[Galene] Re: Docker image

["Cell" <galene.org@kn1ght.org>]

Here is a first draft: https://github.com/Cellophan/galene/blob/master/Dockerfile

>> * Is there a way to garantuee the safety of a binary, e.g. proof that its built from
>> a snapshot of the Galene source-tree.

The binary is compiled inside during the image creation process thus it should add some trust about the version of the binary.

If you need more, I would add the git hash of the commit used to build as a label to the image. This would need to be provided to docker, I've done it with a Makefile if needed (an other project I have).


>> * Does the image run properly on other Linux OS? (it's supposed to be statically linked I think?)

I can't test for now as I don't know how galene works. I'll work on that.

>> * Would the image also run on a different OS (MacOS/Windows)?

I work on linux so I can't test for real this image works on Mac nor Windows but linux containers should be able to run on the three systems perhaps with a less performance compared to system dedicated images but I think it's good for a first step. 

>> The config(data/groups dir) is kinda hard-coded for now. Any feedback is welcome.

Is galene taking default values by itself? If yes, then I would consider that no default file should be provided. If not, then I think the spirit of the binary should be respected and none should be provided. So I'm against :)

To help to bootstrap projects faster, I would try to convince the author to add an example of the defaults to its repo. Then we add a `docker-compose,yml` to show a way to start the image with the defaults.


What do you think?


December 28, 2020 11:11 AM, "Cell" <galene.org@kn1ght.org> wrote:

> Ok thx I forked your repo this morning and will try to open a PR this afternoon.
> 
> (sorry for sending again my response but my phone sent it from a wrong email address)
> 
> December 28, 2020 9:36 AM, "Jeroen van Veen" <jvanveen@protonmail.com> wrote:
> 
>> Hi,
>> 
>> I made a minimal docker image from the compiled version of Galene, but am not sure
>> of the quality yet. Docker images I made before were always using an interpreted
>> language(python/node) and a base image. This one is from scratch and is only
>> 10mb, but more difficult to inspect. I'm using dive(https://github.com/wagoodman/dive)
>> to inspect the image.
>> 
>> I have some questions about its portability and security because it only contains the binary:
>> 
>> * Does the image run properly on other Linux OS? (it's supposed to be statically linked I think?)
>> * Would the image also run on a different OS (MacOS/Windows)?
>> * Is there a way to garantuee the safety of a binary, e.g. proof that its built from
>> a snapshot of the Galene source-tree.
>> 
>> The image itself is at https://hub.docker.com/r/garage44/galene
>> The Dockerfile is from https://github.com/garage44/galene/blob/master/Dockerfile
>> 
>> The config(data/groups dir) is kinda hard-coded for now. Any feedback is welcome.
>> 
>> Jeroen
>> 
>> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>> Op zondag, december 27, 2020 6:03 PM, Cell <galene.org@kn1ght.org> schreef:
>> 
>>> I couldn't find any info about a docker image for a docker image of galene. I saw something from
>>> Jeroen van Veen. Any news on that?
>>> 
>>> I have some knowledge I could offer. And if I run galene on my server it will be in a docker image
>>> anyway (behind a traefik).
>>> 
>>> Galene mailing list -- galene@lists.galene.org
>>> To unsubscribe send an email to galene-leave@lists.galene.org
>> 
>> _______________________________________________
>> Galene mailing list -- galene@lists.galene.org
>> To unsubscribe send an email to galene-leave@lists.galene.org
> 
> _______________________________________________
> Galene mailing list -- galene@lists.galene.org
> To unsubscribe send an email to galene-leave@lists.galene.org