back to how bitnami is building its Docker images, basing on a set of debian packages (minideb) - there's also a shell library/framework embedded that does useful things, but that makes you read more code when you go check how the sausage is made. That minideb is the basis for the higher CVE count compared to scratch or alpine images.

> it’s a well-kept secret that no one wants to talk about

the maintainer side most casual docker image users aren't aware of I'd rephrase, but bitnami at least documents the issue

https://github.com/bitnami/minideb#security

https://docs.bitnami.com/kubernetes/open-cve-policy/

Ah, yeah it's a little more confusing because it's using the debootstrap tool (https://wiki.debian.org/Debootstrap) to build the container image filesystem. You can see all the gory logic here: https://github.com/bitnami/minideb/blob/master/buildone and https://github.com/bitnami/minideb/blob/master/mkimage It's a bunch of shell scripting that's not really meant to be interpreted by anyone that isn't a debian expert though, so don't feel bad if it looks really confusing. I think the overall thing is that minideb installs the absolute bare minimum system with debootstrap and even strips out a few essential packages like trusted SSL CAs, etc. If you need anything (including those essential packages) you're meant to just install_packages install them--it's all using the same apt sources and packages as debian.

Do you know why this is? Because it's part of the base file system. Here is a line from the build script for minideb (basically the smallest image needed to run a container): https://github.com/bitnami/minideb/blob/e4f37e8a5d271d93b79c3f4caa49c4ceb95d8eec/mkimage#L52

What's different between debian:bullseye-slim and debian:bullsye (assuming you are talking about https://hub.docker.com/_/debian)

let me try to answer/research this question myself to find the answer/go on this journey:

takes me to

non slim: https://github.com/debuerreotype/docker-debian-artifacts/tre...

slim: https://github.com/debuerreotype/docker-debian-artifacts/tre...

https://github.com/debuerreotype/docker-debian-artifacts/blo... versus https://github.com/debuerreotype/docker-debian-artifacts/blo...

two files are identical

so at a quick glance i have no clue what is going into rootfs.tar.xz that makes one slim and one not

go to google:

https://stackoverflow.com/questions/59794891/how-does-debian...

"just using an elixir docker image": [elixir](https://github.com/erlef/docker-elixir/blob/b108e93389b820554ad9f1e8e07001ed8186d230/1.14/Dockerfile) FROM [erlang:25](https://github.com/erlang/docker-erlang-otp/blob/3e60071a7f14aefe202b602aec0893678d0a0069/25/Dockerfile) FROM [buildpack-deps:bullseye](https://github.com/docker-library/buildpack-deps/blob/65d69325ad741cea6dee20781c1faaab2e003d87/debian/bullseye/Dockerfile) FROM [buildpack-deps:bullseye-curl](https://github.com/docker-library/buildpack-deps/blob/98a5ab81d47a106c458cdf90733df0ee8beea06c/debian/bullseye/curl/Dockerfile) FROM [debian:bullseye](https://github.com/debuerreotype/docker-debian-artifacts/blob/fe5738569aad49a97cf73183a8a6b2732fe57840/bullseye/Dockerfile). wtf is even running on that thing?

FROM scratch ADD rootfs.tar.xz / CMD ["bash"] https://github.com/debuerreotype/docker-debian-artifacts/blob/686d9f6eaada08a754bc7abf6f6184c65c5b378f/bullseye/slim/Dockerfile

Is it the 64 vs 32 bit time calls possibly? Like this: https://github.com/debuerreotype/docker-debian-artifacts/issues/106 What happens if you run the date command from inside the container?