-
Speaking of #OCI conformance tests, if you run a container registry and want to see what's coming, give this a test with your registry and report back any issues with the test itself (or work on fixes for your registry).
https://github.com/opencontainers/distribution-spec/pull/588
-
I've been mostly heads down in the #OCI conformance test redesign. But I managed to ship a new #regclient release yesterday with a feature that will hopefully help the #zot registry.
-
If you experienced an issue updating the #containerd package on #ubuntu today, #docker is rolling out a fix now:
https://github.com/docker/packaging/issues/342#issuecomment-3705602800
-
If you use runc for your underlying container runtime (the default in many environments including Docker and many Kubernetes installs), there's a security update that just came out today. https://github.com/opencontainers/runc/releases/tag/v1.3.3
#runc #docker #kubernetes #containers -
To manage your own registry using the OCI APIs, there's a variety of client tooling.
- I'm the author of #regclient (the regsync command is very useful for mirrors): https://regclient.org
- #Crane is available from Google: https://github.com/google/go-containerregistry/tree/main/cmd/crane
- #Oras was started by Microsoft: https://oras.land/
- #Skopeo is available from RedHat: https://github.com/containers/skopeo/ -
To create your own image cache, there are lots of options:
- The #distribution project is minimal but extendable. https://distribution.github.io/distribution/
- #Harbor has a lot of functionality for larger orgs: https://goharbor.io/
- #Zot is an alternative to Harbor: https://zotregistry.dev/
- #Artifactory and #Nexus each include a container registry option. -
It's release day for regclient. My favorite new feature is support for external referrers queries. This lets 3rd parties, like the security team, to maintain their own repositories for image metadata (think signatures, SBOMs, attestations). It will be interesting to see how this gets used.
https://github.com/regclient/regclient/releases/tag/v0.8.0
#oci #regclient #docker -
#containerd just released v2.0.0! 🎉
I expect it will take a bit to work through the various pipelines before everyone is running it. This was also their chance to remove a bunch of deprecated features. Specifics are in the release notes.
https://github.com/containerd/containerd/releases/tag/v2.0.0
-
Finally broke down to use #pprof to debug why some of my #Golang code was slow in a test. It quickly pointed me to a completely different part of the code than I was editing. The coverage report later pointed out another hard to spot bug.
It's days like this that I really enjoy developing in Go. The strong test integration is saving me countless hours of debugging hard to spot issues in the future.
-
#runc has a security release to fix CVE-2024-21626. It's a container escape using file descriptors, and scored 8.6. So if you run images that you don't fully trust, you'll want to upgrade soon. runc is the underlying runtime of a lot of popular container environments. The fixed release is 1.1.12.
https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv
-
Thomas Bereknyei and Jim Clark are talking about #Docker and #Nix at #DockerCon.
-
Timo Stark is talking about server side WebAssembly at #DockerCon
-
A small stage wasn't enough for @AkihiroSuda. #Docker gave him the big stage to talk about reproducible image builds at #DockerCon.
-
Time to hear about #OpenPubKey from James Carnegie and Ethan Heilman. #DockerCon
-
Next up, @nigelpoulton talks about #WASM, #docker, and #kubernetes. He's also got some books to give away if you're here. #DockerCon
-
Time to kick off day 2 of #DockerCon. Join in online if you can't make it in person
https://www.dockercon.com/
#docker -