Slide 1

Slide 1 text

Building the World The story behind Wolfi, the Linux undistro built for containers

Slide 2

Slide 2 text

Hi, I'm Erika! ● Developer Experience Engineer at Chainguard ○ Writing docs, tutorials, presentations, demos… ● Open Source enthusiast ○ PHP Developer focused on CLI applications ○ Author of Minicli, Librarian, autodocs… ● Too many hobbies

Slide 3

Slide 3 text

What is Wolfi

Slide 4

Slide 4 text

● Small Linux Distro for Containers ● "Undistro" because it doesn't have stuff that normally goes into a Linux distribution ● Based on apk (the Alpine package manager) ● Fast updates What is Wolfi?

Slide 5

Slide 5 text

● Has a design that facilitates reproducible builds ● System state is not changed if the apk resolver can't "fix the world" Why APK?

Slide 6

Slide 6 text

Images Comparison

Slide 7

Slide 7 text

Wolfi on GitHub

Slide 8

Slide 8 text

How it all started

Slide 9

Slide 9 text

How everything started

Slide 10

Slide 10 text

Jason explains it all

Slide 11

Slide 11 text

Naming is hard

Slide 12

Slide 12 text

Boxxy memorial

Slide 13

Slide 13 text

Wolfi it is

Slide 14

Slide 14 text


Slide 15

Slide 15 text

Release Day - September 22, 2022

Slide 16

Slide 16 text

The ecosystem

Slide 17

Slide 17 text

melange ● Declarative apk builder tool ● Build pipelines are defined in YAML files ● Multi-architecture by default ● Platform-agnostic builds via Docker + melange image The Tools apko ● Declarative OCI image builder tool based on apk ● Generates flat images w/ a single layer ● Images are defined in YAML files ● Builds are fully reproducible ● Automatically generates SBOMs for every image ● Platform-agnostic builds via Docker + apko image

Slide 18

Slide 18 text

Why apko: building distroless images ● Minimalist container images with only what's absolutely necessary to build or execute your application ● Popular base images are full of software that only makes sense on bare-metal ● No need for package managers or interactive shells on production images ● Less dependencies = smaller attack surface, less CVEs

Slide 19

Slide 19 text

PHP in Wolfi

Slide 20

Slide 20 text

How PHP landed in Wolfi

Slide 21

Slide 21 text

How PHP landed in Wolfi

Slide 22

Slide 22 text

How PHP landed in Wolfi

Slide 23

Slide 23 text

How PHP landed in Wolfi

Slide 24

Slide 24 text

How PHP landed in Wolfi

Slide 25

Slide 25 text

How PHP landed in Wolfi

Slide 26

Slide 26 text

How PHP landed in Wolfi

Slide 27

Slide 27 text

Building Wolfi-based PHP Images ● Use with a Dockerfile and install missing dependencies ● Use with a Dockerfile and install all dependencies ● Use apko for composing a flat, distroless image using Wolfi packages 3 ways to use Wolfi for your PHP runtimes

Slide 28

Slide 28 text

Where we are today

Slide 29

Slide 29 text

Happy birthday Wolfi! From zero to 1600+ package configs in one year, which builds into 18k+ packages available via Wolfi's repo In the month of September, we celebrated Wolfi's first birthday 🎉 18k+ packages With more than 60 contributors from around the world and a strong team of in-house maintainers, for a fast-paced update cadence and new packages added daily 4k+ PRs merged Is the average time it takes for a package to be updated or patched to their latest release and made available upstream Less than 24h

Slide 30

Slide 30 text

Learn more and get involved ● Wolfi documentation at Chainguard Academy ● Wolfi repository on GitHub ● Building a Wolfi Package - tutorial ● Issues tagged for Hacktoberfest ● Wolfi Community Call Calendar ● Wolfi on X/Twitter

Slide 31

Slide 31 text

Thank You! @erikaheidi [email protected]