Search code examples
bashdockerdockerfilecontainersdistroless

If I omit a shell in my distroless dockerfile, can I still run a script with if/else keywords within the resulting container?

I have a shell script that I need to run in a container, which normally has bash installed. However, I am looking to migrate this container to be distroless, and only want to install the most necessary binaries and artifacts in my container.

I have a basic shell script, here is a snippet from it:

#! /usr/bin/env bash

function _process_msg() {
  if [[ -n "${SCRIPT_MSG}" ]]; then
    echo -e "\e[32mDEBUG:   $1\e[39m" >&2
    for text in "$@"; do
      echo -e "\e[32m         ${text}\e[39m" >&2
    done
  fi
}

I execute this script in my container like so (in my Dockerfile):

CMD ["/my-bash-script"]

What the script does doesn't matter so much; what matters is, as you can see, my script has keywords like "if", "else", "function", "for", "done" in there. My understanding is that these keywords are built into the shell, in my case bash. However, I am not entirely sure, which is why I am posting here.

If I were to remove /usr/bin/bash and /usr/bin/sh from my container, would I still be able to run a script like this? If not, is there some way I can install these specific commands, without needing to install the entire shell?

Also, I am not sure if I am thinking in terms of the right approach here, so any guidance on best practices would be helpful.

Solution

  • If I omit a shell in my distroless dockerfile, can I still run a script with if/else keywords within the resulting container?

    No.

    My understanding is that these keywords are built into the shell, in my case bash. However, I am not entirely sure, which is why I am posting here.

    They are. Parsing and executing the script, function definitions and redirections >&2 are all part of the shell.

    If I were to remove /usr/bin/bash and /usr/bin/sh from my container, would I still be able to run a script like this

    No.

    (I do not like "be able", you are always "able", everything is possible. You can download a precompiled bash executable and run it. You can have bash in a different location. You can write your own shell compatible with bash. etc.)

    If not, is there some way I can install these specific commands, without needing to install the entire shell?

    No.

    any guidance

    Do not use both function and (). Just _process_msg() no function. https://wiki.bash-hackers.org/scripting/obsolete . Check your scripts with shellcheck

    Your script can be easily rewritten in POSIX sh, in which case https://busybox.net/ .