Putting a Dockerfile and a build script in each distribution repository felt not-quite-right somehow, so this repository was created to hold all the Dockerfiles, build scripts, and documentation for each Docker image.
In addition -- and this is significant -- there is a set of driver
scripts in the
bin directory of this repository, which run the
executables in these containers almost as if you had the executable
Each driver script will download any image it needs from Docker hub first, if it is not yet present on the system.
So all you need to do is put
bin on your executable search path,
and suddenly you have a myriad of Cat's Eye Technologies' tools and
language interpreters and such at your disposal, right from your
command line (or shell, or Terminal, or whatever you like to call it.)
"almost as if you had it installed locally" does have some limitations.
The containerized executable works on the host's file system through a bind mount. The driver script establishes a bind mount from the current working directory of the host, and the container can't see any of the host's filesystem that is outside that directory.
So, for example, you can't tell a compiler to output the generated
executable file to
../built/out.foo because it can't see
Also, the Docker daemon always runs as root. The script tells the
container to be run as the current user on the host. This prevents
the files that the executable writes from being owned by root. But
this directive is not total; the Docker daemon still runs as root.
For that reason I would recommend not running the driver scripts
from a directory that contains anything important, such as
Also, there are ways to make the Docker daemon run as non-root. But they are outside the scope of this document.
Containerization for Preservation
Because the idea here is "containerization for preservation" rather than "containerization for deployment", we don't rebuild the images regularly. Every time one of these images is rebuilt, it pulls the latest packages from the system package manager repository, which rebuilds that layer, which causes new layers to be built on top of it, bloating everything. Since they are not used as servers, and because they are containerized, the need to update system packages regularly to fix critical (exploitable) defects is reduced.
For Python 3.x-based executables, the base image used is usually python-3.5.7-slim-stretch.
For Python 2.7-based executables, the base image used is bitnami/python:2.7.18-prod.
For Erlang R16-based executables, the base image used is andreineculau/erlang-r16b03-1:latest.
git clone https://git.catseye.tc/The-Cannery/
- Update README, listing the common base images used here. Chris Pressey 4 months ago
- There's a version 0.21 of SixtyPical actually, so update this. Chris Pressey 4 months ago
- Add image for t-rext 0.3, running under Python 3. Chris Pressey 8 months ago
- Add image for t-rext 0.2, which runs under Python 3. Chris Pressey 8 months ago
- Merge pull request #3 from catseye/x-hastec Chris Pressey (commit: GitHub) 8 months ago
- I got it! I know what I did wrong! First the wadding, THEN the powder Chris Pressey 8 months ago
- Do not require `shelf` be installed; clone off GitHub if it's not. Chris Pressey 8 months ago
- Produce a much slimmer image by removing .cabal after updating it. Chris Pressey 8 months ago
- Move support for building an image containing hastec back in here. Chris Pressey 8 months ago
- Merge pull request #2 from catseye/experimental Chris Pressey (commit: GitHub) 10 months ago