DPC2023: Building the World: the story behind Wolfi, the Linux undistro built for containers

Security

Discover the story behind Wolfi, a Linux undistro built for containers, with a focus on reproducibility, security, and efficiency. Learn about its features, build process, and applications in this engaging presentation.

Key takeaways
  • Wolfi (Volfi) is a Linux undistro built for containers
  • It started as a fork of Alpine Linux
  • The goal is to build images that are reproducible, secure, and efficient
  • Wolfi uses Melange, a declarative APQ-built tool, to build packages
  • Melange and APK are siblings, both built for containerization
  • Wolfi has over 18,000 packages available in the repo
  • The build process involves three stages: preparing the build folder, building the package, and finalizing the image
  • Wolfi is designed to be lightweight and focused on specific use cases
  • It is used by ChainGuard, a company that builds security tools
  • The speaker built PHP from source in Wolfi, which was a complex build
  • Wolfi uses APKO, a tool that builds package lists, to build its images
  • The images are reproducible and can be built on demand
  • Wolfi is committed to security and has reduced its CVE count to zero
  • The company is open to contributions and feedback from the community

More talks

Pierre Ducroquet Multi tenant database the good, the bad, the ugly

URB Excalibur: The New VMware All-Platform VM Escapes

EDR Reloaded: Erase Data Remotely

How to Make Hugging Face to Hug Worms: Discovering and Exploiting Unsafe Pickle.loads

Hosting and DevOps for Django with Benjamin "Zags" Zagorsky

The Hacker’s Guide to Kubernetes Security by Patrycja Wegrzynowicz

Edmondo Orlotti | Supporting the AI Journey through 2030 | Rise of AI Conference 2022

SAINTCON 2016 - Nathan Cooper - Social Engineering