almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-29 18:22:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
dangerzone/rip_docker/README.md

80 lines
2.4 KiB
Markdown
Raw Blame History

# RIP Docker
Notes for removing the Docker Desktop dependency from Dangerzone.
## macOS
The most promising path forward is with [LinuxKit](https://github.com/linuxkit/linuxkit) and [HyperKit](https://github.com/moby/hyperkit). This is super helpful, a [LinuxKit config for Docker for Mac](https://github.com/linuxkit/linuxkit/blob/master/examples/docker-for-mac.md).
### Install Docker Desktop
Docker is required for linuxkit to build the VM image.
### Collect the binaries
```sh
mkdir -p bin
# download pre-built LinuxKit binary
cd bin
wget https://github.com/linuxkit/linuxkit/releases/download/v0.8/linuxkit-darwin-amd64
chmod +x linuxkit-darwin-amd64
mv linuxkit-darwin-amd64 linuxkit
cd ..
# copy binaries from Docker Desktop
cp /Applications/Docker.app/Contents/Resources/bin/com.docker.hyperkit bin/hyperkit
cp /Applications/Docker.app/Contents/Resources/bin/com.docker.vpnkit bin/vpnkit
cp /Applications/Docker.app/Contents/Resources/bin/com.docker.cli bin/docker
```
### Build the dangerzone VM image and see if it works
When building the image, use `linuxkit` from homebrew to avoid a problem with expired certificates:
```
brew tap linuxkit/linuxkit
brew install --HEAD linuxkit
```
Then use it:
```sh
/usr/local/bin/linuxkit build -format kernel+initrd dangerzone.yml
```
And then try running it (using `linuxkit` from bin):
```sh
./bin/linuxkit run hyperkit \
-hyperkit ./bin/hyperkit \
-vpnkit ./bin/vpnkit \
-cpus 2 \
-data-file ./metadata.json \
-networking=vpnkit \
-vsock-ports=2376 \
-disk size=4096M \
-mem 2048 \
-kernel dangerzone
```
And see if it works:
```sh
./bin/docker -H unix://dangerzone-state/guest.00000948 ps
```
Inside the VM you can shutdown with `poweroff`.
### Ooh, almost there
```
$ ./bin/docker -H unix://dangerzone-state/guest.00000948 run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
b8dfde127a29: Pull complete
Digest: sha256:9f6ad537c5132bcce57f7a0a20e317228d382c3cd61edae14650eec68b2b345c
Status: Downloaded newer image for hello-world:latest
docker: Error response from daemon: OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \"process_linux.go:432: running prestart hook 0 caused \\\"fork/exec /proc/7/exe: no such file or directory\\\"\"": unknown.
ERRO[0003] error waiting for container: context canceled
```
Reference in a new issue View git blame Copy permalink