Hi, thanks for all the excellent work that’s been done so far on Docker for Mac!
I realize Docker has additional components that need to be installed on the system with root privileges (symlinks, networking components, etc.). I’d like to request that this process of “finalizing” the installation be refactored such that it could be performed instead (as an alternative to the UI) via a command-line tool included along with the app, within the application bundle. So that, for example, the app could be fully installed on a machine by copying the app out of the dmg and then doing something like (as root):
This would be really useful for any organizations where software is 1) offered or controlled through a central distribution system to users and developers via a management agent, and/or 2) installed onto machines automatically for running tests or builds.
It could be also be useful for developers who use a tool like Homebrew-cask, where this could be done automatically as part of the installation via sudo.
Most organizations that manage some of their users’ software at a scale of hundreds implement some kind of management tool which is capable of installing applications as root, but applications that then require user interaction become problematic especially if those users don’t have administrative rights.
It’s common that sysadmins work around these issues by reverse-engineering what the application does for these root-privilege tasks (for example, Dropbox), but it’s always best if this is wrapped into a tool supported by the developer so that it’s easy to deploy in an organization in a supported manner.
We can install the .dmg through brew cask now but it still requires users to open the app one time to finish the docker install, which isn’t obvious to caskroom users or when installed by an automated company setup. Something like the post_install script suggested by @timsutton could be perfect for this.
To be clear, admins most likely will work around this in the very near future by reverse engineering and observation of what is being installed, authorized, symlinked, etc.
The downside to that is that whenever those processes need to change in future releases, admins will all need to update their individual copies of those scripted processes (and the upstream Caskfile will as well) - whereas if the developers simply support doing these by a single CLI tool that can be invoked, it’s less work for all.
This seems to get it at least to the point where it’s initialized and doesn’t prompt the user to setup the additional components. There’s still the initial “welcome” greeting but the next step isn’t prompted for.
#!/bin/sh
# assumes the following directories exist:
# /usr/local/bin
# /Library/PrivilegedHelperTools
declare -r docker_bundle_dir=/Applications/Docker.app/Contents
for tool in com.docker.frontend docker docker-compose docker-diagnose docker-machine notary; do
ln -sf ${docker_bundle_dir}/Resources/${tool} /usr/local/bin
done
install -m 0544 -o root -g wheel ${docker_bundle_dir}/Library/LaunchServices/com.docker.vmnetd /Library/PrivilegedHelperTools
install -m 0644 -o root -g wheel ${docker_bundle_dir}/Resources/com.docker.vmnetd.plist /Library/LaunchDaemons
launchctl load /Library/LaunchDaemons/com.docker.vmnetd.plist
on this one.