• Stars
    star
    120
  • Rank 295,983 (Top 6 %)
  • Language
    JavaScript
  • License
    Apache License 2.0
  • Created about 8 years ago
  • Updated almost 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Docker image verification system based on Ethereum

DaoChain

daochain daochain daochain

DaoChain is a decentralized application (Dapp) based on Ethereum, dedicated to solving the trust issues during sharing and trading of the digital assets (including Docker images) on the Internet.

logo

Why

The open Internet allows us to share data online so freely that it is unclear whether the data we got is maliciously tampered during data transmission. Although we could use RSA and PGP to guarantee the data credibility and security in peer-to-peer transmission on the internet, for most of time data is stored on public clouds. How to publish data and verify the data acquired in a convenient way become a problem.

Docker image distribution is a typical example of data dissemination via repository. The publisher builds an image on local machine, pushes the image to the remote repository,where other users can then pull the image. In this process, how to make sure that the image pulled is the original version released by publisher? How to make sure that there is no revision from hosting provider or in dissemination? How to mark the ownership of property?

Repository being hacked by hacker:

hack

DaoChain is developed as a solution to these problems. By storing the information on a decentralized blockchain network, we can eliminate the possibility of the data being easily tampered in a centralized network. The offline signature and verification makes the data publishing and acquisition more convenient and secure.

How

Now you know the image is hacked:

secure

The image publisher calculates the hash of the image on the local machine and then writes the message into the blockchain. The cryptography on the blockchain guarantees no forgery in this process, so publisher can safely share the image on public registry.

Image users can calculate the hash of the image they pulled from the public registry, and compare it with the hash that publisher stored in the blockchain. This can verify whether the image is identical to the original version from publisher.

Project Structure

We choose Ethereum among so many blockchain implements to build the DaoChain. The Ethereum is a public blockchain-based distributed computing platform that supports Smart Contract. It provides a decentralized virtual machine called Ethereum Virtual Machine (EVM) that can execute peer-to-peer contracts.

DaoChain consists of four parts:

Project Structure:

structure

Smart Contract

DaoChain’s Smart Contract is written in solidity using truffle framework.

In the directory of contract/contracts, there are two smart contracts (Migrations.sol is for deploying contracts). Currently we are using DaoHubVerify.sol. The contract defines a data structure:

mapping(address => mapping(bytes => Image)) ownerIdImageMap;

Verification process:

flow

The other smart contract, DaoHubAccount.sol, features functionality of mapping the account of Ethereum and image hosting provider. DaoChain will support this contract in the future version, to fully support the complete decentralization and the image offline verification.

Ethereum Client

DaoChain uses the official Ethereum client go-ethereum, and eth-net-intelligence-api for metrics collection.

Local Server

The Local server is written in Python and includes two parts:

  • Local Server:running in the local container, communicating with Docker and Ethereum Client via Docker API and JSONRPC respectively, and providing the REST API to WebUI and CLI.
  • Command-line tool:A CLI tool to use DaoChain(WIP).

When the Docker image is pushed to Registry, a hash will be generated but the value will not change with image content. We calculate SHA256 hash of the tar file content saved with docker save, which only represents the certain image.

Note: the current algorithm is relatively low efficiency and will be improved in the future.

WebUI

DaoChain’s WebUI uses AngularJS and DaoStyle – a Angular component library by DaoCloud.

Goals

  • Content Trust Verification
  • Support Third-party Registry
  • Image Trade
  • Decentralized Registry

QuickStart

  1. Clone the repo and run with docker-compose

    git clone https://github.com/DaoCloud/daochain.git
    cd daochain
    docker-compose up -d
    
  2. Open WebUI (http://127.0.0.1:8000)

TODO

  • Tests and Documentation
  • Command-Line Tool
  • Better Image Hashing
  • Peer Discovery
  • Offline Verifying

Contribution (Chinese)

Please refer to CONTRIBUTION.md

License

Apache License 2.0

More Repositories

1

public-image-mirror

很多镜像都在国外。比如 gcr 。国内下载很慢,需要加速。致力于提供连接全世界的稳定可靠安全的容器镜像服务。
Shell
5,515
star
2

crproxy

CRProxy (Container Registry Proxy) is a generic image proxy
Go
299
star
3

dao-2048

2048 is a number puzzle game.
JavaScript
206
star
4

DaoCloud-docs

DaoCloud Enterprise 5.0 Documentation
Python
178
star
5

dao-style

🎉 A high quality component library built on Vue.js 2.0
Vue
119
star
6

public-binary-files-mirror

很多 binary 文件 都在国外。国内下载很慢,需要加速。
Go
74
star
7

python-ipython-notebook

Shell
69
star
8

dao

Docker Toolkit 运维套件
Go
65
star
9

php-laravel-mysql-sample

PHP
47
star
10

docker-mirror

docker hub mirror, Docker镜像加速器
46
star
11

php-apache-image

Shell
37
star
12

php-apache-mysql-sample

PHP
32
star
13

public-helm-charts-mirror

This repository contains Helm charts served by DaoCloud
Python
31
star
14

python-django-sample

Python
31
star
15

python-mysql-sample

Sample application in python and mysql
Python
26
star
16

python-sample-base-image

22
star
17

secure-python-sample

Python
20
star
18

golang-mongo-sample

Sample application in golang
Go
19
star
19

ckube

Kubernetes APIServer 高性能代理组件,代理 APIServer 的 List 请求,其它类型的请求会直接反向代理到原生 APIServer。 CKube 还额外支持了分页、搜索和索引等功能。 并且,CKube 100% 兼容原生 kubectl 和 kube client sdk,只需要简单的配置即可实现全局替换。
Go
18
star
20

node-mongo-sample

node-mongo-sample
JavaScript
14
star
21

library-image

Maintain the images synced from dockerhub
14
star
22

karmada-operator1

Go
12
star
23

php-sample

PHP
12
star
24

ghost

ghost blog
JavaScript
11
star
25

example-voting-app

Example Docker Compose app
JavaScript
11
star
26

dce-charts-repackage

helm repo add daocloud https://daocloud.github.io/dce-charts-repackage/
Mustache
11
star
27

python-django-cd-sample

Continous Delivery Sample
Python
10
star
28

daocloud-doc

10
star
29

python-redis-sample

Sample application in python and redis
Python
10
star
30

php-newrelic-sample

PHP
9
star
31

docker-demo-spring-boot

Shell
9
star
32

ropee

A scalable prometheus remote storage adapter for splunk.
Go
8
star
33

daocloud-api-docs

DaoCloud OpenAPI docs
Python
8
star
34

docker-demo-java-tomcat

Java
8
star
35

docker-demo-java-mongo

Java
6
star
36

help.daocloud.io

http://help.daocloud.io
Shell
6
star
37

golang-redis-sample

Go
5
star
38

dao-tomcat

Shell
5
star
39

dao-mysql

Shell
5
star
40

dao-wordpress

PHP
4
star
41

golang-mysql-sample

Go
4
star
42

ruby-mysql-sample

Ruby
3
star
43

dce-windows-demos

JavaScript
3
star
44

storage-charts-repackage

Mustache
3
star
45

golang-influxdb-sample

Go
3
star
46

dao-redis

Shell
2
star
47

influxdb_sample

draw a sine line into influxdb
Python
2
star
48

dao-runtime

Repo for a runtime implementation in a tenant environment
Python
2
star
49

dao-phpmyadmin

PHP
2
star
50

hiring

2
star
51

dao-proxy

Automated Discovery Nginx Proxy, makes Docker Compose work like Heroku with 3 lines of code.
Go
2
star
52

kubernetes-images

2
star
53

spring-boot-sample

Java
2
star
54

dce-Jenkins-plugin

JavaScript
1
star
55

ci-images

Shell
1
star
56

df-front-end-demo

df-front-end-demo
HTML
1
star
57

spring-boot-demo

Shell
1
star
58

alpine

Alpine Linux 3.3 with glibc
1
star
59

dce-plugin-sdk-py

DCE plugin SDK for Python.
Python
1
star
60

phpmyadmin

PHP
1
star
61

golang-rabbitmq-sample

Go
1
star
62

benchmark-tools

benchmark for DCE
1
star
63

tomcat

给 tomcat 镜像增加默认 JAVA_OPTS 限制内存使用量
Python
1
star
64

daovoice-wp-plugin

DaoVoice plugin for wordpress .
PHP
1
star