search

newsnowlabs / runcvm

RunCVM (Run Container VM) is an experimental open-source Docker container runtime, for launching standard container workloads - as well as Systemd, Docker, even OpenWrt - in VMs using 'docker run`
Apache License 2.0
213 stars 8 forks source link

Improve installation documentation #22

Open sanel opened 2 months ago

sanel commented 2 months ago

The current installation method expects the user to run curl <url> | sudo sh, which isn't considered a safe practice. I assume this is how to build it from a source tree:

  1. run build.sh
  2. run runcvm-install-runtime.sh
  3. ideally, there would be a single command for 1. and 2. (e.g. make install)

It also hardcodes /opt/runcvm as an installation path. Is there a way to make this customizable, at least via an env variable (e.g., RUNCVM_INSTALL_DIR=/opt/runcvm build.sh)?

Also, documentation on how to add it to /etc/docker/daemon.json manually is missing, especially if there are multiple alternative runtimes (the installer would alter it automatically). For example, I'm running crun as the main runtime, and my daemon.json looks lile this:

{
  "default-runtime": "crun",
  "experimental": true,
  "runtimes": {
    "crun": {
        "path": "/opt/crun/bin/crun"
      }
    }
}
struanb commented 2 months ago

Hi @sanel and thanks for your feedback.

Quite a number of packages use the curl <url> | sudo sh installation paradigm. No install script (or indeed any application) should be assumed to be secure, and the only way to really know is to examine the code. runcvm-install-runtime.sh isn't very long, is modular, should be relatively easy to read for anyone familiar with shell script. The steps it takes are documented in the Installation section of the README, albeit they are not (to your next point) explained in equivalent detail to in the code.

A single command to build and install from source could indeed be useful.

Currently it is not possible to customise the install directory of /opt/runcvm without patching the code. Consideration was given to making this customisable at build time and, while it is feasible, doing so would introduce complexity (as many parts of RunCVM rely on knowing the absolute path to where its code has been installed) and delay launch of the project. If this is a generally requested feature it can be certainly looked at again.

Documentation could indeed be clearer on how to patch daemon.json. The README refers to patching it, but does not explain how. In fact the install script does the right thing, simply setting the runtimes.runcvm.path key to "/opt/runcvm/scripts/runcvm-runtime". So for you, your daemon.json should read:

{
  "default-runtime": "crun",
  "experimental": true,
  "runtimes": {
    "crun": {
        "path": "/opt/crun/bin/crun"
    },
    "runcvm": {
        "path": "/opt/runcvm/scripts/runcvm-runtime"
    }
  }
}
struanb commented 2 months ago

I'll leave this ticket open for now, while we consider updates to the documentation.

sanel commented 2 months ago

Sounds good; thank you for your detailed reply :)