From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mail.toke.dk; spf=pass (mailfrom) smtp.mailfrom=kn1ght.org (client-ip=91.121.222.131; helo=f1r3.kn1ght.org; envelope-from=galene.org@kn1ght.org; receiver=) Received: from f1r3.kn1ght.org (ks305909.kimsufi.com [91.121.222.131]) by mail.toke.dk (Postfix) with ESMTP id 8707C7C05DB for ; Mon, 28 Dec 2020 11:41:21 +0100 (CET) Received: from nc.kn1ght.org (ns342210.ip-91-121-151.eu [91.121.151.228]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by f1r3.kn1ght.org (Postfix) with ESMTPSA id EB5CA1F55C; Mon, 28 Dec 2020 10:02:49 +0100 (CET) MIME-Version: 1.0 Date: Mon, 28 Dec 2020 10:41:21 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Mailer: RainLoop/1.14.0 From: "Cell" Message-ID: <0215ab55928945346ba3112f6cc8574c@kn1ght.org> To: "Cell" , "Jeroen van Veen" In-Reply-To: References: <41iOS83_x7ZCTcMkNNxAKoVhYq4E7H9hFCmZXaSp_4s0R2vVPgYdYPXh3q0t69fbqmFduH86rXn42G0QZ-aHdvbVtQ1FNfEKoy7EEkMpF_8=@protonmail.com> <0688ccc55ed16925427c08c0dfa9794e@kn1ght.org> Message-ID-Hash: IQQFAOCPBW3V3WDDK36ZBY5HNYJD25WI X-Message-ID-Hash: IQQFAOCPBW3V3WDDK36ZBY5HNYJD25WI X-MailFrom: galene.org@kn1ght.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: galene@lists.galene.org X-Mailman-Version: 3.3.2 Precedence: list Subject: [Galene] Re: Docker image List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: Here is a first draft: https://github.com/Cellophan/galene/blob/master/Do= ckerfile=0A=0A>> * Is there a way to garantuee the safety of a binary, e.= g. proof that its built from=0A>> a snapshot of the Galene source-tree.= =0A=0AThe binary is compiled inside during the image creation process thu= s it should add some trust about the version of the binary.=0A=0AIf you n= eed more, I would add the git hash of the commit used to build as a label= to the image. This would need to be provided to docker, I've done it wit= h a Makefile if needed (an other project I have).=0A=0A=0A>> * Does the i= mage run properly on other Linux OS? (it's supposed to be statically link= ed I think?)=0A=0AI can't test for now as I don't know how galene works. = I'll work on that.=0A=0A>> * Would the image also run on a different OS (= MacOS/Windows)?=0A=0AI work on linux so I can't test for real this image = works on Mac nor Windows but linux containers should be able to run on th= e three systems perhaps with a less performance compared to system dedica= ted images but I think it's good for a first step. =0A=0A>> The config(da= ta/groups dir) is kinda hard-coded for now. Any feedback is welcome.=0A= =0AIs galene taking default values by itself? If yes, then I would consid= er that no default file should be provided. If not, then I think the spir= it of the binary should be respected and none should be provided. So I'm = against :)=0A=0ATo help to bootstrap projects faster, I would try to conv= ince the author to add an example of the defaults to its repo. Then we ad= d a `docker-compose,yml` to show a way to start the image with the defaul= ts.=0A=0A=0AWhat do you think?=0A=0A=0ADecember 28, 2020 11:11 AM, "Cell"= wrote:=0A=0A> Ok thx I forked your repo this mor= ning and will try to open a PR this afternoon.=0A> =0A> (sorry for sendin= g again my response but my phone sent it from a wrong email address)=0A> = =0A> December 28, 2020 9:36 AM, "Jeroen van Veen" wrote:=0A> =0A>> Hi,=0A>> =0A>> I made a minimal docker image from the= compiled version of Galene, but am not sure=0A>> of the quality yet. Doc= ker images I made before were always using an interpreted=0A>> language(p= ython/node) and a base image. This one is from scratch and is only=0A>> 1= 0mb, but more difficult to inspect. I'm using dive(https://github.com/wag= oodman/dive)=0A>> to inspect the image.=0A>> =0A>> I have some questions = about its portability and security because it only contains the binary:= =0A>> =0A>> * Does the image run properly on other Linux OS? (it's suppos= ed to be statically linked I think?)=0A>> * Would the image also run on a= different OS (MacOS/Windows)?=0A>> * Is there a way to garantuee the saf= ety of a binary, e.g. proof that its built from=0A>> a snapshot of the Ga= lene source-tree.=0A>> =0A>> The image itself is at https://hub.docker.co= m/r/garage44/galene=0A>> The Dockerfile is from https://github.com/garage= 44/galene/blob/master/Dockerfile=0A>> =0A>> The config(data/groups dir) i= s kinda hard-coded for now. Any feedback is welcome.=0A>> =0A>> Jeroen=0A= >> =0A>> =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90 = Original Message =E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90=E2=80=90= =E2=80=90=0A>> Op zondag, december 27, 2020 6:03 PM, Cell schreef:=0A>> =0A>>> I couldn't find any info about a docker ima= ge for a docker image of galene. I saw something from=0A>>> Jeroen van Ve= en. Any news on that?=0A>>> =0A>>> I have some knowledge I could offer. A= nd if I run galene on my server it will be in a docker image=0A>>> anyway= (behind a traefik).=0A>>> =0A>>> Galene mailing list -- galene@lists.gal= ene.org=0A>>> To unsubscribe send an email to galene-leave@lists.galene.o= rg=0A>> =0A>> _______________________________________________=0A>> Galene= mailing list -- galene@lists.galene.org=0A>> To unsubscribe send an emai= l to galene-leave@lists.galene.org=0A> =0A> _____________________________= __________________=0A> Galene mailing list -- galene@lists.galene.org=0A>= To unsubscribe send an email to galene-leave@lists.galene.org