Lockdown your Dockerized build environments --- Because privileged mode is insecure, you should restrict your CI/CD environments to known users and projects. If this isn't feasible, then instead of using Docker, you could try using a standalone image builder like Buildah to eliminate the risk. Alternatively, configuring rootless Docker-in-Docker can mitigate some --- but not all --- of the security concerns... - Source: dev.to / about 1 month ago

In my experience, not using docker to build docker images is a good idea. E.g. buildah[0] with chroot isolation can build images in a GitLab pipeline, where docker would fail. It can still use the same Dockerfile though. If you want to get rid of your Dockerfiles anyway, nix can also build docker images[1] with all the added benefits of nix (reproducibility, efficient building and caching, automatic layering,... - Source: Hacker News / 8 months ago

Buildah: This lightweight, open-source command-line tool for building and managing container images. It is an efficient alternative to Docker. With Buildah, you can build images in various ways, including using a Dockerfile, a podmanfile or by running commands in a container. Buildah is a flexible, secure and powerful tool for building container images. - Source: dev.to / about 1 year ago

When I saw the title I thought it was going to be about `buildah` [1][2] Which allows you to create images using the command line to build them up step-by-step. [1] https://buildah.io/. - Source: Hacker News / over 1 year ago

Buildah is a "tool that facilitates building OCI images" of Containers. If it is not installed, podman system migrate will print out the warning:. - Source: dev.to / over 1 year ago

Https://pkgsrc.org/ from netbsd runs on many systems. - Source: Hacker News / about 1 month ago

It seems according to pkgsrc.org that pkgin might follow the PKG_PATH environment variable. You're supposed to set PKG_PATH="http://cdn.NetBSD.org/pub/pkgsrc/packages/NetBSD/$(uname -p)/$(uname -r|cut -f '1 2' -d.)/All/", and according to uname(1), -p gives the processor architecture and -r gives the operating system [kernel] release. Source: over 1 year ago

It seems like pkgsrc.org hasn’t got the news yet. Source: over 1 year ago

I still have a Slackware install that runs some really old stuff I have. I remember working at AN ISP in the 90s and slack was are secure distro. All the important stuff (authentication, configs, etc.) were stored and served from our 'slack pool'. Funny part is now I do a very basic Slackware install that setup pkgsrc (https://pkgsrc.org) on it so I can really experience the best and worst of times! - Source: Hacker News / over 2 years ago

Today the second article on cross-platform package management has been published. It features a short description of what Pkgsrc and Ravenports are and a longer part on how they compare. The test environment and procedure is covered and of course the results are presented. At the end a conclusion is drawn. Source: over 2 years ago