apple container with containerd

Dockerfile

FROM debian:testing AS build

# log_proxy
RUN apt-get update
RUN apt-get install -y --no-install-recommends build-essential
RUN apt-get install -y pkg-config libglib2.0-dev
RUN apt-get install -y wget openssl ca-certificates
RUN wget --content-disposition https://github.com/metwork-framework/log_proxy/archive/refs/tags/v0.7.4.tar.gz \
    && tar xzf log_proxy-0.7.4.tar.gz && cd log_proxy-0.7.4 && make install STATIC=yes

FROM debian:testing

# openrc (init)
RUN apt-get update && apt-get install -y --no-install-recommends openrc && rm -rf /var/lib/apt/lists/* 
RUN rm -f /etc/init.d/cgroups /etc/init.d/hwclock.sh
RUN echo 'rc_need="!sysfs !cgroups !net !localmount"' >>/etc/rc.conf
ENTRYPOINT ["/sbin/openrc-init"]

# containerd runc
RUN apt-get update && apt-get install -y --no-install-recommends containerd runc && rm -rf /var/lib/apt/lists/*
ADD https://raw.githubusercontent.com/alpinelinux/aports/refs/heads/master/community/containerd/containerd.initd /etc/init.d/containerd
ADD https://raw.githubusercontent.com/alpinelinux/aports/refs/heads/master/community/containerd/containerd.confd /etc/conf.d/containerd
RUN chmod +x /etc/init.d/containerd && rc-update add containerd
COPY --from=build /usr/local/bin/log_proxy /usr/local/bin/log_proxy
RUN apt-get update && apt-get install -y --no-install-recommends containernetworking-plugins && rm -rf /var/lib/apt/lists/*
RUN update-alternatives --set iptables /usr/sbin/iptables-legacy

RUN apt-get update && apt-get install -y wget openssl ca-certificates && rm -rf /var/lib/apt/lists/* 

# buildkit nerdctl
RUN wget -nv https://github.com/moby/buildkit/releases/download/v0.17.3/buildkit-v0.17.3.linux-arm64.tar.gz \
    && tar Cxzvvf /usr buildkit-v0.17.3.linux-arm64.tar.gz && rm buildkit-v0.17.3.linux-arm64.tar.gz
ADD https://raw.githubusercontent.com/alpinelinux/aports/refs/heads/master/community/buildkit/buildkitd.initd /etc/init.d/buildkitd
ADD https://raw.githubusercontent.com/alpinelinux/aports/refs/heads/master/community/buildkit/buildkitd.confd /etc/conf.d/buildkitd
RUN sed -e 's/#\(supervisor=supervise-daemon\)/\1/' -i /etc/conf.d/buildkitd
RUN chmod +x /etc/init.d/buildkitd && rc-update add buildkitd
RUN wget -nv https://github.com/containerd/nerdctl/releases/download/v1.7.6/nerdctl-1.7.6-linux-arm64.tar.gz \
    && tar Cxzvvf /usr/local/bin nerdctl-1.7.6-linux-arm64.tar.gz && rm nerdctl-1.7.6-linux-arm64.tar.gz

RUN apt-get update && apt-get install -y vim-tiny procps psmisc && rm -rf /var/lib/apt/lists/* 

Need to use debian 13 for supervise-daemon to support log_proxy, and need to build log_proxy from source (no deb)
With debian 12 (stable), the containerd.log is empty since the log_proxy is not supported. Could revert the init*, but...

* https://gitlab.alpinelinux.org/alpine/aports/-/commit/3c55e19a0af5112c93330e7d423d502b50d72add (adds log_proxy)

https://packages.debian.org/search?keywords=openrc&searchon=names&exact=1&suite=all&section=all

---

build container image with buildkit
container build -t debian-openrc .

start container VM in the background
container=$(container run -d debian-openrc)

open a shell in the running container
container exec -it $container bash

nerdctl version

Client:
 Version:	v1.7.6
 OS/Arch:	linux/arm64
 Git commit:	845e989f69d25b420ae325fedc8e70186243fd93
 buildctl:
  Version:	v0.17.3
  GitCommit:	dc30e8355a4691bb34a23dd7161306977eecd5d8

Server:
 containerd:
  Version:	1.7.24~ds1
  GitCommit:	1.7.24~ds1-6+b2
 runc:
  Version:	1.1.15+ds1
  GitCommit:	1.1.15+ds1-2+b3

nerdctl info

 Server Version: 1.7.24~ds1
 Storage Driver: overlayfs
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Log: fluentd journald json-file syslog
  Storage: native overlayfs
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.12.28
 Operating System: Debian GNU/Linux 13 (trixie)
 OSType: linux
 Architecture: aarch64
 CPUs: 4
 Total Memory: 992.2MiB
 Name: fbb45889-c616-424f-950b-f280d9e38ed2
 ID: c4cc4b3c-e1e7-4468-8d33-efffde072657