-
For development, I mostly use Podman instead of Docker. Except some applications that only supports Docker (e.g. Cosign)
-
Please check the license of the components of the container images.
-
Using Apache 2.0 License for the Dockerfiles and docker-compose does not mean the container image is under Apache 2.0 License.
-
The created container image would contain other software (such as Bash, glibc and etc.), these software may be in different licenses.
-
-
Please check any direct and in-direct dependency of the software being produced or contained.
-
Here’s a list of Dockerfile and container images that maintain or create
Application name |
Dockerfile/building repository |
Container repository |
Signed |
Purpose |
Remark |
pod-recon |
Need to migrate to gitlab.hk |
Yes |
Collection of tools for troubleshooting in container environments |
|
|
Yes |
Aims to create amicontained on ARM64 platform |
|
|||
Yes |
For using stripped MeiliSearch binaries |
|
|||
Yes |
Update NodeJS packages in WikiJS and other optimizations |
|
|||
Yes |
|
|
|||
Yes |
No official Docker image is provided |
|
|||
Yes |
Include Pandoc and AsciiDoctor support in the container image |
Use ruby Debian-11 as base OS |
|||
Yes |
Outdated Docker image is provided, and no ARM64 support |
|
|||
Yes |
For customization with glibc and jemalloc support, but later turns out that jemalloc is not used |
|
|||
No |
No official container images provided |
|
If the container is signed (by me). You can verify by below steps:
-
Get my Cosign public key and save as cosign.pub
-----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENAxpHzZWHRHsR72J+Zzm6M32UAvv YeHhQD4doXjqNXHbgXI212HVfmLzBevCvUqurwPvEsTf9FqWuYHUUrrK6w== -----END PUBLIC KEY-----
-
Command for Cosign
cosign verify --key cosign.pub \ [container-registry/project-name:tag]
Example:
cosign verify --key cosign.pub \ ghcr.io/patrickdung/meilisearch-crossbuild:v0.24.0
-
Output:
Verification for ghcr.io/patrickdung/meilisearch-crossbuild:v0.24.0 -- The following checks were performed on each of these signatures: - The cosign claims were validated - The signatures were verified against the specified public key - Any certificates were verified against the Fulcio roots. [{"critical":{"identity":{"docker-reference":"ghcr.io/patrickdung/meilisearch-crossbuild"},"image":{"docker-manifest-digest":"sha256:41969fc06309c9988a23aa5a1ca677c171c9011399527d2c2120bab87ea9311a"},"type":"cosign container image signature"},"optional":null}]