gvisor/g3doc/user_guide/install.md

# Installation

[TOC]

> Note: gVisor supports only x86\_64 and requires Linux 4.14.77+
> ([older Linux](./networking.md#gso)).

## Versions

The `runsc` binaries and repositories are available in multiple versions and
release channels. You should pick the version you'd like to install. For
experimentation, the nightly release is recommended. For production use, the
latest release is recommended.

After selecting an appropriate release channel from the options below, proceed
to the preferred installation mechanism: manual or from an `apt` repository.

### HEAD

Binaries are available for every commit on the `master` branch, and are
available at the following URL:

`https://storage.googleapis.com/gvisor/releases/master/latest/runsc`

Checksums for the release binary are at:

`https://storage.googleapis.com/gvisor/releases/master/latest/runsc.sha512`

For `apt` installation, use the `master` as the `${DIST}` below.

### Nightly

Nightly releases are built most nights from the master branch, and are available
at the following URL:

`https://storage.googleapis.com/gvisor/releases/nightly/latest/runsc`

Checksums for the release binary are at:

`https://storage.googleapis.com/gvisor/releases/nightly/latest/runsc.sha512`

Specific nightly releases can be found at:

`https://storage.googleapis.com/gvisor/releases/nightly/${yyyy-mm-dd}/runsc`

Note that a release may not be available for every day.

For `apt` installation, use the `nightly` as the `${DIST}` below.

### Latest release

The latest official release is available at the following URL:

`https://storage.googleapis.com/gvisor/releases/release/latest`

For `apt` installation, use the `release` as the `${DIST}` below.

### Specific release

A given release release is available at the following URL:

`https://storage.googleapis.com/gvisor/releases/release/${yyyymmdd}`

See the [releases][releases] page for information about specific releases.

For `apt` installation of a specific release, which may include point updates,
use the date of the release, e.g. `${yyyymmdd}`, as the `${DIST}` below.

> Note: only newer releases may be available as `apt` repositories.

### Point release

A given point release is available at the following URL:

`https://storage.googleapis.com/gvisor/releases/release/${yyyymmdd}.${rc}`

Note that `apt` installation of a specific point release is not supported.

## Install from an `apt` repository

First, appropriate dependencies must be installed to allow `apt` to install
packages via https:

```bash
sudo apt-get update && \
sudo apt-get install -y \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg-agent \
    software-properties-common
```

Next, the key used to sign archives should be added to your `apt` keychain:

```bash
curl -fsSL https://gvisor.dev/archive.key | sudo apt-key add -
```

Based on the release type, you will need to substitute `${DIST}` below, using
one of:

*   `master`: For HEAD.
*   `nightly`: For nightly releases.
*   `release`: For the latest release.
*   `${yyyymmdd}`: For a specific releases (see above).

The repository for the release you wish to install should be added:

```bash
sudo add-apt-repository "deb https://storage.googleapis.com/gvisor/releases ${DIST} main"
```

For example, to install the latest official release, you can use:

```bash
sudo add-apt-repository "deb https://storage.googleapis.com/gvisor/releases release main"
```

Now the runsc package can be installed:

```bash
sudo apt-get update && sudo apt-get install -y runsc
```

If you have Docker installed, it will be automatically configured.

## Install directly

The binary URLs provided above can be used to install directly. For example, the
latest nightly binary can be downloaded, validated, and placed in an appropriate
location by running:

```bash
(
  set -e
  URL=https://storage.googleapis.com/gvisor/releases/nightly/latest
  wget ${URL}/runsc
  wget ${URL}/runsc.sha512
  sha512sum -c runsc.sha512
  rm -f runsc.sha512
  sudo mv runsc /usr/local/bin
  sudo chown root:root /usr/local/bin/runsc
  sudo chmod 0755 /usr/local/bin/runsc
)
```

**It is important to copy this binary to a location that is accessible to all
users, and ensure it is executable by all users**, since `runsc` executes itself
as user `nobody` to avoid unnecessary privileges. The `/usr/local/bin` directory
is a good place to put the `runsc` binary.

After installation, the`runsc` binary comes with an `install` command that can
optionally automatically configure Docker:

```bash
runsc install
```

[releases]: https://github.com/google/gvisor/releases
Adapt website to use g3doc sources and bazel. This adapts the merged website repository to use the image and bazel build framework. It explicitly avoids the container_image rules provided by bazel, opting instead to build with direct docker commands when necessary. The relevant build commands are incorporated into the top-level Makefile. 2020-04-28 05:24:58 +00:00			`# Installation`
Add apt-based instructions. 2019-09-12 07:26:09 +00:00
Add support for kramdown TOC. 2020-04-30 01:54:48 +00:00			`[TOC]`

			`> Note: gVisor supports only x86\_64 and requires Linux 4.14.77+`
			`> ([older Linux](./networking.md#gso)).`
Add apt-based instructions. 2019-09-12 07:26:09 +00:00
			`## Versions`

			The `runsc` binaries and repositories are available in multiple versions and
Fixed some review issues Fixed some issues that came up during review. - Update section titles to have a full phrase - Fix ${URL} - Have short install script clean up after itself so it can be re-run. - Small wording changes. 2019-10-18 04:32:14 +00:00			`release channels. You should pick the version you'd like to install. For`
Add apt-based instructions. 2019-09-12 07:26:09 +00:00			`experimentation, the nightly release is recommended. For production use, the`
			`latest release is recommended.`

			`After selecting an appropriate release channel from the options below, proceed`
			to the preferred installation mechanism: manual or from an `apt` repository.

Re-add apt-based installation instructions. 2019-11-05 22:55:06 +00:00			`### HEAD`

			Binaries are available for every commit on the `master` branch, and are
			`available at the following URL:`

Merge pull request #2513 from amscanne:website-integrated PiperOrigin-RevId: 311184385 2020-05-12 19:55:23 +00:00			`https://storage.googleapis.com/gvisor/releases/master/latest/runsc`
Re-add apt-based installation instructions. 2019-11-05 22:55:06 +00:00
			`Checksums for the release binary are at:`

Merge pull request #2513 from amscanne:website-integrated PiperOrigin-RevId: 311184385 2020-05-12 19:55:23 +00:00			`https://storage.googleapis.com/gvisor/releases/master/latest/runsc.sha512`
Re-add apt-based installation instructions. 2019-11-05 22:55:06 +00:00
			For `apt` installation, use the `master` as the `${DIST}` below.
Temporarily remove apt instructions The built repository is not working. This will be updated when the release file is being generated correctly. 2019-10-24 05:59:45 +00:00
Add apt-based instructions. 2019-09-12 07:26:09 +00:00			`### Nightly`

			`Nightly releases are built most nights from the master branch, and are available`
			`at the following URL:`

Merge pull request #2513 from amscanne:website-integrated PiperOrigin-RevId: 311184385 2020-05-12 19:55:23 +00:00			`https://storage.googleapis.com/gvisor/releases/nightly/latest/runsc`
Remove pointers to releases that do not exist yet. And simplify installation instructions. Multiple users reported that the download links (even for our nightlys) are broken. While the instructions for the nightlys were technically correct, they were hard to follow, and kind of misleading. 2019-10-26 00:15:29 +00:00
			`Checksums for the release binary are at:`

Merge pull request #2513 from amscanne:website-integrated PiperOrigin-RevId: 311184385 2020-05-12 19:55:23 +00:00			`https://storage.googleapis.com/gvisor/releases/nightly/latest/runsc.sha512`
Add apt-based instructions. 2019-09-12 07:26:09 +00:00
			`Specific nightly releases can be found at:`

Merge pull request #2513 from amscanne:website-integrated PiperOrigin-RevId: 311184385 2020-05-12 19:55:23 +00:00			`https://storage.googleapis.com/gvisor/releases/nightly/${yyyy-mm-dd}/runsc`
Add apt-based instructions. 2019-09-12 07:26:09 +00:00
			`Note that a release may not be available for every day.`

Re-add apt-based installation instructions. 2019-11-05 22:55:06 +00:00			For `apt` installation, use the `nightly` as the `${DIST}` below.
Add apt-based instructions. 2019-09-12 07:26:09 +00:00
			`### Latest release`

			`The latest official release is available at the following URL:`

Merge pull request #2513 from amscanne:website-integrated PiperOrigin-RevId: 311184385 2020-05-12 19:55:23 +00:00			`https://storage.googleapis.com/gvisor/releases/release/latest`
Add apt-based instructions. 2019-09-12 07:26:09 +00:00
Re-add apt-based installation instructions. 2019-11-05 22:55:06 +00:00			For `apt` installation, use the `release` as the `${DIST}` below.
Add apt-based instructions. 2019-09-12 07:26:09 +00:00
			`### Specific release`

			`A given release release is available at the following URL:`

Merge pull request #2513 from amscanne:website-integrated PiperOrigin-RevId: 311184385 2020-05-12 19:55:23 +00:00			`https://storage.googleapis.com/gvisor/releases/release/${yyyymmdd}`
Add apt-based instructions. 2019-09-12 07:26:09 +00:00
			`See the [releases][releases] page for information about specific releases.`

Re-add apt-based installation instructions. 2019-11-05 22:55:06 +00:00			For `apt` installation of a specific release, which may include point updates,
			use the date of the release, e.g. `${yyyymmdd}`, as the `${DIST}` below.
Temporarily remove apt instructions The built repository is not working. This will be updated when the release file is being generated correctly. 2019-10-24 05:59:45 +00:00
Re-add apt-based installation instructions. 2019-11-05 22:55:06 +00:00			> Note: only newer releases may be available as `apt` repositories.
Temporarily remove apt instructions The built repository is not working. This will be updated when the release file is being generated correctly. 2019-10-24 05:59:45 +00:00
Add apt-based instructions. 2019-09-12 07:26:09 +00:00			`### Point release`

			`A given point release is available at the following URL:`

Merge pull request #2513 from amscanne:website-integrated PiperOrigin-RevId: 311184385 2020-05-12 19:55:23 +00:00			`https://storage.googleapis.com/gvisor/releases/release/${yyyymmdd}.${rc}`
Add apt-based instructions. 2019-09-12 07:26:09 +00:00
Re-add apt-based installation instructions. 2019-11-05 22:55:06 +00:00			Note that `apt` installation of a specific point release is not supported.
Temporarily remove apt instructions The built repository is not working. This will be updated when the release file is being generated correctly. 2019-10-24 05:59:45 +00:00
Re-add apt-based installation instructions. 2019-11-05 22:55:06 +00:00			## Install from an `apt` repository
Add apt-based instructions. 2019-09-12 07:26:09 +00:00
			First, appropriate dependencies must be installed to allow `apt` to install
			`packages via https:`

			```bash
			`sudo apt-get update && \`
			`sudo apt-get install -y \`
			`apt-transport-https \`
			`ca-certificates \`
			`curl \`
			`gnupg-agent \`
			`software-properties-common`
			```

			Next, the key used to sign archives should be added to your `apt` keychain:

			```bash
			`curl -fsSL https://gvisor.dev/archive.key \| sudo apt-key add -`
			```

			Based on the release type, you will need to substitute `${DIST}` below, using
			`one of:`

Merge pull request #2513 from amscanne:website-integrated PiperOrigin-RevId: 311184385 2020-05-12 19:55:23 +00:00			* `master`: For HEAD.
			* `nightly`: For nightly releases.
			* `release`: For the latest release.
			* `${yyyymmdd}`: For a specific releases (see above).
Add apt-based instructions. 2019-09-12 07:26:09 +00:00
			`The repository for the release you wish to install should be added:`

			```bash
Re-add apt-based installation instructions. 2019-11-05 22:55:06 +00:00			`sudo add-apt-repository "deb https://storage.googleapis.com/gvisor/releases ${DIST} main"`
Add apt-based instructions. 2019-09-12 07:26:09 +00:00			```

			`For example, to install the latest official release, you can use:`

			```bash
Re-add apt-based installation instructions. 2019-11-05 22:55:06 +00:00			`sudo add-apt-repository "deb https://storage.googleapis.com/gvisor/releases release main"`
Add apt-based instructions. 2019-09-12 07:26:09 +00:00			```

			`Now the runsc package can be installed:`

			```bash
			`sudo apt-get update && sudo apt-get install -y runsc`
			```

			`If you have Docker installed, it will be automatically configured.`

Re-add apt-based installation instructions. 2019-11-05 22:55:06 +00:00			`## Install directly`
Add apt-based instructions. 2019-09-12 07:26:09 +00:00
Re-add apt-based installation instructions. 2019-11-05 22:55:06 +00:00			`The binary URLs provided above can be used to install directly. For example, the`
			`latest nightly binary can be downloaded, validated, and placed in an appropriate`
			`location by running:`
Add apt-based instructions. 2019-09-12 07:26:09 +00:00
			```bash
			`(`
			`set -e`
Remove pointers to releases that do not exist yet. And simplify installation instructions. Multiple users reported that the download links (even for our nightlys) are broken. While the instructions for the nightlys were technically correct, they were hard to follow, and kind of misleading. 2019-10-26 00:15:29 +00:00			`URL=https://storage.googleapis.com/gvisor/releases/nightly/latest`
Add apt-based instructions. 2019-09-12 07:26:09 +00:00			`wget ${URL}/runsc`
Fixed some review issues Fixed some issues that came up during review. - Update section titles to have a full phrase - Fix ${URL} - Have short install script clean up after itself so it can be re-run. - Small wording changes. 2019-10-18 04:32:14 +00:00			`wget ${URL}/runsc.sha512`
Add apt-based instructions. 2019-09-12 07:26:09 +00:00			`sha512sum -c runsc.sha512`
Fixed some review issues Fixed some issues that came up during review. - Update section titles to have a full phrase - Fix ${URL} - Have short install script clean up after itself so it can be re-run. - Small wording changes. 2019-10-18 04:32:14 +00:00			`rm -f runsc.sha512`
Add apt-based instructions. 2019-09-12 07:26:09 +00:00			`sudo mv runsc /usr/local/bin`
			`sudo chown root:root /usr/local/bin/runsc`
			`sudo chmod 0755 /usr/local/bin/runsc`
			`)`
			```

			`**It is important to copy this binary to a location that is accessible to all`
			users, and ensure it is executable by all users**, since `runsc` executes itself
			as user `nobody` to avoid unnecessary privileges. The `/usr/local/bin` directory
			is a good place to put the `runsc` binary.

			After installation, the`runsc` binary comes with an `install` command that can
			`optionally automatically configure Docker:`

			```bash
			`runsc install`
			```

			`[releases]: https://github.com/google/gvisor/releases`