Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

debatable improvements #3

Merged
merged 4 commits into from
Mar 15, 2024
Merged

debatable improvements #3

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3bff42c
index: first occurence of OCI made into link
supakeen Mar 15, 2024
614c5bb
index: make use of 'both'
supakeen Mar 15, 2024
459e488
index: apps -> applications
supakeen Mar 15, 2024
ff82655
index: capitalize Bootable Container Images
supakeen Mar 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 4 additions & 5 deletions index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@ title: Goals
layout: home
---

## Image Based Linux with Bootable container images
## Image Based Linux with Bootable Container Images
supakeen marked this conversation as resolved.
Show resolved Hide resolved

Over the last decade, OCI containers have become a de facto way to deploy a complete functioning Linux user space as an application.
Over the last decade, [OCI containers](https://specs.opencontainers.org/image-spec/) have become a de facto way to deploy a complete functioning Linux user space as an application.
A large set of practices and tooling has evolved around them.
Bootable containers are a modern opinionated way of deploying, configuring and managing immutable image based Linux systems.

Expand All @@ -24,9 +24,8 @@ The system either uses the contents of the old system, or the new image; Never s
Updates can be delayed or scheduled.
This default behavior can be adapted or controlled by a larger management system.

1. It should always be possible to factory reset back to both the known built behavior of the system.
It is always possible to rollback to a previous behavior if an updated image does not function correctly.
1. It should always be possible to factory reset back to either the known built behavior of the system or roll back to previous behavior if an updated image does not function correctly.

1. A cryptographic trust chain that runs from the hardware, through the boot loader, through the operating system all the way to the apps ensures that only the expected code is run, and the contents of the operating system and applications have not been changed unexpectedly.
1. A cryptographic trust chain that runs from the hardware, through the boot loader, through the operating system all the way to the applications ensures that only the expected code is run, and the contents of the operating system and applications have not been changed unexpectedly.
If something has been changed, or changes at runtime unexpectedly, the system can alert or stop.
The builder of the images can sign the images with keys that are under their own control, or of course build images and deploy systems without a trust chain.
Loading