There is a security trend called reproducible builds, which aims for having a way to create bit-exact copies of output binaries so that the user can verify whether the version found on the internet is trustworthy. Is there a similar movement and tooling across Docker community? The way I understand it, even with version pinning in containerized Linux distributions, timestamps would make this problematic. Is there a way to solve this problem and create a readable Dockerfile that doesn't build from scratch that would describe dependencies deterministically and in a future-proof way?
Truly reproducible Docker containers?
328 Views Asked by d33tah At
0
There are 0 best solutions below
Related Questions in DOCKER
- Docker, redirecting to virtualbox port
- Collect only from STDERR when using Docker syslog logging driver
- How can I create a docker image from the current system?
- Moving Docker Containers Around
- How can I test with serverspec that Jenkins is running in a jenkins docker container?
- How to deploy django 1.8 on Elastic Beanstalk using Docker
- Emulating `docker run` using the golang docker API
- Where are docker images and containers stored when we use it with Windows?
- docker compose, vagrant and insecure Repository
- Commit data in a mysql container
- oh-my-zsh installation returns non zero code
- Use custom docker binary in CoreOS
- Can I use docker image ubuntu 14.04 if my host is 12.04?
- Hide/obfuscate environmental parameters in docker
- How to add initial users when starting a RabbitMQ Docker container?
Related Questions in SECURITY
- Can MVC.NET prevent SQL-injection at razor or controller level?
- Forgotten password reset page: should the user need to enter a username/email as well?
- Dynamic roles list in CustomAuthorize ASP MVC
- Access roles from multiple applications
- How to Fix TLS CBC Incorrect Padding Abuse Vulnerability on Windows 2003 Server
- Evernote Web Clipper and Content Security Policy
- Invalidate user credentials when password changes
- Spring Boot MVC non-role based security
- Correct Captcha behaviour on error
- Is macro more secure than static const if I don't want someone to know or change the hardcode value?
- In Android, ensuring only pre-decided users can only use the app
- Authenticating plain text passwords against md5 hash in DB using Apache Shiro
- Symfony2 - handle HTTP/Entity user access restrictions
- Client side computation without exposing code?
- searchable row level encryption using java?
Related Questions in NON-DETERMINISTIC
- Non deterministic finite state machine in java for complex CRM logic
- C++: Non-deterministic behaviour in Ray Tracer output
- Using nondeterminism to detect cliques?
- How can non-determinism be modeled with a List monad?
- Why is the non-deterministic choice function in Curry's std lib not defined straightforwardly but rather with a helper 2-argument function?
- "printf" appears to be non-deterministic in Qt?
- Image augmentation reproducibility
- ANTLR - non-deterministic behaviour during run/debug
- Nondeterminism for infinite inputs
- Unable to construct 4-state NFA for certain regular expression
- Deterministic python script behaves in non-deterministic way
- Can a multithreaded functional program be deterministic?
- yocto programmatically asigned SRCREV trigger metadata not deterministic
- Redundancy in comparison sort / tournament systems
- Click does not always work in Selenium
Related Questions in BINARY-REPRODUCIBILITY
- Why is the binary output not equal when compiling again?
- keras.Model.save changes binary every time model saved
- Using -ffile-prefix-map breaks debugging
- Does Solaris cc embed in an executable differing info for different compiles?
- Why are vcbuild- and Visual Studio-compiled files binary not bytewise similar at all?
- binary reproduction of boost 1.50
- Reproducible builds with jlink
- Is it possible to check if the source code matches the App version?
- Yagarto (GCC, Win32) compiles same code differently on different PCs
- How do I prevent cargo fmt from changing the compiled binary?
- Can i specify the module version id (MVID) when building a .net assembly?
- C++: get the same binary after strip with and without "-g"
- Truly reproducible Docker containers?
- Ensuring reproducible builds using NuGet packages
- Pytorch - Not able to achieve reproducibility
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?