[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#51505: Request for official docker image on dockerhub
|
From: |
Denis 'GNUtoo' Carikli |
|
Subject: |
bug#51505: Request for official docker image on dockerhub |
|
Date: |
Sun, 12 Feb 2023 17:57:24 +0100 |
Hi,
If the idea is to be able to use a Guix docker image, as I understand
dockerhub is not strictly required.
For instance Fedora has its own docker registry[1] that works out of
the box with docker pull. More generally to download an image one can
just run: 'docker pull <repository>/<image/path>'. As I understand that
is usable in Dockerimages in the same way.
If I understood well, your issue is to integrate Guix docker images in
test environments that require you to use only a Dockerfile.
For publishing Guix docker images, Guix has several options that are not
mutually exclusive:
- It could use dockerhub. Note that the dockerhub registry/repository
itself is not FSDG compliant as it contains nonfree software like
Windows images.
- Guix could setup its own docker registry. There is a work in progress
patch for the docker registry (bug #60770) that works but it still
needs to un-vendor the dependencies. We also need to look how to use
it to deploy public registries (I've only tested it on localhost so
far, so without certificates and authentication). Also nobody
reviewed that patch yet and there seems to be a huge backlog with
patches review.
- Someone could setup a general FSDG compliant registry for various
docker images, and Guix could add official images there.
- Someone could also do some research to see if it's possible to
host images on a simple web server and make docker think it's a
registry. If that works, it could integrate well with
guix.gnu.org/en/download and guix.gnu.org/en/download/latest and the
Guix release infrastructure. Though one issue here is that docker
somehow expects yaml files on directory paths.
If Guix uses a third party registry, the third party will not have the
same policies and priorities than Guix. And in practice the third party
will be able to modify the images, as it hosts images that lack
signatures, and as far as I know there is also no way to automatically
verify some signatures before running the images.
PureOS also uses dockerhub, and as far as I know their docker images
are FSDG compliant. So if you need FSDG compliant images you could use
that and download and run Guix there.
Parabola and Trisquel also have what is needed to make docker images
but the images are not published anywhere as far as I know, so other
FSDG compliant distributions didn't really solve the issue either.
Alternatively Guix could just publish additional docker images in
guix.gnu.org/en/download and guix.gnu.org/en/download/latest but here I
guess that this doesn't work for your test environment.
As for the Debian images you mentioned they are somehow semi-official
according to Debian. Maybe it's because they are made by some Debian
maintainers and are not part of the regular Debian release process.
Personally I'd like to be able to use docker and more specifically
Dockerfiles in an FSDG compliant and trustworthy way, so I've started
looking a bit into it, for all FSDG compliant distributions in
general[2], but we have no drop-in solution that integrate well with
distributions release processes yet.
Also note that I'm new to docker so I might have missed some stuff, and
I'm also not a Guix maintainer so I can't take decisions for the Guix
project.
References:
-----------
[1]https://registry.fedoraproject.org It is probably not FSDG compliant.
[2]https://libreplanet.org/wiki/Group:Software/research/ExternalRepositories/DockerRegistries
Denis.
pgpWOQtCodIvP.pgp
Description: OpenPGP digital signature