Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Docker-phobia: Analyze Docker image size with a treemap (github.com/remorses)
91 points by remorses 7 months ago | hide | past | favorite | 30 comments



Why does this need to pipe a script into bash from a non-github origin?

And in that script, you're actually piping another script from yet another domain (`https://goblin.reaper.im/`), where reaper.im looks like some kind of ad-infested parking domain?


You can also install it with go, I updated the readme

go install github.com/remorses/docker-phobia


Looks like goblin.run is a project that lets you install golang projects without having golang installed. OP should probably preface the installation script with this.


or just use, I don't know, docker?


> or just use, I don't know, docker?

The author is apparently afraid of docker, hence Docker-phobia.


touche!


Aren't go binaries statically compiled? Why is anything other than a static binary download and `chmod +x` even needed?


sure, for each arch.. or just use the thing that the tool is designed for as the distribution mechanism. A `docker run ...` is one step, not the two you're advocating.


Not using https is bad.

curl -sf http://goblin.run/github.com/remorses/docker-phobia | sh

Also why just include that shell script in the repo and have people curl that?


Goblin is a service that builds a go binary for your platform on the fly and downloads it in PATH. This is a much faster way than setting up Github Actions to build an executable for every possible platform on every release. You can also use go install if you know what you are doing.


> This is a much faster way than setting up Github Actions to build an executable for every possible platform on every release

It's not even that hard. Just use GoReleaser.

https://goreleaser.com/


And then later add a script that downloads the binary from Github releases. Doesn't improve the situation with curl script haters


I feel like the assumption is that GitHub would be more proactive about stopping malware being distributed from their platform.


curl should probably scream when it detects piping unencrypted wan (not local ips) connections to shell, sort of like what openssh does when a host’s fingerprint changes


How could curl detect where it's piped to?


Something like (in Python)

os.isatty(sys.stdout.fileno())


That doesn't say where it's piped though. It could be redirected to a file, or piped to something harmless like jq.


Iterate through /proc/<pid>/fd and check for the pipe id in the symlink target.


The shell would have to give the warning


Lol. This is an hilariously shady instruction. Is this a docker inside joke or something?


Cool, gonna try this soon. Would be great to use in combination with Dive (https://github.com/wagoodman/dive)


It says in the README it leverages Dive. Basically it's a visualization for Dive's JSON output, which I'd very much prefer to exist as exactly that -- something I can pipe Dive's JSON into. No need to wrap Dive for that.


Dive doesn't have a JSON output, I had to use the internal API to do it.


What do you mean? It's literally there:

  $ dive -j /dev/stdout alpine:edge
  Image Source: docker://alpine:edge
  Fetching image... (this can take a while for large images)
  Analyzing image...
  Exporting image to '/dev/stdout'...
  {
    "layer": [
      {
        "index": 0,
        "id": "blobs",
        "digestId": "sha256:8980900bae6f916f9dc1158ed71ee72566d7ad3f47f63fe19ba3ab7a4ef1a432",
        "sizeBytes": 7738376,
        "command": "#(nop) ADD file:5ba6edac87fa0feb475d0ddae7299210c6f2b69714784771ca86fcb6407ae8fc in / "
      }
    ],
    "image": {
      "sizeBytes": 7738376,
      "inefficientBytes": 0,
      "efficiencyScore": 1,
      "fileReference": []
    }
  }


Ran this instead of that scary pipe thru sh command

go install github.com/remorses/docker-phobia@latest


No thanks, this looks shady as hell.


I don't remember what this type of visualisation this is called, but I really like it for understanding disk use quickly. When I wish to drill into detail I find a list helps me more but the box layout is usually where I like to start.

Looking forward to trying this.


It's a treemap graph, frontend people use it all the time to analyze a website javascript bundle size, I created this so Docker people can make smaller images more easily


Sounds great, I'm looking forward to giving this a shot.


Why not just show it per layer and folder via plain text?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: