udocker


Nameudocker JSON
Version 1.3.17 PyPI version JSON
download
home_pagehttps://github.com/indigo-dc/udocker
SummaryA basic user tool to execute simple docker containers in batch or interactive systems without root privileges
upload_time2024-08-28 13:46:36
maintainerNone
docs_urlNone
authorJorge Gomes
requires_pythonNone
licenseApache Software License 2.0
keywords linux containers hpc on cloud virtualization
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI
coveralls test coverage No coveralls.
            [![PyPI version](https://badge.fury.io/py/udocker.svg)](https://badge.fury.io/py/udocker)
[![Build Status](https://jenkins.eosc-synergy.eu/buildStatus/icon?job=indigo-dc%2Fudocker%2Fmaster)](https://jenkins.eosc-synergy.eu/job/indigo-dc/job/udocker/job/master/)

[![SQAaaS badge](https://github.com/EOSC-synergy/SQAaaS/raw/master/badges/badges_150x116/badge_software_gold.png)](https://api.eu.badgr.io/public/assertions/_HIuuD5PRMipzM62mWTk3Q "SQAaaS gold badge achieved")

---
![logo](docs/logo-small.png)

udocker is a basic user tool to execute simple docker containers in user
space without requiring root privileges. Enables download and execution
of docker containers by non-privileged users in Linux systems where
docker is not available. It can be used to pull and execute docker
containers in Linux batch systems and interactive clusters that are
managed by other entities such as grid infrastructures or externally
managed batch or interactive systems.

udocker does not require any type of privileges nor the deployment of
services by system administrators. It can be downloaded and executed
entirely by the end user. The limited root functionality provided by
some of the udocker execution modes is either simulated or provided
via user namespaces.

udocker is a wrapper around several tools and libraries to mimic a
subset of the docker capabilities including pulling images and running
containers with minimal functionality.

**Important notice: We have changed the udocker tools location as of udocker 1.3.17.
This affects the configuration option `conf['tarball']` and environment variable
`UDOCKER_TARBALL`, so if you are using udocker <= 1.3.16, make sure to:
`export UDOCKER_TARBALL=https://download.a.incd.pt/udocker/udocker-englib-1.2.11.tar.gz`.

## Documentation

The full documentation is available at:

* [udocker documentation](https://indigo-dc.github.io/udocker/)
* [Installation manual](https://indigo-dc.github.io/udocker/installation_manual.html)
* [User manual](https://indigo-dc.github.io/udocker/user_manual.html)
* [Reference card](https://indigo-dc.github.io/udocker/reference_card.html)

## How does it work

udocker is written in Python, it has a minimal set of dependencies so
that can be executed in a wide range of Linux systems.

udocker does not make use of docker nor requires its presence.

udocker "executes" the containers by simply providing a chroot like
environment over the extracted container. The current implementation
supports different methods to mimic chroot thus enabling execution of
containers under a chroot like environment without requiring privileges.
udocker transparently supports several methods to execute the containers
based on external tools and libraries such as:

* PRoot
* Fakechroot
* runc
* crun
* Singularity

With the exception of Singularity the tools and libraries to support
execution are downloaded and deployed by udocker during the installation
process. This installation is performed in the user home directory
and does not require privileges. The udocker related files such as
libraries, executables, documentation, licenses, container images and
extracted directory trees are placed by default under `$HOME/.udocker`.

## Advantages

* Can be deployed by the end-user
* Does not require privileges for installation
* Does not require privileges for execution
* Does not require compilation, just transfer the Python code
* Encapsulates several tools and execution methods
* Includes the required tools already statically compiled to work
  across systems
* Provides a docker like command line interface
* Supports a subset of docker commands:
  search, pull, import, export, load, save, login, logout, create and run
* Understands docker container metadata
* Allows loading of docker and OCI containers
* Supports NVIDIA GPGPU applications
* Can execute in systems and environments where Linux namespaces
  support is unavailable
* Runs both on new and older Linux distributions including:
  CentOS 6, CentOS 7, CentOS 8, Ubuntu 14, Ubuntu 16, Ubuntu 18, Ubuntu 20,
  Ubuntu 21, Alpine, Fedora, etc

## Python 2 and Python 3

Since v1.3.0, udocker supports Python 2.7 and Python >= 3.6.
The original udocker v1.1.x for Python 2 is no longer maintained
but is still available
[here](https://github.com/indigo-dc/udocker/tree/v1.1.8).

## Syntax

```txt
        Commands:
          search <repo/expression>      :Search dockerhub for container images
          pull <repo/image:tag>         :Pull container image from dockerhub
          create <repo/image:tag>       :Create container from a pulled image
          run <container>               :Execute container
          run <repo/image:tag>          :Pull, create and execute container

          images -l                     :List container images
          ps -m -s                      :List created containers
          name <container_id> <name>    :Give name to container
          rmname <name>                 :Delete name from container
          rename <name> <new_name>      :Change container name
          clone <container_id>          :Duplicate container
          rm <container-id>             :Delete container
          rmi <repo/image:tag>          :Delete image
          tag <repo/image:tag> <repo2/image2:tag2> :Tag image

          import <tar> <repo/image:tag> :Import tar file (exported by docker)
          import - <repo/image:tag>     :Import from stdin (exported by docker)
          export -o <tar> <container>   :Export container directory tree
          export - <container>          :Export container directory tree
          load -i <imagefile>           :Load image from file (saved by docker)
          load                          :Load image from stdin (saved by docker)
          save -o <imagefile> <repo/image:tag>  :Save image with layers to file

          inspect <repo/image:tag>      :Return low level information on image
          inspect -p <container>        :Return path to container location
          verify <repo/image:tag>       :Verify a pulled or loaded image
          manifest inspect <repo/image:tag> :Print manifest metadata

          protect <repo/image:tag>      :Protect repository
          unprotect <repo/image:tag>    :Unprotect repository
          protect <container>           :Protect container
          unprotect <container>         :Unprotect container

          mkrepo <top-repo-dir>         :Create another repository in location
          setup                         :Change container execution settings
          login                         :Login into docker repository
          logout                        :Logout from docker repository

          help                          :This help
          run --help                    :Command specific help
          version                       :Shows udocker version

        Options common to all commands must appear before the command:
          -D                            :Debug
          --quiet                       :Less verbosity
          --repo=<directory>            :Use repository at directory
          --insecure                    :Allow insecure non authenticated https
          --allow-root                  :Allow execution by root NOT recommended
```

## Examples

Some examples of usage:

Search container images in dockerhub and listing tags.

```bash
udocker search  fedora
udocker search  ubuntu
udocker search  debian

udocker search --list-tags ubuntu
```

Pull from dockerhub and list the pulled images.

```bash
udocker pull   fedora:39
udocker pull   busybox
udocker pull   iscampos/openqcd
udocker images
```

Pull from a registry other than dockerhub.

```bash
udocker search  quay.io/bio
udocker search  --list-tags  quay.io/biocontainers/scikit-bio
udocker pull    quay.io/biocontainers/scikit-bio:0.2.3--np112py35_0
udocker images
```

Pull a different architecture such as arm64 instead of amd64.

```bash
udocker manifest inspect centos/centos8
udocker pull --platform=linux/arm64 centos/centos8
udocker tag centos/centos8  mycentos/centos8:arm64
```

Create a container from a pulled image, assign a name to the created
container and run it. A created container can be run multiple times
until it is explicitly removed. Files modified or added to the container
remain available across executions until the container is removed.

```bash
udocker create --name=myfed  fedora:29
udocker run  myfed  cat /etc/redhat-release
```

The three steps of pulling, creating and running can be also achieved
in a single command, however this will be much slower for multiple
invocations of the same container, as a new container will be created
for each invocation. This approach will also consume more storage space.
The following example creates a new container for each invocation.

```bash
udocker run  fedora:29  cat /etc/redhat-release
```

Execute mounting the host /home/u457 into the container directory /home/cuser.
Notice that you can "mount" any host directory inside the container.
Depending on the execution mode the "mount" is implemented differently and
may have restrictions.

```bash
udocker run -v /home/u457:/home/cuser -w /home/user myfed  /bin/bash
udocker run -v /var -v /proc -v /sys -v /tmp  myfed  /bin/bash
```

Place a script in your host /tmp and execute it in the container. Notice
that the behavior of `--entrypoint` changed from the previous versions
for better compatibility with docker.

```bash
udocker run  -v /tmp  --entrypoint="" myfed  /bin/bash -c 'cd /tmp; ./myscript.sh'

udocker run  -v /tmp  --entrypoint=/bin/bash  myfed  -c 'cd /tmp; ./myscript.sh'
```

Execute mounting the host /var, /proc, /sys and /tmp in the same container
directories. Notice that the content of these container directories will
be obfuscated by the host files.

```bash
udocker run -v /var -v /proc -v /sys -v /tmp  myfed  /bin/bash
```

Install software inside the container.

```bash
udocker run  --user=root myfed  yum install -y firefox pulseaudio gnash-plugin
```

Run as some user. The usernames should exist in the container.

```bash
udocker run --user 1000:1001  myfed  /bin/id
udocker run --user root   myfed  /bin/id
udocker run --user jorge  myfed  /bin/id
```

Running Firefox.

```bash
udocker run --bindhome --hostauth --hostenv \
   -v /sys -v /proc -v /var/run -v /dev --user=jorge --dri myfed  firefox
```

Change execution engine mode from PRoot to Fakechroot and run.

```bash
udocker setup  --execmode=F3  myfed

udocker run --bindhome --hostauth --hostenv \
   -v /sys -v /proc -v /var/run -v /dev --user=jorge --dri myfed  firefox
```

Change execution engine mode to accelerated PRoot.

```bash
udocker setup  --execmode=P1  myfed
```

Change execution engine to runc.

```bash
udocker setup  --execmode=R1  myfed
```

Change execution engine to Singularity. Requires the availability of
Singularity in the host system.

```bash
./udocker setup  --execmode=S1  myfed
```

Install software running as root emulation in Singularity:

```bash
udocker setup  --execmode=S1  myfed
udocker run  --user=root myfed  yum install -y firefox pulseaudio gnash-plugin
```

Change execution to enable nvidia ready applications. Requires that
the nvidia drivers are installed in the host system.

```bash
udocker setup  --nvidia  mytensorflow
```

## Security

By default udocker via PRoot offers the emulation of the root user. This
emulation mimics a real root user (e.g getuid will return 0). This is just
an emulation no root privileges are involved. This feature makes possible
the execution of some tools that do not require actual privileges but which
refuse to work if the username or id are not root or 0. This enables for
instance software installation using rpm, yum or dnf inside the container.

udocker does not offer robust isolation features such as the ones offered
by docker. Therefore if the containers content is not trusted then these
containers should not be executed with udocker as they will run inside the
user environment. For this reason udocker should not be run by privileged
users.

Container images and filesystems will be unpacked and stored in the user
home directory under `$HOME/.udocker` or other location of choice. Therefore
the containers data will be subjected to the same filesystem protections as
other files owned by the user. If the containers have sensitive information
the files and directories should be adequately protected by the user.

udocker does not require privileges and runs under the identity of the user
invoking it. Users can downloaded udocker and execute it without requiring
system administrators intervention.

udocker also provides execution with runc, crun and Singularity, these modes
make use of rootless namespaces and enable a normal user to execute as root
with the limitations that apply to user namespaces and to these tools.

When executed by normal unprivileged users, udocker limits privilege
escalation issues since it does not use or require system privileges.

## General Limitations

Since root privileges are not involved any operation that really
requires such privileges will not be possible. The following  are
examples of operations that are not possible:

* accessing host protected devices and files
* listening on TCP/IP privileged ports (range below 1024)
* mount file-systems
* the su command will not work
* change the system time
* changing routing tables, firewall rules, or network interfaces

If the containers require such privilege capabilities then docker
should be used instead.

udocker is not meant to create containers. Creation of containers
is better performed using docker and dockerfiles.

udocker does not provide all the docker features, and is not intended
as a docker replacement.

udocker is mainly oriented at providing a run-time environment for
containers execution in user space. udocker is particularly suited to
run user applications encapsulated in docker containers.

Debugging or using strace with the PRoot engine will not work as both
the debuggers and PRoot use the same tracing mechanism.

## Execution mode specific limitations

udocker offers multiple execution modes leveraging several external tools
such as PRoot (P mode), Fakechroot (F mode), runC (R mode), crun (R mode)
and Singularity (S mode).

When using execution Fakechroot modes such as F2, F3 and F4 the created
containers cannot be moved across hosts. In this case convert back to a Pn
mode before transfer.
This is not needed if the hosts are part of an homogeneous cluster where
the mount points and directory structure is the same. This limitation
applies whenever the absolute realpath to the container directory changes.

The default accelerated mode of PRoot (mode P1) may exhibit problems in Linux
kernels above 4.0 due to kernel changes and upstream issues, in this case use
mode P2 or any of the other execution modes.

```bash
./udocker setup  --execmode=P2  my-container-id
```

The Fakechroot modes (Fn modes) require shared libraries compiled against
the libc shipped with the container. udocker provides these libraries for
several Linux distributions, these shared libraries are installed by
udocker under:

```bash
$HOME/.udocker/lib/libfakechroot-*
```

The runc and crun modes (R modes) require a kernel with user namespaces enabled.

The singularity mode (S mode) requires the availability of Singularity in
the host system. Singularity is not shipped with udocker.

## Metadata generation

The `codemeta.json` metadata file was initially generated with `codemetapy`
package:

```bash
codemetapy udocker --with-orcid --affiliation "LIP Lisbon" \
  --buildInstructions "https://https://github.com/indigo-dc/udocker/blob/master/docs/installation_manual.md#3-source-code-and-build" \
  --citation "https://doi.org/10.1016/j.cpc.2018.05.021" \
  --codeRepository "https://github.com/indigo-dc/udocker" \
  --contIntegration "https://jenkins.eosc-synergy.eu/job/indigo-dc/job/udocker/job/master/" --contributor "Mario David" \
  --copyrightHolder "LIP"  --copyrightYear "2016" --creator "Jorge Gomes" \
  --dateCreated "2021-05-26" --maintainer "Jorge Gomes" \
  --readme "https://github.com/indigo-dc/udocker/blob/master/README.md" \
  --referencePublication "https://doi.org/10.1016/j.cpc.2018.05.021" \
  --releaseNotes "https://github.com/indigo-dc/udocker/blob/master/changelog" \
  -O codemeta.json
```

Further updates may be needed to add the correct values in the metadata file.

## Contributing

See: [Contributing](CONTRIBUTING.md)

## Citing

See: [Citing](CITING.md)

When citing udocker please use the following:

* Jorge Gomes, Emanuele Bagnaschi, Isabel Campos, Mario David,
  Luís Alves, João Martins, João Pina, Alvaro López-García, Pablo Orviz,
  Enabling rootless Linux Containers in multi-user environments: The udocker
  tool, Computer Physics Communications, Available online 6 June 2018,
  ISSN 0010-4655, <https://doi.org/10.1016/j.cpc.2018.05.021>

## Licensing

Redistribution, commercial use and code changes must regard all licenses
shipped with udocker. These include the [udocker license](LICENSE) and the
individual licences of the external tools and libraries packaged for use
with udocker. For further information see the
[software licenses section](https://indigo-dc.github.io/udocker/installation_manual.html#62-software-licenses)
of the installation manual.

## Acknowledgements

* Docker <https://www.docker.com/>
* PRoot <https://proot-me.github.io/>
* Fakechroot <https://github.com/dex4er/fakechroot/wiki>
* Patchelf <https://github.com/NixOS/patchelf>
* runC <https://runc.io/>
* crun <https://github.com/containers/crun>
* Singularity <https://www.sylabs.io/>
* Open Container Initiative <https://www.opencontainers.org/>
* INDIGO DataCloud <https://www.indigo-datacloud.eu>
* DEEP-Hybrid-DataCloud <https://deep-hybrid-datacloud.eu>
* EOSC-hub <https://eosc-hub.eu>
* EGI-ACE <https://www.egi.eu/projects/egi-ace/>
* EOSC-Synergy <https://www.eosc-synergy.eu/>
* DT-Geo <https://dtgeo.eu/>
* LIP [https://www.lip.pt](https://www.lip.pt/?section=home&page=homepage&lang=en)
* INCD [https://www.incd.pt](https://www.incd.pt/?lang=en)

This work was performed in the framework of the H2020 project INDIGO-Datacloud
(RIA 653549) and further developed with co-funding by the projects EOSC-hub
(Horizon 2020) under Grant number 777536, DEEP-Hybrid-DataCloud
(Horizon 2020) under Grant number 777435, DT-Geo (Horizon Europe) under Grant
number 101058129. Software Quality Assurance is performed with the support of
by the project EOSC-Synergy (Horizon 2020).
The authors wish to acknowleadge the support of INCD-Infraestrutura Nacional de
Computação Distribuída (funded by FCT, P2020, Lisboa2020, COMPETE and FEDER
under the project number 22153-01/SAICT/2016).


# Changelog

## udocker (1.3.17) - 2024-08-28

* Update docker tools url location

## udocker (1.3.16) - 2024-04-09

* Fix unit tests: remove called_with and called_once_with as invalid assertion
  introduced in python 3.12
* This version is the same as 1.3.14

## udocker (1.3.14) - 2024-04-04

* Support for runsc as engine for execution mode R1: closes #414
* New option `login --password-stdin`: closes #168
* New option `run --pull=reuse` to be used with --name= and with
  and image name as argument. Instead of always pulling and creating
  a new container --pull=reuse allows to execute an existing container
  and only pull+create if the container does not exist
* New option `run --httpproxy=<proxy>`: closes #418
* Improve handling of registry names in login: closes #168
* Improve handling of image names in pull: closes #168
* Improve handling of mount point removal: closes #406, #399
* Support for AWS ECR registries: closes #168
* Remove pycurl dependency on unit tests
* Documentation fixes

## udocker (1.3.13) - 2024-02-05

* udocker improve binary executables selection
* udocker fix fakechroot parsing of so, exec_path and add cmd subst
* udocker implement minor pylint compliance improvements
* udocker mode Pn make links2symlinks disabled by default in config: closes #412
* New udockertools 1.2.11 tarball
* udockertools mode Fn glibc fix dladdr(), dlopen(), dlmopen(), dl_iterate_phdr()
* udockertools mode Fn glibc add dladdr1()
* udockertools mode Fn glibc add execvpe(), execveat()
* udockertools mode Fn glibc add getauxval()
* udockertools mode Fn glibc add scandirat(), scandirat64()
* udockertools mode Fn glibc change stat64(), lstat64(), stat()
* udockertools mode Fn glibc add narrowing of program_invocation_name
* udockertools mode Fn glibc improve command substitution
* udockertools mode Fn musl fix dladdr(), dlopen(), dlmopen(), dl_iterate_phdr()
* udockertools mode Fn musl execvpe()
* udockertools mode Fn musl improve command substitution
* udockertools mode Fn added support for Alpine 3.19 (x86_64)
* udockertools mode Fn added support for Fedora 39 (x86_64, aarch64, ppc64le)
* udockertools mode Rn include runc 1.1.12

## udocker (1.3.12) - 2023-11-02

* Fix unit tests, no modifications w.r.t. 1.3.11

## udocker (1.3.11) - 2023-10-23

* Add support for hard link to symbolic link conversion in Pn modes
  as hard links cannot be created by unprivileged users: partially
  addresses #388
* Check of availability of network extensions for port mapping and
  netcoop in Pn modes and only use them if supported by the proot
  engine being invoked.
* Improve image metadata generated by udocker on import: closes #398

## udocker (1.3.10) - 2023-07-03

* Improved handling of container platform information
* Added support for QEMU on Pn modes enabling execution of containers
  with architectures different than the host
* Selection of executable for Sn mode now defaults to apptainer and
  in second place to singularity
* The new command `manifest inspect` allows display of image manifests
  therefore enabling access to the catalogue of platforms supported by
  a given image
* The new command `tag` enables changing the name of an existing image
* New option `pull --platform=os/architecture` enables pulling of images
  of a given architecture possibly different from the host
* New option `run --platform=os/architecture` enables pull and run of
  images of a given architecture possibly different from the host
* New option `import --platform=os/architecture` enables to specify
  an architecture for the image
* New option `ps -p` enables list of the architectures of containers
* New option `images -p` enables list of the architectures of containers
* Build udockertools 1.2.10 and set it as default
* The udockertools support for Fn now includes Ubuntu 23:04, Fedora 38,
  Alpine 3.17 and 3.18.
* Experimental support for native Fn execution on arm64 for Fedora 36,
  Fedora 37, Fedora 38, CentOS 7, AlmaLinux 8, AlmaLinux 9 and Ubuntu 22,
  Ubuntu 20, Ubuntu 18 and similar.
* Experimental support for native Fn execution on ppc64le for CentOS 7,
  AlmaLinux 8, AlmaLinux 9, Ubuntu 22, Ubuntu 20, Ubuntu 18 and similar.
* Experimental support for runc in arm64 and ppc64le
* Updated version of Pn engines for x86, x86_64, arm64: addresses #393

## udocker (1.3.9) - 2023-06-07

* Add support to access non-config metadata from containers
* Added support for multiplatform manifests and indices: closes #392, #355

## udocker (1.3.8) - 2023-03-24

* Build udockertools 1.2.9 and set it as default
* Add Fn support for Ubuntu:22
* Remove files to be installed
* Set Fn preference to use runc

## udocker (1.3.7) - 2023-01-24

* Remove deprecated unit tests. udocker is the same as version 1.3.6

## udocker (1.3.6) - 2023-01-19

* Re-implement udocker namespace: closes #380
* Login fails all the time: closes #379
* Ignore image loading if already exists: closes #378

## udocker (1.3.5) - 2022-10-21

* Fix python backwards compatibility issues: closes #374
* Fix incorrectly reported errors by image verification
* Fix image search returning empty results
* Fix issue with logical links in the udocker executable path
* Add check to verify if container name exists before creation
  or cloning
* Add --force option to create and clone to allow creation
  of container even if the intended name given by --name exists
* Prevent closing of file descriptors upon engine invocation
  improves PMI process management interface interoperability
* Fix issues in import and export while using pipes.
* Fix image name parsing where "library" component is missing: closes #359

## udocker (1.3.4) - 2022-08-26

* Fix 2 unit tests

## udocker (1.3.3) - 2022-08-23

* Image list does not truncate long names: closes #349
* Fix conditional warning in verify image
* Fix and improve udocker high level tests

## udocker (1.3.2) - 2022-08-17

* Fix missing f (format) for string
* Fix bugs with dict .items()
* Solving several pylint issues
* Remove use2to3: closes #358

## udocker (1.3.1) - 2021-06-24

* Add --entrypoint to run --help
* Set docker hub registry registry-1.docker.io
* Fix repository name in search --list-tags
* Improve tests: udocker_test.sh and udocker_test-run.sh
* Documentation revision and improvements
* Add licenses and licenses notice to documentation
* Add test instructions
* Issues with --allow-root in Python 3.8
* Add security policy SECURITY.md
* Remove old Python 2 tests
* Fix configuration hierarchy, configuration files
* Update documentation: README, user and install manuals
* Fix sqa and config

## udocker (1.3.0) - 2021-06-05

* Prepare to move the stable code for Python 3 and Python 2 >= 2.6 to master
* Installation procedure changed since 1.1.x series see the `installation_manual`
* Improve user and installation documentation
* Extract documentation upon installation
* Add codemeta.json, metadata for the software
* Add support for `faccessat2()` in Pn and Fn execution modes
* Fix support for `newfstatat()` in Pn execution modes
* Add Fn libraries for Fedora 34 and Ubuntu 21.04
* Remove broken links in FileUtil.remove()
* Update minimum udocker tools tarball to 1.2.8
* Cmd and entrypoint metadata and arguments processing changed to mimic docker
* Improve removal of files and links in install and filebind restore
* Add follow location option to GetURL()
* Implement use of `--entrypoint=<cmd>` to force execution of command: closes #306
* Implement use of `--entrypoint=""` to bypass entrypoint in metadata: closes #306

## udocker (1.2.9) - 2021-05-24

* Method Unshare.unshare os.strerror() takes one argument: closes #254
* Add unit test for #254
* Method chown udocker.utils.fileutil FileUtil: closes #276
* Several fixes of unit tests and pylint
* Fix confusion between exit code 0 and inferred False
* Dereference on `safe_prefixes`
* untar exclude dev
* Fix rmi for referenced layers
* Set default for `PROOT_TMP_DIR`
* sysdir mountpoint not found and set tmpdir
* Update installation instructions
* Improve `oskernel_isgreater()`
* Improve `osinfo()`
* Fix repository login/logout
* Improve keystore logic
* Fix pull /v2

## udocker (1.2.8b2) - 2021-05-04

* Fix Rn modes to enable containers execution from readonly dirs
* Documentation centralized installation and readonly setups
* Fix handling of dockerhub repository names in /v2
* Improve documentation and align with 1.1.8b2
* Add credits
* Fix delete of paths with symlinks: closes #267, #265
* Fix issues with login credentials: closes #310
* Fix pull images from docker hub in Termux: closes #307
* Fix issues on running udocker in googlecolab: closes #286
* Fix execution with Pn modes in alternate /tmp: closes #284
* Add conditional delay-directory-restore to untar layers
* Add exclude of whiteouts on layer untar
* Add --nobanner to udocker run

## udocker (1.2.7) - 2021-01-26

* Major restructuring of the code
* Major restructuring of the unit tests
* Porting to Python 3, still supports python 2.7
* All fixes up to previous 1.1.7 version have been applied
* Added scripts tests udocker: `utils/udocker_test.sh utils/udocker_test-run.sh`

## udocker (1.1.8) - 2021-06-16

* Last 1.1.x release
* Fix Rn modes to enable containers execution from readonly dirs
* Documentation centralized installation and readonly setups

## udocker (1.1.7) - 2021-02-21

* Fix P1 when Linux 4.8.0 SECCOMP is backported, affects newer CentOS 7: closes #282
* Check for file ownership on remove wrongly follows symlinks: closes #266, #267
* udocker unexpectedly uses P1 exec mode instead of P2: closes #274
* Allow passing of `PROOT_TMP_DIR` environment variable: closes #284

## udocker (1.1.6)

* Complete fix for of ELF paths in modes Fn for "$ORIGIN:$ORIGIN": closes #255

## udocker (1.1.5)

* Preliminary fix for of ELF paths in modes Fn for $ORIGIN:$ORIGIN
* Add Fn libraries for Ubuntu20, Fedora32, Fedora33
* Add Fn libraries for Alpine 3.12, 3.13

## udocker (1.1.4-1) - 2020-01-10

* Fix run --location
* Fix udocker integrated help
* Fix naming of containers
* Improve parsing of image names
* Documentation improvements
* `os._exit` from Unshare.unshare()
* Disable `FAKECHROOT_DISALLOW_ENV_CHANGES` in F4 mode

## udocker (1.1.4) - 2020-01-07

* Use hub.docker.com as default registry
* Search using v1 and v2 APIs
* Implement API /v2/search/repositories
* Adjust search results to screen size
* List container size with ps -s
* List container execution modes with ps -m
* Added support for nameat() and statx() in Pn and Fn modes
* Added Fn libraries for Ubuntu18, Ubuntu19, Fedora29, Fedora30, Fedora31, CentOS8
* Added Fn libraries for Alpine 3.8, 3.9, 3.10, 3.11
* Added support for sha512 hashes
* Added support for opaque whiteouts
* Added search --list-tags to available tags for a given repository
* Add CLI support for image names in format host/repository:tag
* Support for fake root in Sn execution modes via --user=root
* Improve verify of loaded/pulled images
* Improve handling of mountpoints
* Added --containerauth to enable direct use of the container passwd and group
* Added support for file mount bindings in singularity
* Added `UDOCKER_USE_PROOT_EXECUTABLE` env var to select proot location
* Added `UDOCKER_USE_RUNC_EXECUTABLE` env var to select runc location
* Added `UDOCKER_USE_SINGULARITY_EXECUTABLE` env var to select singularity
* Added `UDOCKER_DEFAULT_EXECUTION_MODE` env var to select default execution mode
* Added R2 and R3 execution modes for PRoot overlay execution in runc
* Added setup --purge for cleanup of mountpoints and files
* Added setup --fixperms to fix container file permissions
* Added run --env-file= to load file with environment variables
* Improve file and directory binding support for Singularity and runc
* Add command rename for renaming of containers
* Create processes without shell context
* Safer parsing of config files and removal of directories
* Improve installation
* Improved fix of SECCOMP accelerated mode for P1 mode
* Added loading and handling of container images in OCI format
* Fixes for udocker in ARM aarch64
* Fix processing of --dri in Sn mode: closes #241
* Improve handling of container and host authentication: addresses #239
* Fixes to address authentication and redirects in pull: closes #225, #230
* Added minimal support to load OCI images: closes #111
* Added Pn support for newer distributions: closes #192
* Improve the installation of udockertools: closes #220, #228
* Add --env-file= - to read environment variables from file: closes #212
* Prepare for pypy: closes #211
* Fixes for verification of container images: closes #209
* Fix command line processing for "-" in argument: closes #202
* Fix file protections on extraction making files u+r : closes #202, #206
* Fix comparison of kernel versions having non-integers: closes #183
* Support for both manifest V2 schema 1 and schema 2: closes #218, #225
* Further improved pathname translation in Fn modes: closes #160
* Implement save images in docker format: closes #74
* useradd and groupadd not working in containers: closes #141
* fix return code when exporting to stdin: closes #202

## udocker (1.1.3) - 2018-11-01

* Support for nvidia drivers on ubuntu: closes #162
* Installation improvements: closes #166
* Fix issue on Fn mode symlink conversion:  addresses #160

## udocker (1.1.2) - 2018-10-29

* Improve parsing of quotes in the command line: closes #98
* Fix version command to exit with 0: closes #107
* Add kill-on-exit to proot on Pn modes
* Improve download of udocker utils
* Handle authentication headers when pulling: closes #110
* Handle of redirects when pulling
* Fix registries table
* Support search quay.io
* Fix auth header when no standard Docker registry is used
* Add registry detection on image name
* Add --version option
* Force python2 as interpreter: closes #131
* Fix handling of volumes in metadata
* Handle empty metadata
* Fix http proxy functionality: closes #115
* Ignore --no-trunc and --all in the images command: closes #108
* Implement verification of layers in manifest
* Add --nvidia to support GPUs and related drivers
* Send download messages to stderr
* Enable override of curl executable
* Fix building on CentOS 6: closes #157
* Mitigation for upstream limitation in runC without tty: closes #132
* Fix detection of executable with symlinks in container: closes #118
* Updated runC to v1.0.0-rc5
* Experimental support for Alpine in Fn modes
* Improve pathname translation in Fn modes for mounted dirs: addresses #160

## udocker (1.1.1) - 2017-11-24

* New execution engine using singularity
* Updated documentation with OpenMPI information and examples
* Additional unit tests
* Redirect messages to stderr
* Improved parsing of quotes in the command line: closes #87
* Allow override of the HOME environment variable
* Allow override of libfakechroot.so at the container level
* Automatic selection of libfakechroot.so from container info
* Improve automatic install
* Enable resetting prefix paths in Fn modes in remote hosts
* Do not set `AF_UNIX_PATH` in Fn modes when the host /tmp is a volume
* Export containers in both docker and udocker format
* Import containers docker and udocker format
* Load, import and export to/from stdin/stdout
* Clone existing containers
* Support for TCP/IP port remap in execution modes Pn
* Fix run with basenames failing: closes #89
* Allow run as root flag: closes #91

## udocker (1.1.0) - 2017-09-30

* Support image names prefixed by registry similarly to docker
* Add execution engine selection logic
* Add fr execution engine based on shared library interception
* Add rc execution engine based on rootless namespaces
* Improve proot tmp files cleanup on non ext filesystems
* Improve search returning empty on Docker repositories
* Improve runC execution portability
* Add environment variable `UDOCKER_KEYSTORE`: closes #75
* Prevent creation of .udocker when `UDOCKER_KEYSTORE` is used: closes #75

## udocker (1.0.4) - 2017-09-26

* Documentation fixes

## udocker (1.0.3) - 2017-03-30

* Support for import Docker containers in newer metadata structure
* Improve the command line parsing
* Improve temporary file handling and removal
* Support for additional execution engines to be provided in the future
* Improved parsing of entrypoint and cmd metadata: closes #53
* Increase name alias length: closes #52
* Add support for change dir into volume directories: closes #51
* Fix deletion of files upon container import: closes #50
* Fix exporting of host environment variables to the containers: closes #48
* Change misleading behavior of import tarball from move to copy: closes #44
* Fix validation of volumes specification: closes #43

## udocker (1.0.2) - 2017-02-13

* Improve download on repositories that fail authentication on /v2
* Improve run verification of binaries with recursive symbolic links
* Improve accelerated seccomp on kernels >= 4.8.0 : closes #40

## udocker (1.0.1) - 2017-01-31

* Minor bugfixes
* Executable name changed from udocker.py to udocker
* Added support for login into docker repositories
* Added support for private repositories
* Added support for listing of v2 repositories catalog
* Added checksum verification for sha256 layers
* Improved download handling for v1 and v2 repositories
* Improved installation tarball structure
* Insecure flag fixed
* Address seccomp change introduced on kernels >= 4.8.0
* Utilities for packaging
* Improved verbose levels, messaging and output: closes #24, #23
* Fully implement support for registry selection --registry parameter: closes #29
* Provide support for private repositories e.g. gitlab registries: closes #30
* Provide --insecure command line parameter for SSL requests: closes #31

## udocker (1.0.0) - 2016-06-06

* Initial version



            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/indigo-dc/udocker",
    "name": "udocker",
    "maintainer": null,
    "docs_url": null,
    "requires_python": null,
    "maintainer_email": null,
    "keywords": "Linux containers, HPC on cloud, Virtualization",
    "author": "Jorge Gomes",
    "author_email": "udocker@lip.pt",
    "download_url": "https://files.pythonhosted.org/packages/b5/9a/e0995eeb0195b31befba697bf40659e2c0b9106fd80e3d7eecc50a96cbb7/udocker-1.3.17.tar.gz",
    "platform": null,
    "description": "[![PyPI version](https://badge.fury.io/py/udocker.svg)](https://badge.fury.io/py/udocker)\n[![Build Status](https://jenkins.eosc-synergy.eu/buildStatus/icon?job=indigo-dc%2Fudocker%2Fmaster)](https://jenkins.eosc-synergy.eu/job/indigo-dc/job/udocker/job/master/)\n\n[![SQAaaS badge](https://github.com/EOSC-synergy/SQAaaS/raw/master/badges/badges_150x116/badge_software_gold.png)](https://api.eu.badgr.io/public/assertions/_HIuuD5PRMipzM62mWTk3Q \"SQAaaS gold badge achieved\")\n\n---\n![logo](docs/logo-small.png)\n\nudocker is a basic user tool to execute simple docker containers in user\nspace without requiring root privileges. Enables download and execution\nof docker containers by non-privileged users in Linux systems where\ndocker is not available. It can be used to pull and execute docker\ncontainers in Linux batch systems and interactive clusters that are\nmanaged by other entities such as grid infrastructures or externally\nmanaged batch or interactive systems.\n\nudocker does not require any type of privileges nor the deployment of\nservices by system administrators. It can be downloaded and executed\nentirely by the end user. The limited root functionality provided by\nsome of the udocker execution modes is either simulated or provided\nvia user namespaces.\n\nudocker is a wrapper around several tools and libraries to mimic a\nsubset of the docker capabilities including pulling images and running\ncontainers with minimal functionality.\n\n**Important notice: We have changed the udocker tools location as of udocker 1.3.17.\nThis affects the configuration option `conf['tarball']` and environment variable\n`UDOCKER_TARBALL`, so if you are using udocker <= 1.3.16, make sure to:\n`export UDOCKER_TARBALL=https://download.a.incd.pt/udocker/udocker-englib-1.2.11.tar.gz`.\n\n## Documentation\n\nThe full documentation is available at:\n\n* [udocker documentation](https://indigo-dc.github.io/udocker/)\n* [Installation manual](https://indigo-dc.github.io/udocker/installation_manual.html)\n* [User manual](https://indigo-dc.github.io/udocker/user_manual.html)\n* [Reference card](https://indigo-dc.github.io/udocker/reference_card.html)\n\n## How does it work\n\nudocker is written in Python, it has a minimal set of dependencies so\nthat can be executed in a wide range of Linux systems.\n\nudocker does not make use of docker nor requires its presence.\n\nudocker \"executes\" the containers by simply providing a chroot like\nenvironment over the extracted container. The current implementation\nsupports different methods to mimic chroot thus enabling execution of\ncontainers under a chroot like environment without requiring privileges.\nudocker transparently supports several methods to execute the containers\nbased on external tools and libraries such as:\n\n* PRoot\n* Fakechroot\n* runc\n* crun\n* Singularity\n\nWith the exception of Singularity the tools and libraries to support\nexecution are downloaded and deployed by udocker during the installation\nprocess. This installation is performed in the user home directory\nand does not require privileges. The udocker related files such as\nlibraries, executables, documentation, licenses, container images and\nextracted directory trees are placed by default under `$HOME/.udocker`.\n\n## Advantages\n\n* Can be deployed by the end-user\n* Does not require privileges for installation\n* Does not require privileges for execution\n* Does not require compilation, just transfer the Python code\n* Encapsulates several tools and execution methods\n* Includes the required tools already statically compiled to work\n  across systems\n* Provides a docker like command line interface\n* Supports a subset of docker commands:\n  search, pull, import, export, load, save, login, logout, create and run\n* Understands docker container metadata\n* Allows loading of docker and OCI containers\n* Supports NVIDIA GPGPU applications\n* Can execute in systems and environments where Linux namespaces\n  support is unavailable\n* Runs both on new and older Linux distributions including:\n  CentOS 6, CentOS 7, CentOS 8, Ubuntu 14, Ubuntu 16, Ubuntu 18, Ubuntu 20,\n  Ubuntu 21, Alpine, Fedora, etc\n\n## Python 2 and Python 3\n\nSince v1.3.0, udocker supports Python 2.7 and Python >= 3.6.\nThe original udocker v1.1.x for Python 2 is no longer maintained\nbut is still available\n[here](https://github.com/indigo-dc/udocker/tree/v1.1.8).\n\n## Syntax\n\n```txt\n        Commands:\n          search <repo/expression>      :Search dockerhub for container images\n          pull <repo/image:tag>         :Pull container image from dockerhub\n          create <repo/image:tag>       :Create container from a pulled image\n          run <container>               :Execute container\n          run <repo/image:tag>          :Pull, create and execute container\n\n          images -l                     :List container images\n          ps -m -s                      :List created containers\n          name <container_id> <name>    :Give name to container\n          rmname <name>                 :Delete name from container\n          rename <name> <new_name>      :Change container name\n          clone <container_id>          :Duplicate container\n          rm <container-id>             :Delete container\n          rmi <repo/image:tag>          :Delete image\n          tag <repo/image:tag> <repo2/image2:tag2> :Tag image\n\n          import <tar> <repo/image:tag> :Import tar file (exported by docker)\n          import - <repo/image:tag>     :Import from stdin (exported by docker)\n          export -o <tar> <container>   :Export container directory tree\n          export - <container>          :Export container directory tree\n          load -i <imagefile>           :Load image from file (saved by docker)\n          load                          :Load image from stdin (saved by docker)\n          save -o <imagefile> <repo/image:tag>  :Save image with layers to file\n\n          inspect <repo/image:tag>      :Return low level information on image\n          inspect -p <container>        :Return path to container location\n          verify <repo/image:tag>       :Verify a pulled or loaded image\n          manifest inspect <repo/image:tag> :Print manifest metadata\n\n          protect <repo/image:tag>      :Protect repository\n          unprotect <repo/image:tag>    :Unprotect repository\n          protect <container>           :Protect container\n          unprotect <container>         :Unprotect container\n\n          mkrepo <top-repo-dir>         :Create another repository in location\n          setup                         :Change container execution settings\n          login                         :Login into docker repository\n          logout                        :Logout from docker repository\n\n          help                          :This help\n          run --help                    :Command specific help\n          version                       :Shows udocker version\n\n        Options common to all commands must appear before the command:\n          -D                            :Debug\n          --quiet                       :Less verbosity\n          --repo=<directory>            :Use repository at directory\n          --insecure                    :Allow insecure non authenticated https\n          --allow-root                  :Allow execution by root NOT recommended\n```\n\n## Examples\n\nSome examples of usage:\n\nSearch container images in dockerhub and listing tags.\n\n```bash\nudocker search  fedora\nudocker search  ubuntu\nudocker search  debian\n\nudocker search --list-tags ubuntu\n```\n\nPull from dockerhub and list the pulled images.\n\n```bash\nudocker pull   fedora:39\nudocker pull   busybox\nudocker pull   iscampos/openqcd\nudocker images\n```\n\nPull from a registry other than dockerhub.\n\n```bash\nudocker search  quay.io/bio\nudocker search  --list-tags  quay.io/biocontainers/scikit-bio\nudocker pull    quay.io/biocontainers/scikit-bio:0.2.3--np112py35_0\nudocker images\n```\n\nPull a different architecture such as arm64 instead of amd64.\n\n```bash\nudocker manifest inspect centos/centos8\nudocker pull --platform=linux/arm64 centos/centos8\nudocker tag centos/centos8  mycentos/centos8:arm64\n```\n\nCreate a container from a pulled image, assign a name to the created\ncontainer and run it. A created container can be run multiple times\nuntil it is explicitly removed. Files modified or added to the container\nremain available across executions until the container is removed.\n\n```bash\nudocker create --name=myfed  fedora:29\nudocker run  myfed  cat /etc/redhat-release\n```\n\nThe three steps of pulling, creating and running can be also achieved\nin a single command, however this will be much slower for multiple\ninvocations of the same container, as a new container will be created\nfor each invocation. This approach will also consume more storage space.\nThe following example creates a new container for each invocation.\n\n```bash\nudocker run  fedora:29  cat /etc/redhat-release\n```\n\nExecute mounting the host /home/u457 into the container directory /home/cuser.\nNotice that you can \"mount\" any host directory inside the container.\nDepending on the execution mode the \"mount\" is implemented differently and\nmay have restrictions.\n\n```bash\nudocker run -v /home/u457:/home/cuser -w /home/user myfed  /bin/bash\nudocker run -v /var -v /proc -v /sys -v /tmp  myfed  /bin/bash\n```\n\nPlace a script in your host /tmp and execute it in the container. Notice\nthat the behavior of `--entrypoint` changed from the previous versions\nfor better compatibility with docker.\n\n```bash\nudocker run  -v /tmp  --entrypoint=\"\" myfed  /bin/bash -c 'cd /tmp; ./myscript.sh'\n\nudocker run  -v /tmp  --entrypoint=/bin/bash  myfed  -c 'cd /tmp; ./myscript.sh'\n```\n\nExecute mounting the host /var, /proc, /sys and /tmp in the same container\ndirectories. Notice that the content of these container directories will\nbe obfuscated by the host files.\n\n```bash\nudocker run -v /var -v /proc -v /sys -v /tmp  myfed  /bin/bash\n```\n\nInstall software inside the container.\n\n```bash\nudocker run  --user=root myfed  yum install -y firefox pulseaudio gnash-plugin\n```\n\nRun as some user. The usernames should exist in the container.\n\n```bash\nudocker run --user 1000:1001  myfed  /bin/id\nudocker run --user root   myfed  /bin/id\nudocker run --user jorge  myfed  /bin/id\n```\n\nRunning Firefox.\n\n```bash\nudocker run --bindhome --hostauth --hostenv \\\n   -v /sys -v /proc -v /var/run -v /dev --user=jorge --dri myfed  firefox\n```\n\nChange execution engine mode from PRoot to Fakechroot and run.\n\n```bash\nudocker setup  --execmode=F3  myfed\n\nudocker run --bindhome --hostauth --hostenv \\\n   -v /sys -v /proc -v /var/run -v /dev --user=jorge --dri myfed  firefox\n```\n\nChange execution engine mode to accelerated PRoot.\n\n```bash\nudocker setup  --execmode=P1  myfed\n```\n\nChange execution engine to runc.\n\n```bash\nudocker setup  --execmode=R1  myfed\n```\n\nChange execution engine to Singularity. Requires the availability of\nSingularity in the host system.\n\n```bash\n./udocker setup  --execmode=S1  myfed\n```\n\nInstall software running as root emulation in Singularity:\n\n```bash\nudocker setup  --execmode=S1  myfed\nudocker run  --user=root myfed  yum install -y firefox pulseaudio gnash-plugin\n```\n\nChange execution to enable nvidia ready applications. Requires that\nthe nvidia drivers are installed in the host system.\n\n```bash\nudocker setup  --nvidia  mytensorflow\n```\n\n## Security\n\nBy default udocker via PRoot offers the emulation of the root user. This\nemulation mimics a real root user (e.g getuid will return 0). This is just\nan emulation no root privileges are involved. This feature makes possible\nthe execution of some tools that do not require actual privileges but which\nrefuse to work if the username or id are not root or 0. This enables for\ninstance software installation using rpm, yum or dnf inside the container.\n\nudocker does not offer robust isolation features such as the ones offered\nby docker. Therefore if the containers content is not trusted then these\ncontainers should not be executed with udocker as they will run inside the\nuser environment. For this reason udocker should not be run by privileged\nusers.\n\nContainer images and filesystems will be unpacked and stored in the user\nhome directory under `$HOME/.udocker` or other location of choice. Therefore\nthe containers data will be subjected to the same filesystem protections as\nother files owned by the user. If the containers have sensitive information\nthe files and directories should be adequately protected by the user.\n\nudocker does not require privileges and runs under the identity of the user\ninvoking it. Users can downloaded udocker and execute it without requiring\nsystem administrators intervention.\n\nudocker also provides execution with runc, crun and Singularity, these modes\nmake use of rootless namespaces and enable a normal user to execute as root\nwith the limitations that apply to user namespaces and to these tools.\n\nWhen executed by normal unprivileged users, udocker limits privilege\nescalation issues since it does not use or require system privileges.\n\n## General Limitations\n\nSince root privileges are not involved any operation that really\nrequires such privileges will not be possible. The following  are\nexamples of operations that are not possible:\n\n* accessing host protected devices and files\n* listening on TCP/IP privileged ports (range below 1024)\n* mount file-systems\n* the su command will not work\n* change the system time\n* changing routing tables, firewall rules, or network interfaces\n\nIf the containers require such privilege capabilities then docker\nshould be used instead.\n\nudocker is not meant to create containers. Creation of containers\nis better performed using docker and dockerfiles.\n\nudocker does not provide all the docker features, and is not intended\nas a docker replacement.\n\nudocker is mainly oriented at providing a run-time environment for\ncontainers execution in user space. udocker is particularly suited to\nrun user applications encapsulated in docker containers.\n\nDebugging or using strace with the PRoot engine will not work as both\nthe debuggers and PRoot use the same tracing mechanism.\n\n## Execution mode specific limitations\n\nudocker offers multiple execution modes leveraging several external tools\nsuch as PRoot (P mode), Fakechroot (F mode), runC (R mode), crun (R mode)\nand Singularity (S mode).\n\nWhen using execution Fakechroot modes such as F2, F3 and F4 the created\ncontainers cannot be moved across hosts. In this case convert back to a Pn\nmode before transfer.\nThis is not needed if the hosts are part of an homogeneous cluster where\nthe mount points and directory structure is the same. This limitation\napplies whenever the absolute realpath to the container directory changes.\n\nThe default accelerated mode of PRoot (mode P1) may exhibit problems in Linux\nkernels above 4.0 due to kernel changes and upstream issues, in this case use\nmode P2 or any of the other execution modes.\n\n```bash\n./udocker setup  --execmode=P2  my-container-id\n```\n\nThe Fakechroot modes (Fn modes) require shared libraries compiled against\nthe libc shipped with the container. udocker provides these libraries for\nseveral Linux distributions, these shared libraries are installed by\nudocker under:\n\n```bash\n$HOME/.udocker/lib/libfakechroot-*\n```\n\nThe runc and crun modes (R modes) require a kernel with user namespaces enabled.\n\nThe singularity mode (S mode) requires the availability of Singularity in\nthe host system. Singularity is not shipped with udocker.\n\n## Metadata generation\n\nThe `codemeta.json` metadata file was initially generated with `codemetapy`\npackage:\n\n```bash\ncodemetapy udocker --with-orcid --affiliation \"LIP Lisbon\" \\\n  --buildInstructions \"https://https://github.com/indigo-dc/udocker/blob/master/docs/installation_manual.md#3-source-code-and-build\" \\\n  --citation \"https://doi.org/10.1016/j.cpc.2018.05.021\" \\\n  --codeRepository \"https://github.com/indigo-dc/udocker\" \\\n  --contIntegration \"https://jenkins.eosc-synergy.eu/job/indigo-dc/job/udocker/job/master/\" --contributor \"Mario David\" \\\n  --copyrightHolder \"LIP\"  --copyrightYear \"2016\" --creator \"Jorge Gomes\" \\\n  --dateCreated \"2021-05-26\" --maintainer \"Jorge Gomes\" \\\n  --readme \"https://github.com/indigo-dc/udocker/blob/master/README.md\" \\\n  --referencePublication \"https://doi.org/10.1016/j.cpc.2018.05.021\" \\\n  --releaseNotes \"https://github.com/indigo-dc/udocker/blob/master/changelog\" \\\n  -O codemeta.json\n```\n\nFurther updates may be needed to add the correct values in the metadata file.\n\n## Contributing\n\nSee: [Contributing](CONTRIBUTING.md)\n\n## Citing\n\nSee: [Citing](CITING.md)\n\nWhen citing udocker please use the following:\n\n* Jorge Gomes, Emanuele Bagnaschi, Isabel Campos, Mario David,\n  Lu\u00eds Alves, Jo\u00e3o Martins, Jo\u00e3o Pina, Alvaro L\u00f3pez-Garc\u00eda, Pablo Orviz,\n  Enabling rootless Linux Containers in multi-user environments: The udocker\n  tool, Computer Physics Communications, Available online 6 June 2018,\n  ISSN 0010-4655, <https://doi.org/10.1016/j.cpc.2018.05.021>\n\n## Licensing\n\nRedistribution, commercial use and code changes must regard all licenses\nshipped with udocker. These include the [udocker license](LICENSE) and the\nindividual licences of the external tools and libraries packaged for use\nwith udocker. For further information see the\n[software licenses section](https://indigo-dc.github.io/udocker/installation_manual.html#62-software-licenses)\nof the installation manual.\n\n## Acknowledgements\n\n* Docker <https://www.docker.com/>\n* PRoot <https://proot-me.github.io/>\n* Fakechroot <https://github.com/dex4er/fakechroot/wiki>\n* Patchelf <https://github.com/NixOS/patchelf>\n* runC <https://runc.io/>\n* crun <https://github.com/containers/crun>\n* Singularity <https://www.sylabs.io/>\n* Open Container Initiative <https://www.opencontainers.org/>\n* INDIGO DataCloud <https://www.indigo-datacloud.eu>\n* DEEP-Hybrid-DataCloud <https://deep-hybrid-datacloud.eu>\n* EOSC-hub <https://eosc-hub.eu>\n* EGI-ACE <https://www.egi.eu/projects/egi-ace/>\n* EOSC-Synergy <https://www.eosc-synergy.eu/>\n* DT-Geo <https://dtgeo.eu/>\n* LIP [https://www.lip.pt](https://www.lip.pt/?section=home&page=homepage&lang=en)\n* INCD [https://www.incd.pt](https://www.incd.pt/?lang=en)\n\nThis work was performed in the framework of the H2020 project INDIGO-Datacloud\n(RIA 653549) and further developed with co-funding by the projects EOSC-hub\n(Horizon 2020) under Grant number 777536, DEEP-Hybrid-DataCloud\n(Horizon 2020) under Grant number 777435, DT-Geo (Horizon Europe) under Grant\nnumber 101058129. Software Quality Assurance is performed with the support of\nby the project EOSC-Synergy (Horizon 2020).\nThe authors wish to acknowleadge the support of INCD-Infraestrutura Nacional de\nComputa\u00e7\u00e3o Distribu\u00edda (funded by FCT, P2020, Lisboa2020, COMPETE and FEDER\nunder the project number 22153-01/SAICT/2016).\n\n\n# Changelog\n\n## udocker (1.3.17) - 2024-08-28\n\n* Update docker tools url location\n\n## udocker (1.3.16) - 2024-04-09\n\n* Fix unit tests: remove called_with and called_once_with as invalid assertion\n  introduced in python 3.12\n* This version is the same as 1.3.14\n\n## udocker (1.3.14) - 2024-04-04\n\n* Support for runsc as engine for execution mode R1: closes #414\n* New option `login --password-stdin`: closes #168\n* New option `run --pull=reuse` to be used with --name= and with\n  and image name as argument. Instead of always pulling and creating\n  a new container --pull=reuse allows to execute an existing container\n  and only pull+create if the container does not exist\n* New option `run --httpproxy=<proxy>`: closes #418\n* Improve handling of registry names in login: closes #168\n* Improve handling of image names in pull: closes #168\n* Improve handling of mount point removal: closes #406, #399\n* Support for AWS ECR registries: closes #168\n* Remove pycurl dependency on unit tests\n* Documentation fixes\n\n## udocker (1.3.13) - 2024-02-05\n\n* udocker improve binary executables selection\n* udocker fix fakechroot parsing of so, exec_path and add cmd subst\n* udocker implement minor pylint compliance improvements\n* udocker mode Pn make links2symlinks disabled by default in config: closes #412\n* New udockertools 1.2.11 tarball\n* udockertools mode Fn glibc fix dladdr(), dlopen(), dlmopen(), dl_iterate_phdr()\n* udockertools mode Fn glibc add dladdr1()\n* udockertools mode Fn glibc add execvpe(), execveat()\n* udockertools mode Fn glibc add getauxval()\n* udockertools mode Fn glibc add scandirat(), scandirat64()\n* udockertools mode Fn glibc change stat64(), lstat64(), stat()\n* udockertools mode Fn glibc add narrowing of program_invocation_name\n* udockertools mode Fn glibc improve command substitution\n* udockertools mode Fn musl fix dladdr(), dlopen(), dlmopen(), dl_iterate_phdr()\n* udockertools mode Fn musl execvpe()\n* udockertools mode Fn musl improve command substitution\n* udockertools mode Fn added support for Alpine 3.19 (x86_64)\n* udockertools mode Fn added support for Fedora 39 (x86_64, aarch64, ppc64le)\n* udockertools mode Rn include runc 1.1.12\n\n## udocker (1.3.12) - 2023-11-02\n\n* Fix unit tests, no modifications w.r.t. 1.3.11\n\n## udocker (1.3.11) - 2023-10-23\n\n* Add support for hard link to symbolic link conversion in Pn modes\n  as hard links cannot be created by unprivileged users: partially\n  addresses #388\n* Check of availability of network extensions for port mapping and\n  netcoop in Pn modes and only use them if supported by the proot\n  engine being invoked.\n* Improve image metadata generated by udocker on import: closes #398\n\n## udocker (1.3.10) - 2023-07-03\n\n* Improved handling of container platform information\n* Added support for QEMU on Pn modes enabling execution of containers\n  with architectures different than the host\n* Selection of executable for Sn mode now defaults to apptainer and\n  in second place to singularity\n* The new command `manifest inspect` allows display of image manifests\n  therefore enabling access to the catalogue of platforms supported by\n  a given image\n* The new command `tag` enables changing the name of an existing image\n* New option `pull --platform=os/architecture` enables pulling of images\n  of a given architecture possibly different from the host\n* New option `run --platform=os/architecture` enables pull and run of\n  images of a given architecture possibly different from the host\n* New option `import --platform=os/architecture` enables to specify\n  an architecture for the image\n* New option `ps -p` enables list of the architectures of containers\n* New option `images -p` enables list of the architectures of containers\n* Build udockertools 1.2.10 and set it as default\n* The udockertools support for Fn now includes Ubuntu 23:04, Fedora 38,\n  Alpine 3.17 and 3.18.\n* Experimental support for native Fn execution on arm64 for Fedora 36,\n  Fedora 37, Fedora 38, CentOS 7, AlmaLinux 8, AlmaLinux 9 and Ubuntu 22,\n  Ubuntu 20, Ubuntu 18 and similar.\n* Experimental support for native Fn execution on ppc64le for CentOS 7,\n  AlmaLinux 8, AlmaLinux 9, Ubuntu 22, Ubuntu 20, Ubuntu 18 and similar.\n* Experimental support for runc in arm64 and ppc64le\n* Updated version of Pn engines for x86, x86_64, arm64: addresses #393\n\n## udocker (1.3.9) - 2023-06-07\n\n* Add support to access non-config metadata from containers\n* Added support for multiplatform manifests and indices: closes #392, #355\n\n## udocker (1.3.8) - 2023-03-24\n\n* Build udockertools 1.2.9 and set it as default\n* Add Fn support for Ubuntu:22\n* Remove files to be installed\n* Set Fn preference to use runc\n\n## udocker (1.3.7) - 2023-01-24\n\n* Remove deprecated unit tests. udocker is the same as version 1.3.6\n\n## udocker (1.3.6) - 2023-01-19\n\n* Re-implement udocker namespace: closes #380\n* Login fails all the time: closes #379\n* Ignore image loading if already exists: closes #378\n\n## udocker (1.3.5) - 2022-10-21\n\n* Fix python backwards compatibility issues: closes #374\n* Fix incorrectly reported errors by image verification\n* Fix image search returning empty results\n* Fix issue with logical links in the udocker executable path\n* Add check to verify if container name exists before creation\n  or cloning\n* Add --force option to create and clone to allow creation\n  of container even if the intended name given by --name exists\n* Prevent closing of file descriptors upon engine invocation\n  improves PMI process management interface interoperability\n* Fix issues in import and export while using pipes.\n* Fix image name parsing where \"library\" component is missing: closes #359\n\n## udocker (1.3.4) - 2022-08-26\n\n* Fix 2 unit tests\n\n## udocker (1.3.3) - 2022-08-23\n\n* Image list does not truncate long names: closes #349\n* Fix conditional warning in verify image\n* Fix and improve udocker high level tests\n\n## udocker (1.3.2) - 2022-08-17\n\n* Fix missing f (format) for string\n* Fix bugs with dict .items()\n* Solving several pylint issues\n* Remove use2to3: closes #358\n\n## udocker (1.3.1) - 2021-06-24\n\n* Add --entrypoint to run --help\n* Set docker hub registry registry-1.docker.io\n* Fix repository name in search --list-tags\n* Improve tests: udocker_test.sh and udocker_test-run.sh\n* Documentation revision and improvements\n* Add licenses and licenses notice to documentation\n* Add test instructions\n* Issues with --allow-root in Python 3.8\n* Add security policy SECURITY.md\n* Remove old Python 2 tests\n* Fix configuration hierarchy, configuration files\n* Update documentation: README, user and install manuals\n* Fix sqa and config\n\n## udocker (1.3.0) - 2021-06-05\n\n* Prepare to move the stable code for Python 3 and Python 2 >= 2.6 to master\n* Installation procedure changed since 1.1.x series see the `installation_manual`\n* Improve user and installation documentation\n* Extract documentation upon installation\n* Add codemeta.json, metadata for the software\n* Add support for `faccessat2()` in Pn and Fn execution modes\n* Fix support for `newfstatat()` in Pn execution modes\n* Add Fn libraries for Fedora 34 and Ubuntu 21.04\n* Remove broken links in FileUtil.remove()\n* Update minimum udocker tools tarball to 1.2.8\n* Cmd and entrypoint metadata and arguments processing changed to mimic docker\n* Improve removal of files and links in install and filebind restore\n* Add follow location option to GetURL()\n* Implement use of `--entrypoint=<cmd>` to force execution of command: closes #306\n* Implement use of `--entrypoint=\"\"` to bypass entrypoint in metadata: closes #306\n\n## udocker (1.2.9) - 2021-05-24\n\n* Method Unshare.unshare os.strerror() takes one argument: closes #254\n* Add unit test for #254\n* Method chown udocker.utils.fileutil FileUtil: closes #276\n* Several fixes of unit tests and pylint\n* Fix confusion between exit code 0 and inferred False\n* Dereference on `safe_prefixes`\n* untar exclude dev\n* Fix rmi for referenced layers\n* Set default for `PROOT_TMP_DIR`\n* sysdir mountpoint not found and set tmpdir\n* Update installation instructions\n* Improve `oskernel_isgreater()`\n* Improve `osinfo()`\n* Fix repository login/logout\n* Improve keystore logic\n* Fix pull /v2\n\n## udocker (1.2.8b2) - 2021-05-04\n\n* Fix Rn modes to enable containers execution from readonly dirs\n* Documentation centralized installation and readonly setups\n* Fix handling of dockerhub repository names in /v2\n* Improve documentation and align with 1.1.8b2\n* Add credits\n* Fix delete of paths with symlinks: closes #267, #265\n* Fix issues with login credentials: closes #310\n* Fix pull images from docker hub in Termux: closes #307\n* Fix issues on running udocker in googlecolab: closes #286\n* Fix execution with Pn modes in alternate /tmp: closes #284\n* Add conditional delay-directory-restore to untar layers\n* Add exclude of whiteouts on layer untar\n* Add --nobanner to udocker run\n\n## udocker (1.2.7) - 2021-01-26\n\n* Major restructuring of the code\n* Major restructuring of the unit tests\n* Porting to Python 3, still supports python 2.7\n* All fixes up to previous 1.1.7 version have been applied\n* Added scripts tests udocker: `utils/udocker_test.sh utils/udocker_test-run.sh`\n\n## udocker (1.1.8) - 2021-06-16\n\n* Last 1.1.x release\n* Fix Rn modes to enable containers execution from readonly dirs\n* Documentation centralized installation and readonly setups\n\n## udocker (1.1.7) - 2021-02-21\n\n* Fix P1 when Linux 4.8.0 SECCOMP is backported, affects newer CentOS 7: closes #282\n* Check for file ownership on remove wrongly follows symlinks: closes #266, #267\n* udocker unexpectedly uses P1 exec mode instead of P2: closes #274\n* Allow passing of `PROOT_TMP_DIR` environment variable: closes #284\n\n## udocker (1.1.6)\n\n* Complete fix for of ELF paths in modes Fn for \"$ORIGIN:$ORIGIN\": closes #255\n\n## udocker (1.1.5)\n\n* Preliminary fix for of ELF paths in modes Fn for $ORIGIN:$ORIGIN\n* Add Fn libraries for Ubuntu20, Fedora32, Fedora33\n* Add Fn libraries for Alpine 3.12, 3.13\n\n## udocker (1.1.4-1) - 2020-01-10\n\n* Fix run --location\n* Fix udocker integrated help\n* Fix naming of containers\n* Improve parsing of image names\n* Documentation improvements\n* `os._exit` from Unshare.unshare()\n* Disable `FAKECHROOT_DISALLOW_ENV_CHANGES` in F4 mode\n\n## udocker (1.1.4) - 2020-01-07\n\n* Use hub.docker.com as default registry\n* Search using v1 and v2 APIs\n* Implement API /v2/search/repositories\n* Adjust search results to screen size\n* List container size with ps -s\n* List container execution modes with ps -m\n* Added support for nameat() and statx() in Pn and Fn modes\n* Added Fn libraries for Ubuntu18, Ubuntu19, Fedora29, Fedora30, Fedora31, CentOS8\n* Added Fn libraries for Alpine 3.8, 3.9, 3.10, 3.11\n* Added support for sha512 hashes\n* Added support for opaque whiteouts\n* Added search --list-tags to available tags for a given repository\n* Add CLI support for image names in format host/repository:tag\n* Support for fake root in Sn execution modes via --user=root\n* Improve verify of loaded/pulled images\n* Improve handling of mountpoints\n* Added --containerauth to enable direct use of the container passwd and group\n* Added support for file mount bindings in singularity\n* Added `UDOCKER_USE_PROOT_EXECUTABLE` env var to select proot location\n* Added `UDOCKER_USE_RUNC_EXECUTABLE` env var to select runc location\n* Added `UDOCKER_USE_SINGULARITY_EXECUTABLE` env var to select singularity\n* Added `UDOCKER_DEFAULT_EXECUTION_MODE` env var to select default execution mode\n* Added R2 and R3 execution modes for PRoot overlay execution in runc\n* Added setup --purge for cleanup of mountpoints and files\n* Added setup --fixperms to fix container file permissions\n* Added run --env-file= to load file with environment variables\n* Improve file and directory binding support for Singularity and runc\n* Add command rename for renaming of containers\n* Create processes without shell context\n* Safer parsing of config files and removal of directories\n* Improve installation\n* Improved fix of SECCOMP accelerated mode for P1 mode\n* Added loading and handling of container images in OCI format\n* Fixes for udocker in ARM aarch64\n* Fix processing of --dri in Sn mode: closes #241\n* Improve handling of container and host authentication: addresses #239\n* Fixes to address authentication and redirects in pull: closes #225, #230\n* Added minimal support to load OCI images: closes #111\n* Added Pn support for newer distributions: closes #192\n* Improve the installation of udockertools: closes #220, #228\n* Add --env-file= - to read environment variables from file: closes #212\n* Prepare for pypy: closes #211\n* Fixes for verification of container images: closes #209\n* Fix command line processing for \"-\" in argument: closes #202\n* Fix file protections on extraction making files u+r : closes #202, #206\n* Fix comparison of kernel versions having non-integers: closes #183\n* Support for both manifest V2 schema 1 and schema 2: closes #218, #225\n* Further improved pathname translation in Fn modes: closes #160\n* Implement save images in docker format: closes #74\n* useradd and groupadd not working in containers: closes #141\n* fix return code when exporting to stdin: closes #202\n\n## udocker (1.1.3) - 2018-11-01\n\n* Support for nvidia drivers on ubuntu: closes #162\n* Installation improvements: closes #166\n* Fix issue on Fn mode symlink conversion:  addresses #160\n\n## udocker (1.1.2) - 2018-10-29\n\n* Improve parsing of quotes in the command line: closes #98\n* Fix version command to exit with 0: closes #107\n* Add kill-on-exit to proot on Pn modes\n* Improve download of udocker utils\n* Handle authentication headers when pulling: closes #110\n* Handle of redirects when pulling\n* Fix registries table\n* Support search quay.io\n* Fix auth header when no standard Docker registry is used\n* Add registry detection on image name\n* Add --version option\n* Force python2 as interpreter: closes #131\n* Fix handling of volumes in metadata\n* Handle empty metadata\n* Fix http proxy functionality: closes #115\n* Ignore --no-trunc and --all in the images command: closes #108\n* Implement verification of layers in manifest\n* Add --nvidia to support GPUs and related drivers\n* Send download messages to stderr\n* Enable override of curl executable\n* Fix building on CentOS 6: closes #157\n* Mitigation for upstream limitation in runC without tty: closes #132\n* Fix detection of executable with symlinks in container: closes #118\n* Updated runC to v1.0.0-rc5\n* Experimental support for Alpine in Fn modes\n* Improve pathname translation in Fn modes for mounted dirs: addresses #160\n\n## udocker (1.1.1) - 2017-11-24\n\n* New execution engine using singularity\n* Updated documentation with OpenMPI information and examples\n* Additional unit tests\n* Redirect messages to stderr\n* Improved parsing of quotes in the command line: closes #87\n* Allow override of the HOME environment variable\n* Allow override of libfakechroot.so at the container level\n* Automatic selection of libfakechroot.so from container info\n* Improve automatic install\n* Enable resetting prefix paths in Fn modes in remote hosts\n* Do not set `AF_UNIX_PATH` in Fn modes when the host /tmp is a volume\n* Export containers in both docker and udocker format\n* Import containers docker and udocker format\n* Load, import and export to/from stdin/stdout\n* Clone existing containers\n* Support for TCP/IP port remap in execution modes Pn\n* Fix run with basenames failing: closes #89\n* Allow run as root flag: closes #91\n\n## udocker (1.1.0) - 2017-09-30\n\n* Support image names prefixed by registry similarly to docker\n* Add execution engine selection logic\n* Add fr execution engine based on shared library interception\n* Add rc execution engine based on rootless namespaces\n* Improve proot tmp files cleanup on non ext filesystems\n* Improve search returning empty on Docker repositories\n* Improve runC execution portability\n* Add environment variable `UDOCKER_KEYSTORE`: closes #75\n* Prevent creation of .udocker when `UDOCKER_KEYSTORE` is used: closes #75\n\n## udocker (1.0.4) - 2017-09-26\n\n* Documentation fixes\n\n## udocker (1.0.3) - 2017-03-30\n\n* Support for import Docker containers in newer metadata structure\n* Improve the command line parsing\n* Improve temporary file handling and removal\n* Support for additional execution engines to be provided in the future\n* Improved parsing of entrypoint and cmd metadata: closes #53\n* Increase name alias length: closes #52\n* Add support for change dir into volume directories: closes #51\n* Fix deletion of files upon container import: closes #50\n* Fix exporting of host environment variables to the containers: closes #48\n* Change misleading behavior of import tarball from move to copy: closes #44\n* Fix validation of volumes specification: closes #43\n\n## udocker (1.0.2) - 2017-02-13\n\n* Improve download on repositories that fail authentication on /v2\n* Improve run verification of binaries with recursive symbolic links\n* Improve accelerated seccomp on kernels >= 4.8.0 : closes #40\n\n## udocker (1.0.1) - 2017-01-31\n\n* Minor bugfixes\n* Executable name changed from udocker.py to udocker\n* Added support for login into docker repositories\n* Added support for private repositories\n* Added support for listing of v2 repositories catalog\n* Added checksum verification for sha256 layers\n* Improved download handling for v1 and v2 repositories\n* Improved installation tarball structure\n* Insecure flag fixed\n* Address seccomp change introduced on kernels >= 4.8.0\n* Utilities for packaging\n* Improved verbose levels, messaging and output: closes #24, #23\n* Fully implement support for registry selection --registry parameter: closes #29\n* Provide support for private repositories e.g. gitlab registries: closes #30\n* Provide --insecure command line parameter for SSL requests: closes #31\n\n## udocker (1.0.0) - 2016-06-06\n\n* Initial version\n\n\n",
    "bugtrack_url": null,
    "license": "Apache Software License 2.0",
    "summary": "A basic user tool to execute simple docker         containers in batch or interactive systems without root privileges",
    "version": "1.3.17",
    "project_urls": {
        "Homepage": "https://github.com/indigo-dc/udocker"
    },
    "split_keywords": [
        "linux containers",
        " hpc on cloud",
        " virtualization"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "55d6caafad263b0e2375c2a8c586ac8b91fb7d3e363e6d1ab1e35a365d684254",
                "md5": "c9c5508adfd1402e2ab916837b6cef55",
                "sha256": "fd6589de0f3af7c1cd6a29554f2c00f2ef1fbd91da184ca30f8cea1eb42bcd2b"
            },
            "downloads": -1,
            "filename": "udocker-1.3.17-py2.py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "c9c5508adfd1402e2ab916837b6cef55",
            "packagetype": "bdist_wheel",
            "python_version": "py2.py3",
            "requires_python": null,
            "size": 119558,
            "upload_time": "2024-08-28T13:46:34",
            "upload_time_iso_8601": "2024-08-28T13:46:34.501665Z",
            "url": "https://files.pythonhosted.org/packages/55/d6/caafad263b0e2375c2a8c586ac8b91fb7d3e363e6d1ab1e35a365d684254/udocker-1.3.17-py2.py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "b59ae0995eeb0195b31befba697bf40659e2c0b9106fd80e3d7eecc50a96cbb7",
                "md5": "58948e90d6baa5981dabb077602dacd2",
                "sha256": "f7f4d0cbd8b4efc93584629435808b95fc46c3c536839e3b773873d23a9f2f59"
            },
            "downloads": -1,
            "filename": "udocker-1.3.17.tar.gz",
            "has_sig": false,
            "md5_digest": "58948e90d6baa5981dabb077602dacd2",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 295236,
            "upload_time": "2024-08-28T13:46:36",
            "upload_time_iso_8601": "2024-08-28T13:46:36.333830Z",
            "url": "https://files.pythonhosted.org/packages/b5/9a/e0995eeb0195b31befba697bf40659e2c0b9106fd80e3d7eecc50a96cbb7/udocker-1.3.17.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-08-28 13:46:36",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "indigo-dc",
    "github_project": "udocker",
    "travis_ci": true,
    "coveralls": false,
    "github_actions": true,
    "requirements": [],
    "tox": true,
    "lcname": "udocker"
}
        
Elapsed time: 0.32120s