-
Notifications
You must be signed in to change notification settings - Fork 19
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
7 changed files
with
121 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| CI_PKGBUILD_SOURCE=aur |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| REQ_ORIGIN=github/3408 | ||
| REQ_REASON=request |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,29 @@ | ||
| pkgbase = docker-rootless-extras | ||
| pkgdesc = Extras to run docker as non-root. | ||
| pkgver = 27.4.0 | ||
| pkgrel = 1 | ||
| url = https://docs.docker.com/engine/security/rootless/ | ||
| install = docker-rootless-extras.install | ||
| arch = x86_64 | ||
| arch = aarch64 | ||
| license = Apache | ||
| depends = docker | ||
| depends = rootlesskit | ||
| depends = slirp4netns | ||
| optdepends = fuse-overlayfs: overlayfs support | ||
| provides = docker-rootless | ||
| provides = docker-rootless-extras | ||
| provides = docker-rootless-extras-bin | ||
| conflicts = docker-rootless | ||
| conflicts = docker-rootless-extras | ||
| conflicts = docker-rootless-extras-bin | ||
| source = dockerd-rootless-27.4.0.sh::https://raw.githubusercontent.com/moby/moby/v27.4.0/contrib/dockerd-rootless.sh | ||
| source = dockerd-rootless-setuptool-27.4.0.sh::https://raw.githubusercontent.com/moby/moby/v27.4.0/contrib/dockerd-rootless-setuptool.sh | ||
| source = docker.socket | ||
| source = 99-docker-rootless.conf | ||
| sha256sums = 5a4fcf228be8e5d2fd6c0676c858372a2afb95144675d02f215301272c344f65 | ||
| sha256sums = d6ddae456cc5ecdd5285035d24ad3546898872e5c4d407718ced0d4fa19031ff | ||
| sha256sums = d8695293e5d4a814763f13e1d36ed37273040666b4b91363d6c33171df8934c7 | ||
| sha256sums = d0d790d4c3d887b10b2b155b83a58a44980b9fa638f8c0f1faec0739dc0ef473 | ||
|
|
||
| pkgname = docker-rootless-extras |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| kernel.unprivileged_userns_clone=1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| # Maintainer: Ľubomír 'the-k' Kučera <lubomir.kucera.jr at gmail.com> | ||
| # Contributor: Hugo Osvaldo Barrera <[email protected]> | ||
| # Contributor: PastLeo <[email protected]> | ||
| # Contributor: koba1t <kobdotsh at gmail dot com> | ||
|
|
||
| pkgname=docker-rootless-extras | ||
| pkgver=27.4.0 | ||
| pkgrel=1 | ||
| pkgdesc="Extras to run docker as non-root." | ||
| arch=('x86_64' 'aarch64') | ||
| url="https://docs.docker.com/engine/security/rootless/" | ||
| license=('Apache') | ||
| depends=('docker' 'rootlesskit' 'slirp4netns') | ||
| optdepends=('fuse-overlayfs: overlayfs support') | ||
| provides=('docker-rootless' 'docker-rootless-extras' 'docker-rootless-extras-bin') | ||
| conflicts=('docker-rootless' 'docker-rootless-extras' 'docker-rootless-extras-bin') | ||
| install=$pkgname.install | ||
| source=( | ||
| "dockerd-rootless-${pkgver}.sh::https://raw.githubusercontent.com/moby/moby/v${pkgver}/contrib/dockerd-rootless.sh" | ||
| "dockerd-rootless-setuptool-${pkgver}.sh::https://raw.githubusercontent.com/moby/moby/v${pkgver}/contrib/dockerd-rootless-setuptool.sh" | ||
| "docker.socket" | ||
| "99-docker-rootless.conf") | ||
|
|
||
| sha256sums=('5a4fcf228be8e5d2fd6c0676c858372a2afb95144675d02f215301272c344f65' | ||
| 'd6ddae456cc5ecdd5285035d24ad3546898872e5c4d407718ced0d4fa19031ff' | ||
| 'd8695293e5d4a814763f13e1d36ed37273040666b4b91363d6c33171df8934c7' | ||
| 'd0d790d4c3d887b10b2b155b83a58a44980b9fa638f8c0f1faec0739dc0ef473') | ||
|
|
||
| package() { | ||
| install -Dm755 "$srcdir/dockerd-rootless-${pkgver}.sh" "$pkgdir/usr/bin/dockerd-rootless.sh" | ||
| install -Dm644 "$srcdir/docker.socket" "$pkgdir/usr/lib/systemd/user/docker.socket" | ||
| install -Dm644 "$srcdir/99-docker-rootless.conf" "$pkgdir/usr/lib/sysctl.d/99-docker-rootless.conf" | ||
|
|
||
| # The systemd service file is bundled inside the setup script. The script is | ||
| # unsuitable to run in this PKGBUILD, since it tampers with $HOME and other | ||
| # similar paths, so would mess up the environment for users who run | ||
| # `makepkg` on their host. | ||
| # TODO: Send a patch upstream so we can make the script JUST print this. | ||
| awk '/Unit/,/EOT/' "$srcdir/dockerd-rootless-setuptool-$pkgver.sh" \ | ||
| | head -n-1 \ | ||
| | sed 's/^[[:space:]]*//' \ | ||
| | sed 's|$BIN|/usr/bin|' \ | ||
| | sed 's|\\$MAINPID|$MAINPID|' \ | ||
| | sed 's| $DOCKERD_ROOTLESS_SH_FLAGS||' \ | ||
| > "$pkgdir/usr/lib/systemd/user/docker.service" | ||
|
|
||
| # Remove the $PATH override, since this will be dependant on $PATH at build | ||
| # time and is usually undesirable. | ||
| # TODO: Patch this upstream. | ||
| sed -i '/Environment=PATH=/d' "$pkgdir/usr/lib/systemd/user/docker.service" | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| post_install() { | ||
| sysctl --system | ||
| cat <<EOF | ||
|
|
||
| === Post installation message from docker-rootless === | ||
| This is based on https://docs.docker.com/engine/security/rootless/ | ||
| To Run the Docker daemon as a non-root user (Rootless mode) for ArchLinux, you need to do the following things: | ||
|
|
||
| 1. Configure subuid and subgid | ||
|
|
||
| Create '/etc/subuid' and '/etc/subgid' with the following: | ||
|
|
||
| testuser:231072:65536 | ||
| # replace 'testuser' with your username. | ||
|
|
||
| 2. Enable socket-activation for the user service: | ||
|
|
||
| systemctl --user enable --now docker.socket | ||
|
|
||
| 3. Finally set docker socket environment variable: | ||
|
|
||
| export DOCKER_HOST=unix://\$XDG_RUNTIME_DIR/docker.sock | ||
|
|
||
| You can also add it to '~/.bashrc' or somewhere alike. | ||
|
|
||
| ========= | ||
| EOF | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| [Unit] | ||
| Description=Docker Socket for the API | ||
|
|
||
| [Socket] | ||
| ListenStream=%t/docker.sock | ||
| SocketMode=0660 | ||
|
|
||
| [Install] | ||
| WantedBy=sockets.target |
af37d6fThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#3408