Show HN: Building better base images

2 months ago 5
Container Tools Container Tools is a project that provides scripts and utilities to automate the creation of minimal Debian-based root filesystems (rootfs) using debootstrap. It supports customization with specific packages, configurations, and integrates security scanning for containerized environments. Can be easily extend for other distros and projects.

When building containerized environments using standard Dockerfiles, each customization layer creates:

  • Storage bloat - Every RUN apt-get install creates a new layer, wasting disk space with duplicate dependencies
  • Network inefficiency - Redundant package downloads occur across different images
  • Slow iterations - Rebuilding images requires repeating all previous steps

With this tool one can build:

  • Minimal base images from scratch using debootstrap
  • Precisely including only required components in the initial build
  • Creating specialized variants (Java, Kafka, etc.) from common foundations
Usage: make <target> ============================ ** Debian Linux targets ** ============================ |all| |debian11| |debian11-java| |debian11-java-slim| |debian11-corretto| |debian11-graal| |debian11-graal-slim| |debian11-java-slim-maven| |debian11-java-slim-gradle| |debian11-graal-slim-maven| |debian11-graal-slim-gradle| |debian11-java-kafka| |debian11-java-slim-kafka|

In the end it will produce the image

[Image was built successfully] :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Artifact location: debian/dist/debian11-graal-slim/debian11-graal-slim.tar Artifact size: 124M :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Image was built successfully! Artifact location: debian/dist/debian11-graal-slim/debian11-graal-slim.tar To load and run this Docker image, follow these steps: Load the Docker image from the .tar file: cat debian/dist/debian11-graal-slim/debian11-graal-slim.tar | docker import - debian/dist/debian11-graal-slim/debian11-graal-slim Verify the image was loaded successfully: docker images Run the Docker container: docker run -it <IMAGE_NAME> Replace <IMAGE_NAME> with the name of the image loaded in the first step. Example: docker run -it debian/dist/debian11-graal-slim/debian11-graal-slim /bin/bash :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Time elapsed: 193
  1. Add recipe to recipes/
  2. Make sure that the link to artifact and SHA256 is correct (e.g sha256sum kafka_2.13-4.0.0.tgz):
KAFKA_VERSION='4.0.0' KAFKA_SHA='7b852e938bc09de10cd96eca3755258c7d25fb89dbdd76305717607e1835e2aa' KAFKA_URL="https://downloads.apache.org/kafka/${KAFKA_VERSION}/kafka_2.13-${KAFKA_VERSION}.tgz"
  1. Add target to the Makefile
debian11-java-slim-kafka: $(PRINT_HEADER) $(DEBIAN_BUILD_SCRIPT) \ --name=$@ \ --keyring=$(DEBIAN_KEYRING) \ --variant=container \ --release=stable \ --recipes=$(JAVA_RECIPES)/java_slim.sh,$(RECIPES)/kafka/kafka.sh \ --scripts=$(SCRIPTS)/security-scan.sh

Profit

Repository Directory Structure

  • Dockerfile - Docker configuration for building the environment
  • Makefile - Build automation with targets for different images
  • README.md - Project documentation and usage instructions
  • tools.mk - Makefile tools and utilities
  • Vagrantfile - Vagrant configuration for development environment

Contains Debian-specific files for image building

Configuration files for different Debian versions:

  • buster - Debian 10 (Buster) config
  • bullseye - Debian 11 (Bullseye) config
  • jessie - Debian 8 (Jessie) config
  • stretch - Debian 9 (Stretch) config
  • unstable - Debian Unstable config
  • wheezy - Debian 7 (Wheezy) config

GPG keys for package verification:

  • buster.gpg - Key for Debian Buster
  • unstable.gpg - Key for Debian Unstable
  • mkimage.sh - Main script for building Debian root filesystems

Contains installation scripts for different components

Java-related installation scripts:

  • java.sh - Full JDK installation
  • java_slim.sh - Slimmed-down JDK installation
  • graalvm.sh - GraalVM installation
  • graalvm_slim.sh - Slim GraalVM installation
  • corretto.sh - Amazon Corretto JDK
  • maven.sh - Apache Maven
  • gradle.sh - Gradle build tool
  • kafka.sh - Apache Kafka installation (added in our solution)

Post-build maintenance scripts:

  • security-scan.sh - Runs Trivy security scanner

Output directory (created during build):

  • Contains final built images in .tar format
  • Organized by image name (e.g., debian11-java-slim/)

Temporary download directory (created during build):

  • Stores downloaded packages and binaries
Read Entire Article
  1. Homepage
  2. Technology
  3. Show HN: Building better base images

Related

How to Write Compelling Release Announcements

How to Write Compelling Release Announcements

4 days ago 2
Framework Laptop 12 press reviews are live and Framework Laptop 13 in-stock

Framework Laptop 12 press reviews are live and Framework Lap...

4 days ago 2
Is Lovable getting monetization wrong?

Is Lovable getting monetization wrong?

4 days ago 2

Trending

1. kai trump
2. monster hunter wilds
3. solar companies
4. hideo kojima
5. solar storm
6. trump arrested
7. metallica
8. stimulus check 2025
9. student loans senate bill
10. brett favre

Popular

Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability

Mozilla Patches Critical Firefox Bug Similar to Chrome’s Rec...

3 months ago 95
Greenland, Denmark Push Back on Vance’s Visit

Greenland, Denmark Push Back on Vance’s Visit

3 months ago 29
Making the District of Columbia Safe and Beautiful

Making the District of Columbia Safe and Beautiful

2 months ago 29
It’s Clearer Than Ever What Jeff Bezos Wants With the Washington Post

It’s Clearer Than Ever What Jeff Bezos Wants With the Washin...

3 months ago 26
Jargonic: Industry-Tunable ASR Model

Jargonic: Industry-Tunable ASR Model

2 months ago 25
English (US) English (US) ·
About Us · Contact Us · Terms & Conditions ·

© The Conrad Group Newsdesk 2025. All rights are reserved