diff options
author | PastLeo | 2019-12-02 16:08:01 +0800 |
---|---|---|
committer | PastLeo | 2019-12-02 16:34:53 +0800 |
commit | 09eb406a09642732754e12a75468e0fecf51666d (patch) | |
tree | bac24a0d57427f18a5f7a2f7f651bbb90d4e57eb | |
download | aur-09eb406a09642732754e12a75468e0fecf51666d.tar.gz |
create AUR docker-rootless
-rw-r--r-- | .SRCINFO | 17 | ||||
-rw-r--r-- | .gitignore | 3 | ||||
-rw-r--r-- | PKGBUILD | 25 | ||||
-rw-r--r-- | docker-rootless.install | 28 | ||||
-rw-r--r-- | docker.service | 23 |
5 files changed, 96 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..a7a63e32b000 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,17 @@ +pkgbase = docker-rootless + pkgdesc = Run the Docker daemon as a non-root user (Rootless mode) + pkgver = 1 + pkgrel = 1 + url = https://docs.docker.com/engine/security/rootless/ + install = docker-rootless.install + arch = x86_64 + license = Apache + depends = docker + provides = docker-rootless + source = https://master.dockerproject.org/linux/x86_64/docker-rootless-extras.tgz + source = docker.service + md5sums = 943e113aedab4ee159977d9d16f7e712 + md5sums = 30a7a07f461b6c9f2f068a9505ba79bc + +pkgname = docker-rootless + diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000000..1d1b73b03d7b --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +docker-rootless-* +src +pkg diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..dd015edfa7f2 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,25 @@ +# Maintainer: PastLeo <chgu82837@gmail.com> +pkgname=docker-rootless +pkgver=1 +pkgrel=1 +pkgdesc="Run the Docker daemon as a non-root user (Rootless mode)" +arch=('x86_64') +url="https://docs.docker.com/engine/security/rootless/" +license=('Apache') +depends=('docker') +provides=('docker-rootless') +install=docker-rootless.install +source=( + "https://master.dockerproject.org/linux/x86_64/docker-rootless-extras.tgz" + "docker.service" +) +md5sums=( + "943e113aedab4ee159977d9d16f7e712" + "30a7a07f461b6c9f2f068a9505ba79bc" +) + +package() { + mkdir -p "$pkgdir/usr/bin/" + install -Dm755 "$srcdir/docker-rootless-extras/"* "$pkgdir/usr/bin/" + install -Dm644 "$srcdir/docker.service" "$pkgdir/usr/lib/systemd/user/docker.service" +} diff --git a/docker-rootless.install b/docker-rootless.install new file mode 100644 index 000000000000..db36f507a6b6 --- /dev/null +++ b/docker-rootless.install @@ -0,0 +1,28 @@ +post_install() { + cat <<EOT + +=== Post installation message from docker-rootless === +This is based on https://docs.docker.com/engine/security/rootless/ +To Run the Docker daemon as a non-root user (Rootless mode) for ArchLinux, you need to do the following things: + +1. configure kernel settings + +create '/etc/sysctl.d/99-docker-rootless.conf': 'kernel.unprivileged_userns_clone=1' + +and then run: 'sudo sysctl --system' + +> see https://docs.docker.com/engine/security/rootless/#distribution-specific-hint for detailed information + +2. configure subuid and subgid + +and create '/etc/subuid' and '/etc/subgid' with: 'testuser:231072:65536' (for example, 'testuser' is username) + +> see https://docs.docker.com/engine/security/userns-remap/#prerequisites for detailed information + +3. start and enable user service: 'systemctl --user status|start|stop docker' + +4. finally set docker socket environment variable: 'export DOCKER_HOST=unix://\$XDG_RUNTIME_DIR/docker.sock', you can also add it to '~/.bashrc' or somewhere alike +========= + +EOT +} diff --git a/docker.service b/docker.service new file mode 100644 index 000000000000..76ae83c29436 --- /dev/null +++ b/docker.service @@ -0,0 +1,23 @@ +[Unit] +Description=Docker Application Container Engine (Rootless) +Documentation=https://docs.docker.com + +[Service] +Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +Environment=DOCKERD_FLAGS="--experimental --storage-driver=vfs" +ExecStart=/usr/bin/dockerd-rootless.sh $DOCKERD_FLAGS +ExecReload=/bin/kill -s HUP $MAINPID +TimeoutSec=0 +RestartSec=2 +Restart=always +StartLimitBurst=3 +StartLimitInterval=60s +LimitNOFILE=infinity +LimitNPROC=infinity +LimitCORE=infinity +TasksMax=infinity +Delegate=yes +Type=simple + +[Install] +WantedBy=multi-user.target |