gvmkit Docker API dependencies

[DerekJarvis]

I'm trying to develop a way to automate the generation of GVM images. This means setting up a container that has the Yagna service running and other dependencies installed in order to run gvmkit-build.

I notice that the gvmkit-build command heavily relies on Docker APIs - it's using Docker Python Client to pull images. This requires running a full privileged Docker In Docker instance (which has security issues). The other option is to pass the Docker socket from the host to the container that is trying to build GVM images - this creates other complications.

In general, is it in the roadmap to remove some of the dependencies on the Docker API? In my opinion, the primary purpose of the gvmkit-build tool is to convert a container to a GVM image. It seems it should be possible to pass in an exported/flattened tar file that is an image of a container. Or perhaps to use a different build tool (Kaniko, Builda) to make the image. This would remove the dependency on the Docker API completely as far as pulling the image.

Next, the gvmkit-build uses a squashfs docker image for doing some of the manipulation to convert to a GVM image. Is it possible to do this as a regular script instead of requiring a Docker to do it? Because using a Docker for this again requires full Docker In Docker or passing the Docker socket to a container.

So to summarize: if we allow gvmkit-build to accept an image file as input, and if we allow converting the image without a squashfs Docker image, then we would be able to containerize the entire gvmkit-build environment. If we allow this, and we have network available on golem nodes, then we would be able to offload GVM image building to the golem network. Then golem nodes could build golem images for other nodes! Even without network for doing remote builds, I think being able to containerize the build environment could make it easier to make new images.