Containerize Keybase

If you have concerns using Keybase OS-wide, you can containerize it.

  1. Modify default image to add additional packages
docker run --rm -ti -u root --entrypoint bash keybaseio/client
inside# apt update && apt -y install fuse git

# in a separate shell
docker commit $(docker ps -lq) keybaseio/client:fuse

inside# exit

This will produce a keybaseio/client:fuse image you will use in the next step.

2. Create these directories to avoid permissions issue

Docker would create these directories as root:root, you want to avoid this.
mkdir ~/.local/share/keybase ~/.cache/keybase

3. Start keybase container app

It needs to be privileged / SYS_ADMIN capability for the fuse to work.
Ideally you would not want to run it in privileged mode, but rather use a custom seccomp rule such as https://github.com/docker/for-linux/issues/321#issuecomment-677744121
docker run -d \
  --privileged \
  -e KEYBASE_KBFS_ARGS="-mount-type force" \
  -v $HOME/.config/keybase:/home/keybase/.config/keybase \
  -v $HOME/.local/share/keybase:/home/keybase/.local/share/keybase \
  --name keybase \
  --entrypoint tini \
  keybaseio/client:fuse -- entrypoint.sh

Check it mounted the kbfs directory:

$ docker exec -i -u keybase -w /home/keybase keybase mount | grep fuse
/dev/fuse on /home/keybase/.config/keybase/kbfs type fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000)

4. Add the following functional aliases to your ~/.bashrc

function keybase() {
  docker run --rm -it --volumes-from keybase -v $PWD:/home/keybase/work -w /home/keybase/work --entrypoint keybase -u keybase keybaseio/client:fuse $@
}

function gitkb() {
  docker run --rm -it --volumes-from keybase -v $PWD:/home/keybase/work -w /home/keybase/work -v $HOME/.ssh:/home/keybase/.ssh:ro -v $(readlink -f $SSH_AUTH_SOCK):/ssh-agent -e SSH_AUTH_SOCK=/ssh-agent --entrypoint git -u keybase keybaseio/client:fuse $@
}

And then source it by running source ~/.bashrc command.

5. Now you can seamlessly use it!

keybase login
keybase git list
gitkb clone keybase://team/...