undefined | Better HN

0 pointsviraptor6y ago0 comments

Sure you can - first pull, then there's many tools to help you. For example https://github.com/larsks/undocker/

0 comments

Indeed.

You can also pull via the sha rather than the tag, which gives you significant extra assurance.

docker pull docker/binfmt@sha256:5a9ad88945dff7dc1af2ef7c351fe3dd9f7c874eb2c912c202ced088d21c178a

Once you've confirmed you're happy with the script, I don't believe there is any issue with automating this.

docker run --rm --privileged docker/binfmt:@sha256:5a9ad88945dff7dc1af2ef7c351fe3dd9f7c874eb2c912c202ced088d21c178a

In theory, the underlying container cannot be changed, which is what most of the issues with piping curl into bash is.

jraph6y ago

Isn't that akin to extracting setup.exe? You still don't get to inspect the binaries bundled in the image.

j / k navigate · click thread line to collapse