Announcing Finch on Linux for Container Development

October 15, 2024 By Mark Otto 0

In 2022 AWS announced Finch, an open source command line developer tool for building, running, and publishing Linux containers on macOS. Within a year in November 2023, Finch successfully reached its 1.0 milestone for general availability (GA). Since then, we’ve expanded support from macOS to also include Windows and made virtualization framework (vz) the default vmType option, when it’s available.

Today, we are excited to announce that Finch now supports Linux in addition to Windows and macOS. With the addition of Linux support, Finch now provides a consistent container development experience across all major operating systems, making it easier for developers to run familiar Finch commands to build, run, and publish their containers.

On Linux, Finch supports the same core functionality as on other platforms, including:

  • Building container images using Dockerfiles
  • Running containers locally
  • Pushing and pulling container images to registries
  • Managing container networks and volumes
  • Composing multi-container applications using finch compose

As seen with the previous releases, Finch on Linux is built on top of open source components like nerdctl, containerd and BuildKit. This ensures a consistent, vendor neutral experience across platforms.

Finch on macOS and Windows uses an intermediate component Lima. Through Lima, Finch uses virtualization technology (QEMU or Virtualization Framework on macOS; WSL2 on Windows). This allows Finch to access the necessary Linux primitives, such as namespaces, which are required for containerization technology.

On Linux, Finch can directly utilize fundamental Kernel capabilities such as namespaces and cgroups to interact with low level components such as nerdctl and containerd without having to use an intermediary virtualization layer.

Finch on Linux diagram

Figure-1: Finch Container Development Tool Architecture on Linux

Walkthrough

Finch can be installed on Linux in two ways:

In this walkthrough, Finch is installed on an Amazon Linux 2023 based Amazon Elastic Compute Cloud (Amazon EC2) instance.

Step-1: Installing Finch

On Amazon Linux Distribution:

Finch on Linux is packaged as RPMs for Amazon Linux 2 (AL2) and Amazon Linux 2023 (AL2023). These packages are available in the Yellowdog Updater Modified (YUM) configured package repositories and can be installed using the following command:

sudo yum install runfinch-finch

This will install the Finch binary and all necessary dependencies. For more details on the latest RPM package for Amazon Linux, please refer to the release notes on the Finch CLI GitHub repository.

Enable the services to start automatically on system boot and start it immediately:

sudo systemctl enable --now containerd.service
sudo systemctl enable --now finch.service
sudo systemctl enable --now finch-buildkit.service
sudo systemctl enable --now finch-buildkit.socket

Finch on Linux can make use of some optional components, such as SOCI snapshotter and the ECR Credential Helper. On other Finch platforms, these components are installed at runtime, which works well for platforms where Finch has its own isolated VM environment. However, on a shared system, the runtime management of system dependencies can be more challenging. These components must be installed and configured manually on Linux at this time. For instructions on installing and configuring the optional Finch components on Linux, please refer to the official Finch documentation.

On Non-Amazon Linux Distributions:

In addition to the RPM packages, the Finch GitHub repository includes scripts for building RPMs from source. This allows users of all other Linux distributions, such as Fedora, to try out Finch, as long as their package management system is RPM-based.

To install Finch on non-Amazon Linux distributions, please refer to the project documentation.

Step-2: Verifying the functionality

As a way to validate the functionality of Finch, you can run a simple container. The run command will pull the image if it’s not already present, create a new container instance, and start it. To automatically remove the container after the command execution is completed, include the --rm flag, suitable for testing purposes.

sudo finch run --rm public.ecr.aws/finch/hello-finch public.ecr.aws/finch/hello-finch:latest: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:a71e474da9ffd6ec3f8236dbf4ef807dd54531d6f05047edaeefa758f1b1bb7e: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:2f848edb93f7d0cfa20d7dc7add84586fe06d258d6dd54422d8015c584ff3b9e: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:50c36f221209ea6829db90eff11db167d8cc22abf7c2c0f1e7f4a0c701c0592f: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:cb7e3bc996dd3208c5b4560d5f6571486e2fe90b5a1cc384e2d6af0dc07de02a: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1: exists |++++++++++++++++++++++++++++++++++++++|
elapsed: 1.0 s total: 2.5 Ki (2.5 KiB/s) @@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@ @@@@@@@@@@@ @@@@@@@ @@@@@@@ @@@@@@ @@@@@@ @@@@@@ @@@@@ @@@@@ @@@# @@@@@@@@@ @@@@@ @@ @@@ @@@@@@@@@@ @@@@% @ @@ @@@@@@@@@@@ @@@@ @@@@@@@@ @@@@ @@@@@@@@@@@& @@@@@ &@@@@@@@@@@@ @@@@@ @@@@@@@@ @@@@@ @@@@@( @@@@@@ @@@@@@ @@@@@@@ @@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@ Hello from Finch! Visit us @ github.com/runfinch

Step-3: Building Multi-Platform Images

Linux supports user-space emulation, which allows you to run containers built for different CPU architectures. However, QEMU’s user-mode emulation is not enabled by default on Linux systems. This means you can only build container images for the host CPU architecture platform, which could be AMD64 (x86_64) or ARM64.

To verify that we are running our commands on an AL2023 AMD64 Linux instance, we can run uname -sm and see the architecture listed as AMD64:

uname -sm Linux x86_64

We can run an AMD64 container, providing a start up command to illustrate the same architecture:

sudo finch run --rm --platform=linux/amd64 public.ecr.aws/amazonlinux/amazonlinux uname -sm Linux x86_64

Now, let’s install QEMU manually for cross-platform support. The tonistiigi/binfmt image provides an easy way to install QEMU and register the executable types on the host with a single command.

sudo finch run --privileged --rm tonistiigi/binfmt --install all

Refer to the documentation for prerequisites.

Let’s verify that the executable types are registered on the host operating system with this command:

ls -1 /proc/sys/fs/binfmt_misc/qemu-*

When QEMU is properly installed, you should see output like this:

/proc/sys/fs/binfmt_misc/qemu-aarch64
/proc/sys/fs/binfmt_misc/qemu-arm
/proc/sys/fs/binfmt_misc/qemu-mips64
/proc/sys/fs/binfmt_misc/qemu-mips64el
/proc/sys/fs/binfmt_misc/qemu-ppc64le
/proc/sys/fs/binfmt_misc/qemu-riscv64
/proc/sys/fs/binfmt_misc/qemu-s390x

Once the user-space emulation is enabled, we can create and run an ARM64 container using the --platform option to specify the non-native architecture:

sudo finch run --rm --platform=linux/arm64 public.ecr.aws/amazonlinux/amazonlinux uname -sm Linux aarch64

This enables us to build multi-platform images using Finch and also run containers on non-native architectures. Using emulation requires no changes to your Dockerfile, and BuildKit automatically detects the architectures that are available for emulation.

cat > Dockerfile << EOF
FROM public.ecr.aws/amazonlinux/amazonlinux:latest
EOF

cat Dockerfile
FROM public.ecr.aws/amazonlinux/amazonlinux:latest

By default, Finch would build for the host’s CPU architecture platform. Instead of AMD64, to build an ARM64 image, we can add the --platform flag to our command:

sudo finch build --platform linux/arm64 -t public.ecr.aws/test/finch-multiarch:latest .
[+] Building 2.5s (5/5)
[+] Building 2.6s (5/5) FINISHED => [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 147B 0.0s => [internal] load metadata for public.ecr.aws/amazonlinux/amazonlinux:latest 0.2s => [internal] load .dockerignore 0.0s => => transferring context: 2B 0.0s => CACHED [1/1] FROM public.ecr.aws/amazonlinux/amazonlinux:latest@sha256:feeb91e31912e7b3739d9cee4bc2181262f54688bc4fbd21069f3cedce03f 0.0s => => resolve public.ecr.aws/amazonlinux/amazonlinux:latest@sha256:feeb91e31912e7b3739d9cee4bc2181262f54688bc4fbd21069f3cedce03fa4f 0.0s => exporting to docker image format 2.0s => => exporting layers 0.0s => => exporting manifest sha256:31b4400935abb9c9122f6d4ad29bc086a99ad7194d45b0262834ff805eacb41f 0.0s => => exporting config sha256:cb00cd7f9ac717ae9eff509f31770586e459a066bde4ae255134f1be2d089853 0.0s => => sending tarball 2.0s
Loaded image: public.ecr.aws/test/finch-multiarch:latest

Clean Up

To clean up the stack, complete the following actions:

1. Remove container images built in the walkthrough using the following command:

sudo finch rmi public.ecr.aws/test/finch-multiarch:latest

2. Remove installed copies of Finch using the following command:

sudo yum remove runfinch-finch

Terminate any Amazon EC2 instances created for this walkthrough.

Conclusion

This blog post covered how you can install and run Finch on Linux, including the ability to run containers on cross-architecture platforms and build multi-platform container images. We encourage you to try out Finch and let us know about your experiences. Join the Finch community by starting a discussion, reporting any issues you encounter, or contributing code on our GitHub repository. We’re eager to evolve Finch with input from developers like you, so we invite you to be a part of shaping the future direction of this project.