Dear list,
I found this in my news feed and wanted to share:
- https://arxiv.org/pdf/2601.12811
- https://dl.acm.org/doi/10.1145/3736731.3746146
For people reading along who are not super familiar with the topic, note there's
a distinction between "Docker image" and "Dockerfile":
- the Docker image is the compiled artifact
- the Dockerfile is a file with build instructions
The Docker image is what you get out of `docker build`, but since this is
essentially just a tar file you could also use something like apko[0] to
generate them. From what I understand this is a fairly straight-forward way to
repack your binary, without having to involve yourself with namespaces, kernel
capabilities and base images.
At that point you only need to worry about reproducible builds for your
executable.
[0]: https://github.com/chainguard-dev/apko
The Dockerfile is what most people use to build their containers, this
technology also notably doesn't have a dependency lockfile like you are used to
with modern programming language package managers.
This is also what the paper mostly (but not exclusively) focuses on.
Lastly, there's also another problem[1] that I see very rarely talked about - if
you can build your Docker image on two different computers with bit-for-bit
identical outputs, this still does *not* mean you can independently authenticate
the contents of a container registry.
The image is only fully "built" after it has been published to the registry,
since the manifest file is being re-written by the registry (in an
undefined/unspecified way). This is, in my opinion, the biggest problem in the
Docker/container ecosystem, the other ones we can work around by switching from
`docker build` to different tools if we have to.
[1]: https://github.com/sigstore/cosign/issues/2516 (2022)
---
I would love to get some input on this, especially if I got anything wrong or if
there has been progress on authenticating the content of e.g. hub.docker.com (or
ghcr.io for that matter).
The authors of the paper are also most likely subscribed here (hi!).
Very interested,
kpcyrd
