* Add quick troubleshooting step
If default umask isn't set with global read permissions, the keyring GPG file isn't found when updating the apt repos. The one liner command added will fix this issue.
* Fix grammar
Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>
The information about which distro version to use to match upstream
Debian / Ubuntu versions was outdated. Given that Docker does not
officially support, nor tests, installing these packages on Ubuntu
and Debian derivatives, it's better to remove it, and leave it to
the user to find the correct codename; also see
https://docs.docker.com/engine/install/#other-linux-distributions
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This package is no longer needed on all current distro versions we support. From
the package description (https://packages.debian.org/buster/apt-transport-https);
> This is a dummy transitional package - https support has been moved into the
> apt package in 1.5. It can be safely removed.
Verifying the version of apt that's available in Ubuntu and Debian:
Ubuntu:
docker run --rm ubuntu:xenial apt --version
apt 1.2.35 (amd64)
docker run --rm ubuntu:17.04 apt --version
apt 1.4.6 (amd64)
docker run --rm ubuntu:17.10 apt --version
apt 1.5.2 (amd64)
docker run --rm ubuntu:18.04 apt --version
apt 1.6.14 (amd64)
docker run --rm ubuntu:20.04 apt --version
apt 2.0.6 (amd64)
Debian:
docker run --rm debian:stretch apt --version
apt 1.4.11 (amd64)
docker run --rm debian:buster apt --version
apt 1.8.2.3 (amd64)
docker run --rm debian:bullseye apt --version
apt 2.2.4 (amd64)
From the above; all currently supported versions of Ubuntu (18.04 and up), and
Debian (old-stable and stable) have apt > 1.5, so we can remove this dependency
from the installation instructions.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Add instructions on installing server and client binaries on Windows:
Signed-off-by: Usha Mandya <usha.mandya@docker.com>
* Apply suggestions from code review
Co-authored-by: Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>
Co-authored-by: Sebastiaan van Stijn <thaJeztah@users.noreply.github.com>
Added .md files for SLES and RHEL engine installation. Added indexing to _data/toc.yaml and engine/install/index.md. Modified engine/install/index.md, includes/install-script.md, engine/security/rootless.md, storage/storagedriver/device-mapper-driver.md, and storage/storagedriver/select-storage-driver.md to add info for added RHEL and SLES support. Modified engine/install/ubuntu.md to add s390x repos and other info. Added tab target for RHEL and SLES to engine/security/rootless.md along with other info.
Signed-off-by: Nirman Narang <narang@us.ibm.com>
- lowercase "arm" architectures
- swap arm / arm64 columns (as arm 32-bit is only for a single distro)
- remove raspbian arm64 Raspbian is 32 bit, and we don't ship packages
for raspbian arm64
- add (32-bit) mention to arm column
- add "Apple Silicon" to the Docker Desktop table for completeness
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Added instructions on how to deal with MacOS security measures
Mac OS prevents downloaded files to be executed.
Added the description how to allow it again.
* Minor style updates
Co-authored-by: Usha Mandya <47779042+usha-mandya@users.noreply.github.com>
This moves some of the stubs that were still in place for docker enterprise,
and moves the redirects they contained to more sensible locations where possible,
also making these redirect slightly more "visible" for when we're editing.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Certain installations may not have this. Without this, the step
where `/etc/apt/sources.list.d/docker.list` will fail and write
garbled data to the file, potentially breaking apt.
Co-Authored-By: Andrew Kester <akester@cox.net>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This tones down the prompt and command output, so that the commands
to run stand out more clearly.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Looks like the Debian version was updated during review, but the Ubuntu variant
was forgotten in 760bb64ea3
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
* Offering an alternative to apt-key (deprecated)
[Use trusted.gpg.d instead of apt-key · Issue #11625 · docker/docker.github.io](https://github.com/docker/docker.github.io/issues/11625)
As of Debian 10 / Ubuntu 20.10, apt-key is deprecated and will not be available after Debian 11 / Ubuntu 22.04
Although adding keys directly to `/etc/apt/trusted.gpg.d`/ is suggested by apt-key deprecation message, as per [Debian Wiki](https://wiki.debian.org/DebianRepository/UseThirdParty) GPG keys for third party repositories should be added to `/usr/share/keyrings` and referenced with the `signed-by` option in the source.list.d entry.
Providing a binary .gpg key instead of an ASCII Armored one might help shorten the lengthy command by removing the ` | gpg --dearmor ` bit.
This removes the software-properties-common provides add-apt-repository which we don't use anymore
= _includes/install-script.md, engine/install/linux-postinstall.md =
- Remove "Rootless mode is currently available as an experimental feature."
Close issue 12050
= engine/security/rootless.md =
== "Prerequiresites" section ==
- Remove information about old distros (Debian 9, CentOS 7.5-7.6)
== "Distribution-specific hint" section ==
- Tabified (`<div class="tab-content" />`)
== "Known limitations" section ==
- Kernel 5.11 supports rootless overlayfs, without the Ubuntu/Debian patch.
== "Install" section ==
- Promote RPM/DEB installation over TGZ installation.
See docker/roadmap issue 188
== "Uninstall" section ==
- Add "Uninstall" section.
Close issue 12053
== "Usage" section ==
- Added more information about systemd
- Move `nsenter` tips to "Tips for debugging" subsection under "Troubleshooting" section
== "Best practice" section ==
- Remove guide for `lxc-user-nic` network driver due to immaturity.
Will be brought back in future.
See rootless-containers/rootlesskit issue 138 .
== "Troubleshooting" section ==
- Add a guide for "can't open lock file /run/xtables.lock: Permission denied" (SELinux).
See moby/moby issue 41230
- Add a guide for "failed to register layer: ApplyLayer exit status 1 ..." (NFS).
Close docker/for-linux issue 1172
- Improve guides for slirp4netns.
- Remove v19.03 information (e.g., "cgroup v2 is unsupported, use cgroup v1")
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Previously, the `ssh://` helper was only mentioned in `engine/security/index.md`.
The `ssh://` helper is now documented in "Protect the Docker daemon socket"
(`engine/security/protect-access.md`, nee `engine/security/https.md`).
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* Docker now supports cgroup v2 (both rootful and rootless)
* Rootless mode graduated from experimental
* New storage driver: fuse-overlayfs
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This allows deep-linking to specific sections. Also fixed the checks
in the support table to be left-aligned as they were supposed to be.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
See https://web.dev/external-anchors-use-rel-noopener/
Using noopener, as that addresses the security issue. "noreferer" blocks
the REFERER header, which may still be useful for some target URLs.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Ralph
Sebastiaan van Stijn
Usha Mandya
Usha Mandya
Peter Dave Hello
Sebastiaan van Stijn
linuxmetel
anujajakhade
Nirman Narang
Andreas Scheucher
Adrián Tóth
Andrew Kester
denis-roy
Akihiro Suda
Rafał Wyszomirski