Hi!
What is recommended way to update Docker containers with Gentoo?
I mean, each container is supposed to be small and unique, having
installed only packages needed for app which will run in this container.
So, with 100 different apps we may have 100 different containers with
Gentoo, each with custom set of packages, and even same packages may be
built with different USE-flags or using different versions - that's the
main point of Docker, provide each app with environment it needs.
But Gentoo release updates every few hours, some of them are important
security updates, so at a glance it looks like we'll have to rebuild and
restart all containers every few hours/days, and we'll have to compile all
packages multiple times - once per each container - which isn't acceptable
at all because of too much CPU resources needed (but it should be possible
to mitigate this by using binary packages in cases when USE flags match
and ccache to speedup other cases).
Am I missing something, or only way to keep Docker containers secure is
rebuild all containers each time I run `emerge --sync && emerge -uDN world`
on host?
--
WBR, Alex.
