{ "info": { "author": "Jorge Gomes", "author_email": "udocker@lip.pt", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "Environment :: Console", "Intended Audience :: Developers", "Intended Audience :: End Users/Desktop", "Intended Audience :: Science/Research", "License :: OSI Approved :: Apache Software License", "Natural Language :: English", "Operating System :: POSIX :: Linux", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7" ], "description": "\n[![Build Status](https://jenkins.indigo-datacloud.eu/buildStatus/icon?job=Pipeline-as-code/udocker/master)](https://jenkins.indigo-datacloud.eu/job/Pipeline-as-code/job/udocker/job/master/)\n\n[![logo](https://raw.githubusercontent.com/indigo-dc/udocker/master/doc/logo-small.png)]()\n\nudocker is a basic user tool to execute simple docker containers in user\nspace without requiring root privileges. Enables download and execution\nof docker containers by non-privileged users in Linux systems where\ndocker is not available. It can be used to pull and execute docker\ncontainers in Linux batch systems and interactive clusters that are\nmanaged by other entities such as grid infrastructures or externally\nmanaged batch or interactive systems.\n\nudocker does not require any type of privileges nor the deployment of\nservices by system administrators. It can be downloaded and executed\nentirely by the end user.\n\nudocker is a wrapper around several tools to mimic a subset of the\ndocker capabilities including pulling images and running containers\nwith minimal functionality.\n\n## How does it work\nudocker is a simple tool written in Python, it has a minimal set\nof dependencies so that can be executed in a wide range of Linux\nsystems.\n\nudocker does not make use of docker nor requires its presence.\n\nudocker \"executes\" the containers by simply providing a chroot like\nenvironment over the extracted container. The current implementation\nsupports different methods to mimic chroot enabling execution of\ncontainers without requiring privileges under a chroot like environment.\nudocker transparently supports several methods to execute the containers\nusing tools and libraries such as:\n\n* PRoot\n* Fakechroot\n* runC\n* Singularity\n\n## Advantages\n* Provides a docker like command line interface\n* Supports a subset of docker commands:\n search, pull, import, export, load, create and run\n* Understands docker container metadata\n* Can be deployed by the end-user\n* Does not require privileges for installation\n* Does not require privileges for execution\n* Does not require compilation, just transfer the Python script and run\n* Encapsulates several execution methods\n* Includes the required tools already compiled to work across systems\n* Tested with GPGPU and MPI applications\n* Runs both on new and older Linux distributions including:\n CentOS 6, CentOS 7, Ubuntu 14, Ubuntu 16, Ubunto 18, Fedora, etc\n\n## Installation\nSee the [Installation manual](doc/installation_manual.md)\n\n## Syntax\n```\nCommands:\n search :Search dockerhub for container images\n pull :Pull container image from dockerhub\n images :List container images\n create :Create container from a pulled image\n ps :List created containers\n rm :Delete container\n run :Execute container\n inspect :Low level information on container\n name :Give name to container\n rmname :Delete name from container\n\n rmi :Delete image\n rm :Delete container\n import :Import tar file (exported by docker)\n import - :Import from stdin (exported by docker)\n load -i :Load image from file (saved by docker)\n load :Load image from stdin (saved by docker)\n export -o :Export container rootfs to file\n export - :Export container rootfs to stdin\n inspect :Return low level information on image\n verify :Verify a pulled image\n clone :duplicate container\n\n protect :Protect repository\n unprotect :Unprotect repository\n protect :Protect container\n unprotect :Unprotect container\n\n mkrepo :Create repository in another location\n setup :Change container execution settings\n login :Login into docker repository\n logout :Logout from docker repository\n\n help :This help\n run --help :Command specific help\n\n\nOptions common to all commands must appear before the command:\n -D :Debug\n --repo= :Use repository at directory\n```\n\n## Examples\nSome examples of usage:\n\nSearch container images in dockerhub.\n```\nudocker search fedora\nudocker search ubuntu\nudocker search indigodatacloud\n```\n\nPull from dockerhub and list the pulled images.\n```\nudocker pull fedora:25\nudocker pull busybox\nudocker pull iscampos/openqcd\nudocker images\n```\n\nPull from a registry other than dockerhub.\n```\nudocker pull --registry=https://registry.access.redhat.com rhel7\nudocker create --name=rh7 rhel7\nudocker run rh7\n```\n\nCreate the container from a pulled image and run it.\n```\nudocker create --name=myfed fedora:25\nudocker run myfed cat /etc/redhat-release\n```\n\nRun mounting the host /home/u457 into the container directory /home/cuser.\nNotice that you can \"mount\" any host directory inside the container, this\nis not a real mount but the directories will be visible inside the container.\n```\nudocker run -v /home/u457:/home/cuser -w /home/user myfed /bin/bash\nudocker run -v /var -v /proc -v /sys -v /tmp myfed /bin/bash\n```\n\nPut a script in your host /tmp and execute it in the container.\n```\nudocker run -v /tmp myfed /bin/bash -c 'cd /tmp; ./myscript.sh'\n```\n\nRun mounting the host /var, /proc, /sys and /tmp in the same container\ndirectories. Notice that the content of these container directories will\nbe obfuscated.\n```\nudocker run -v /var -v /proc -v /sys -v /tmp myfed /bin/bash\n```\n\nInstall software inside the container.\n```\nudocker run --user=root myfed yum install -y firefox pulseaudio gnash-plugin\n```\n\nRun as some user. The usernames should exist in the container.\n```\nudocker run --user 1000:1001 myfed /bin/id\nudocker run --user root myfed /bin/id\nudocker run --user jorge myfed /bin/id\n```\n\nRunning Firefox.\n```\n./udocker run --bindhome --hostauth --hostenv \\\n -v /sys -v /proc -v /var/run -v /dev --user=jorge --dri myfed firefox\n```\n\nChange execution engine mode from PRoot to Fakechroot and run.\n```\n./udocker setup --execmode=F4 myfed\n\n./udocker run --bindhome --hostauth --hostenv \\\n -v /sys -v /proc -v /var/run -v /dev --user=jorge --dri myfed firefox\n```\n\nChange execution engine mode to accelerated PRoot.\n```\n./udocker setup --execmode=P1 myfed\n```\n\nChange execution engine to runC.\n```\n./udocker setup --execmode=R1 myfed\n```\n\nChange execution engine to Singularity. Requires the availability of\nSingularity in the host system.\n```\n./udocker setup --execmode=S1 myfed\n```\n\n## Limitations\nSince root privileges are not involved any operation that really\nrequires such privileges will not be possible. The following are\nexamples of operations that are not possible:\n\n* accessing host protected devices and files\n* listening on TCP/IP privileged ports (range below 1024)\n* mount file-systems\n* the su command will not work\n* change the system time\n* changing routing tables, firewall rules, or network interfaces\n\nIf the containers require such capabilities then docker should be used\ninstead.\n\nThe current implementation is limited to the pulling of docker images\nand its execution. The actual containers should be built using docker\nand dockerfiles.\n\nudocker does not provide all the docker features, and is not intended\nas a docker replacement.\n\nDebugging inside of udocker with the PRoot engine will not work due to\nthe way PRoot implements the chroot environment\n\nudocker is mainly oriented at providing a run-time environment for\ncontainers execution in user space.\n\nudocker is particularly suited to run user applications encapsulated\nin docker containers.\n\n## Security\nBecause of the limitations described in the previous section udocker does\nnot offer isolation features such as the ones offered by docker. If the\ncontainers content is not trusted then these containers should not be\nexecuted with udocker as they will run inside the user environment.\n\nThe containers data will be unpacked and stored in the user home directory or\nother location of choice. Therefore the containers data will be subjected to\nthe same filesystem protections as other files owned by the user. If the\ncontainers have sensitive information the files and directories should be\nadequately protected by the user.\n\nudocker does not require privileges and runs under the identity of the user\ninvoking it.\n\nUsers can downloaded udocker and execute it without requiring system\nadministrators intervention.\n\nudocker via PRoot offers the emulation of the root user. This emulation\nmimics a real root user (e.g getuid will return 0). This is just an emulation\nno root privileges are involved. This feature makes possible the execution\nof some tools that do not require actual privileges but which refuse to\nwork if the username or id are not root or 0. This enables for instance\nsoftware installation using rpm, yum or dnf inside the container.\n\nDue to the lack of isolation udocker must not be run by privileged users.\n\n## Other limitations\nNotice that when using execution engines other than PRoot (Pn modes) the\ncreated containers cannot be moved across hosts. In this case convert back\nto a Pn mode before transfer.\n\nThe accelerated mode of PRoot (mode P1) may exhibit failures in Linux kernels\nabove 4.0 with some applications due to kernel changes and upstream issues in\nthis case use mode P2 or any of the other modes.\n\nThe runC mode requires a recent kernel with user namespaces enabled.\n\nThe singularity mode requires the availability of Singularity in the host\nsystem.\n\n## Documentation\nThe full documentation is available at:\n\n* GitBook: https://indigo-dc.gitbooks.io/udocker/content/\n* master: https://github.com/indigo-dc/udocker/blob/master/SUMMARY.md\n* devel: https://github.com/indigo-dc/udocker/blob/devel/SUMMARY.md\n\n## Contributing\n\nSee: [Contributing](CONTRIBUTING.md)\n\n## Citing\nWhen citing udocker please use the following:\n\n* Jorge Gomes, Emanuele Bagnaschi, Isabel Campos, Mario David, Lu\u00eds Alves, Jo\u00e3o Martins, Jo\u00e3o Pina, Alvaro L\u00f3pez-Garc\u00eda, Pablo Orviz, Enabling rootless Linux Containers in multi-user environments: The udocker tool, Computer Physics Communications, Available online 6 June 2018, ISSN 0010-4655, https://doi.org/10.1016/j.cpc.2018.05.021\n\n## Acknowledgements\n\n* Docker https://www.docker.com/\n* PRoot https://proot-me.github.io/\n* Fakechroot https://github.com/dex4er/fakechroot/wiki\n* runC https://runc.io/\n* Singularity https://www.sylabs.io/\n* INDIGO DataCloud https://www.indigo-datacloud.eu\n* EOSC-hub https://eosc-hub.eu\n* DEEP-Hybrid-DataCloud https://deep-hybrid-datacloud.eu\n\n\n\nudocker (1.1.3)\n * Support for nvidia drivers on ubuntu\n - closes: #162\n * Installation improvements\n - closes: #166\n * Fix issue on Fn mode symlink convertion\n - partially addresses: #160\n\nudocker (1.1.2)\n * Improve parsing of quotes in the command line\n - closes: #98\n * Fix version command to exit with 0\n - closes: #107\n * Add kill-on-exit to proot on Pn modes\n * Improve download of udocker utils\n * Handle authentication headers when pulling \n - closes: #110\n * Handle of redirects when pulling\n * Fix registries table\n * Support search quay.io\n * Fix auth header when no standard Docker registry is used\n * Add registry detection on image name\n * Add --version option\n * Force python2 as interpreter\n - closes: #131\n * Fix handling of volumes in metadata\n * Handle empty metadata\n * Fix http proxy functionality\n - closes: #115\n * Ignore --no-trunc and --all in the images command\n - closes: #108\n * Implement verification of layers in manifest\n * Add --nvidia to support GPUs and related drivers\n * Send download messages to stderr\n * Enable override of curl executable\n * Fix building on CentOS 6\n - closes: #157\n * Mitigation for upstream limitation in runC without tty\n - closes: #132\n * Fix detection of executable with symlinks in container\n - closes: #118\n * Updated runC to v1.0.0-rc5\n * Experimental support for Alpine in Fn modes\n * Improve pathname translation in Fn modes for mounted dirs\n - partially addresses: #160\n\nudocker (1.1.1)\n * New execution engine using singularity\n * Updated documentation with OpenMPI information and examples\n * Additional unit tests\n * Redirect messages to stderr\n * Improved parsing of quotes in the command line\n - closes: #87\n * Allow override of the HOME environment variable\n * Allow override of libfakechroot.so at the container level\n * Automatic selection of libfakechroot.so from container info\n * Improve automatic install\n * Enable resetting prefix paths in Fn modes in remote hosts\n * Do not set AF_UNIX_PATH in Fn modes when the host /tmp is a volume\n * Export containers in both docker and udocker format\n * Import containers docker and udocker format\n * Load, import and export to/from stdin/stdout\n * Clone existing containers\n * Support for TCP/IP port remap in execution modes Pn\n * Fix run with basenames failing\n - closes: #89\n * Allow run as root flag\n - closes: #91\n\nudocker (1.1.0)\n\n * Support image names prefixed by registry similarly to docker \n * Add execution engine selection logic\n * Add fr execution engine based on shared library interception\n * Add rc execution engine based on rootless namespaces\n * Improve proot tmp files cleanup on non ext filesystems\n * Improve search returning empty on Docker repositories\n * Improve runC execution portability \n * Add environment variable UDOCKER_KEYSTORE\n - closes: #75\n * Prevent creation of .udocker when UDOCKER_KEYSTORE is used\n - closes: #75\n\nudocker (1.0.4)\n\n * Documentation fixes\n\nudocker (1.0.3)\n\n * Support for import Docker containers in newer metadata structure\n * Improve the command line parsing\n * Improve temporary file handling and removal\n * Support for additional execution engines to be provided in the future\n * Improved parsing of entrypoint and cmd metadata\n - closes: #53\n * Increase name alias length\n - closes: #52\n * Add support for change dir into volume directories\n - closes: #51\n * Fix deletion of files upon container import\n - closes: #50\n * Fix exporting of host environment variables to the containers\n - closes: #48\n * Change misleading behavior of import tarball from move to copy\n - closes: #44\n * Fix validation of volumes specification\n - closes: #43\n\nudocker (1.0.2)\n\n * Improve download on repositories that fail authentication on /v2\n * Improve run verification of binaries with recursive symbolic links\n * Improve accelerated seccomp on kernels >= 4.8.0\n - closes: #40\n\nudocker (1.0.1)\n\n * Minor bugfixes\n * Executable name changed from udocker.py to udocker\n * Added support for login into docker repositories\n * Added support for private repositories\n * Added support for listing of v2 repositories catalog\n * Added checksum verification for sha256 layers\n * Improved download handling for v1 and v2 repositories\n * Improved installation tarball structure\n * Insecure flag fixed\n * Address seccomp change introduced on kernels >= 4.8.0\n * Utilities for packaging\n * Improved verbose levels, messaging and output\n - closes: #24, #23\n * Fully implement support for registry selection --registry parameter\n - closes: #29\n * Provide support for private repositories e.g. gitlab registries\n - closes: #30\n * Provide --insecure command line parameter for SSL requests\n - closes: #31\n\nudocker (1.0.0)\n\n * Initial version\n\n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/indigo-dc/udocker", "keywords": "udocker", "license": "Apache Software License 2.0", "maintainer": "", "maintainer_email": "", "name": "udocker", "package_url": "https://pypi.org/project/udocker/", "platform": "", "project_url": "https://pypi.org/project/udocker/", "project_urls": { "Homepage": "https://github.com/indigo-dc/udocker" }, "release_url": "https://pypi.org/project/udocker/1.1.3.post1/", "requires_dist": null, "requires_python": "", "summary": "A basic user tool to execute simple docker containers in batch or interactive systems without root privileges", "version": "1.1.3.post1" }, "last_serial": 5444677, "releases": { "1.1.3": [ { "comment_text": "", "digests": { "md5": "7945e523ad51f319d17afe7978ee78c4", "sha256": "c66d92dd7a7091d31c04ac376d5b71ea2450e84756e3af43bc3a8d00657a2600" }, "downloads": -1, "filename": "udocker-1.1.3.tar.gz", "has_sig": false, "md5_digest": "7945e523ad51f319d17afe7978ee78c4", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 150327, "upload_time": "2019-03-19T15:18:32", "url": "https://files.pythonhosted.org/packages/59/6b/559ea1104a3873ef94d0837f64576466dc7c9ea4c70433c4ba72b9364643/udocker-1.1.3.tar.gz" } ], "1.1.3.post1": [ { "comment_text": "", "digests": { "md5": "2da8841ffe3c970445b64b1b232df48d", "sha256": "d41230089acb0b0e2441f22c7e91746104cee47b04505c322b306452e6d45a53" }, "downloads": -1, "filename": "udocker-1.1.3.post1-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "2da8841ffe3c970445b64b1b232df48d", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 66990, "upload_time": "2019-06-25T09:30:24", "url": "https://files.pythonhosted.org/packages/d8/c3/1844e7df019a56f529544250c63cdae5ac2f06a420483e6ceeacecb727dd/udocker-1.1.3.post1-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "e68ee43c6c6329e56e0e443ae55ae158", "sha256": "ec1bd483776aaab101929e839f1e8d2a87464a3e2f0c35a117bdad40b60767be" }, "downloads": -1, "filename": "udocker-1.1.3.post1.tar.gz", "has_sig": false, "md5_digest": "e68ee43c6c6329e56e0e443ae55ae158", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 150299, "upload_time": "2019-06-25T09:30:26", "url": "https://files.pythonhosted.org/packages/04/ca/8dbe98d3b1b90099f4cad3f647d4722e912d87ceed4563cdfe182eb8d2c3/udocker-1.1.3.post1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "2da8841ffe3c970445b64b1b232df48d", "sha256": "d41230089acb0b0e2441f22c7e91746104cee47b04505c322b306452e6d45a53" }, "downloads": -1, "filename": "udocker-1.1.3.post1-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "2da8841ffe3c970445b64b1b232df48d", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 66990, "upload_time": "2019-06-25T09:30:24", "url": "https://files.pythonhosted.org/packages/d8/c3/1844e7df019a56f529544250c63cdae5ac2f06a420483e6ceeacecb727dd/udocker-1.1.3.post1-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "e68ee43c6c6329e56e0e443ae55ae158", "sha256": "ec1bd483776aaab101929e839f1e8d2a87464a3e2f0c35a117bdad40b60767be" }, "downloads": -1, "filename": "udocker-1.1.3.post1.tar.gz", "has_sig": false, "md5_digest": "e68ee43c6c6329e56e0e443ae55ae158", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 150299, "upload_time": "2019-06-25T09:30:26", "url": "https://files.pythonhosted.org/packages/04/ca/8dbe98d3b1b90099f4cad3f647d4722e912d87ceed4563cdfe182eb8d2c3/udocker-1.1.3.post1.tar.gz" } ] }