1. Launch a container by specifying its image digest, not image ID [0] [1]. You can pull an image with a specific digest, but then it gets an ID that is unique to the image repository. Later deployments must use that different image ID. This makes deployment tooling needlessly complicated. And it breaks the security guarantees of the digest by allowing the repository to modify the image.
2. Copy a file into a container with docker-compose, without requiring Swarm [1].
Do financial problems explain their slowness? I wish they would just charge $100/year per seat for Docker for macOS and then fix the long-standing problems.
And sell a hosted tool to do trusted builds of docker images from hashed sources. Reproducible builds would be great, too.
> 2. Copy a file into a container with docker-compose, without requiring Swarm
I'm not quite sure I see why you can't get by with "docker cp" and need compose to resolve the container.
But I also were unaware of the Docker sub commands "cp" and "commit".
I think I prefer building containers and mounting config - but I see how the two could be abused, focusing on images rather than Dockerfile-s (and woe to the person that looses the carefully evolved Debian old-stable based base image that runs a mix of outdated oldstable packages and a few bits from current stable from two years ago when they were in testing, along with a custom build of node 13 and an outdated driver for a proprietary database...).
Not sure I believe it's a good idea, but now I know it's possible.
I would pay 100$/month if they would solve the slow filesystem performance. Every workaround solution has some problems, most often high latency or simply stopping the sync.
1. Launch a container by specifying its image digest, not image ID [0] [1]. You can pull an image with a specific digest, but then it gets an ID that is unique to the image repository. Later deployments must use that different image ID. This makes deployment tooling needlessly complicated. And it breaks the security guarantees of the digest by allowing the repository to modify the image.
2. Copy a file into a container with docker-compose, without requiring Swarm [1].
Do financial problems explain their slowness? I wish they would just charge $100/year per seat for Docker for macOS and then fix the long-standing problems.
And sell a hosted tool to do trusted builds of docker images from hashed sources. Reproducible builds would be great, too.
[0] https://github.com/moby/moby/issues/16482#issuecomment-29782...
[1] https://windsock.io/explaining-docker-image-ids/#contentaddr...
[2] https://github.com/docker/compose/issues/5523