{"id":32588879,"url":"https://github.com/dstack-tee/dstack-sysbox-installer","last_synced_at":"2026-01-27T15:02:38.328Z","repository":{"id":321054577,"uuid":"1055254342","full_name":"Dstack-TEE/dstack-sysbox-installer","owner":"Dstack-TEE","description":null,"archived":false,"fork":false,"pushed_at":"2026-01-26T13:17:31.000Z","size":17,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-27T12:54:13.040Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Dstack-TEE.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-12T02:15:38.000Z","updated_at":"2026-01-26T13:17:37.000Z","dependencies_parsed_at":null,"dependency_job_id":"5a0a0348-e047-4631-b770-c61a6e43731a","html_url":"https://github.com/Dstack-TEE/dstack-sysbox-installer","commit_stats":null,"previous_names":["dstack-tee/dstack-sysbox-installer"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/Dstack-TEE/dstack-sysbox-installer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dstack-TEE%2Fdstack-sysbox-installer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dstack-TEE%2Fdstack-sysbox-installer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dstack-TEE%2Fdstack-sysbox-installer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dstack-TEE%2Fdstack-sysbox-installer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Dstack-TEE","download_url":"https://codeload.github.com/Dstack-TEE/dstack-sysbox-installer/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Dstack-TEE%2Fdstack-sysbox-installer/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28815385,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-27T12:25:15.069Z","status":"ssl_error","status_checked_at":"2026-01-27T12:25:05.297Z","response_time":168,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-10-30T00:50:56.847Z","updated_at":"2026-01-27T15:02:38.323Z","avatar_url":"https://github.com/Dstack-TEE.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Sysbox Installer for dstack\n\nA Docker-based installer for [Sysbox](https://github.com/nestybox/sysbox) on read-only dstack systems.\n\n## Quick Start\n\n### Build the Installer\n\n```bash\ncd installer\nchmod +x build.sh\n./build.sh sysbox-installer latest\n```\n\n### Install Sysbox\n\n**Single command installation in a CVM:**\n```bash\ndocker run --rm --privileged --pid=host --net=host -v /:/host \\\n  dstacktee/dstack-sysbox-installer:1.0.0\n```\n\nThat's it! The installer will:\n- Check for existing installations\n- Build and install Sysbox from source\n- Handle /etc volatile overlay mount preserving configs\n- Configure Docker runtime using Sysbox's official script\n- Create transient systemd services and start daemons\n\n## Manual Steps (if needed)\n\n### Interactive Installation\n\n```bash\ndocker run -it --rm --privileged --pid=host --net=host -v /:/host \\\n  dstacktee/dstack-sysbox-installer:1.0.0 bash\n```\n\nThen run: `/usr/local/bin/install-sysbox-complete.sh`\n\n### Check Build Information\n\n```bash\ndocker run --rm dstacktee/dstack-sysbox-installer:1.0.0 cat /usr/local/share/BUILD_INFO\n```\n\n## Usage After Installation\n\n### Run Containers with Sysbox\n\n```bash\n# Basic system container\ndocker run --runtime=sysbox-runc -it ubuntu bash\n\n# Docker-in-Docker\ndocker run --runtime=sysbox-runc -d --name docker-container docker:dind\n\n# Kubernetes-in-Docker\ndocker run --runtime=sysbox-runc -d --name k8s-node kindest/node:latest\n```\n\n### Manage Sysbox Services\n\n```bash\n# Check status\nsystemctl status sysbox-mgr sysbox-fs\n\n# Restart services\nsystemctl restart sysbox-mgr sysbox-fs\n\n# View logs\njournalctl -u sysbox-mgr -u sysbox-fs\n```\n\n## File Structure\n\n```\ninstaller/\n├── build.sh                           # Build script\n├── README.md                          # This file\n├── docker/\n│   └── Dockerfile                     # Multi-stage build with source compilation\n└── scripts/\n    ├── install-sysbox-complete.sh     # Main installation script\n    ├── verify-downloads.sh            # SHA256 verification for downloads\n    ├── sysbox-mgr.service            # systemd service for sysbox-mgr\n    └── sysbox-fs.service             # systemd service for sysbox-fs\n```\n\n## Technical Details\n\n### What the Installer Does\n\n1. **Checks existing installation** - Detects and reports existing Sysbox installations\n2. **Copies binaries** - Places Sysbox binaries in `/usr/bin` (writable location)\n3. **Sets up /etc overlay** - Creates volatile overlay preserving existing configs (WireGuard, Docker)\n4. **Creates symlinks** - Links fusermount, modprobe, iptables for Sysbox requirements\n5. **Configures Docker** - Uses Sysbox's official docker-cfg script to properly merge runtime configuration\n6. **Creates systemd services** - Installs transient service files in `/run/systemd/system`\n7. **Starts services** - Starts Sysbox manager and filesystem daemons\n\n### Data Locations\n\n- **Sysbox data**: `/dstack/persistent/sysbox-data`\n- **Binaries**: `/usr/bin`\n\n### Security\n\n- All downloads verified with SHA256 checksums\n- Sysbox built from official Git repository (recursive clone)\n- Uses specific version tags (v0.6.7)\n- Proper systemd service isolation\n\n## Troubleshooting\n\n### Check Service Status\n```bash\nsystemctl status sysbox-mgr sysbox-fs\njournalctl -u sysbox-mgr -u sysbox-fs\n```\n\n### Verify Docker Runtime\n```bash\ndocker info | grep -A5 Runtimes\n```\n\n### Test Basic Functionality\n```bash\ndocker run --runtime=sysbox-runc --rm alpine echo \"Test successful\"\n```\n\n### Clean Installation\n```bash\nsystemctl stop sysbox-mgr sysbox-fs\nsystemctl disable sysbox-mgr sysbox-fs\nrm -f /run/systemd/system/sysbox-*.service\nsystemctl daemon-reload\numount /etc  # If volatile overlay mounted\nrm -rf /dstack/persistent/sysbox-*\n```\n\n## Requirements\n\n- Docker installed and running\n- Privileged container execution\n- dstack system with ZFS persistent storage\n- systemd for service management\n\n## Release and Verification\n\n### Creating a Release\n\nReleases are automated via GitHub Actions with sigstore attestation:\n\n1. Tag a new version:\n   ```bash\n   git tag v1.0.0\n   git push origin v1.0.0\n   ```\n\n2. The workflow will automatically:\n   - Build the Docker image\n   - Push to Docker Hub\n   - Generate sigstore attestation\n   - Create a GitHub release\n\n### Verifying Image Attestation\n\nAll released images are signed with sigstore for supply chain security:\n\n```bash\n# Install cosign\ncurl -O -L \"https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64\"\nsudo mv cosign-linux-amd64 /usr/local/bin/cosign\nsudo chmod +x /usr/local/bin/cosign\n\n# Verify the image (replace VERSION and DIGEST)\ncosign verify-attestation \\\n  --type https://slsa.dev/provenance/v1 \\\n  --certificate-identity-regexp \"^https://github.com/Dstack-TEE/dstack-sysbox-installer/.github/workflows/release.yml@refs/tags/vVERSION$\" \\\n  --certificate-oidc-issuer https://token.actions.githubusercontent.com \\\n  docker.io/Dstack-TEE/dstack-sysbox-installer@sha256:DIGEST\n```\n\nYou can also verify on [Sigstore Search](https://search.sigstore.dev/).\n\n## Support\n\nFor issues with the installer, check:\n1. Docker daemon is running\n2. Container has privileged access\n3. `/dstack/persistent/` is available and writable\n4. systemd is available on the host\n\nFor Sysbox issues, see: https://github.com/nestybox/sysbox\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdstack-tee%2Fdstack-sysbox-installer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdstack-tee%2Fdstack-sysbox-installer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdstack-tee%2Fdstack-sysbox-installer/lists"}