[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[atomic-devel] docker-hica new version, now on pypi


there's a new release of HICA, system & API for wiring container
applications back to host based on runtime label introspection.
Overall goal of the project is to execute containerized applications
closest-to-native execution as possible. There are firefox, jq and
signify example applications. NVIDIA & ATI GPU users can try the opengl

Release 0.5 has seen many additions since the last 0.3-alpha release:

* First release published as pip package
* Two new injectors
 * Tty injector for when the process needs input
 * Command aliases allowing one to specify complex command aliases via 
   labels, see the signify image for example
* All example images ported to Fedora 23 base
* Except for test-descriptions which is based on busybox
* More conservative subprocess usage in introspect_runtime injector
* DRI injector bugfix for NVIDIA devices
* Documentation update

The command aliases are especially nifty, ever wanted to generate a ECC
key-pair, sign a binary with it and later verify?

$ mkdir ~/.signify/
$ docker-hica signify create-key ~/.signify/docker-hica
$ docker-hica signify sign docker-hica.sig ~/.signify/docker-hica.sec docker-hica
$ docker-hica signify verify docker-hica.sig ~/.signify/docker-hica.pub docker-hica
Signature Verified

Some observations from the above execution:
* keys are stored in my on-host home directory
* signature file 'docker-hica.sig' was created in my on-host cwd
* the signed/verified binary 'docker-hica' is in my on-host cwd

... oh, and:

$ getenforce

How cool is that? :)



Pavel Odvody <podvody redhat com>
Software Engineer - EMEA ENG Developer Experience
5EC1 95C1 8E08 5BD9 9BBF 9241 3AFA 3A66 024F F68D
Red Hat Czech s.r.o., Purky┼łova 99/71, 612 45, Brno

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]