Containerize Keybase
If you have concerns using Keybase OS-wide, you can containerize it.
- Modify default image to add additional packages
docker run --rm -ti -u root --entrypoint bash keybaseio/client
inside# apt update && apt -y install fuse git
# in a separate shell
docker commit $(docker ps -lq) keybaseio/client:fuse
inside# exit
This will produce a keybaseio/client:fuse
image you will use in the next step.
2. Create these directories to avoid permissions issue
Docker would create these directories as root:root, you want to avoid this.
mkdir ~/.local/share/keybase ~/.cache/keybase
3. Start keybase container app
It needs to be privileged /SYS_ADMIN
capability for the fuse to work.
Ideally you would not want to run it in privileged mode, but rather use a custom seccomp rule such as https://github.com/docker/for-linux/issues/321#issuecomment-677744121
docker run -d \
--privileged \
-e KEYBASE_KBFS_ARGS="-mount-type force" \
-v $HOME/.config/keybase:/home/keybase/.config/keybase \
-v $HOME/.local/share/keybase:/home/keybase/.local/share/keybase \
--name keybase \
--entrypoint tini \
keybaseio/client:fuse -- entrypoint.sh
Check it mounted the kbfs directory:
$ docker exec -i -u keybase -w /home/keybase keybase mount | grep fuse
/dev/fuse on /home/keybase/.config/keybase/kbfs type fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=1000)
4. Add the following functional aliases to your ~/.bashrc
function keybase() {
docker run --rm -it --volumes-from keybase -v $PWD:/home/keybase/work -w /home/keybase/work --entrypoint keybase -u keybase keybaseio/client:fuse $@
}
function gitkb() {
docker run --rm -it --volumes-from keybase -v $PWD:/home/keybase/work -w /home/keybase/work -v $HOME/.ssh:/home/keybase/.ssh:ro -v $(readlink -f $SSH_AUTH_SOCK):/ssh-agent -e SSH_AUTH_SOCK=/ssh-agent --entrypoint git -u keybase keybaseio/client:fuse $@
}
And then source it by running source ~/.bashrc
command.
5. Now you can seamlessly use it!
keybase login
keybase git list
gitkb clone keybase://team/...