Building the World: The Story Behind Wolfi

by Erika Heidi

Slide 1

Slide 1 text

Building the World The story behind Wolﬁ, the Linux undistro built for containers

Slide 2

Slide 2 text

Hi, I'm Erika! ● Developer Experience Engineer at Chainguard ○ Writing docs, tutorials, presentations, demos… ● Open Source enthusiast ○ PHP Developer focused on CLI applications ○ Author of Minicli, Librarian, autodocs… ● Too many hobbies

Slide 3

Slide 3 text

What is Wolﬁ

Slide 4

Slide 4 text

● Small Linux Distro for Containers ● "Undistro" because it doesn't have stuﬀ that normally goes into a Linux distribution ● Based on apk (the Alpine package manager) ● Fast updates What is Wolﬁ?

Slide 5

Slide 5 text

● Has a design that facilitates reproducible builds ● System state is not changed if the apk resolver can't "ﬁx the world" Why APK?

Slide 6

Slide 6 text

Images Comparison

Slide 7

Slide 7 text

Wolﬁ on GitHub

Slide 8

Slide 8 text

How it all started

Slide 9

Slide 9 text

How everything started

Slide 10

Slide 10 text

Jason explains it all

Slide 11

Slide 11 text

Naming is hard

Slide 12

Slide 12 text

Boxxy memorial

Slide 13

Slide 13 text

Wolﬁ it is

Slide 14

Slide 14 text

Packages!!!

Slide 15

Slide 15 text

Release Day - September 22, 2022

Slide 16

Slide 16 text

The ecosystem

Slide 17

Slide 17 text

melange ● Declarative apk builder tool ● Build pipelines are defined in YAML files ● Multi-architecture by default ● Platform-agnostic builds via Docker + melange image The Tools apko ● Declarative OCI image builder tool based on apk ● Generates flat images w/ a single layer ● Images are defined in YAML files ● Builds are fully reproducible ● Automatically generates SBOMs for every image ● Platform-agnostic builds via Docker + apko image

Slide 18

Slide 18 text

Why apko: building distroless images ● Minimalist container images with only what's absolutely necessary to build or execute your application ● Popular base images are full of software that only makes sense on bare-metal ● No need for package managers or interactive shells on production images ● Less dependencies = smaller attack surface, less CVEs

Slide 19

Slide 19 text

PHP in Wolﬁ

Slide 20

Slide 20 text

How PHP landed in Wolﬁ

Slide 21

Slide 21 text

How PHP landed in Wolﬁ

Slide 22

Slide 22 text

How PHP landed in Wolﬁ

Slide 23

Slide 23 text

How PHP landed in Wolﬁ

Slide 24

Slide 24 text

How PHP landed in Wolﬁ

Slide 25

Slide 25 text

How PHP landed in Wolﬁ

Slide 26

Slide 26 text

How PHP landed in Wolﬁ

Slide 27

Slide 27 text

Building Wolfi-based PHP Images ● Use cgr.dev/chainguard/php:latest-dev with a Dockerfile and install missing dependencies ● Use cgr.dev/chainguard/wolfi-base:latest with a Dockerfile and install all dependencies ● Use apko for composing a flat, distroless image using Wolfi packages 3 ways to use Wolfi for your PHP runtimes

Slide 28

Slide 28 text

Where we are today

Slide 29

Slide 29 text

Happy birthday Wolfi! From zero to 1600+ package configs in one year, which builds into 18k+ packages available via Wolfi's repo In the month of September, we celebrated Wolfi's first birthday 🎉 18k+ packages With more than 60 contributors from around the world and a strong team of in-house maintainers, for a fast-paced update cadence and new packages added daily 4k+ PRs merged Is the average time it takes for a package to be updated or patched to their latest release and made available upstream Less than 24h

Slide 30

Slide 30 text

Learn more and get involved ● Wolfi documentation at Chainguard Academy ● Wolfi repository on GitHub ● Building a Wolfi Package - tutorial ● Issues tagged for Hacktoberfest ● Wolfi Community Call Calendar ● Wolfi on X/Twitter

Slide 31

Slide 31 text

Thank You! @erikaheidi [email protected]