bgems VS dockerfiles

One problem you're likely to run into is that systems using the same packaging lineage cut the same dependency up in different ways. The "right name" for a dependency can change between Ubuntu and Debian, between different releases of Ubuntu, and different architectures. It very quickly gets out of hand for any interesting set of dependencies. Now it might be that there's enough stability in the repositories these days that that's less true than it was, but I remember running into some really annoying cases at one point when I had a full gem mirror to play with.

This is one of those problems that sounds easy but gets really fiddly. I had a quick run at it from a slightly different direction a looooong time ago: binary gems (https://github.com/regularfry/bgems although heaven knows if it even still runs). Precompiled binary gems would dramatically speed up installation at the cost of a) storage; and b) getting it right once. The script I cobbled together gathers the dependencies together into a `.Depends` file which you can just pipe through to the package manager, and could happily use to strap together a package corresponding to the dependency list.

I've never really understood why a standard for precompiled gems never emerged, but it turns out it's drop-dead simple to implement. The script does some linker magic to reverse engineer the dpkg package dependency list from a compiled binary. I was quite pleased with it at the time, and while I don't think it's bullet-proof I do think it's worth having a poke at for ideas. Of course it can only detect binary dependencies, not data dependencies or anything more interesting, so there's still room for improvement.

https://blog.jessfraz.com/post/docker-containers-on-the-desk... is the one I remember, a bit old but still useful to see how she does it.

Seems super painful and indirected for a nebulous gain to me, but find your joy however you want I guess

Jess does some awesome stuff and this is literally what you asked for. hollywood

mildly relevant https://blog.jessfraz.com/post/docker-containers-on-the-desktop/

Some of my day-to-day software.

After knowing that saved Chrome passwords and cookies in Linux are not protected against malicious dependencies in our development environment or other apps in our system, I decided to run my core apps in Docker containers, where their data is not accessible without sudo, and a personal understanding of where stuff is being saved.

These docker containers are also an improved version of https://github.com/jessfraz/dockerfiles/

Contrary to the project above, docker-workspaces runs Chrome in a sandbox, encrypts keys with the help of an also dockerized gnome-keychain, and works in tandem with pulseaudio, so you can use wired headphones (i still need to add some dependencies for it to work with bluetooth headphones).

Thank you. As someone who uses containers a lot (even to run local programs, shout out to https://blog.jessfraz.com/post/docker-containers-on-the-desk...) this makes some sense to me.

I'm a little way into the Nix Pills document (https://nixos.org/guides/nix-pills/why-you-should-give-it-a-...) which seems to start the explanation from a place where I can understand.