From 56bc6a670d55bfa9744656e1037a27b32182e3de Mon Sep 17 00:00:00 2001 From: Jacob Heider Date: Fri, 3 Jul 2026 14:26:44 -0400 Subject: [PATCH] restore the "fat" default docker image; publish a "slim" variant MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The `pkgxdev/pkgx` images were slimmed to bare `debian:stable-slim` + the pkgx/pkgm binaries, dropping the base system dev libraries the hermetic pkgx/brewkit toolchain still links against (libc headers, libstdc++/libgcc). That broke compiling anything in the image — e.g. `bk d b` fails with `stdlib.h: No such file or directory`. Restore those essentials on the default (debian → `latest`) image, and add a `Dockerfile.slim` published as `pkgxdev/pkgx:slim` for the minimal runtime-only case. brewkit pulls the default `pkgxdev/pkgx`, so it gets a working image with no changes on its side. Co-Authored-By: Claude Opus 4.8 --- .github/workflows/cd.docker.yml | 2 ++ docker/Dockerfile.debian | 11 +++++++++++ docker/Dockerfile.slim | 14 ++++++++++++++ 3 files changed, 27 insertions(+) create mode 100644 docker/Dockerfile.slim diff --git a/.github/workflows/cd.docker.yml b/.github/workflows/cd.docker.yml index d90288a74..fdd302df3 100644 --- a/.github/workflows/cd.docker.yml +++ b/.github/workflows/cd.docker.yml @@ -29,6 +29,8 @@ jobs: platforms: linux/amd64 - variety: debian platforms: linux/amd64,linux/arm64 + - variety: slim + platforms: linux/amd64,linux/arm64 - variety: ubuntu platforms: linux/amd64,linux/arm64 runs-on: ubuntu-latest diff --git a/docker/Dockerfile.debian b/docker/Dockerfile.debian index e17714cc0..29720c6be 100644 --- a/docker/Dockerfile.debian +++ b/docker/Dockerfile.debian @@ -4,6 +4,17 @@ RUN install -m 755 /pkgx/$(uname -m) /usr/local/bin/pkgx RUN install -m 755 /pkgx/pkgm /usr/local/bin/pkgm FROM debian:stable-slim AS stage1 +# The default `pkgxdev/pkgx` image is the "fat" one: it carries the base system +# dev libraries a hermetic pkgx/brewkit toolchain still links against (libc +# headers, libstdc++/libgcc, &c). Without these, compiling anything fails with +# e.g. `stdlib.h: No such file or directory`. See `Dockerfile.slim` for the +# minimal runtime-only image (`pkgxdev/pkgx:slim`). +# g++ (not build-essential) pulls the default-gcc libstdc++/libgcc dev libs +# without make/dpkg-dev, and version-agnostically — no rot-prone version pin. +RUN apt-get update \ + && apt-get install --yes --no-install-recommends \ + libc6-dev g++ libudev-dev netbase ca-certificates \ + && rm -rf /var/lib/apt/lists/* COPY --from=stage0 /usr/local/bin/pkgx /usr/local/bin/pkgm /usr/local/bin/ CMD ["/bin/bash"] diff --git a/docker/Dockerfile.slim b/docker/Dockerfile.slim new file mode 100644 index 000000000..a732071fa --- /dev/null +++ b/docker/Dockerfile.slim @@ -0,0 +1,14 @@ +FROM debian:stable-slim AS stage0 +COPY ./products/* /pkgx/ +RUN install -m 755 /pkgx/$(uname -m) /usr/local/bin/pkgx +RUN install -m 755 /pkgx/pkgm /usr/local/bin/pkgm + +# The "slim" image: bare debian + the pkgx/pkgm binaries, nothing else. Great for +# running pkgx-installed tools with the smallest footprint. If you intend to +# *compile* anything (eg. `bk`, or pip packages with C extensions), use the fat +# `pkgxdev/pkgx` (default) image instead — it ships the base build/dev libraries. +FROM debian:stable-slim AS stage1 +COPY --from=stage0 /usr/local/bin/pkgx /usr/local/bin/pkgm /usr/local/bin/ + +CMD ["/bin/bash"] +ENTRYPOINT ["/usr/local/bin/pkgx"]