Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve installation documentation #22

Open
sanel opened this issue Aug 29, 2024 · 3 comments
Open

Improve installation documentation #22

sanel opened this issue Aug 29, 2024 · 3 comments

Comments

@sanel
Copy link

sanel commented Aug 29, 2024

The current installation method expects the user to run curl <url> | sudo sh, which isn't considered a safe practice. I assume this is how to build it from a source tree:

  1. run build.sh
  2. run runcvm-install-runtime.sh
  3. ideally, there would be a single command for 1. and 2. (e.g. make install)

It also hardcodes /opt/runcvm as an installation path. Is there a way to make this customizable, at least via an env variable (e.g., RUNCVM_INSTALL_DIR=/opt/runcvm build.sh)?

Also, documentation on how to add it to /etc/docker/daemon.json manually is missing, especially if there are multiple alternative runtimes (the installer would alter it automatically). For example, I'm running crun as the main runtime, and my daemon.json looks lile this:

{
  "default-runtime": "crun",
  "experimental": true,
  "runtimes": {
    "crun": {
        "path": "/opt/crun/bin/crun"
      }
    }
}
@struanb
Copy link
Contributor

struanb commented Aug 31, 2024

Hi @sanel and thanks for your feedback.

Quite a number of packages use the curl <url> | sudo sh installation paradigm. No install script (or indeed any application) should be assumed to be secure, and the only way to really know is to examine the code. runcvm-install-runtime.sh isn't very long, is modular, should be relatively easy to read for anyone familiar with shell script. The steps it takes are documented in the Installation section of the README, albeit they are not (to your next point) explained in equivalent detail to in the code.

A single command to build and install from source could indeed be useful.

Currently it is not possible to customise the install directory of /opt/runcvm without patching the code. Consideration was given to making this customisable at build time and, while it is feasible, doing so would introduce complexity (as many parts of RunCVM rely on knowing the absolute path to where its code has been installed) and delay launch of the project. If this is a generally requested feature it can be certainly looked at again.

Documentation could indeed be clearer on how to patch daemon.json. The README refers to patching it, but does not explain how. In fact the install script does the right thing, simply setting the runtimes.runcvm.path key to "/opt/runcvm/scripts/runcvm-runtime". So for you, your daemon.json should read:

{
  "default-runtime": "crun",
  "experimental": true,
  "runtimes": {
    "crun": {
        "path": "/opt/crun/bin/crun"
    },
    "runcvm": {
        "path": "/opt/runcvm/scripts/runcvm-runtime"
    }
  }
}

@struanb
Copy link
Contributor

struanb commented Aug 31, 2024

I'll leave this ticket open for now, while we consider updates to the documentation.

@sanel
Copy link
Author

sanel commented Aug 31, 2024

Sounds good; thank you for your detailed reply :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sanel @struanb