Bocker: Docker implemented in around 100 lines of Bash (2015)

I guess a lot of us had stories like this. I needed to package a bunch of things into a single environment where a VM was unsuitable. I cooked up something using chroot, deb-bootstrap and make an installer using makeself. It created a mini debian inside /opt which held the software and all the dependencies I needed (mysql etc.). Worked pretty well and the company I made this for used it till they got acquired in 2016 or so.

More generally though, implementing a crude version of a larger application is one of the best ways of learning how things work inside it. I'm a big fan of the approach.

FYI, I think you forgot some important quotes in your script. Try shellcheck?

> mkdir -p $(dirname "$2")

I managed to coax my 8" tablet turned horizontal to give me about 80x22 at a size I could actually read.

Combine that with a ~10" bluetooth keyboard that fits comfortably in my leather jacket's inside pockets and I get to leave the house without carrying a bag and still sit and write code in the back corner of a handy beer garden.

Turns out to be surprisingly productive as well, probably because there's just enough extra friction to flipping to my usual distractions compared to a laptop that I tend to just take a sip of my beer while continuing to glare at the code instead.

Wow

shell-fu.org is great, would like to see comments of other users though

Rancher desktop is also a viable option and free. Many including my work moved to it after Docker's new licensing kicked in.

IMO the real magic of Docker was the Docker/OCI image format. It's a brilliant way to perform caching and distribute container images, and it's really what still differentiates the workflow from "full" VM's.

Docker Desktop on Mac is a handicapped, underprivileged mess. Docker cli for Mac with Colima is still underprivileged, but at least you can skip the bs license and Docker's gui. On Windows you can at least use Docker on WSL which works great. Why use Docker Desktop is beyond me.

I just use colima on macos, its a far better experience. Much lighter weight

Nah, they should have prioritized building some sort of PaaS solution like CloudRun, Render or Fly so they can sell that to enterprises for $$$. Instead they did half-baked docker swarm which never really worked reliably and then lost ground to k8s rapidly

A lot of popular wealthy systems are 'easy' to re-implement. I thought the value was in Docker images? Or is that not how Docker is used? The only way I've used it is to be able to import someone's virtual build setup so I could build something from years ago.

But Rancher Desktop does the same too (and is also open source).

I think Docker is really lucky that devs still think container=Docker.

Podman is in many aspects superior, while still being able to function as a drop in.

Docker for Windows and Mac are both bloated pieces of software, outperformed by Rancher Desktop and Orbstack.

Docker's only real innovation was the OCI format, which it had to give away for it to become an industry standard, and now doesn't own.

Docker for Mac is just unusable. They're not really adding any value there.

Great point! It is not shade at all, you are trying to normalize this which I like. For unpaid, volunteer, or hobby code feeling a _need_ because its public can make coding less fun or prevent people from sharing code publicly they otherwise would.

I feel like most — if not all — projects are never done. Knowing when to stop is important

I think it's good. I guess it's possible for something to be simply done, and you don't always have to have a bunch of next ideas, but I generally always have next ideas.

If there is always some next ideas then by definition you must always have todos that never get done. It should actually be the normal state of every single project.

When you start a project it's worth spending some time thinking about "non-goals" i.e. features that come to mind but that you intentionally are not going to implement. It's absolultely fine and often very helpful to have clear scope boundaries so you don't end up chasing rabbits and having projects that never feel "finished."

Totall ok! As soon as the program does what I want, and my task is complete, I stop developing. Software is not my hobby.

Literally a few days ago: https://news.ycombinator.com/item?id=42214873

Lazydocker sure looks interesting, but self-promotional ads - for products in an entirely different space - in an OSS project's README.md? Seriously? At least for me it is the first time I have come across anything like this. I'm wondering if advertising like this is even allowed under GitHub's TOS and AUP.

It's just a learning tool to see how docker works.

Docker is just a combination of kernel tech that already exists. Namespaces, cgroups, and union file systems and probably few others.

It hits the frontpage often because people assume that Docker is this super complex thing, but (at its most fundamental), it's actually quite elegant and understandable, which is interesting - a perfect HN story, in fact.

It's possible it's not climbing the front page to slight docker, but rather that people are seeing that docker is something useful and want to know how it works. Bocker can be an entrypoint into the technologies.

I'm bringing overlayfs to people at my company to save time on a lenghty CI process, and they are in awe at the speedup. But after demo-ing it to a few people I realized they could just use / (I could have brought them) docker.

I'm also quite impressed by cbsd - shttps://www.bsdstore.ru/en/about.html - though that's more of a 'maximum overkill' solution in spite of being a CLI/TUI driven tool.

Currently I'm going through a phase of building and managing jails with just the stuff in FreeBSD base, but that's entirely intended to only be a phase - it'll last until I have the way all of it fits together burned into my brain well enough to be confident debugging it, and then I'll stop banging rocks together and go back to using higher level tools like a sensible person :D

Absolutely, it adds a lot of value for a shell script that is about 100 LoC.

By the way it took me a while to get why it was named Bastille. As La Bastille was a castle built to defend Paris from English attacks during the Hundred Years' War, and then turned into a prison.

Should also be be /usr/local/bin.

On macOS/Windows/etc., docker is basically fancy chroot in a linux VM.

Yes, from the README:

> Bocker runs as root and among other things needs to make changes to your network interfaces, routing table, and firewall rules. I can make no guarantees that it won't trash your system.

Linux makes it quite hard to run "containers" as an unprivileged user. Not impossible! https://github.com/rootless-containers/rootlesskit is one approach and demonstrates much of the difficulty involved. Networking is perhaps the most problematic. Your choices are either setuid binaries (so basically less-root as opposed to root-less) or usermode networking. slirp4netns is the state of the art here as far as I know, but not without security and performance tradeoffs.

The issue you're running into is that to run docker on mac, you have to run it in a vm. Docker is fundamentally a linux technology, so first emulate x86_64 linux, then run the container. That's going to be slow.

There are native macos containers, but they arent very popular

Podman-Desktop can do it

What do you mean? It's been there for years: https://packages.debian.org/docker.io

It’s an old version, and I think it isn’t supported by Docker Inc (for the reasons mentioned in the sibling comment), but it’s there.

(a) Docker wants to bundle vendor libraries instead of using other packages and (b) Canonical uses LXD and MicroK8s instead.

Don’t we have them? I only casually use containers, but what about podman, runc, systemd-nspawn, LXC etc?

If Docker isn't open enough for you, check out Podman (now with extra CNCF).

Why not podman?