tianon
Repos
288
Followers
2027
Following
16

Simple Go-based setuid+setgid+setgroups+exec

4288
279

a direct, raw DNS interface to the Docker API

180
21

"sleep(1)", but with Go duration parsing OR explicit time to sleep until and a progress bar

95
7

dotfiles

10
2

reproducible, snapshot-based Debian rootfs builder

280
40

A semi-random collection of odds and ends.

1021
211

Events

Update docker-master

Created at 1 day ago

No more InfoSiftr 🫡

Created at 1 day ago

Update to 3.0.117

Created at 1 day ago
Allow setting Content-Type in crane edit manifest

Would a command just to OCIfy a docker image be helpful? That's something we've found a need for in the past and then punted on.

I'm 99% sure there's a PR to do this somewhere.

Looks like that's #1293 (also relevant is #1245)

Created at 1 day ago

Update github-pages to 228

Update microsoft-edge/beta to 110.0.1587.35-1

Merge pull request #367 from tianon/update-versions

Update versions

Created at 2 days ago
delete branch
tianon delete branch update-versions
Created at 2 days ago
pull request closed
Update versions
Created at 2 days ago
pull request opened
Update versions
Created at 2 days ago

Update docker-master

Created at 2 days ago
pull request opened
Update python

Changes:

  • https://github.com/docker-library/python/commit/06e0db2: Merge pull request https://github.com/docker-library/python/pull/794 from jimnicholls/issue-792
  • https://github.com/docker-library/python/commit/20c8782: Update 3.9
  • https://github.com/docker-library/python/commit/a09f407: Update 3.8
  • https://github.com/docker-library/python/commit/0048b55: Update 3.7
  • https://github.com/docker-library/python/commit/01cc4c0: Reuse EXTRA_CFLAGS, LDFLAGS, and PROFILE_TASK across both make invokes.
  • https://github.com/docker-library/python/commit/b871ae1: Update 3.12-rc
  • https://github.com/docker-library/python/commit/1b9fc11: Use the linker to change rpath for python3.x binary.
  • https://github.com/docker-library/python/commit/adfcf63: Update 3.11
  • https://github.com/docker-library/python/commit/48f998b: Update 3.10
  • https://github.com/docker-library/python/commit/74a6eda: Revert "Only change rpath for python3.x binary"
Created at 2 days ago
pull request opened
Update php

Changes:

  • https://github.com/docker-library/php/commit/7b991cf: Update 8.1-rc
  • https://github.com/docker-library/php/commit/d672e34: Update 8.1 to 8.1.15
Created at 2 days ago
pull request opened
Update ghost

Changes:

  • https://github.com/docker-library/ghost/commit/eb14ce2: Update to 5.33.6, ghost-cli 1.24.0
Created at 2 days ago
pull request opened
Update docker

Changes:

  • https://github.com/docker-library/docker/commit/0d1c210: Merge pull request https://github.com/docker-library/docker/pull/398 from infosiftr/complex-expressions
  • https://github.com/docker-library/docker/commit/38e13c8: prevent tls being disabled if _tls_generate_certs fails
Created at 2 days ago
issue comment
Facing issue with image `docker:dind`

That error sounds like it might be related to https://github.com/moby/buildkit/issues/3576

Created at 2 days ago
closed issue
dind rootless fails and fallback to unsecure non-tls when /certs/ca is mounted as volume

When docker:dind-rootless starts and a volume is configured on /certs/ca, the daemon cannot generate TLS certificates and falls back to non-TLS with errors like:

dockerd  | genrsa: Can't open "/certs/ca/key.pem" for writing, Permission denied
dockerd  | Could not open file or uri for loading private key from /certs/ca/key.pem
dockerd  | 481B2FF9CC7F0000:error:16000069:STORE routines:ossl_store_get0_loader_int:unregistered scheme:crypto/store/store_register.c:237:scheme=file
dockerd  | 481B2FF9CC7F0000:error:80000002:system library:file_open:No such file or directory:providers/implementations/storemgmt/file_store.c:267:calling stat(/certs/ca/key.pem)

The daemon still starts but without TLS.

Minimal reproducible example with Compose:

version: "3.9"

services:
  dockerd:
    image: docker:23.0.0-dind-rootless
    container_name: dockerd
    privileged: true
    volumes:
      - docker_certs_client:/certs/client
      - docker_certs_ca:/certs/ca

volumes:
  docker_certs_client:
  docker_certs_ca: 

A workaround is to mount /certs instead, but it's less secure when sharing volume with other containers are CA data is also available to "client" containers.

Created at 2 days ago

prevent tls being disabled if _tls_generate_certs fails

Merge pull request #398 from infosiftr/complex-expressions

prevent tls being disabled if _tls_generate_certs fails

Created at 2 days ago
delete branch
tianon delete branch complex-expressions
Created at 2 days ago
pull request closed
prevent tls being disabled if _tls_generate_certs fails

If TLS is requested (via DOCKER_TLS_CERTDIR) and the directory is not writable, then it should not silently disable TLS.

Fixes https://github.com/docker-library/docker/issues/397

Created at 2 days ago
closed issue
ruby:3.2.0-alpine3.17 pkgconf CVE-2023-24056 CRITICAL

ruby:3.2.0-alpine3.17 needs to be rebuilt to remove CVE-2023-24056 with pkgconf

pkgconf CVE-2023-24056 CRITICAL vulnerable version: 1.9.3-r0 fixed in 1.9.4-r0

alpine:3.17 has fixed this. Rebuild should resolve.

Created at 2 days ago
issue comment
ruby:3.2.0-alpine3.17 pkgconf CVE-2023-24056 CRITICAL

Duplicate of #402

Created at 2 days ago
Update Debian to 20230202

The most notable change here besides the loss of riscv64 on unstable is https://github.com/debuerreotype/debuerreotype/pull/142, or that we no longer ship /etc/apt/sources.list for debian:bookworm (next stable) but rather prefer the new deb822-style sources file in /etc/apt/sources.list.d/debian.sources as debian:unstable has been shipping for a while now (https://lists.debian.org/debian-devel-announce/2023/02/msg00000.html).

Created at 2 days ago

emqx 5.0.16

Merge pull request #14014 from id/emqx-5.0.16

emqx 5.0.16

Created at 2 days ago
pull request closed
emqx 5.0.16
Created at 2 days ago

retire gazebo 9 images

Signed-off-by: Mikael Arguedas mikael.arguedas@gmail.com

Merge pull request #14013 from ros-infrastructure/gazebo9_eol

[gazebo] retire gazebo 9 images

Created at 2 days ago
pull request closed
[gazebo] retire gazebo 9 images

Gazebo 9 has reached EOL: https://community.gazebosim.org/t/gazebo-classic-9-officially-end-of-life/1773 This PR retires the corresponding docker images

Also adresses https://github.com/docker-library/official-images/pull/13950#issuecomment-1412515624

Created at 2 days ago
issue comment
Facing issue with image `docker:dind`

Nice, glad you got it solved - so this can be closed?

Created at 2 days ago
issue comment
No documentation

I guess https://github.com/memcached/memcached/wiki/ConfiguringServer#inspecting-running-configuration is probably the best way to check if your settings are actually working, but we don't add anything extra above what memcached itself does in this regard.

Created at 2 days ago
issue comment
No documentation

Does memcached itself support those environment variables? (We don't add any extra behavior here for handling environment variables like in some other images.)

Created at 2 days ago