Moby
Vcpkg
Our great sponsors
Moby | Vcpkg | |
---|---|---|
209 | 144 | |
67,569 | 21,191 | |
0.4% | 2.1% | |
10.0 | 10.0 | |
about 2 hours ago | 6 days ago | |
Go | CMake | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Moby
-
Exploring Podman: A More Secure Docker Alternative
> Podman is designed to help with this by providing stronger default security settings compared to Docker. Features like rootless containers, user namespaces, and seccomp profiles, while available in Docker, aren't enabled by default and often require extra setup.
Seccomp has been enabled by default since 2015: https://github.com/moby/moby/pull/18780
It is true that Rootless isn't enabled by default but its "extra setup" can be done with a single command (`dockerd-rootless-setuptool.sh install`)
-
OpenZFS 2.2: Block Cloning, Linux Containers, BLAKE3
Perhaps.
Thing is, https://github.com/moby/moby/blob/670bc0a46c4ca03b75f1e72f73... is using https://github.com/mistifyio/go-zfs which features code like `out, err := zfsOutput("get", "-H", key, d.Name)` (Source: https://github.com/mistifyio/go-zfs/blob/master/zfs.go#L315) to get a single zfs property.
Somebody chose to use a library as abstraction that looks good but is implemented as a MVP (nothing wrong with that). "In the future, we hope to work directly with libzfs" should have raised an alarm somewhere, though.
-
The Twelve-Factor App
AppArmor can restrict /proc and this is even used by docker: https://github.com/moby/moby/blob/master/contrib/apparmor/te...
- macOS Containers v0.0.1
-
Build Your Own Docker with Linux Namespaces, Cgroups, and Chroot
Docker by default also applies a seccomp system call whitelist per [1] and restricts capabilities per [2], amongst numerous other default hardening practices that are applied. If a Docker container really had a need to call the "reboot" system call, this permission could be explicitly added.
More complex sandboxing techniques include opening handles for sockets, pipes, files, etc and then hardening seccomp filters on top to prevent any new handles being opened. In this way, some containers can read/write defined files on a volume without having any ability to otherwise interact with file systems such as opening new files (all file system related system calls could be disabled).
[1] https://github.com/moby/moby/blob/master/profiles/seccomp/de...
[2] https://docs.docker.com/engine/security/#linux-kernel-capabi...
-
Jails on FreeBSD
Docker has to run as root, or use otherwise insecure methods ("rootless" is a sham, it requires suid binaries and CVE ridden unprivileged user namespaces).
I agree with ports, working[0][1][2] on it.
-
Pigz: Parallel gzip for modern multi-processor, multi-core machines
Useful with Docker, see https://github.com/moby/moby/pull/35697
I’ve integrated pigz into different build and CI pipelines a few times. Don’t expect wonders since some steps still need to run serially, but a few seconds here and there might still add up to a few minutes on a large build.
-
Docker developers discuss changes in how ports are to be forwarded into containers
Link to the GitHub discussion: https://github.com/moby/moby/discussions/45524
-
New Docker Goodies: Init and Watch
With 4.19.0 release, the Docker engine and CLI are updated to Moby 23.0. That brings a lot of new stuff. One of the things that can be confusing on start is that docker build is now an alias for docker buildx build. The reason is that Buildx and BuildKit are default builders on Linux and OSX. You will notice differences when building images. You'll see switching blue and white lines in the short demos above. White lines are tasks in progress, while blue ones are completed tasks. As well you'll see that Buildx is trying to run tasks in parallel.
-
What are some recent or significant updates and changes you did to your initial Arch install?
Added btrfs subvol for var lib docker and changed dockers storage driver to overlay2, ugh. https://github.com/moby/moby/issues/39815
Vcpkg
-
Dependencies Belong in Version Control
vcpkg may expire assets after 1.5 years, so achieve long-term reproducibility you will need to cache your dependencies.... Somewhere. Not sure what the expected solution is.
https://github.com/microsoft/vcpkg/pull/30546#issuecomment-1...
-
My first Software Release using GitHub Release
There were various approaches recommended depending on our language and ecosystem. My classmates who developed using Node.js were recommended npm, and PyPI or poetry for Python. Since my program is written in C++, I was recommended to look into one of vcpkg or conan, but I ultimately did not use either package manager.
-
Anyone else frustrated with Conan2?
Which dependencies are not in vcpkg? We can ask them to add it. It’s pretty easy just open an issue there https://github.com/microsoft/vcpkg/issues .
-
hypergrep: A new "fastest grep" to search directories recursively for a regex pattern
CMake Error at scripts/cmake/vcpkg_execute_build_process.cmake:134 (message): Command failed: /usr/bin/cmake --build . --config Debug --target install -- -v -j25 Working Directory: /opt/vcpkg/buildtrees/hyperscan/x64-linux-dbg See logs for more information: /opt/vcpkg/buildtrees/hyperscan/install-x64-linux-dbg-out.log Call Stack (most recent call first): installed/x64-linux/share/vcpkg-cmake/vcpkg_cmake_build.cmake:74 (vcpkg_execute_build_process) installed/x64-linux/share/vcpkg-cmake/vcpkg_cmake_install.cmake:16 (vcpkg_cmake_build) ports/hyperscan/portfile.cmake:22 (vcpkg_cmake_install) scripts/ports.cmake:147 (include) error: building hyperscan:x64-linux failed with: BUILD_FAILED Please ensure you're using the latest port files with `git pull` and `vcpkg update`. Then check for known issues at: https://github.com/microsoft/vcpkg/issues?q=is%3Aissue+is%3Aopen+in%3Atitle+hyperscan You can submit a new issue at: https://github.com/microsoft/vcpkg/issues/new?title=[hyperscan]+Build+error&body=Copy+issue+body+from+%2Fopt%2Fvcpkg%2Finstalled%2Fvcpkg%2Fissue_body.md You can also sumbit an issue by running (GitHub cli must be installed): gh issue create -R microsoft/vcpkg --title "[hyperscan] Build failure" --body-file /opt/vcpkg/installed/vcpkg/issue_body.md
The hyperscan update to vcpkg seems to have happened from 5.4.0 to 5.4.2 in this commit on Apr 20.
-
Configuring incomplete due to CMake Error(missing OpenCVConfig.cmake ProtobufConfig.cmake and TIFF etc.)
Dear Fictrac team, I am hoping to install Fictrac in our windows 11 x64 laptop (Visual Studio 2019, cMake 3.26.4). I followed the installation guideline on github page fictrac and used the latest vcpkg
-
The Future of Boost by Vinnie Falco
unless you want to use clang-cl since it renames the output to make it work for MSVC which in return breaks FindBoost in cmake and requieres https://github.com/microsoft/vcpkg/pull/27694 to fix it. I have touched enough of vcpkg build scripts to know what works and what doesn't and the b2 build is one of the corners I strongly dislike.
-
CMake and Linking External libraries is a kick in the nuts if i've ever seen it.
And then there's also Qt which has plugins. vcpkg Qt5 is nice enough to copy the plugins for you, but not with Qt6. The official answer seems to be "use windeployqt". So I do, and it copies plugins fine. But sqlite doesn't work, despite the plugin sqldrivers/qsqlite.dll being in the right location. Turns out that neither vcpkg or windeployqt copy sqlite3.dll. I switched to static libraries after that, it's a lot slower to link, clang doesn't work for some reason (but clang-cl does) but at least I don't have to worry about DLLs.
- Build faster with Buck2: Our open source build system
- GitHub Actions Incident 29.3
What are some alternatives?
conan - Conan - The open-source C and C++ package manager
podman - Podman: A tool for managing OCI containers and pods.
containerd - An open and reliable container runtime
CPM.cmake - 📦 CMake's missing package manager. A small CMake script for setup-free, cross-platform, reproducible dependency management.
nerdctl - contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...
Ncurses - ncurses Git mirror
vulkan - Haskell bindings for Vulkan
Boost.Program_options - Boost.org program_options module
meson - The Meson Build System
docker-openwrt - OpenWrt running in Docker
stb - stb single-file public domain libraries for C/C++
ofelia - A docker job scheduler (aka. crontab for docker)