From 3e175a2a835ffc28351ebdd60e08bcb978177a85 Mon Sep 17 00:00:00 2001
From: Brian Zalewski <brian@megabyte.space>
Date: Sat, 4 Feb 2023 05:21:52 +0000
Subject: [PATCH] Update file run_onchange_before_11-install-docker.tmpl

---
 ...run_onchange_before_11-install-docker.tmpl | 91 +++++++++++++++----
 1 file changed, 72 insertions(+), 19 deletions(-)

diff --git a/home/.chezmoiscripts/universal/run_onchange_before_11-install-docker.tmpl b/home/.chezmoiscripts/universal/run_onchange_before_11-install-docker.tmpl
index a0759bb8..838a37ae 100644
--- a/home/.chezmoiscripts/universal/run_onchange_before_11-install-docker.tmpl
+++ b/home/.chezmoiscripts/universal/run_onchange_before_11-install-docker.tmpl
@@ -83,31 +83,81 @@ if command -v systemctl > /dev/null; then
     sudo systemctl enable containerd.service
 fi
 
+### Installs pre-built gVisor using method recommended on official website
+function gVisorPreBuilt() {
+    logg info 'Installing gVisor using method recommended on official website'
+    set -e
+    mkdir /tmp/gvisor && cd /tmp/gvisor
+    ARCH=$(uname -m)
+    URL="https://storage.googleapis.com/gvisor/releases/release/latest/${ARCH}"
+    logg info 'Downloading gVisor `runsc` and `containerd-shim-runsc-v1` SHA signatures'
+    wget "${URL}/runsc ${URL}/runsc.sha512" "${URL}/containerd-shim-runsc-v1 ${URL}/containerd-shim-runsc-v1.sha512"
+    sha512sum -c runsc.sha512 -c containerd-shim-runsc-v1.sha512
+    rm -f *.sha512
+    chmod a+rx runsc containerd-shim-runsc-v1
+    sudo mv runsc containerd-shim-runsc-v1 /usr/local/bin
+}
+
+### Installs gVisor using alternate Go method described on the GitHub page
+function gVisorGo() {
+    # Official build timed out - use Go method
+    logg info 'Installing gVisor using the Go fallback method'
+    sudo chown -Rf "$(whoami)" /usr/local/src/gvisor
+    cd /usr/local/src/gvisor
+    echo "module runsc" > go.mod
+    GO111MODULE=on go get gvisor.dev/gvisor/runsc@go
+    CGO_ENABLED=0 GO111MODULE=on sudo -E go build -o /usr/local/bin/runsc gvisor.dev/gvisor/runsc
+    GO111MODULE=on sudo -E go build -o /usr/local/bin/containerd-shim-runsc-v1 gvisor.dev/gvisor/shim
+}
+
+### Installs gVisor using the [GitHub developer page method](https://github.com/google/gvisor#installing-from-source). This method requires Docker to be installed
+function gVisorSource() {
+    ### Ensure sources are cloned / up-to-date
+    logg info 'Building gVisor from source'
+    if [ -d /usr/local/src/gvisor ]; then
+        cd /usr/local/src/gvisor
+        sudo git reset --hard HEAD
+        sudo git clean -fxd
+        sudo git pull origin master
+    else
+        sudo git clone https://github.com/google/gvisor.git /usr/local/src/gvisor
+    fi
+    
+    ### Build gVisor
+    cd /usr/local/src/gvisor
+    sudo mkdir -p bin
+    # Wait 5 minutes for build to finish, and if it does not use Go
+    # TODO - Generate container-shim-runsc-v1 as well (low priority since this method is not used and is only recommended for development)
+    sudo timeout 300 make copy TARGETS=runsc DESTINATION=bin/
+    if [ -f ./bin/runsc ]; then
+        sudo cp ./bin/runsc /usr/local/bin
+    else
+        logg error 'Timed out while building `runsc` from source' && exit 6
+    fi
+}
+
 ### Add gVisor
 if [ ! -d /Applications ] || [ ! -d /System ]; then
     # Linux
     if ! command -v runsc > /dev/null; then
         # Install gVisor
-        logg info 'Building gVisor from source'
-        if [ -d /usr/local/src/gvisor ]; then
-            logg info 'Removing stale directory /usr/local/src/gvisor'
-            sudo rm -rf /usr/local/src/gvisor
-        fi
-        sudo git clone https://github.com/google/gvisor.git /usr/local/src/gvisor
-        cd /usr/local/src/gvisor
-        sudo mkdir -p bin
-        # Wait 5 minutes for build to finish, and if it does not use Go
-        sudo timeout 300 make copy TARGETS=runsc DESTINATION=bin/
-        if [ -f ./bin/runsc ]; then
-            sudo cp ./bin/runsc /usr/local/bin
+        gVisorPreBuilt || PRE_BUILT_EXIT_CODE=$?
+        if [ -n "$PRE_BUILT_EXIT_CODE" ]; then
+            logg warn 'gVisor failed to install using the pre-built method'
+            gVisorGo || GO_METHOD_EXIT_CODE=$?
+            if [ -n "$GO_METHOD_EXIT_CODE" ]; then
+                logg warn 'gVisor failed to install using the Go fallback method'
+                gVisorSource || SOURCE_EXIT_CODE=$?
+                if [ -n "$SOURCE_EXIT_CODE" ]; then
+                    logg error 'All gVisor installation methods failed' && exit 1
+                else
+                    logg success 'gVisor installed via source'
+                fi
+            else
+                logg success 'gVisor installed via Go fallback method'
+            fi
         else
-            # Official build timed out - use Go method
-            logg info 'Installing gVisor using the Go fallback method'
-            sudo chown -Rf "$(whoami)" /usr/local/src/gvisor
-            echo "module runsc" > go.mod
-            GO111MODULE=on go get gvisor.dev/gvisor/runsc@go
-            CGO_ENABLED=0 GO111MODULE=on sudo -E go build -o /usr/local/bin/runsc gvisor.dev/gvisor/runsc
-            GO111MODULE=on sudo -E go build -o /usr/local/bin/containerd-shim-runsc-v1 gvisor.dev/gvisor/shim
+            logg success 'gVisor installed from pre-built Google-provided binaries'
         fi
     else
         logg info '`runsc` is installed'
@@ -134,9 +184,12 @@ if [ ! -d /Applications ] || [ ! -d /System ]; then
         fi
 
         # Test Docker /w runsc
+        logg info 'Testing that Docker can load application with `runsc`'
         docker run --rm --runtime=runsc hello-world || RUNSC_EXIT_CODE=$?
         if [ -n "$RUNSC_EXIT_CODE" ]; then
             logg error 'Failed to run the Docker hello-world container with runsc' && exit 5
+        else
+            logg success 'Docker successfully ran the hello-world container with `runsc`'
         fi
     fi
 fi