I've been playing around with Debian and Docker a little bit. I found Joey Hess' post about Docker trust interesting reading, in particular this advice:

I'd recommend only trusting docker images you build yourself. I have some docker images published somewhere that are built with 100% straight debootstrap with no modifications (...) But I'm not going to link to them, because again, you should only trust docker images you built yourself.

On that advice, I did exactly that. I've pushed the basic scripts I used to build my images to github:jmtd/debian-docker. Suggestions welcome!

However, I am planning to share the images I build, at least for my own convenience, on the Docker repository. I'm hoping to publish some PGP-signed sums somewhere so you could verify the binary images on the Docker registry if you so wish.

The three images I'm currently maintaining are:

  • jmtd/debian:buildd: a sid image, variant buildd, to use as the base for package builds
  • jmtd/debian:wheezy: a minbase wheezy
  • jmtd/debian:wheezy-i386: a minbase wheezy, i386

(note: I haven't pushed them all yet.)

With docker 1.5.x at least, the i386 image works fine on amd64 hosts. I've used it as the basis for running wine and Windows binaries. I might push a wine image if I generalise it enough to be more useful.

The Docker folks recommend using Debian as a base image because it's a small size (approx. 163M for my base image, 85.01M for the semi-official one: See Joey's blog for some of the differences) but with a good set of tools. I wondered whether I could leverage the efforts of the Emdebian project to get an even smaller base image.

Unfortunately, the Emdebian project discontinued their 'Grip' project midway through last year. A basic Emdebian grip install is a fair bit smaller than the equivalent wheezy image, but once you've applied security updates most of the difference is lost. I suspect that some of Emdebian's minimisation techniques would be useful and applicable for shrinking Docker base images.