那些最原始的镜像又是怎么做出来的呢？比如我们拉了个 nginx 镜像，但是实际上只是某个人在 centos 镜像上搭建了个 nginx 放出来，那这个最原始的 centos 镜像是怎么做出来的？

直接一个 tar 添加到空 image scratch 上，如 https://github.com/docker-library/busybox/blob/master/glibc/Dockerfile

https://github.com/alpinelinux/docker-alpine/blob/847dd9a734df631555265ccf598ce635d3fe1453/x86_64//Dockerfile

FROM scratch
ADD alpine-minirootfs-3.9.2-x86_64.tar.gz /
CMD [“/bin/sh”]

https://github.com/alpinelinux/docker-alpine

https://docs.docker.com/develop/develop-images/baseimages/

FROM scratch
ADD hello /
CMD [“/hello”]

$ docker build –tag hello .
[+] Building 0.2s (4/4) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 36B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 2B 0.0s
=> ERROR [1/1] ADD hello / 0.0s
——

[1/1] ADD hello /:

failed to compute cache key: “/hello” not found: not found

touch hello

$ docker build –tag hello .
[+] Building 0.3s (5/5) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 36B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 26B 0.0s
=> [1/1] ADD hello / 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => writing image sha256:b2ef40c4ab99dad13978397700d3b93bdb6f9438cb2f6 0.0s
=> => naming to docker.io/library/hello

$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hello latest b2ef40c4ab99 18 seconds ago 0B

https://docs.docker.com/develop/develop-images/baseimages/

https://github.com/docker-library/busybox

要从0开始做一个属于自己的基础 OS 镜像，可以去参考那些开源 OS 官方镜像是怎么做的，Github 都有完整代码。

FROM scratch
ADD centos-7-x86_64-docker.tar.xz /

LABEL

org.label-schema.schema-version=”1.0”

…..
CMD [” /bin/bash”]

https://www.zhihu.com/question/436737502

https://github.com/CentOS/sig-cloud-instance-images/tree/b2d195220e1c5b181427c3172829c23ab9cd27eb/docker

https://github.com/debuerreotype/docker-debian-artifacts/blob/d5a5b49170b3f736cc7952787f074d7e24cf56fd/buster/Dockerfile

https://raw.githubusercontent.com/docker/docker/master/contrib/mkimage-yum.sh

#!/usr/bin/env bash
#

Create a base CentOS Docker image.

#

This script is useful on systems with yum installed (e.g., building

a CentOS image on CentOS). See contrib/mkimage-rinse.sh for a way

to build CentOS images on other systems.

set -e

usage() {
cat « EOOPTS
$(basename $0) [OPTIONS]
OPTIONS:
-p "" The list of packages to install in the container.
The default is blank. Can use multiple times.
-g "" The groups of packages to install in the container.
The default is "Core". Can use multiple times.
-y The path to the yum config to install packages from. The
default is /etc/yum.conf for Centos/RHEL and /etc/dnf/dnf.conf for Fedora
-t Specify Tag information.
default is reffered at /etc/{redhat,system}-release
EOOPTS
exit 1
}

option defaults

yum_config=/etc/yum.conf
if [ -f /etc/dnf/dnf.conf ] && command -v dnf &> /dev/null; then
yum_config=/etc/dnf/dnf.conf
alias yum=dnf
fi

for names with spaces, use double quotes (“) as install_groups=(‘Core’ ‘“Compute Node”’)

install_groups=()
install_packages=()
version=
while getopts “:y:p:g:t:h” opt; do
case $opt in
y)
yum_config=$OPTARG
;;
h)
usage
;;
p)
install_packages+=(“$OPTARG”)
;;
g)
install_groups+=(“$OPTARG”)
;;
t)
version=”$OPTARG”
;;
\?)
echo “Invalid option: -$OPTARG”
usage
;;
esac
done
shift $((OPTIND - 1))
name=$1

if [[ -z $name ]]; then
usage
fi

default to Core group if not specified otherwise

if [ ${#install_groups[*]} -eq 0 ]; then
install_groups=(‘Core’)
fi

target=$(mktemp -d –tmpdir $(basename $0).XXXXXX)

set -x

mkdir -m 755 “$target”/dev
mknod -m 600 “$target”/dev/console c 5 1
mknod -m 600 “$target”/dev/initctl p
mknod -m 666 “$target”/dev/full c 1 7
mknod -m 666 “$target”/dev/null c 1 3
mknod -m 666 “$target”/dev/ptmx c 5 2
mknod -m 666 “$target”/dev/random c 1 8
mknod -m 666 “$target”/dev/tty c 5 0
mknod -m 666 “$target”/dev/tty0 c 4 0
mknod -m 666 “$target”/dev/urandom c 1 9
mknod -m 666 “$target”/dev/zero c 1 5

amazon linux yum will fail without vars set

if [ -d /etc/yum/vars ]; then
mkdir -p -m 755 “$target”/etc/yum
cp -a /etc/yum/vars “$target”/etc/yum/
fi

if [[ -n “$install_groups” ]]; then
yum -c “$yum_config” –installroot=”$target” –releasever=/ –setopt=tsflags=nodocs

–setopt=group_package_types=mandatory -y groupinstall “${install_groups[@]}”
fi

if [[ -n “$install_packages” ]]; then
yum -c “$yum_config” –installroot=”$target” –releasever=/ –setopt=tsflags=nodocs

–setopt=group_package_types=mandatory -y install “${install_packages[@]}”
fi

yum -c “$yum_config” –installroot=”$target” -y clean all

cat > “$target”/etc/sysconfig/network « EOF
NETWORKING=yes
HOSTNAME=localhost.localdomain
EOF

effectively: febootstrap-minimize –keep-zoneinfo –keep-rpmdb –keep-services “$target”.

locales

rm -rf “$target”/usr/{{lib,share}/locale,{lib,lib64}/gconv,bin/localedef,sbin/build-locale-archive}

docs and man pages

rm -rf “$target”/usr/share/{man,doc,info,gnome/help}

cracklib

rm -rf “$target”/usr/share/cracklib

i18n

rm -rf “$target”/usr/share/i18n

yum cache

rm -rf “$target”/var/cache/yum
mkdir -p –mode=0755 “$target”/var/cache/yum

sln

rm -rf “$target”/sbin/sln

ldconfig

rm -rf “$target”/etc/ld.so.cache “$target”/var/cache/ldconfig
mkdir -p –mode=0755 “$target”/var/cache/ldconfig

if [ -z “$version” ]; then
for file in “$target”/etc/{redhat,system}-release; do
if [ -r “$file” ]; then
version=”$(sed ‘s/^[^0-9]([0-9.]+).$/\1/’ “$file”)”
break
fi
done
fi

if [ -z “$version” ]; then
echo >&2 “warning: cannot autodetect OS version, using ‘$name’ as tag”
version=$name
fi

tar –numeric-owner -c -C “$target” .

docker import - $name:$version

docker run -i -t –rm $name:$version /bin/bash -c ‘echo success’

rm -rf “$target”