apt-get update Rootless Docker

Question

Installing Rootful Docker on my Raspberry Pi updates the sources and one can configure unattended-upgrades to update Docker automatically by looking at sudo apt-cache policy.

However, Rootless Docker doesn't. So is there a way to upgrade Rootless Docker ?

In other words:

With Rootful Docker, sudo apt-get update && sudo apt-get -y upgrade on the host could upgrade the Docker installation. I would like to be able to do something similar with Rootless Docker. Is it possible ?

To clarify: I am not trying to update the containers, but Docker itself.

Thanks in advance for any help you can provide :)

Answer 1

As far as I know, there isn't special rootless package for Debian so you can't do that with package manager. Some rootless binaries are bit different, missing SETUID bits and some other file capabilities.

However, you can try to run rootless installation script again, if that updates your binaries.

curl -fsSL https://get.docker.com/rootless | sh

These are also available here as rootless-extras , but it requires manual extraction:

Answer 2

I also found no official way to update a docker-rootless installation.
So here is how i update docker-rootless. its a bit experimental, but it works for me. maybe it needs some more tests to make it more robust and ready to be usable in a script or crontab:

# UPDATE DOCKER-ROOTLESS (as user which docker-rootless runs with):
# stop your docker daemon ... (takes long time for me and doesn't finish problerly)
systemctl --user stop docker.service

# maybe you have to kill it because it hangs up and doesn't finish proberly
CTRL+C

# check that docker.service isn't running (important !!!)
systemctl --user status docker.service
# Active: inactive (dead)
# OR:
# Active: failed (Result: exit-code)

# download docker-rootless installation script
wget https://get.docker.com/rootless -O rootless.sh

# set environment variables (used by rootless.sh script)
SKIP_IPTABLES=1
FORCE_ROOTLESS_INSTALL=1

# remove "Already installed verification" check from script
sed -i s#\-x\ \"\$BIN/\$DAEMON\"#\!\ \-x\ \"\$BIN/\$DAEMON\"#g rootless.sh

# make rootles.sh executable
chmod +x rootless.sh

# run rootless.sh
./rootless.sh

# kill installation script, because it starts docker.service and keeps running
CTRL+C

# finally setcap cap_net_bind_service (to bind ports less than 1024)
# replace 'docker' with the username you are logged in with
sudo setcap cap_net_bind_service=ep /home/docker/bin/rootlesskit

# DONE (docker should now be updated)
docker --version
# Docker version 20.10.6, build 370c289


# UPDATE DOCKER-COMPOSE (with sudo or root):
# get and save latest docker-compose version
DOCKER_COMPOSE_VERSION=$(curl -L "https://docs.docker.com/compose/install/" | grep -o -P '(?<=https://github.com/docker/compose/releases/download/).*(?=/docker-compose)' | head -n1)

# download docker-compose
sudo curl -L "https://github.com/docker/compose/releases/download/$DOCKER_COMPOSE_VERSION/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

# make it executable
sudo chmod +x /usr/local/bin/docker-compose

# link it to /usr/bin
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

# DONE (docker-compose should now be updated)
docker-compose --version
# docker-compose version 1.29.1, build c34c88b2


# remove docker-rootless script
rm rootless.sh

# maybe you should reboot your host once!
sudo reboot