Currently, apt rules assume that installations always happen from scratch, meaning that the underlying system does not have any apt packages installed on it.
This is true if you are building a base image with rules_distroless, but often users use a base image that has some apt packages already installed, making rules_distroless suboptimal at best.
I am proposing a feature where the manifest can instruct our resolver to continue where base image left off reusing package information at /var/lib/dpkg/status within the base image or expect users to list all the packages that already present.
Option 1
In terms of DX, this api is unpleasant, but comes with great flexibility.
manifest.yaml
exclude:
- base-files
- base-passwd
- bash
Option 2
This option autimatically derives the package information by walking through layers. While easier to use since users already have a base image passed to oci_image and can easily add it to their apt.install calls, is less flexible.
apt.install(
base = "@base_image_from_oci_pull"
)
Currently, apt rules assume that installations always happen from scratch, meaning that the underlying system does not have any apt packages installed on it.
This is true if you are building a base image with rules_distroless, but often users use a base image that has some apt packages already installed, making rules_distroless suboptimal at best.
I am proposing a feature where the manifest can instruct our resolver to continue where base image left off reusing package information at /var/lib/dpkg/status within the base image or expect users to list all the packages that already present.
Option 1
In terms of DX, this api is unpleasant, but comes with great flexibility.
manifest.yaml
Option 2
This option autimatically derives the package information by walking through layers. While easier to use since users already have a base image passed to
oci_imageand can easily add it to their apt.install calls, is less flexible.