How Chisel works

The purpose of Chisel is to create a minimal Ubuntu root file system comprising only the application and its runtime dependencies. Chisel is especially useful for developers who are looking to create minimal and distroless-like container images.

Chisel uses the cut command to slice Ubuntu packages, as depicted in the workflow below:

Read and parse chisel-releases

Chisel fetches, reads and validates the chisel-release. This includes parsing the chisel.yaml and slice definitions while validating the release and checking for conflicting paths across packages.

Talk to archives and fetch packages

Chisel talks to the archives directly. It fetches, validates and parses their InRelease files. It then resolves which archive holds the requested packages and fetches the corresponding package tarballs.

Install package slices

Chisel groups and merges all slice definitions per package. Then, for every package, it extracts the specified slices’ paths into the provided root file system.

Run mutation scripts

Chisel then runs the mutation scripts . Only the mutable files may be modified at this stage. Finally, the files specified with until:mutate are removed from the provided root file system.