official-images
Moby
Our great sponsors
official-images | Moby | |
---|---|---|
14 | 212 | |
6,271 | 67,716 | |
1.7% | 0.4% | |
10.0 | 10.0 | |
2 days ago | 4 days ago | |
Shell | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
official-images
-
Nix is a better Docker image builder than Docker's image builder
Ubuntu now has snapshot.ubuntu.com, see https://ubuntu.com/blog/ubuntu-snapshots-on-azure-ensuring-p...
Related discussion about reproducible builds by the Docker people: https://github.com/docker-library/official-images/issues/160...
- Starter for Jakarta EE staged (beta)
-
How to own your own Docker Registry address
> In their updated policy, it appears they now won't remove any existing images, but projects who don't pay up will not be able to publish any new images
This is not correct. It's the "organization" features are going away. That is the feature which lets you create teams, add other users to those teams, and grant teams access to push images and access private repositories. Multiple maintainers can still collaborate on publishing new images through use of access tokens which grant access to publish those images. It's kind of a hack, but it works. You would typically use these access tokens with automated CI tools anyway. This will require converting the organization account to a personal user (non-org) account. (Interesting note/disclosure: I was the engineer who first implemented the feature of converting a personal user account into an organization account some time around 2014/2015, but I no longer work there.)
For open source projects which are not part of the Docker Official Images (the "library" images [1]), they announced that such projects can apply to the Docker-Sponsored Open Source Program [2].
I would also heed the warning from the author of this article:
> Self-hosting a registry is not free, and it's more work than it sounds: it's a proper piece of infrastructure, and comes with all the obligations that implies, from monitoring to promptly applying security updates to load & disk-space management. Nobody (let alone tiny projects like these) wants this job.
Having most container images hosted by a handful of centralized registries has its problems, as noted, but so does an alternative scenario where multiple projects which decided to go self-hosted eventually lack the resources to continue doing so for their legacy users. Though, I suppose the nice thing about container images is that you can always pull and push them somewhere else to keep around indefinitely.
[1] https://hub.docker.com/u/library
-
Docker's deleting Open Source images and here's what you need to know
Indeed. While I do maintain two of them, that maintenance is effectively equivalent to being an open source maintainer or open source contributor. I do not have any non-public knowledge about the Docker Official Images program. My interaction with the Docker Official Images program can be summed up as “my PRs to docker-library/official-images” (https://github.com/docker-library/official-images/pulls/TimW...) and the #docker-library IRC channel on Libera.Chat.
-
Oracle per-employee Java pricing causes concern
"AdoptOpenJDK up until now was producing OpenJDK binaries with both Hotspot and OpenJ9 VM's. With Adopt's move to Eclipse, legal restrictions prevent the new Eclipse Adoptium group from producing/releasing OpenJ9 based binaries. As a result, IBM will be producing OpenJ9 based binaries in 2 flavours, Open and Certified, both under the family name IBM Semeru Runtimes. Essentially the same binaries, released under different licenses."
Source: https://github.com/docker-library/official-images/pull/10666...
-
PHP 8.2.0 has been released!
They should be available soon, the corresponding PR at docker-library/official-images has already been merged: https://github.com/docker-library/official-images/pull/13693
-
Docker series (Part 8): Images from Docker Hub
Official image lists are added here: https://github.com/docker-library/official-images/tree/master/library
-
GCC 12.1 Released
Looks like this PR will release the official version to the hub: https://github.com/docker-library/official-images/pull/12382
-
1 Million Docker pulls and more container updates
We’ve also officially release containers for ppc64le available on all the major registries and we’ve also gone ahead and updated our containers to 8.5.4 and patched against the latest security updates where applicable. 18 packages have been updated and you can see that work here.
- Where are the 10.7.2/10.7.3 docker images?
Moby
-
Release Radar • March 2024 Edition
Having been featured in our February 2023, and January 2024 Release Radars, Moby is the original Linux Container runtime. This new version adds a bunch of changes to the Docker CLI and Moby itself with additional features. There's bug fixes and enhancements, with the main thing for users to be on the look out for containers that were created using Docker Engine 25.0.0. These containers might have duplicate MAC addresses, and thus must be recreated. The same goes for those containers created with Moby 25.0+ and with user defined MAC addresses. Read up on all these changes in the release notes.
-
Choosing a Name for Your Computer
Formlabs does this as well for their 3d printers, my earliest encounter of this was when Docker started getting popular: https://github.com/moby/moby/blob/master/pkg/namesgenerator/...
- Docker Inc. refuses to patch HIGH vulnerabilities in Docker
-
Do not install Docker Desktop on GNU/Linux systems
Try to use moby instead since that is the engine in Docker.
https://github.com/moby/moby
-
Exploring Podman: A More Secure Docker Alternative
> Podman is designed to help with this by providing stronger default security settings compared to Docker. Features like rootless containers, user namespaces, and seccomp profiles, while available in Docker, aren't enabled by default and often require extra setup.
Seccomp has been enabled by default since 2015: https://github.com/moby/moby/pull/18780
It is true that Rootless isn't enabled by default but its "extra setup" can be done with a single command (`dockerd-rootless-setuptool.sh install`)
- Moby: Block io_uring_* syscalls in default profile
- Io_uring will be blocked by default on Docker
-
OpenZFS 2.2: Block Cloning, Linux Containers, BLAKE3
Perhaps.
Thing is, https://github.com/moby/moby/blob/670bc0a46c4ca03b75f1e72f73... is using https://github.com/mistifyio/go-zfs which features code like `out, err := zfsOutput("get", "-H", key, d.Name)` (Source: https://github.com/mistifyio/go-zfs/blob/master/zfs.go#L315) to get a single zfs property.
Somebody chose to use a library as abstraction that looks good but is implemented as a MVP (nothing wrong with that). "In the future, we hope to work directly with libzfs" should have raised an alarm somewhere, though.
-
The Twelve-Factor App
AppArmor can restrict /proc and this is even used by docker: https://github.com/moby/moby/blob/master/contrib/apparmor/te...
What are some alternatives?
buildx - Docker CLI plugin for extended build capabilities with BuildKit
podman - Podman: A tool for managing OCI containers and pods.
gcc - Docker Official Image packaging for gcc
containerd - An open and reliable container runtime
registry.k8s.io - This project is the repo for registry.k8s.io, the production OCI registry service for Kubernetes' container image artifacts
nerdctl - contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...
backend
docker-openwrt - OpenWrt running in Docker
ofelia - A docker job scheduler (aka. crontab for docker)
4.2BSD - Upload of the source of 4.2BSD taken from /usr/src
k3d - Little helper to run CNCF's k3s in Docker