README.md (3265B) - Raw
1 [](http://godocs.io/git.jakstys.lt/motiejus/undocker) 2 3 Undocker 4 -------- 5 6 Converts a Docker image (a bunch of layers) to a flattened "rootfs" tarball. 7 8 Project Status 9 -------------- 10 11 The project was announced to be deprecated in the beginning of 2024, but the 12 maintainer has an interest in Docker ecosystem again, thus will maintain it 13 somewhat starting at mid-2024. 14 15 The author has some significant changes in mind, but the timeline is unknown. 16 17 Why? 18 ---- 19 20 Docker images became a popular way to distribute applications with their 21 dependencies; however, Docker is not the best runtime environment. At least not 22 for everyone. May boring technology run our software. 23 24 Undocker bridges the gap between application images (in docker image format) 25 and application isolation ("container") runtimes: once the docker image is 26 extracted, it can be run with old-fashioned tools: lxc, systemd-nspawn, 27 systemd, FreeBSD Jails, and many others. 28 29 30 Installation 31 ------------ 32 33 Build it like this for the "current" platform: 34 35 ``` 36 $ make undocker 37 ``` 38 39 `make -B` will print the extra flags (`-X <...>`) for cross-compiling with 40 other archs. It's all `go build <...>` in the back, and depends only on Go's 41 compiler and stdlib. 42 43 Usage: convert docker image to rootfs 44 ------------------------------------- 45 46 Download `busybox` docker image from docker hub and convert it to a rootfs: 47 48 ``` 49 $ skopeo copy docker://docker.io/busybox:latest docker-archive:busybox.tar 50 $ undocker busybox.tar - | tar -xv | sponge | head -10; echo '<...>' 51 bin/ 52 bin/[ 53 bin/[[ 54 bin/acpid 55 bin/add-shell 56 bin/addgroup 57 bin/adduser 58 bin/adjtimex 59 bin/ar 60 bin/arch 61 <...> 62 ``` 63 64 Refer [here][2] for other ways to download Docker images. There are many. 65 66 On author's laptop converting a [1.1GB Docker image with 77 67 layers](https://hub.docker.com/r/homeassistant/home-assistant) takes around 3 68 seconds and uses ~65MB of residential memory. 69 70 Usage example: systemd 71 ---------------------- 72 73 ``` 74 systemd-run \ 75 --wait --pty --collect --service-type=exec \ 76 -p RootDirectory=$PWD \ 77 -p ProtectProc=invisible \ 78 -p PrivateUsers=true \ 79 -p DynamicUser=yes \ 80 -- busybox httpd -vfp 8080 81 ``` 82 83 [Systemd protections][1] like `PrivateUsers`, `DynamicUser`, `ProtectProc` and 84 others are available, just like to any systemd unit. 85 86 Similar Projects 87 ---------------- 88 89 * [rootfs_builder](https://github.com/ForAllSecure/rootfs_builder) 90 91 Contributions 92 ------------- 93 94 The following contributions may be accepted: 95 96 - Patchsets, with accompanying tests. 97 - Regression reports. 98 99 If you found a container that undocker cannot extract, or extracts incorrectly 100 and you need this that work with undocker, submit a patchset. If there is a 101 reasonably small container that can reproduce the issue, we may add it to 102 integration tests. See `make test-integration` on how that works. 103 104 Reports of regression reports must provide examples of "works before" and "does 105 not work after". Issues without an accompanying patch will most likely be 106 rejected. 107 108 Communication 109 ------------- 110 111 Ping me [directly][motiejus-comms]. 112 113 [1]: https://www.freedesktop.org/software/systemd/man/systemd.exec.html 114 [2]: https://fly.io/blog/docker-without-docker/ 115 116 [motiejus-comms]: https://jakstys.lt/contact/