richiejp
commented
2 months ago Now need to bundle Rootlesskit, Buildkit and the CNI plugins, plus any exe's that these happen to use, but hopefully they are reasonably self contained.
Open richiejp opened 2 months ago
richiejp
commented
2 months ago Now need to bundle Rootlesskit, Buildkit and the CNI plugins, plus any exe's that these happen to use, but hopefully they are reasonably self contained.
richiejp
commented
1 month ago Go very close to this with #35
Nix bundle almost works, but it creates a new user namespace (IIUC) and some capability needed by Rootlesskit gets dropped. However we maybe can patch the bundler to work around this.
The server currently has three dependencies: Containerd, Buildkitd and Nerdctl. It also must run as root because Nerdctl fails to create a bridge device in rootless mode (possibly due to detach netns https://github.com/containerd/nerdctl/blob/main/docs/rootless.md#rootlesskit-network-design).
As default we want to run the server as a non-root user and not have to install or configure anything else. The user can then quickly try Ayup without messing around with these dependencies that have a lot of sharp edges or giving us root access.