From d1e8841d21955a0cc5a7aa34b3fb341e9f89aa03 Mon Sep 17 00:00:00 2001
From: Chris Guest <chris.guest75@hotmail.com>
Date: Tue, 2 May 2023 23:18:48 +0100
Subject: [PATCH 1/2] Try nerdctl

---
 96_nerdctl/Dockerfile.ffmpeg | 74 ++++++++++++++++++++++++++++++++++++
 96_nerdctl/README.md         | 31 +++++++++++++++
 96_nerdctl/ffmpeg/flake.lock | 42 ++++++++++++++++++++
 96_nerdctl/ffmpeg/flake.nix  | 19 +++++++++
 4 files changed, 166 insertions(+)
 create mode 100644 96_nerdctl/Dockerfile.ffmpeg
 create mode 100644 96_nerdctl/README.md
 create mode 100644 96_nerdctl/ffmpeg/flake.lock
 create mode 100644 96_nerdctl/ffmpeg/flake.nix

diff --git a/96_nerdctl/Dockerfile.ffmpeg b/96_nerdctl/Dockerfile.ffmpeg
new file mode 100644
index 0000000..b2158bb
--- /dev/null
+++ b/96_nerdctl/Dockerfile.ffmpeg
@@ -0,0 +1,74 @@
+# syntax=docker/dockerfile:1.4
+ARG baseimage="scratch"
+FROM nixos/nix:latest AS BUILDER
+
+ARG FLAKE=ffmpeg
+
+WORKDIR /scratch
+
+COPY --chmod=755 <<EOF /scratch/enable-flakes.sh
+#!/usr/bin/env bash
+cat <<- HEREDOC > /etc/nix/nix.conf
+experimental-features = nix-command flakes
+# WARNING: This is a security risk - for arm builds only
+filter-syscalls = false
+HEREDOC
+EOF
+RUN "/scratch/enable-flakes.sh"
+
+COPY ./ffmpeg ./
+
+# NOTE: Escape the \$ otherwise they are rendered at buildtime
+COPY --chmod=755 <<EOF /scratch/exportldd.sh
+#!/usr/bin/env bash
+# Make sure these are dynamically discovered
+LDD_PROGRAM=$(find / -type f -executable -name "ldd")
+AWK_PROGRAM=$(find / -type f -executable -name "gawk")
+FFMPEG_PROGRAM=$(find / -type f -executable -name "ffmpeg")
+mkdir -p /output/libs /output/bin
+
+echo "LDD_PROGRAM=\$LDD_PROGRAM"
+echo "AWK_PROGRAM=\$AWK_PROGRAM"
+echo "FFMPEG_PROGRAM=\$FFMPEG_PROGRAM"
+echo \$(which ffmpeg)
+echo
+
+while IFS=, read -r PROGRAM_FILE
+do
+    #echo \$PROGRAM_FILE
+    \${LDD_PROGRAM} "\$PROGRAM_FILE" > /scratch/libs.txt
+    cat /scratch/libs.txt | \${AWK_PROGRAM} 'NF == 4 { {print \$3} }' > /scratch/libs_extracted.txt    
+    cat /scratch/libs_extracted.txt | \${AWK_PROGRAM} -F/ -vOFS=/ '{ print \$1,\$2,\$3,\$4; }' | sort -u >> /scratch/libs_paths.txt
+    cp "\$PROGRAM_FILE" /output/bin
+done << PROGRAMS
+\$FFMPEG_PROGRAM
+PROGRAMS
+
+tar -cvf /scratch/libraries.tar -T /scratch/libs_paths.txt
+tar xf /scratch/libraries.tar --directory=/output/libs
+# remove includes and manpages (add this once tested - reduces image by 45MB)
+find /output -iname "share" -or -iname "include" | xargs rm -rf
+EOF
+
+RUN nix develop --impure --command bash -c '/scratch/exportldd.sh'
+ 
+CMD ["./output/bin/$PROGRAM_FILE", "-version"]
+
+FROM $baseimage AS PRODUCTION
+
+COPY --from=BUILDER /output/bin/ /usr/bin/
+COPY --from=BUILDER /output/libs /
+
+# NOTE: Escape the \$ otherwise they are rendered at buildtime
+# If using distroless, use this instead
+#!/busybox/env sh
+COPY --chmod=755 <<EOF /usr/bin/show_architecture.sh
+#!/usr/bin/env bash
+cat /proc/version
+cat /proc/cpuinfo
+lscpu
+uname -a    
+EOF
+
+ENTRYPOINT [ "/usr/bin/ffmpeg" ]
+CMD ["/usr/bin/ffmpeg", "-version"]
diff --git a/96_nerdctl/README.md b/96_nerdctl/README.md
new file mode 100644
index 0000000..250c727
--- /dev/null
+++ b/96_nerdctl/README.md
@@ -0,0 +1,31 @@
+# NERDCTL
+
+Demonstrate how to use `nerdctl`  
+
+## Install
+
+```sh
+# on linux or mac
+brew install nerdctl
+```
+
+
+```sh
+# build normal
+docker buildx build  --platform linux/amd64 --load --progress=plain -f Dockerfile.ffmpeg -t ffmpeg .
+
+# run
+docker run --rm -it ffmpeg 
+```
+
+```sh
+# needs rootless
+nerdctl buildx build  --platform linux/amd64 --load --progress=plain -f Dockerfile.ffmpeg -t ffmpeg .
+```
+
+## Resources
+
+* nerdctl: Docker-compatible CLI for containerd [here](https://github.com/containerd/nerdctl)  
+* Lazy-pulling using Stargz Snapshotter [here](https://github.com/containerd/nerdctl/blob/main/docs/stargz.md)  
+
+https://github.com/containerd/nerdctl/blob/main/docs/rootless.md
\ No newline at end of file
diff --git a/96_nerdctl/ffmpeg/flake.lock b/96_nerdctl/ffmpeg/flake.lock
new file mode 100644
index 0000000..9d1cd3b
--- /dev/null
+++ b/96_nerdctl/ffmpeg/flake.lock
@@ -0,0 +1,42 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "locked": {
+        "lastModified": 1676283394,
+        "narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1677074004,
+        "narHash": "sha256-keT9wK9I5VwwV0CSRMNuAhEKeUW/8nVQe+aV657fJ1U=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "eea5dc6e5d622667b990e2e4b5bb997b4434148f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/96_nerdctl/ffmpeg/flake.nix b/96_nerdctl/ffmpeg/flake.nix
new file mode 100644
index 0000000..b30e5b6
--- /dev/null
+++ b/96_nerdctl/ffmpeg/flake.nix
@@ -0,0 +1,19 @@
+{
+  description = "Install ffmpeg as a flake";
+  inputs.nixpkgs.url = "github:nixos/nixpkgs";
+  inputs.flake-utils.url = "github:numtide/flake-utils";
+
+  outputs = { nixpkgs, flake-utils, ... }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = import nixpkgs { inherit system; };
+      in
+      {
+        devShells.default = pkgs.mkShell {
+          packages = [ 
+            pkgs.ffmpeg_5 
+          ];         
+        };
+      });
+}
+ 
\ No newline at end of file

From cab501f2a10fc6560467b0c6ee7ca1da802e350f Mon Sep 17 00:00:00 2001
From: Chris Guest <chris.guest75@hotmail.com>
Date: Sun, 4 Jun 2023 23:11:55 +0100
Subject: [PATCH 2/2] Update nerdctl examples

---
 96_nerdctl/README.md | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/96_nerdctl/README.md b/96_nerdctl/README.md
index 250c727..974bdc4 100644
--- a/96_nerdctl/README.md
+++ b/96_nerdctl/README.md
@@ -7,8 +7,14 @@ Demonstrate how to use `nerdctl`
 ```sh
 # on linux or mac
 brew install nerdctl
+
+# v1.4.0
+nerdctl --version 
+
+which nerdctl
 ```
 
+## Building
 
 ```sh
 # build normal
@@ -21,6 +27,11 @@ docker run --rm -it ffmpeg
 ```sh
 # needs rootless
 nerdctl buildx build  --platform linux/amd64 --load --progress=plain -f Dockerfile.ffmpeg -t ffmpeg .
+
+# requires buildctl and buildkitd (using linuxbrew)
+sudo /home/linuxbrew/.linuxbrew/bin/nerdctl build --progress=plain -f Dockerfile.ffmpeg -t ffmpeg .
+
+brew install buildkit
 ```
 
 ## Resources
@@ -28,4 +39,7 @@ nerdctl buildx build  --platform linux/amd64 --load --progress=plain -f Dockerfi
 * nerdctl: Docker-compatible CLI for containerd [here](https://github.com/containerd/nerdctl)  
 * Lazy-pulling using Stargz Snapshotter [here](https://github.com/containerd/nerdctl/blob/main/docs/stargz.md)  
 
-https://github.com/containerd/nerdctl/blob/main/docs/rootless.md
\ No newline at end of file
+https://github.com/containerd/nerdctl/blob/main/docs/rootless.md
+
+https://github.com/moby/buildkit
+