[arch-dev-public] Arch Linux Docker / Vagrant: Current situation

Santiago Torres-Arias santiago at archlinux.org
Mon Jan 29 17:31:22 UTC 2018


Sorry I've been quite sick (to the point of barely having energy to look
at the computer). I'm back on my feet now though :)

> > Sangy/Santiago[3] was so nice to speak with the docker guys. They said
> > they would approve our docker image and we could move it to the other
> > official images[4]. But for this we need to do some changes on our
> > docker repository on github. (As long I understood sangy correct it
> > would be just some new branches).
> Can you actually give more details how it's going to look like?

The official images projects info is on [1] and [2] if you want to read
more in-depth/updated information. I'll summarize here though:

    1) A TU/Arch Linux "affiliate" submits a PR to the official images
    repository, which basically contains the following:
        1. A tag name/image name
        2. A sha256/ref of a commit/tag containig the image's information on
        *another* repository (in this case, our official dockerr image repo)
        3. Image building instructions.
    2) In parallel, we put this information on our repository. At least, a
    rootfs and a Dockerfile (as otherdistros do).
    3) once the PR is updated, it will fetch our rootfs and Dockerfile (and
    other relevant info), build the docker image, and perform some quality
    checks on it.
    4) The image is published as an "official image" on the dockerhub.

The benefits from this is that industry/paranoid users often don't trust
non-official images to build upon. Also, if I recall correctly, official
images are periodically scanned for vulnerabilities, and (IIRC)
signed with the docker-controlled signing keys, so they can be used with
docker content trust[3].

I think it'd be not too difficult to schedule script the rootfs build
process in the same way we do with boxes right now, publish these as
tags and then update the official dockerfile repositories.

Sorry for the delay.


[1] https://docs.docker.com/docker-hub/official_repos/
[2] https://github.com/docker-library/official-images/
[3] https://blog.docker.com/2015/08/content-trust-docker-1-8/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-dev-public/attachments/20180129/ddf88ff7/attachment.asc>

More information about the arch-dev-public mailing list