DPC2023: Building the World: the story behind Wolfi, the Linux undistro built for containers

Security

Discover the story behind Wolfi, a Linux undistro built for containers, with a focus on reproducibility, security, and efficiency. Learn about its features, build process, and applications in this engaging presentation.

Key takeaways
  • Wolfi (Volfi) is a Linux undistro built for containers
  • It started as a fork of Alpine Linux
  • The goal is to build images that are reproducible, secure, and efficient
  • Wolfi uses Melange, a declarative APQ-built tool, to build packages
  • Melange and APK are siblings, both built for containerization
  • Wolfi has over 18,000 packages available in the repo
  • The build process involves three stages: preparing the build folder, building the package, and finalizing the image
  • Wolfi is designed to be lightweight and focused on specific use cases
  • It is used by ChainGuard, a company that builds security tools
  • The speaker built PHP from source in Wolfi, which was a complex build
  • Wolfi uses APKO, a tool that builds package lists, to build its images
  • The images are reproducible and can be built on demand
  • Wolfi is committed to security and has reduced its CVE count to zero
  • The company is open to contributions and feedback from the community

More talks

Refresher on Containers, Algorithms and Performance in C++ - Vladimir Vishnevskii - CppCon 2022

Philipp Krenn - Open Policy Agent: security for cloud natives and everyone else

SAINTCON Hallway - Grifter

DPC2019: Automatic Web Page Optimisation in Pure PHP - Albert Peschar

Encrypted File System for Rust/Android Applications by Stefan Schindler - Rust Zürisee Feb 2023

Önder Ceylan - Rethinking Browser Automation: Unleashing the Power of Puppeteer and Playwright

Irene Comalada – DevSecOps, stay away from being in the news

Devoxx Greece 2024 - Plenty of Platforms - Lessons learned