Distroless Support

[ReillyBrogan]

Distroless container images are frequently used by many projects (notably the Kubernetes project uses them for almost all container images). Despite the name they are a derivative of Debian, however they lack built-in package manager support. It is however possible to add additional packages to them, see the fluent-bit images for an example of how this is usually done with multi-stage builds. Additionally they are already built in a fully reproducible fashion, so extending them with reproducible additional packages seems a good match to me.

Not sure what this all entails as I'm still getting my head around the tool, but it would be an interesting thing to consider supporting.

[afbjorklund]

When creating a debianless* or cryptoless* image, one normally just uses debian packages for the builder image.

1. gcr.io/distroless/base-debian11

2. gcr.io/distroless/base-nossl-debian11

The "distroless" only means that the shell and package manager is removed, in the output/deployment images...

---

So you should be able to use repro-get in your debian:bullseye image ? To make that part more reproducible.

You might even want to include the resulting SHA256SUMS in the result, like the package manager stuff today:

└── var
    ├── backups
    ├── cache
    ├── lib
    │   ├── dpkg
    │   │   └── status.d
    │   │       ├── base-files
    │   │       ├── base-files.md5sums
    │   │       ├── libc6
    │   │       ├── libc6.md5sums
    │   │       ├── libssl1.1
    │   │       ├── libssl1.1.md5sums
    │   │       ├── netbase
    │   │       ├── netbase.md5sums
    │   │       ├── openssl
    │   │       ├── openssl.md5sums
    │   │       ├── tzdata
    │   │       └── tzdata.md5sums