in ,

coord-e / magicpak, Hacker News

coord-e / magicpak, Hacker News


magicpak enables you to build minimal docker images without any bothersome preparation such as static linking.

# You prepare / bin / your_executable here … ADD https: // _ – unknown-linux- musl / usr / bin / magicpak RUN chmod x / usr / bin / magicpak RUN / usr / bin / magicpak -v / bin / your_executable / bundle FROM scratch COPY – from=0 / bundle /. CMD [“/bin/your_executable”]

That’s it! The resulting image shall only contain what your executable requires at runtime. You can find more useful examples of

magicpak under example /.

magicpak is a command-line utility that analyzes and bundles runtime dependencies of the executable. magicpak basically collects all shared object dependencies that are required by a dynamic linker at runtime. Additionally, magicpak s contributions are summarized as follows:


You can start with magicpak path / to / executable path / to / output . This simply analyzes runtime dependencies of your executable statically and put everything your executable needs in runtime to the specified output directory. Once they’ve bundled, we can simply copy them to the scratch image in the second stage as follows.

RUN magicpak path / to / executable / bundle FROM scratch COPY – from=0 / bundle /.

Some executables work well in this way. However, others fail to run properly because magicpak

‘s static analysis is not enough to detect all files needed by them at runtime. For this case, magicpak has – include option to specify the missing requirements manually. Moreover, you can use – dynamic to automatically include files that are accessed by the executable during execution.

Despite our careful implementation, our analysis is unreliable in a way because we can’t completely determine the runtime behavior before its execution. To ensure that

magicpak collected all dependencies to perform a specific task, – test option is implemented. – test enables testing of the resulting bundle using chroot (2).

The size of the resulting image is our main concern. magicpak supports executable compression using upx

. You can enable it with – compress . Supported options magicpak [OPTIONS]     -r, –install-to Specify the installation path of the executable in the bundle     -e, –exclude … Exclude files / directories from the resulting bundle with glob patterns     -i, –include … Additionally include files / directories with glob patterns         –mkdir … Make directories in the resulting bundle     -d, –dynamic Enable dynamic analysis         –dynamic-arg … Specify arguments passed to the executable in –dynamic         –dynamic-stdin Specify stdin content supplied to the executable in –dynamic     -t, –test Enable testing         –test-command Specify the test command to use in –test         –test-stdin Specify stdin content supplied to the test command in –test         –test-stdout Test stdout of the test command     -c, –compress Compress the executable with npx         –upx-arg … Specify arguments passed to upx in –compress         –upx Specify the path or name of upx that would be used in compression         –busybox Specify the path or name of busybox that would be used in testing         –cc Specify the path or name of c compiler         –log-level Specify the log level     -v, –verbose Verbose mode, same as –log-level Info     -h, –help Prints help information     -V, –version Prints version information

We provide some base images that contain License magicpak and its optional dependencies to get started. Example

The following is a dockerfile using magicpak for a docker image of

clang-format , a formatter for C-like languages. ( example / clang-format

FROM magicpak / debian RUN apt-get – y update RUN apt-get – y –no-install-recommends install clang-format RUN magicpak $ (which clang-format) / bundle -v       –compress       –upx-arg –best       –upx-arg –brute       –test       –test-stdin “int main () {}”       –test-stdout “int main () {}”       –install-to / bin / FROM scratch COPY – from=0 / bundle /. WORKDIR / workdir CMD ) Disclaimer

    magicpak comes with absolutely no warranty. There’s no guarantee that the processed bundle works properly and identically to the original executable. Although I had no problem using magicpak for building various kinds of images, it is recommended to use this with caution and make a careful examination of the resulting bundle. License

    Licensed under either of

    Apache License, Version 2.0 ( LICENSE-APACHE

or MIT license ( LICENSE-MIT or / MIT at your option. Contribution

    Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.   
    (Read More

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

ESRB Loot Box Warning Won't Stop Greedy Publishers from Screwing Us, Crypto Coins News

ESRB Loot Box Warning Won't Stop Greedy Publishers from Screwing Us, Crypto Coins News

Deconstructing Sega's System 16 Security – Part 2, Hacker News

Deconstructing Sega's System 16 Security – Part 2, Hacker News