Group: Software/research/ExternalRepositories/DockerRegistries

From LibrePlanet
< Group:Software‎ | research‎ | ExternalRepositories
Revision as of 08:55, 13 January 2023 by GNUtoo (talk | contribs) (Move content from Group:Software/research/ExternalRepositories: it's already starting to get big and now we need to add information on how to run your own docker registry...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Introduction

Docker registries contain distributions or operating system images.

These repositories are usually referenced in Dockerfiles. So users need to be careful if they want to use Dockerfile files.

Additionally docker itself might need to be patched not to refer to repositories that contain nonfree software. For instance Parabola and probably other FSDG distributions as well have an issue that needs to be reported and fixed:

# docker run -it --rm archlinux bash -c "echo hello world"
Unable to find image 'archlinux:latest' locally
latest: Pulling from library/archlinux
b72d4d4e6198: Pulling fs layer 
3b001a57ac96: Download complete 

Since Guix is FSDG compliant, that it runs on most GNU/Linux distributions and that it can create docker images and that it can also run software very easily in containers, it might be easier to use Guix directly than to have to rely on docker repositories/registries. For instance to run 'ls' in a container, one can just run 'guix shell --container --network --emulate-fhs bash coreutils -- ls'. Containers environments can easily be defined with manifest files.

And finally Guix can generate docker images with 'guix --image-type=docker system.scm' where system.scm contains an operating system definition, so docker itself (patched to remove the reference to nonfree repositories) can also be used in an FSDG compliant way.

The Guix manual has all the details on how to use all that.

For the status of docker image of FSDG compliant distributions, see the DistroExecutionEnvironments wiki page.

Repository website Licenses requirements Reliability of license fields
docker hub Not FSDG compliant.[1] ?
docker.io Not FSDG compliant.[2] ?
registry.fedoraproject.org Probably not FSDG compliant.[3] Strict policy.[4]

It looks easy enough to run your own repository though, so FSDG distributions or the FSDG community could run one if volunteers wants to do the work of setting that up and maintaining it.

The official documentation describes how to deploy the registry, however the instruction use an already made docker container. That container contain software under the Apache license[5] and also bundles in dependencies like software from the Alpine GNU/Linux distribution[6]. Alpine hasn't even been reviewed by GNU[7], and if that image is somehow FSDG compliant (nobody looked into it yet so we don't know, and it's better to assume it's not until someone looks), they might not stick to continue being FSDG compliant in the future, so it makes more sense to not use that image.

However we can use the osx-setup-guide documentation to build the 'registry' application and the dependencies licensing information to get a list of dependencies, and this way build our own version. We can then use the deployment documentation mentioned previously to understand the configuration file format. It might also be possible to package this application in various FSDG distributions to make deployments easier.

For instance Parabola uses Parabola as a server, Trisquel probably use Trisquel, and so on, so if there are packages that makes deployments by distributions (who already have at least some of the infrastructure in place) easier.

As for having official images, the DistroExecutionEnvironments Wiki page has information on how to create official docker images for various FSDG compliant distributions (at the time of writing: PureOS, Trisquel, Parabola), and it should be easy to upstream an operating system definition for a minimal docker image in Guix as Guix has already everything in place to create docker images.

With a bit of work in may be possible to just publish images at given URL without the 'registry' application, in ways that are usable in docker files and tools, it might be even easier as distributions could just release docker images like they release installation "iso" images. And some distributions (like Guix) already have everything in place to continuously build updated images.

For that we will at least need to generate registry manifest v2 files, and maybe more (TODO: we need help to look into it). There are some documentation that gives some more details about how registries work under the hood and/or what is needed to implement the registry API:

I've not read them yet completely, so I don't know if we can just publish some files on a web server (with some small configuration to return json files in folders).

  1. The repository images with nonfree software like the Windows base OS images. So if there is a license policy it probably allows that.
  2. The repository images with nonfree software like the Windows base OS images. So if there is a license policy it probably allows that.
  3. Fedora is not FSDG compliant. Though the question here is if the are nonfree firmwares are in the same repositories than the rest of the software. If not are the repositories with nonfree firmwares enabled in the fedora docker registry?
  4. https://www.gnu.org/distros/common-distros.html#Fedora
  5. https://hub.docker.com/_/registry
  6. https://raw.githubusercontent.com/docker-library/repo-info/master/repos/registry/local/latest.md
  7. https://www.gnu.org/distros/common-distros.html