From ab0497081a437ed929952f812afc60f77a36882c Mon Sep 17 00:00:00 2001
From: Teja Swaroop Pothala <tejaswaroop.pothala@kasmweb.com>
Date: Sat, 25 Jan 2025 01:13:10 +0530
Subject: [PATCH] backport dind rootless logic from 1.16.0 to 1.15.0

---
 dockerfile-kasm-ubuntu-focal-dind-rootless    | 16 +---
 dockerfile-kasm-ubuntu-jammy-dind-rootless    | 17 ++---
 .../install/dind_rootless/custom_startup.sh   |  2 +-
 .../dind_rootless/install_dind_rootless.sh    | 75 ++++++++++++++-----
 4 files changed, 67 insertions(+), 43 deletions(-)

diff --git a/dockerfile-kasm-ubuntu-focal-dind-rootless b/dockerfile-kasm-ubuntu-focal-dind-rootless
index 4731ef3..df30027 100644
--- a/dockerfile-kasm-ubuntu-focal-dind-rootless
+++ b/dockerfile-kasm-ubuntu-focal-dind-rootless
@@ -9,25 +9,17 @@ ENV INST_SCRIPTS $STARTUPDIR/install
 WORKDIR $HOME
 
 # Rootless Dind
-ENV DOCKER_BIN=/usr/local/lib/docker \
-    XDG_RUNTIME_DIR=/docker 
-RUN mkdir -p $DOCKER_BIN && chown 1000:0 $DOCKER_BIN && \
-    mkdir -p $XDG_RUNTIME_DIR && chown 1000:0 $XDG_RUNTIME_DIR
-ENV PATH=$DOCKER_BIN:$DOCKER_BIN/cli-plugins:$PATH \
-        DOCKER_HOST=unix://$XDG_RUNTIME_DIR/docker.sock
-COPY ./src/ubuntu/install/dind_rootless/install_dind_rootless_prerequisites.sh $INST_SCRIPTS/dind_rootless/
-RUN bash $INST_SCRIPTS/dind_rootless/install_dind_rootless_prerequisites.sh
 COPY ./src/ubuntu/install/dind_rootless/install_dind_rootless.sh $INST_SCRIPTS/dind_rootless/
-RUN chown 1000:1000 $INST_SCRIPTS/dind_rootless/install_dind_rootless.sh
-# It's recommended that docker-rootless be installed by non root user
-USER 1000
 RUN bash $INST_SCRIPTS/dind_rootless/install_dind_rootless.sh
-USER root
 RUN rm -rf $INST_SCRIPTS/dind_rootless
 COPY ./src/ubuntu/install/dind_rootless/custom_startup.sh $STARTUPDIR/custom_startup.sh
 RUN chmod +x $STARTUPDIR/custom_startup.sh && chmod 755 $STARTUPDIR/custom_startup.sh
 COPY ./src/ubuntu/install/dind_rootless/modprobe /usr/local/bin/modprobe
 RUN chmod +x /usr/local/bin/modprobe
+ENV XDG_RUNTIME_DIR=/docker \
+    DOCKER_HOST=unix:///docker/docker.sock
+RUN mkdir -p $XDG_RUNTIME_DIR && chown 1000:0 $XDG_RUNTIME_DIR
+
 
 ### Envrionment config
 ENV DEBIAN_FRONTEND=noninteractive \
diff --git a/dockerfile-kasm-ubuntu-jammy-dind-rootless b/dockerfile-kasm-ubuntu-jammy-dind-rootless
index d1522b4..3de42f0 100644
--- a/dockerfile-kasm-ubuntu-jammy-dind-rootless
+++ b/dockerfile-kasm-ubuntu-jammy-dind-rootless
@@ -8,26 +8,19 @@ ENV STARTUPDIR /dockerstartup
 ENV INST_SCRIPTS $STARTUPDIR/install
 WORKDIR $HOME
 
+
 # Rootless Dind
-ENV DOCKER_BIN=/usr/local/lib/docker \
-    XDG_RUNTIME_DIR=/docker 
-RUN mkdir -p $DOCKER_BIN && chown 1000:0 $DOCKER_BIN && \
-    mkdir -p $XDG_RUNTIME_DIR && chown 1000:0 $XDG_RUNTIME_DIR
-ENV PATH=$DOCKER_BIN:$DOCKER_BIN/cli-plugins:$PATH \
-        DOCKER_HOST=unix://$XDG_RUNTIME_DIR/docker.sock
-COPY ./src/ubuntu/install/dind_rootless/install_dind_rootless_prerequisites.sh $INST_SCRIPTS/dind_rootless/
-RUN bash $INST_SCRIPTS/dind_rootless/install_dind_rootless_prerequisites.sh
 COPY ./src/ubuntu/install/dind_rootless/install_dind_rootless.sh $INST_SCRIPTS/dind_rootless/
-RUN chown 1000:1000 $INST_SCRIPTS/dind_rootless/install_dind_rootless.sh
-# It's recommended that docker-rootless be installed by non root user
-USER 1000
 RUN bash $INST_SCRIPTS/dind_rootless/install_dind_rootless.sh
-USER root
 RUN rm -rf $INST_SCRIPTS/dind_rootless
 COPY ./src/ubuntu/install/dind_rootless/custom_startup.sh $STARTUPDIR/custom_startup.sh
 RUN chmod +x $STARTUPDIR/custom_startup.sh && chmod 755 $STARTUPDIR/custom_startup.sh
 COPY ./src/ubuntu/install/dind_rootless/modprobe /usr/local/bin/modprobe
 RUN chmod +x /usr/local/bin/modprobe
+ENV XDG_RUNTIME_DIR=/docker \
+    DOCKER_HOST=unix:///docker/docker.sock
+RUN mkdir -p $XDG_RUNTIME_DIR && chown 1000:0 $XDG_RUNTIME_DIR
+
 
 ### Envrionment config
 ENV DEBIAN_FRONTEND=noninteractive \
diff --git a/src/ubuntu/install/dind_rootless/custom_startup.sh b/src/ubuntu/install/dind_rootless/custom_startup.sh
index 840b75c..e9606bb 100644
--- a/src/ubuntu/install/dind_rootless/custom_startup.sh
+++ b/src/ubuntu/install/dind_rootless/custom_startup.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 set -ex
-START_COMMAND="$DOCKER_BIN/dockerd-rootless.sh"
+START_COMMAND="dockerd-rootless.sh"
 PGREP="dockerd"
 export MAXIMIZE="false"
 MAXIMIZE_SCRIPT=$STARTUPDIR/maximize_window.sh
diff --git a/src/ubuntu/install/dind_rootless/install_dind_rootless.sh b/src/ubuntu/install/dind_rootless/install_dind_rootless.sh
index a7c1751..633435a 100644
--- a/src/ubuntu/install/dind_rootless/install_dind_rootless.sh
+++ b/src/ubuntu/install/dind_rootless/install_dind_rootless.sh
@@ -1,21 +1,60 @@
 #!/usr/bin/env bash
 set -ex
-# This script should be executed as a non-root user.
-# User verification: deny running as root
-if [ "$(id -u)" = "0" ]; then
-  >&2 echo "Refusing to install rootless Docker as the root user"; exit 1
+
+# Enable Docker repo
+ARCH=$(arch | sed 's/aarch64/arm64/g' | sed 's/x86_64/amd64/g')
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
+echo "deb [arch=${ARCH}] https://download.docker.com/linux/ubuntu "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" > \
+    /etc/apt/sources.list.d/docker.list
+
+# Install deps
+apt-get update
+apt-get install -y \
+    ca-certificates \
+    curl \
+    dbus-user-session \
+    docker-buildx-plugin \
+    docker-ce \
+    docker-ce-cli \
+    docker-compose-plugin \
+    fuse-overlayfs \
+    iptables \
+    kmod \
+    openssh-client \
+    sudo \
+    supervisor \
+    uidmap \
+    wget
+
+# URLs
+STABLE_LATEST=$(curl -sL https://get.docker.com/rootless | awk -F'="' '/STABLE_LATEST=/ {print substr($2, 1, length($2)-1)}')
+STATIC_RELEASE_ROOTLESS_URL="https://download.docker.com/linux/static/stable/$(uname -m)/docker-rootless-extras-${STABLE_LATEST}.tgz"
+
+# User settings
+curl -o \
+    /usr/local/bin/dind -L \
+    https://raw.githubusercontent.com/moby/moby/master/hack/dind
+chmod +x /usr/local/bin/dind
+echo 'hosts: files dns' > /etc/nsswitch.conf
+
+# Install rootless extras
+curl -o \
+  /tmp/rootless.tgz -L \
+  "${STATIC_RELEASE_ROOTLESS_URL}"
+tar -xf \
+  /tmp/rootless.tgz \
+  --strip-components 1 \
+  --directory /usr/local/bin/ \
+  'docker-rootless-extras/dockerd-rootless.sh' \
+  'docker-rootless-extras/rootlesskit' \
+  'docker-rootless-extras/rootlesskit-docker-proxy' \
+  'docker-rootless-extras/vpnkit'
+
+# Cleanup
+if [ -z ${SKIP_CLEAN+x} ]; then
+  apt-get autoclean
+  rm -rf \
+    /var/lib/apt/lists/* \
+    /var/tmp/* \
+    /tmp/*
 fi
-
-echo "Installing Docker"
-curl -fsSL https://get.docker.com/rootless | sh
-
-dockerd --version
-docker --version
-
-echo "Installing Docker Compose"
-mkdir -p "${DOCKER_BIN}"/cli-plugins
-COMPOSE_RELEASE=$(curl -sX GET "https://api.github.com/repos/docker/compose/releases/latest" \
-    | awk '/tag_name/{print $4;exit}' FS='[""]');
-COMPOSE_OS=$(uname -s)
-curl -L https://github.com/docker/compose/releases/download/"${COMPOSE_RELEASE}"/docker-compose-"${COMPOSE_OS,,}"-"$(uname -m)" -o "${DOCKER_BIN}"/cli-plugins/docker-compose
-chmod +x "${DOCKER_BIN}"/cli-plugins/docker-compose