Chainguard Container for buck2

Minimal image with buck2 build system binaries and toolchain.

Chainguard Containers are regularly-updated, secure-by-default container images.

Download this Container Image

For those with access, this container image is available on cgr.dev:

docker pull cgr.dev/ORGANIZATION/buck2:latest

Be sure to replace the ORGANIZATION placeholder with the name used for your organization's private repository within the Chainguard Registry.

Usage

The default entrypoint is set to the buck binary, and a default C/C++ toolchain is installed in the image.

docker run cgr.dev/chainguard/buck2:latest
buck2 8cb388050e28f9386ccc2458d6dcf55137e2f3b13008b2a13000994b38c496db <local>
A build system

Documentation: https://buck2.build/docs/

USAGE:
    buck2 [OPTIONS] <SUBCOMMAND>

OPTIONS:
    -h, --help
            Print help information

        --isolation-dir <ISOLATION_DIR>
            Instances of Buck2 share a daemon if and only if their isolation directory is identical.
            The isolation directory also influences the output paths provided by Buck2, and as a
            result using a non-default isolation dir will cause cache misses (and slower builds)

            [env: BUCK_ISOLATION_DIR=]
            [default: v2]

    -v, --verbose <NUMBER>
            How verbose buck should be while logging. Values: 0 = Quiet, errors only; 1 = default; 2
            = more info about errors; 3 = more info about everything

            [default: 1]

    -V, --version
            Print version information

SUBCOMMANDS:
    aquery
            Perform queries on the action graph (experimental)
    audit
            Perform lower level queries
    build
            Build the specified targets
    bxl
            Run BXL scripts
    clean
            Delete generated files and caches
    cquery
            Perform queries on the configured target graph
    ctargets
            Resolve target patterns to configured targets
    docs
            Print documentation of specified symbols
    help
            Print this message or the help of the given subcommand(s)
    init
            Initialize a buck2 project
    install
            Build and install an application
    kill
            Kill the buck daemon
    killall
            Kill all buck2 processes on the machine
    log
            Commands for interacting with buck2 logs
    lsp
            Start an LSP server for starlark files
    profile
            Profiling mechanisms
    query
            Alias for `uquery`
    rage
            Record information about the previous failed buck2 command
    root
            Find buck cell, project or package root
    run
            Build and run the selected target
    server
            Start, query, and control the http server
    starlark
            Run Starlark operations
    status
            Buckd status
    subscribe
            Subscribe to updates from the Buck2 daemon
    targets
            Show details about the specified targets
    test
            Build and test the specified targets
    uquery
            Perform queries on the unconfigured target graph

What are Chainguard Containers?

Chainguard Containers are minimal container images that are secure by default.

In many cases, the Chainguard Containers tagged as :latest contain only an open-source application and its runtime dependencies. These minimal container images typically do not contain a shell or package manager. Chainguard Containers are built with Wolfi, our Linux undistro designed to produce container images that meet the requirements of a more secure software supply chain.

The main features of Chainguard Containers include:

• Minimal design, without unnecessary software bloat
• Daily builds to ensure container images are up-to-date with available security patches
• High quality build-time SBOMs attesting to the provenance of all artifacts within the image
• Verifiable signatures provided by Sigstore
• Reproducible builds with Cosign and apko (read more about reproducibility)

For cases where you need container images with shells and package managers to build or debug, most Chainguard Containers come paired with a -dev variant.

Although the -dev container image variants have similar security features as their more minimal versions, they feature additional software that is typically not necessary in production environments. We recommend using multi-stage builds to leverage the -dev variants, copying application artifacts into a final minimal container that offers a reduced attack surface that won’t allow package installations or logins.

Learn More

To better understand how to work with Chainguard Containers, please visit Chainguard Academy and Chainguard Courses.

In addition to Containers, Chainguard offers VMs and Libraries. Contact Chainguard to access additional products.

Trademarks

This software listing is packaged by Chainguard. The trademarks set forth in this offering are owned by their respective companies, and use of them does not imply any affiliation, sponsorship, or endorsement by such companies.