Dalec: Declarative Linux Package and Container Builds with Azure Linux and Docker BuildKit

SertacOzercan presents Dalec, a declarative BuildKit frontend for building system packages and containers across distributions like Azure Linux. The guide highlights key benefits for developers, operators, and security-conscious teams.

Dalec: Declarative Linux Package and Container Builds with Azure Linux and Docker BuildKit

Overview

Dalec, a Cloud Native Computing Foundation (CNCF) Sandbox project, is a powerful tool designed to simplify and modernize Linux package and container image creation. Using a single YAML specification, Dalec enables reproducible builds targeting both traditional packages (RPM, DEB) and minimal container images. It is implemented as a Docker BuildKit frontend, requiring only Docker to get started—no other tools, agents, or complex pipelines are necessary.

Supported Platforms

• Azure Linux (first-class support)
• AlmaLinux
• Rocky Linux
• Debian
• Ubuntu
• Expandable to others via pluggable backends

Key Features and Benefits

• Zero Installation Overhead: No extra dependencies—works out of the box with standard Docker
• Built for Speed: BuildKit-powered caching speeds up rebuilds
• Unified Specification: Replace scattered Dockerfiles and spec files with one YAML config
• Compliance and Security: Built-in support for SBOM generation, provenance attestations, and package signing
• Multi-Distribution: Build RPM and DEB packages, as well as containers, targeting several Linux distributions from the same spec
• Composability: Declarative approach makes it easy to manage variations across targets
• CI/CD Ready: Seamlessly integrates into GitHub Actions, GitLab CI, Jenkins, or Kubernetes-native pipelines

Who Benefits from Dalec?

• Application Developers: Create distribution-ready packages without deep knowledge of RPM or Debian conventions.
• Platform Operators: Centralize packaging standards and leverage reproducible, traceable build flows.
• Package Maintainers: Target multiple OS distributions with one source of truth, minimizing duplication.
• Security and Compliance Teams: Satisfy supply chain mandates via SBOMs and cryptographic provenance.

How Dalec Works

Dalec serves as a Docker BuildKit frontend; just add a line to your YAML spec:

# syntax=ghcr.io/project-dalec/dalec/frontend:latest

Build Workflow

1. Source Acquisition: Fetch code from Git, archives, or various package registries
2. Dependency Management: Automatically handles build- and run-time dependencies, including language modules (Go, Rust, etc.)
3. Build Steps: Configure build commands and environment
4. Package Creation: Outputs RPM or DEB packages, with optional container images
5. Testing: Installs and validates packages in clean test environments
6. Optional Containerization: Build minimal containers using the produced packages

Example: Multi-Target Build with Azure Linux

Dalec allows you to generate packages and container images for Azure Linux and other distributions with a simple YAML configuration. Here’s a conceptual snippet:

# syntax=ghcr.io/project-dalec/dalec/frontend:latest

name: myapp
version: 1.0.0
sources:
  git:
    url: https://github.com/example/myapp.git
    commit: v1.0.0
dependencies:
  build:
    gcc:
  runtime:
    openssl:
build:
  steps:
    - command: |
        make && make install
image:
  entrypoint: /usr/bin/myapp

This configuration can target Ubuntu, Debian, or Azure Linux just by changing parameters.

Real-World Scenarios

• Open Source Distribution: Replace scattered build scripts with one spec, producing cross-distro packages and images
• Enterprise CI/CD: Integrate into existing Docker-based CI/CD to automate SBOM and attestation workflows
• Security-Critical Environments: Guarantee traceability and trust with built-in package signing and provenance
• Kubernetes-Optimized Images: Output minimal containers (e.g., for Azure Kubernetes Service)

Security and Compliance

Dalec is designed with supply chain security in mind:

• SBOMs: Get an auditable bill of materials for every build
• Provenance Attestations: BuildKit documents how, where, and from what your packages/images are built
• Package Signing: GPG-based signature support for tamper-evident distribution

References for further detail:

• Dalec on GitHub
• Dalec Quickstart Guide
• BuildKit Frontend Docs

Getting Started

1. Clone a sample YAML spec from Dalec’s examples
2. Run a build: docker build -f my-spec.yml .
3. Review packaging results and SBOMs
4. Integrate with CI or cloud-native build systems if needed (including Kubernetes)

Community and Contributions

• Join discussions on CNCF Slack #dalec
• Learn more: Dalec Documentation
• Contribute: Contribution Guide

---

This post appeared first on “Microsoft Tech Community”. Read the entire article here