Moby
aptly
Our great sponsors
Moby | aptly | |
---|---|---|
212 | 17 | |
67,687 | 2,509 | |
0.4% | 0.9% | |
10.0 | 7.7 | |
6 days ago | about 10 hours ago | |
Go | Go | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Moby
-
Release Radar • March 2024 Edition
Having been featured in our February 2023, and January 2024 Release Radars, Moby is the original Linux Container runtime. This new version adds a bunch of changes to the Docker CLI and Moby itself with additional features. There's bug fixes and enhancements, with the main thing for users to be on the look out for containers that were created using Docker Engine 25.0.0. These containers might have duplicate MAC addresses, and thus must be recreated. The same goes for those containers created with Moby 25.0+ and with user defined MAC addresses. Read up on all these changes in the release notes.
-
Choosing a Name for Your Computer
Formlabs does this as well for their 3d printers, my earliest encounter of this was when Docker started getting popular: https://github.com/moby/moby/blob/master/pkg/namesgenerator/...
- Docker Inc. refuses to patch HIGH vulnerabilities in Docker
-
Do not install Docker Desktop on GNU/Linux systems
Try to use moby instead since that is the engine in Docker.
https://github.com/moby/moby
-
Exploring Podman: A More Secure Docker Alternative
> Podman is designed to help with this by providing stronger default security settings compared to Docker. Features like rootless containers, user namespaces, and seccomp profiles, while available in Docker, aren't enabled by default and often require extra setup.
Seccomp has been enabled by default since 2015: https://github.com/moby/moby/pull/18780
It is true that Rootless isn't enabled by default but its "extra setup" can be done with a single command (`dockerd-rootless-setuptool.sh install`)
- Moby: Block io_uring_* syscalls in default profile
- Io_uring will be blocked by default on Docker
-
OpenZFS 2.2: Block Cloning, Linux Containers, BLAKE3
Perhaps.
Thing is, https://github.com/moby/moby/blob/670bc0a46c4ca03b75f1e72f73... is using https://github.com/mistifyio/go-zfs which features code like `out, err := zfsOutput("get", "-H", key, d.Name)` (Source: https://github.com/mistifyio/go-zfs/blob/master/zfs.go#L315) to get a single zfs property.
Somebody chose to use a library as abstraction that looks good but is implemented as a MVP (nothing wrong with that). "In the future, we hope to work directly with libzfs" should have raised an alarm somewhere, though.
-
The Twelve-Factor App
AppArmor can restrict /proc and this is even used by docker: https://github.com/moby/moby/blob/master/contrib/apparmor/te...
aptly
- What is an appropriate way to install debian packages in a completely air-gapped environment?
-
About nautilus-typeahead
You should ask in the upstream bug tracker (is it this one? https://github.com/lubomir-brindza/nautilus-typeahead). First step is to get it to build for Debian manually/locally - i.e. patch the official nautilus Debian package. Then it's easy to setup a personal APT repository with aptly
-
WSUS Alternative solution for Linux Systems
Exactly what aptly is for. No idea about CentOS side, for that we just had rsync from official repo + some scripts
-
Zabbix in isolated environment
I'm not sure if this is an option, because it might break the isolation model, but you could setup repo mirrors in whatever tool of choice you like, but for Debian/Ubuntu, I think aptly is really featureful.
-
How can I automate .deb GPG signing procedure?
I know that it is not directly what you asked about, but without knowing how the signed debs are being used, I can say that if you were to use aptly to create an apt repo to house your debs to then be installed on whatever machines offline (assuming network connectivity, which may be an incorrect assumption), it requires you to sign a published repo/mirror, and also requires you to install and trust the key on any systems that you then want to use to install package unless you specifically use [trusted=yes] in the apt repo list file.
-
Are there any extra steps to creating a Debian repository mirror?
There's also Aptly but I've never used it. Looks neat, though.
-
Archiving Debian ISO
I personally just mirror the packages for what ever I'm using with aptly and use the netinstall iso and point it to that local mirror. The netinstall iso will pull any needed updated from the repo.
-
Linux Host Patch Management
Take a look at Aptly.
-
Centralized patching for Ubuntu
Aptly is a purpose-built DEB content management solution. Never used but I've heard good things.
-
Linux Package repo server
The last time I got involved in repo/package management, we used aptly Later moved to Jfrog artifactory. The latter is very expensive.There is also pulp some said it is good, which I personally never managed in production environment, so I can't recommend for or against.
What are some alternatives?
podman - Podman: A tool for managing OCI containers and pods.
apt-mirror - Official apt-mirror source.
containerd - An open and reliable container runtime
s5cmd - Parallel S3 and local filesystem execution tool.
nerdctl - contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...
bosun - Time Series Alerting Framework
docker-openwrt - OpenWrt running in Docker
refrapt - Tool to create local Debian mirrors using Python
ofelia - A docker job scheduler (aka. crontab for docker)
awsenv - AWS environment config loader
k3d - Little helper to run CNCF's k3s in Docker
kubernetes - Production-Grade Container Scheduling and Management