sdk-container-builds icon indicating copy to clipboard operation
sdk-container-builds copied to clipboard

Published 20 hours ago verified publisher icon dotnet

Infer `scratch` base image for applications that are statically-linked

Open baronfel opened this issue 2 years ago • 0 comments

Per this tweet it is now possible to compile .NET applications that are static-linked and run on a distroless/scratch container. We should detect this scenario and infer scratch on the users's behalf.

A sample project file from the tweet is:

<Project Sdk="Microsoft.NET.Sdk">
	<PropertyGroup>
		<OutputType>Exe</OutputType>
		<TargetFramework>net8.0</TargetFramework>
		<ImplicitUsings>enable</ImplicitUsings>
		<Nullable>enable</Nullable>

		<EventSourceSupport>false</EventSourceSupport>
		<UseSystemResourceKeys>true</UseSystemResourceKeys>
		<EnableUnsafeBinaryFormatterSerialization>false</EnableUnsafeBinaryFormatterSerialization>
		<IlcFoldIdenticalMethodBodies>true</IlcFoldIdenticalMethodBodies>
		<IlcGenerateStackTraceData>false</IlcGenerateStackTraceData>
		<InvariantGlobalization>true</InvariantGlobalization>
		<IlcInstructionSet>avx2,bmi2, fma,pclmul, popcnt,aes</IlcInstructionSet>
		<IlcOptimizationPreference>Size</IlcOptimizationPreference>

		<StripSymbols>true</StripSymbols>
		<StaticExecutable>true</StaticExecutable>
		<StaticICULinking>true</StaticICULinking>
		<StaticOpenSslLinking>true</StaticOpenSslLinking>
		<StaticNumaLinking>true</StaticNumaLinking>
	</PropertyGroup>

	<ItemGroup>
		<DirectPInvoke Include="sum" />
		<Nativelibrary Include="sum.a" />
	</ItemGroup>
</Project>

Detection conditions

Ideally not all of the above boolean markers - is there something more minimal or semantic to hang off of?

Based on feedback from KatsuyaSawada, the last four booleans are the trigger. So the condition would be

<PropertyGroup>
<_IsStaticLinked Condition="'$(StaticExecutable)' == 'true' and 
                            '$(StaticICULinking)' == 'true' and
                            '$(StaticOpenSslLinking)' == 'true' and
                            '$(StaticNumaLinking)' == 'true'">true</_IsStaticLinked>
</PropertyGroup>

<PropertyGroup Condition="$(ContainerBaseImage) == ''">
  <_ContainerBaseImageName Condition="'$(_IsStaticLinked_)' == 'true'">scratch</_ContainerBaseImageName> <!-- or some other mechanism of specifying no base image -->
  ... rest of conditions ...
</PropertyGroup>

Blockers

We don't support scratch yet - I hacked this together in https://github.com/dotnet/sdk-container-builds/pull/327 but we should have a more concrete concept of deriving an image from nothing.

baronfel avatar Feb 22 '23 16:02 baronfel