Skip to content

Is there interest in some form of MITM for build? #3959

Open
@apostasie

Description

@apostasie

What is the problem you're trying to solve

I have been messing around with build lately to get the nerdctl Dockerfile under control and speed-up and make more reliable the test-integration targets (will come soon in a different PR).

As part of that, I started MITM-ing network traffic from the build - initially using third party tools - but now I have a (very nasty) patch that does nerdctl build --mitm ... which captures traffic on its own, spitting out information about TLS or plain traffic information at the end of the build (domains, number of requests, size, time, errors, etc).

Question is: are we interested in incorporating such a thing in nerdctl main?

I can see a couple of reasons to do that:

  • do what I do - aka, audit the network traffic going on from building a specific Dockerfile (performance, security, reverse-engineering, whatever)
  • have some form of network error resiliency for build, by possibly retrying failing requests
  • have the ability to rewrite requests on the fly? (reverse-engineering again?)

The patch is currently awful but serves my purpose.

Turning it into something ready for mass-consumption is likely a lot of work, and I would rather check first if there is any interest in mainlining this.

Vote with your thumbs 👍🏽 👎🏽 :-)

Describe the solution you'd like

na

Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions