| Git Clone URL: | https://aur.archlinux.org/docker-rootless-extras.git (read-only, click to copy) |
|---|---|
| Package Base: | docker-rootless-extras |
| Description: | Extras to run docker as non-root. |
| Upstream URL: | https://docs.docker.com/engine/security/rootless/ |
| Keywords: | containers docker isolation rootless |
| Licenses: | Apache |
| Conflicts: | docker-rootless, docker-rootless-extras, docker-rootless-extras-bin |
| Provides: | docker-rootless, docker-rootless-extras, docker-rootless-extras-bin |
| Submitter: | whynothugo |
| Maintainer: | the-k |
| Last Packager: | the-k |
| Votes: | 33 |
| Popularity: | 0.103656 |
| First Submitted: | 2021-04-14 17:58 (UTC) |
| Last Updated: | 2025-04-18 12:05 (UTC) |
I'm going to stop maintaining this package since it actually has some serious security implications (since docker-rootless relies on kernel.unprivileged_userns_clone=1).
I suggest you read this answer if you're going to continue using this package: https://security.stackexchange.com/a/209533
Running docker as root is likely far safer. Consider podman if that's not an option for you.
It is more like another error than wrong hashes - you don't get the error message with makepkg?
I've updated the checksums, do they not work?
archiso for x86_64 builds a baseline iso successfully with this package installed (skipped checksums).
I guess my kernel (from debian, because the aarch64 kernel from archlinux doesn't boot on my device) doesn't have that feature set.
I still have to build uboot (often used in embedded devices) and build a working kernel myself, to check what's working and what not.
archiso on aarch64 seems to be broken(?) because of some missing packages while doing mkarchiso... I have to investigate this further to be sure, what issue I have.
missing packages in core/extra/community for aarch64: archiso cloud-init mkinitcpio-archiso syslinux virtualbox-guest-utils-nox
I used the archiso from aur.
Also, I am trying to build this on my x86_64 machine - getting a ==> ERROR: Integrity checks (sha256) differ in size from the source array. from makepkg...
Investigating this myself, but I am a bit irritated. Maybe a bug inside makepkg.
I've updated the checksums.
I meant to ask if you managed to build an aarch64 ISO (with archiso), since I'm currently stuck on that phase before setting up an arm64 setup.
I'm curious why only Arch and Debian need to set kernel.unprivileged_userns_clone=1, but other distros don't.
I can still run this fine though:
$ cat /proc/sys/kernel/unprivileged_userns_clone
1
Did you actually set this variable (or reboot after installing this package)?
@whynothugo: Ah, sorry, I used my own PKGBUILD.
Here is an error:
==> ERROR: Integrity checks are missing for: source
You might want to add aarch64 and either do a SKIP for the first line or add this:
b67a3350da99edd549b2aa0eefd60ba7eade0072845b64d5ff0766cf64d82f34
@whynothugo: I could build an aarch64 package without issues, I also could install it and start docker-rootless.sh
Although, without the kernel/unprivileged_userns_clone feature I cannot build my planned docker image... this is a docker issue though.
Pinned Comments