busybox #14
Comments
|
Hey @yoshuawuyts! I'm going to do some research into node&busybox before committing to this, but I like the idea! |
|
@wblankenship Thanks! That's all I can ask for. Really glad you like the idea! |
|
So I've been looking into running node in busybox. I have gotten to the point of having a compiled excutable loaded into the box, but we are missing some shared libraries:
Screenshot of current state.
If/when we get the libraries into busybox, we will still need to put node through a series of stress tests to make sure it is stable in this environment. |
|
So cool!! Let me know if I can assist in anything concrete, I'd be happy to! 😄 |
|
Sure thing! Will keep you posted. Do you have any experience loading shared libraries into busybox? |
|
@wblankenship Thanks! Haha, to be fair I have no experience with loading shared libs. Is there maybe another part where I can assist? You mentioned stress testing earlier, what did you have in mind for that? |
|
No worries! The stress tests will probably be running the new testing script for distributions repo. It currently has a few bugs to be worked out, could always take a look 😄 This recommendation came from the referenced pull request. If you have a better approach, feel free to recommend it. Could also look at some of the tests being run for the io.js project. |
|
Current status: libraries are being linked, but there is something weird with the libstdc++ library I'm linking against. Will have to shave that yak on a future date though, calling it a night.
|
|
Nice progress! |
|
Awesomesauce, here is the current shell script I was working on: https://github.com/nodesource/distributions/blob/hardcore/test/hardcore According to othiym we should:
"If it can install and build an entire Angular-scaffolded app, it's probably good to go." |
|
Current status: Even after getting the libraries into the container, I couldn't get them to load into memory. So it looks like we have to go the static route. I was able to get node v0.10.33 to compile as a static binary by manually implementing this pull request: nodejs/node-v0.x-archive#8274 node is now in the container and running. Going to work on moving everything around to the proper locations then will submit this as a pull request. |
|
for reference |
|
Just opened the https://github.com/nodesource/docker-node/tree/busybox branch. Currently npm is having some problems connecting to the network, not sure what is going on. Also, the image size is now at 18.85MB.
|
|
@wblankenship, have you checked this repo: https://github.com/hwestphal/docker-nodebox? The resulting image is quite tiny and uses official It is really easy to modify that Dockerfile to suit one's needs. For example, this is Node v0.11.14 with NPM v2.0.0 and without bash/git (27 MB total): FROM progrium/busybox
MAINTAINER Your Name <your.name@gmail.com>
RUN \
opkg-install curl libstdcpp && \
rm -f /lib/libpthread.so.0 && \
ln -s /lib/libpthread-2.18.so /lib/libpthread.so.0 && \
curl -s http://nodejs.org/dist/v0.11.14/node-v0.11.14-linux-x64.tar.gz | gunzip | tar -xf - -C /
ENV PATH /node-v0.11.14-linux-x64/bin:$PATHBTW, |
|
< ❤️ > I love his use of Thanks for the tip on </ :heart: > |
|
@skozin actually changing from /lib64/libpthread-0.9.33.2.so to /lib64/libpthread-2.18.so breaks git executable. Actually it looks like some inconsistency in busybox openwrt repository since bothe libpthread packages are available there and after being installed one overrides another. |
|
@ciekawy, that was one of the reasons I ended up packaging it using Alpine Linux. It has some issues too, but really very few compared to progrium/busybox. @wblankenship, glad it helped =) |
|
Unfortunately on Alpine Linux it is impossible to build phantomjs which is W dniu czwartek, 2 kwietnia 2015 Семён notifications@github.com
|
|
This item is being closed automatically as part of repository archival process. |
I was wondering how much sense it would make to have an official nodesource™ busybox™ secure container system™. It would be pretty rad if Nodesource supplied some kind of hyper-minimal node-only environment. No cpp, no bash, just node.
The reason I'm asking this is because I read that the Google uses
busyboxto run singlegolangbinaries, and as a result didn't have to worry about shellshock. Using minimalistic containers apparently reduces your attack surface. Also with you guys buildingnodawe could actually have single node binaries someday.Do you think this be possible / doable / actually useful ? Thanks!
The text was updated successfully, but these errors were encountered: