Building the World: The Story Behind Wolfi

Transcript

1. Building the World The story behind Wolfi, the Linux undistro

   built for containers

2. Hi, I'm Erika! • Developer Experience Engineer at Chainguard ◦

   Writing docs, tutorials, presentations, demos… • Open Source enthusiast ◦ PHP Developer focused on CLI applications ◦ Author of Minicli, Librarian, autodocs… • Too many hobbies

3. What is Wolfi

4. • Small Linux Distro for Containers • "Undistro" because it

   doesn't have stuff that normally goes into a Linux distribution • Based on apk (the Alpine package manager) • Fast updates What is Wolfi?

5. • Has a design that facilitates reproducible builds • System

   state is not changed if the apk resolver can't "fix the world" Why APK?

6. Images Comparison

7. Wolfi on GitHub

8. How it all started

9. How everything started

10. Jason explains it all

11. Naming is hard

12. Boxxy memorial

13. Wolfi it is

14. Packages!!!

15. Release Day - September 22, 2022

16. The ecosystem

17. melange • Declarative apk builder tool • Build pipelines are

    defined in YAML files • Multi-architecture by default • Platform-agnostic builds via Docker + melange image The Tools apko • Declarative OCI image builder tool based on apk • Generates flat images w/ a single layer • Images are defined in YAML files • Builds are fully reproducible • Automatically generates SBOMs for every image • Platform-agnostic builds via Docker + apko image

18. Why apko: building distroless images • Minimalist container images with

    only what's absolutely necessary to build or execute your application • Popular base images are full of software that only makes sense on bare-metal • No need for package managers or interactive shells on production images • Less dependencies = smaller attack surface, less CVEs

19. PHP in Wolfi

20. How PHP landed in Wolfi

21. How PHP landed in Wolfi

22. How PHP landed in Wolfi

23. How PHP landed in Wolfi

24. How PHP landed in Wolfi

25. How PHP landed in Wolfi

26. How PHP landed in Wolfi

27. Building Wolfi-based PHP Images • Use cgr.dev/chainguard/php:latest-dev with a Dockerfile

    and install missing dependencies • Use cgr.dev/chainguard/wolfi-base:latest with a Dockerfile and install all dependencies • Use apko for composing a flat, distroless image using Wolfi packages 3 ways to use Wolfi for your PHP runtimes

28. Where we are today

29. Happy birthday Wolfi! From zero to 1600+ package configs in

    one year, which builds into 18k+ packages available via Wolfi's repo In the month of September, we celebrated Wolfi's first birthday 🎉 18k+ packages With more than 60 contributors from around the world and a strong team of in-house maintainers, for a fast-paced update cadence and new packages added daily 4k+ PRs merged Is the average time it takes for a package to be updated or patched to their latest release and made available upstream Less than 24h

30. Learn more and get involved • Wolfi documentation at Chainguard

    Academy • Wolfi repository on GitHub • Building a Wolfi Package - tutorial • Issues tagged for Hacktoberfest • Wolfi Community Call Calendar • Wolfi on X/Twitter

31. Thank You! @erikaheidi [email protected]