Estimated reading time: 17 minutes

Sep 21, 2016  We are happy to announce the addition of the new Office Products to the Office forum – Microsoft Forms and Microsoft Translator.. If you have questions about these products, please feel free to ask them here. Get started with Docker for Mac Estimated reading time: 16 minutes Welcome to Docker for Mac! Docker is a full development platform for creating containerized apps, and Docker for Mac is the best way to get started with Docker on a Mac.

Welcome to Docker Desktop!

The Docker Desktop for Mac section contains information about the Docker Desktop Community Stable release. For information about features available in Edge releases, see the Edge release notes. For information about Docker Desktop Enterprise (DDE) releases, see Docker Desktop Enterprise.

Docker is a full development platform to build, run, and share containerized applications. Docker Desktop is the best way to get started with Docker on Mac.

See Install Docker Desktop for download information, system requirements, and installation instructions.

Check versions

Ensure your versions of docker and docker-compose areup-to-date and compatible with Docker.app. Your output may differ if you arerunning different versions.

Explore the application

1. Open a command-line terminal and test that your installation works byrunning the simple Docker image,hello-world:

2. Start a Dockerized web server. Like the hello-world image above, if theimage is not found locally, Docker pulls it from Docker Hub.

3. In a web browser, go to http://localhost/ to view the nginx homepage.Because we specified the default HTTP port, it isn’t necessary to append:80 at the end of the URL.

   Early beta releases used docker as the hostname to build the URL. Now,ports are exposed on the private IP addresses of the VM and forwarded tolocalhost with no other host name set.

4. View the details on the container while your web server is running (withdocker container ls or docker ps):

5. Stop and remove containers and images with the following commands. Use the“all” flag (--all or -a) to view stopped containers.

Preferences

Choose the Docker menu > Preferences from themenu bar and configure the runtime options described below.

General

On the General tab, you can configure when to start and update Docker:

• Start Docker Desktop when you log in: Automatically starts Docker Desktop when you open your session.

• Automatically check for updates: By default, Docker Desktop automatically checks for updates and notifies you when an update is available. You can manually check for updates anytime by choosing Check for Updates from the main Docker menu.

• Include VM in Time Machine backups: Select this option to back up the Docker Desktop virtual machine. This option is disabled by default.

• Securely store Docker logins in macOS keychain: Docker Desktop stores your Docker login credentials in macOS keychain by default.

• Send usage statistics: Docker Desktop sends diagnostics, crash reports, and usage data. This information helps Docker improve and troubleshoot the application. Clear the check box to opt out.

Resources

The Resources tab allows you to configure CPU, memory, disk, proxies, network, and other resources.

Advanced

On the Advanced tab, you can limit resources available to Docker.

Advanced settings are:

CPUs: By default, Docker Desktop is set to use half the number of processorsavailable on the host machine. To increase processing power, set this to ahigher number; to decrease, lower the number.

Memory: By default, Docker Desktop is set to use 2 GB runtime memory,allocated from the total available memory on your Mac. To increase the RAM, set this to a higher number. To decrease it, lower the number.

Swap: Configure swap file size as needed. The default is 1 GB.

Disk image size: Specify the size of the disk image.

Disk image location: Specify the location of the Linux volume where containers and images are stored.

You can also move the disk image to a different location. If you attempt to move a disk image to a location that already has one, you get a prompt asking if you want to use the existing image or replace it.

File sharing

Choose the local directories you’d like to share with your containers. File sharing is required for volume mounting if the project lives outside of the /Users directory. In that case, share the drive where the Dockerfile and volume are located. Otherwise, you get file not found or cannot start service errors at runtime`.

File share settings are:

• Add a Directory: Click + and navigate to the directory you want to add.

• Apply & Restart makes the directory available to containers using Docker’sbind mount (-v) feature.

  There are some limitations on the directories that can be shared:

  • It is not possible to share a directory that is a subdirectory of an already shared directory.
  • The directory must not exist inside of Docker.

For more information, see:

• Namespaces in the topic onosxfs file system sharing.
• Volume mounting requires file sharing for any project directories outside of/Users.)

Proxies

Docker Desktop detects HTTP/HTTPS Proxy Settings from macOS and automaticallypropagates these to Docker and to your containers. For example, if you set yourproxy settings to http://proxy.example.com, Docker uses this proxy whenpulling containers.

When you start a container, your proxy settings propagate into the containers.For example:

You can see from the above output that the HTTP_PROXY, http_proxy, andno_proxy environment variables are set. When your proxy configuration changes,Docker restarts automatically to pick up the new settings. If you have anycontainers that you would like to keep running across restarts, you should consider using restart policies.

Network

You can configure Docker Desktop networking to work on a virtual private network (VPN). Specify a network address translation (NAT) prefix and subnet mask to enable Internet connectivity.

Docker Engine

The Docker Engine page allows you to configure the Docker daemon to determine how your containers run.

Type a JSON configuration file in the box to configure the daemon settings. For a full list of options, see the Docker Engine dockerd commandlinereference.

Click Apply & Restart to save your settings and restart Docker Desktop.

Command Line

On the Command Line page, you can specify whether or not to enable experimental features.

Experimental features provide early access to future product functionality.These features are intended for testing and feedback only as they may changebetween releases without warning or can be removed entirely from a futurerelease. Experimental features must not be used in production environments.Docker does not offer support for experimental features.

To enable experimental features in the Docker CLI, edit the config.jsonfile and set experimental to enabled.

To enable experimental features from the Docker Desktop menu, clickSettings (Preferences on macOS) > Command Line and then turn onthe Enable experimental features toggle. Click Apply & Restart.

On both Docker Desktop Edge and Stable releases, you can toggle the experimental features on and off. If you toggle the experimental features off, Docker Desktop uses the current generally available release of Docker Engine.

You can see whether you are running experimental mode at the command line. IfExperimental is true, then Docker is running in experimental mode, as shownhere. (If false, Experimental mode is off.)

Kubernetes

Docker Desktop includes a standalone Kubernetes server that runs on your Mac, sothat you can test deploying your Docker workloads on Kubernetes.

The Kubernetes client command, kubectl, is included and configured to connectto the local Kubernetes server. If you have kubectl already installed andpointing to some other environment, such as minikube or a GKE cluster, be sureto change context so that kubectl is pointing to docker-for-desktop:

If you installed kubectl with Homebrew, or by some other method, andexperience conflicts, remove /usr/local/bin/kubectl.

• To enable Kubernetes support and install a standalone instance of Kubernetesrunning as a Docker container, select Enable Kubernetes. To set Kubernetes as thedefault orchestrator, select Deploy Docker Stacks to Kubernetes by default.

  Click Apply & Restart to save the settings. This instantiates images required to run the Kubernetes server as containers, and installs the/usr/local/bin/kubectl command on your Mac.

  When Kubernetes is enabled and running, an additional status bar item displaysat the bottom right of the Docker Desktop Settings dialog.

  The status of Kubernetes shows in the Docker menu and the context points todocker-desktop.

• By default, Kubernetes containers are hidden from commands like dockerservice ls, because managing them manually is not supported. To make themvisible, select Show system containers (advanced) and click Apply andRestart. Most users do not need this option.

• To disable Kubernetes support at any time, clear the Enable Kubernetes check box. TheKubernetes containers are stopped and removed, and the/usr/local/bin/kubectl command is removed.

  For more about using the Kubernetes integration with Docker Desktop, seeDeploy on Kubernetes.

Reset

Reset and Restart options

On Docker Desktop Mac, the Restart Docker Desktop, Reset to factory defaults, and other reset options are available from the Troubleshoot menu.

For information about the reset options, see Logs and Troubleshooting.

Dashboard

The Docker Desktop Dashboard enables you to interact with containers and applications and manage the lifecycle of your applications directly from your machine. The Dashboard UI shows all running, stopped, and started containers with their state. It provides an intuitive interface to perform common actions to inspect and manage containers and existing Docker Compose applications. For more information, see Docker Desktop Dashboard.

Add TLS certificates

You can add trusted Certificate Authorities (CAs) (used to verify registryserver certificates) and client certificates (used to authenticate toregistries) to your Docker daemon.

Add custom CA certificates (server side)

All trusted CAs (root or intermediate) are supported. Docker Desktop creates acertificate bundle of all user-trusted CAs based on the Mac Keychain, andappends it to Moby trusted certificates. So if an enterprise SSL certificate istrusted by the user on the host, it is trusted by Docker Desktop.

To manually add a custom, self-signed certificate, start by adding thecertificate to the macOS keychain, which is picked up by Docker Desktop. Here isan example:

Or, if you prefer to add the certificate to your own local keychain only (ratherthan for all users), run this command instead:

See also, Directory structures forcertificates.

Note: You need to restart Docker Desktop after making any changes to thekeychain or to the ~/.docker/certs.d directory in order for the changes totake effect.

For a complete explanation of how to do this, see the blog post AddingSelf-signed Registry Certs to Docker & Docker Desktop forMac.

Add client certificates

You can put your client certificates in~/.docker/certs.d/<MyRegistry>:<Port>/client.cert and~/.docker/certs.d/<MyRegistry>:<Port>/client.key.

When the Docker Desktop application starts, it copies the ~/.docker/certs.dfolder on your Mac to the /etc/docker/certs.d directory on Moby (the DockerDesktop xhyve virtual machine).

• You need to restart Docker Desktop after making any changes to the keychainor to the ~/.docker/certs.d directory in order for the changes to takeeffect.

• The registry cannot be listed as an insecure registry (see DockerDaemon). Docker Desktop ignores certificates listedunder insecure registries, and does not send client certificates. Commandslike docker run that attempt to pull from the registry produce errormessages on the command line, as well as on the registry.

Directory structures for certificates

If you have this directory structure, you do not need to manually add the CAcertificate to your Mac OS system login:

The following further illustrates and explains a configuration with customcertificates:

You can also have this directory structure, as long as the CA certificate isalso in your keychain.

To learn more about how to install a CA root certificate for the registry andhow to set the client TLS certificate for verification, see Verify repositoryclient with certificates in the Docker Enginetopics.

Install shell completion

Docker Desktop comes with scripts to enable completion for the docker and docker-compose commands. The completion scripts may befound inside Docker.app, in the Contents/Resources/etc/ directory and can beinstalled both in Bash and Zsh.

Bash

Bash has built-in support forcompletion To activate completion for Docker commands, these files need to becopied or symlinked to your bash_completion.d/ directory. For example, if youinstalled bash via Homebrew:

Add the following to your ~/.bash_profile:

OR

Zsh

In Zsh, the completionsystem takes care of things. To activate completion for Docker commands,these files need to be copied or symlinked to your Zsh site-functions/directory. For example, if you installed Zsh via Homebrew:

Give feedback and get help

To get help from the community, review current user topics, join or start adiscussion, log on to our Docker Desktop for Macforum.

To report bugs or problems, log on to Docker Desktop for Mac issues onGitHub,where you can review community reported issues, and file new ones. See Logsand Troubleshooting for more details.

For information about providing feedback on the documentation or update it yourself, see Contribute to documentation.

Docker Hub

Select Sign in /Create Docker ID from the Docker Desktop menu to access your Docker Hub account. Once logged in, you can access your Docker Hub repositories and organizations directly from the Docker Desktop menu.

For more information, refer to the following Docker Hub topics:

Two-factor authentication

Docker Desktop enables you to sign into Docker Hub using two-factor authentication. Two-factor authentication provides an extra layer of security when accessing your Docker Hub account.

You must enable two-factor authentication in Docker Hub before signing into your Docker Hub account through Docker Desktop. For instructions, see Enable two-factor authentication for Docker Hub.

After you have enabled two-factor authentication:

1. Go to the Docker Desktop menu and then select Sign in / Create Docker ID.

2. Enter your Docker ID and password and click Sign in.

3. After you have successfully signed in, Docker Desktop prompts you to enter the authentication code. Enter the six-digit code from your phone and then click Verify.

After you have successfully authenticated, you can access your organizations and repositories directly from the Docker Desktop menu.

Where to go next

• Try out the walkthrough at Get Started.

• Dig in deeper with Docker Labs examplewalkthroughs and source code.

• For a summary of Docker command line interface (CLI) commands, see Docker CLIReference Guide.

• Check out the blog post, What’s New in Docker 17.06 Community Edition(CE).

Electrum is one of Bitcoin’s oldest and best-known wallets. Users running this software are trusting their private keys to it. To reduce the risk of running malware, users can verify the authenticity of Electrum downloads before using them. This tutorial describes how to do so on OSX. A procedure for verifying Electrum on Windows is also available.

Any piece of software that handles your private keys can steal them or sign transactions you never authorized. This makes Bitcoin wallets especially profitable targets for malware authors. They begin by tweaking some of the open source code. Then they distribute the result, which looks identical to the authentic version. When the unwitting user enters the private key or seed, the wallet steals the funds. The loss is irreversible and can be life-changing.

This is far from a theoretical attack. For example, in 2017 a Reddit user reported that a phishing site was deploying malware through a forged copy of Electrum, resulting in the loss of five bitcoin. The phishing site was followed as the first advertising link from a Google search.

Many Bitcoin users are familiar with the idea of digital signatures. The same idea can be applied to software downloads. The developer signs a download with a private key. Users verify the download using the developer’s public key. A forged file that changes a single bit can be detected with this system, as can a developer who attempts to apply an invalid signature. The standard method for signing binaries is known as Pretty Good Privacy (PGP). Implementations are available for all operating systems.

A popular PGP implementation on OSX is GPG Suite. Begin by downloading the installer from the main page.

We are immediately faced with a dilemma: how do we know that our copy of GPG Suite is authentic? We can’t verify a signature because if we could do that we wouldn’t need GPG Suite.

Fortunately, we can verify the installer’s hash value. Think of a hash value as an immutable, unique identifier that can be assigned to any file. OSX allows hash values to be checked with the shasum utility. shasum is run from the Terminal application. To access Terminal, press command-spacebar and type “Terminal”. You’ll see a mostly empty window with a prompt after a dollar sign (“$”). Commands are entered, in text form, after this prompt.

From Terminal, enter the following two commands:

where:

• {hash} is the string of characters that appears at the bottom of the GPG Tools page after clicking on the “SHA256” link;
• {filename} is the name of the GPG Suite installer you downloaded; and
• two spaces appear between {hash} and {filename}.

For example, On November 1, 2017, I downloaded a file named GPG_Suite-2017.1.dmg and its SHA256 hash value was:

01705da33b9dadaf5282d28f9ef58f2eb7cd8ff6f19b4ade78861bf87668a061

I would then enter the following two commands into Terminal (leaving out the dollar signs):

The first command moves my frame of file reference to the Downloads directory. The second command verifies the checksum of the file I downloaded. You should see a response that looks something like:

GPG_Suite-2017.1.dmg: OK

Notice that an attacker who was able to change the GPG Suite website might be able to give you the correct hash value for a fake copy of the installer. This is one of the limitations of using hash values to authenticate downloads.

After downloading and verifying the hash value of GPG Suite installer, double click on it. An installer window will be presented. Double click on the one named Install.pkg. Enter your system password when prompted and follow the remaining instructions.

You will be asked to generate a new key pair. For the purposes of verifying Electrum, this step can be skipped. Click the Cancel button.

GPG Tools should present a window containing a single key entry — the one for the GPG Suite team. Before validating the Electrum download signature, we’ll need to add the public key of its developer to our list.

Thomas Voegtlin is the Electrum lead developer. The Electrum site reports his key ID as 0x2bd5824b7f9470e6. Use this value to look up Voegtlin’s public key. Click the GPG Keychain “Lookup Key” button and enter the developer key ID. The click Search.

GPG Keychain should respond with an entry for Thomas Voegtlin’s public key. Click Retrieve Key.

Download

GPG Keychain should report that Thomas Voegtlin’s public key was added. You’ll now see two key entries: the original for the GPGTools Team and a new one for Electrum’s lead developer. We can now verify the signature of any Electrum installer.

Browse to the Electrum download page. Next to the OSX entry are two links. Click the first one titled “Executable” to download the Electrum installer. Save it to your Downloads folder.

Twitter Verify Download

Click the second link titled “signature.” This link takes you to a plain text page representing the installer’s signature. Save it by pressing command-s. Be sure to save it to the the Downloads folder. Remove the last four characters of the file name reading .txt, but leave it otherwise unmodified.

You should see two files in your Downloads folder: electrum-{version}.dmg and electrum-{version}.dmg.asc, where {version} is the version of Electrum you downloaded. The former file is the installer itself and the latter is the signature file.

To verify the signature of the installer, right click on it. A context menu will appear whose last item is called Services. Hovering over it presents a submenu. One of its entries will be “OpenPGP: Verify Signature of File.” Click it.

You should be presented with a window titled “Verification Results.” A single line should appear. The first entry gives the installer’s filename. The second gives the result of the verification. You should see text beginning with “Signed by: Thomas Voegtlin”. The line will be appended with the bolded text “undefined trust.”

At this stage, you’ve verified the signature of an Electrum installer. You could, however, take this process one step further by signing Thomas Voegtlin’s public key. Doing so will remind you in the future that you trust that this key really does belong to Electrum’s lead developer. Only take this step if you have independently verified that the key really does belong to Thomas Voegtlin.

Begin by creating a key pair for yourself, which is the step we skipped when setting up GPG Keychain. Click on the New button on the main GPG Keychain interface. Doing so brings up a form. Fill it out. Click Generate Key. There is no reason to publish this key, so decline that offer.

When you’re done, you should see a new public key in the keys list. It’s your own.

Next, sign Thomas Voegtlin’s public key. Begin by right-clicking on it. Choose the Sign option from the popup menu. Accept the defaults and click Generate Signature.

Verifying the signature of any Electrum installer in the future will present a somewhat different message than before. Instead of “undefined trust,” GPG Keychain will report “full trust” in green.

Signature validation should be used for any wallet destined to hold large sums of money. Given that wallets holding spare change today can grow to become wallets holding substantial sums tomorrow, signature verification should be the first step of any Electrum wallet installation. This guide offers a step-by-step procedure for doing so. Once set up, it can be used to verify the signature of any future Electrum release, and other Bitcoin software as well.

Free Downloads For Mac

To recap, the steps are:

Games Download For Mac

1. Download GPG Suite.
2. Verify the GPG Suite checksum.
3. Import the public key for Electrum’s lead developer.
4. Download Electrum installer and signature.
5. Verify the Electrum installer signature.