busybox icon indicating copy to clipboard operation
busybox copied to clipboard
verified publisher icon prometheus

add os-release files to images

Open bobcallaway opened this issue 1 year ago • 6 comments

It would be helpful for image scanners to have /etc/os-release (symlinked to /usr/lib/os-release) included in these images. Right now when running prometheus/node-exporter in my cluster, the background image scanners are constantly complaining on every sweep that the OS source of the container can not be detected.

The one file is 267 bytes (plus the symlink) so it does not have a meaningful impact on image size.

fyi @SuperQ @sdurrheimer

bobcallaway avatar Dec 18 '24 13:12 bobcallaway

I'm not sure we should do this. This copies in the Debian signature, which misrepresents what out BusyBox image is.

SuperQ avatar Dec 23 '24 11:12 SuperQ

I'm not sure we should do this. This copies in the Debian signature, which misrepresents what out BusyBox image is.

It's your call of course, but since you're sourcing core components from Debian it made sense to me.

Another option is that you could still write a file to /etc/os-release but fill it with values that make sense for your use case (e.g. this is what distroless images do). I'm happy to change this PR to do that if you'd like.

bobcallaway avatar Dec 23 '24 12:12 bobcallaway

Yes, adding a custom distroless os-release makes more sense to me. Interestingly I checked the official busybox container, it also does not have an os-release.

SuperQ avatar Dec 23 '24 12:12 SuperQ

friendly ping - any thoughts on this updated PR?

bobcallaway avatar Jan 03 '25 16:01 bobcallaway

Build is failing. :thinking:

SuperQ avatar Jan 03 '25 18:01 SuperQ

Build is failing. 🤔

https://app.circleci.com/pipelines/github/prometheus/busybox It was failing before for something unrelated.

bobcallaway avatar Jan 03 '25 20:01 bobcallaway