official-images
nixpkgs
Our great sponsors
official-images | nixpkgs | |
---|---|---|
14 | 975 | |
6,271 | 15,656 | |
1.7% | 5.3% | |
10.0 | 10.0 | |
2 days ago | 5 days ago | |
Shell | Nix | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
official-images
-
Nix is a better Docker image builder than Docker's image builder
Ubuntu now has snapshot.ubuntu.com, see https://ubuntu.com/blog/ubuntu-snapshots-on-azure-ensuring-p...
Related discussion about reproducible builds by the Docker people: https://github.com/docker-library/official-images/issues/160...
- Starter for Jakarta EE staged (beta)
-
How to own your own Docker Registry address
> In their updated policy, it appears they now won't remove any existing images, but projects who don't pay up will not be able to publish any new images
This is not correct. It's the "organization" features are going away. That is the feature which lets you create teams, add other users to those teams, and grant teams access to push images and access private repositories. Multiple maintainers can still collaborate on publishing new images through use of access tokens which grant access to publish those images. It's kind of a hack, but it works. You would typically use these access tokens with automated CI tools anyway. This will require converting the organization account to a personal user (non-org) account. (Interesting note/disclosure: I was the engineer who first implemented the feature of converting a personal user account into an organization account some time around 2014/2015, but I no longer work there.)
For open source projects which are not part of the Docker Official Images (the "library" images [1]), they announced that such projects can apply to the Docker-Sponsored Open Source Program [2].
I would also heed the warning from the author of this article:
> Self-hosting a registry is not free, and it's more work than it sounds: it's a proper piece of infrastructure, and comes with all the obligations that implies, from monitoring to promptly applying security updates to load & disk-space management. Nobody (let alone tiny projects like these) wants this job.
Having most container images hosted by a handful of centralized registries has its problems, as noted, but so does an alternative scenario where multiple projects which decided to go self-hosted eventually lack the resources to continue doing so for their legacy users. Though, I suppose the nice thing about container images is that you can always pull and push them somewhere else to keep around indefinitely.
[1] https://hub.docker.com/u/library
-
Docker's deleting Open Source images and here's what you need to know
Indeed. While I do maintain two of them, that maintenance is effectively equivalent to being an open source maintainer or open source contributor. I do not have any non-public knowledge about the Docker Official Images program. My interaction with the Docker Official Images program can be summed up as “my PRs to docker-library/official-images” (https://github.com/docker-library/official-images/pulls/TimW...) and the #docker-library IRC channel on Libera.Chat.
-
Oracle per-employee Java pricing causes concern
"AdoptOpenJDK up until now was producing OpenJDK binaries with both Hotspot and OpenJ9 VM's. With Adopt's move to Eclipse, legal restrictions prevent the new Eclipse Adoptium group from producing/releasing OpenJ9 based binaries. As a result, IBM will be producing OpenJ9 based binaries in 2 flavours, Open and Certified, both under the family name IBM Semeru Runtimes. Essentially the same binaries, released under different licenses."
Source: https://github.com/docker-library/official-images/pull/10666...
-
PHP 8.2.0 has been released!
They should be available soon, the corresponding PR at docker-library/official-images has already been merged: https://github.com/docker-library/official-images/pull/13693
-
Docker series (Part 8): Images from Docker Hub
Official image lists are added here: https://github.com/docker-library/official-images/tree/master/library
-
GCC 12.1 Released
Looks like this PR will release the official version to the hub: https://github.com/docker-library/official-images/pull/12382
-
1 Million Docker pulls and more container updates
We’ve also officially release containers for ppc64le available on all the major registries and we’ve also gone ahead and updated our containers to 8.5.4 and patched against the latest security updates where applicable. 18 packages have been updated and you can see that work here.
- Where are the 10.7.2/10.7.3 docker images?
nixpkgs
-
Nix: The Breaking Point
I don't think so. The article is probably intended for the Nix community, so the author doesn't need to convince HN that something is going on. If as an outsider you are interested then you need to look into it yourself, the community has no obligation to make their internal conflicts legible to the outside world.
As an outsider myself, it certainly looks like something is going on as more than 20 Nixpkg maintainers left in a week: https://github.com/NixOS/nixpkgs/issues?q=label%3A%228.has%3...
- Maintainers Leaving
-
Air Force picks Anduril, General Atomics to develop unmanned fighter jets
https://github.com/NixOS/nixpkgs/commits?author=neon-sunset
-
Eelco Dolstra's leadership is corrosive to the Nix project
I see two signers in the top 6 displayed on https://github.com/NixOS/nixpkgs/graphs/contributors
-
3rd Edition of Programming: Principles and Practice Using C++ by Stroustrup
For a single file script, nix can make the package management quite easy: https://github.com/NixOS/nixpkgs/blob/master/doc/languages-f...
For example,
```
- NixOS/nixpkgs: There isn't a clear canonical way to refer to a specific package
-
NixOS Is Not Reproducible
Yes, Nix doesn't actually ensure that the builds are deterministic. In fact it works just fine if they aren't. There are packages in nixpkgs that aren't reproducible: https://github.com/NixOS/nixpkgs/issues?q=is%3Aopen+is%3Aiss...
-
The xz attack shell script
I'm not familiar with Bazel, but Nix in it's current form wouldn't have solved this attack. First of all, the standard mkDerivation function calls the same configure; make; make install process that made this attack possible. Nixpkgs regularly pulls in external resources (fetchUrl and friends) that are equally vulnerable to a poisoned release tarball. Checkout the comment on the current xz entry in nixpkgs https://github.com/NixOS/nixpkgs/blob/master/pkgs/tools/comp...
-
Debian Git Monorepo
NixOS uses a monorepo and I think everyone's love it.
I love being able to easily grep through all the packages source code and there's regularly PRs that harmonizes conventions across many packages.
Nixpkgs doesn't include the packaged software source code, so it's a lot more practical than what Debian is doing.
https://github.com/NixOS/nixpkgs
-
From xz to ibus: more questionable tarballs
In this specific case, nix uses fetchFromGitHub to download the source archive, which are generated by GitHub for the specified revision[1]. Arch seems to just download the tarball from the releases page[2].
[1]: https://github.com/NixOS/nixpkgs/blob/3c2fdd0a4e6396fc310a6e...
[2]: https://gitlab.archlinux.org/archlinux/packaging/packages/ib...
What are some alternatives?
buildx - Docker CLI plugin for extended build capabilities with BuildKit
asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
gcc - Docker Official Image packaging for gcc
Home Manager using Nix - Manage a user environment using Nix [maintainer=@rycee]
registry.k8s.io - This project is the repo for registry.k8s.io, the production OCI registry service for Kubernetes' container image artifacts
git-lfs - Git extension for versioning large files
backend
easyeffects - Limiter, compressor, convolver, equalizer and auto volume and many other plugins for PipeWire applications
nerdctl - contaiNERD CTL - Docker-compatible CLI for containerd, with support for Compose, Rootless, eStargz, OCIcrypt, IPFS, ...
spack - A flexible package manager that supports multiple versions, configurations, platforms, and compilers.
4.2BSD - Upload of the source of 4.2BSD taken from /usr/src
waydroid - Waydroid uses a container-based approach to boot a full Android system on a regular GNU/Linux system like Ubuntu.