On-Premises Container Registry for OCI/docker and singularity/apptainer
What Am I
(buckethead) - I can store, retrieve and manage OCI and singularity/apptainer containers in a central library.
Compatible with/re-implementation of the singularity library protocol and the OCI distribution spec.
Features
Hinkskalle is supposed to be lightweight! If you need more (and a more mature system), take a look at https://github.com/singularityhub/sregistry!
- simple container storage on local or network filesystems
- local users + LDAP authentication
- minimal permission system
Singularity+Apptainer
- full library:// protocol (should be compatible to sylabs cloud), including architecture specific tags and signed containers (with public pgp keyserver or additional software)
- shub:// pull only for legacy clients and pipelines
- oras:// protocol support for push and pull (not very well tested)
OCI/docker/podman
- OCI distribution spec compliance for docker and oras (not very well tested)
Clients
We can talk to:
Also check out the Hinkskalle API + CLI:
GnuPG Keyserver
Signed and verified images require a central lookup of public keys. singularity provides the keys subcommand to manage your keys, upload them and search for public keys.
Since singularity can talk to any (public or not) keyserver, Hinkskalle does not come with keyserver functionality. Instead you can point it either to any keyserver (see https://sks-keyservers.net/ for a list) or run something like HockeyPuck yourself.
Prerequisites
Hinkskalle requires Python3+. A SQL database server (PostgreSQL, MySQL, …) is recommended, but entirely optional (sqlite is fine).