Clean up the nerdctld installation

Use the regular upstream names for socket and service.

Don't use world-writable permissions for the binaries.

The socket starts the service when it is activated.

The units go in the installation and not in config.

cmd/minikube/cmd/start.go

@@ -2057,23 +2057,14 @@ func startNerdctld() {
 	co := mustload.Running(ClusterFlagValue())
 	runner := co.CP.Runner
 
-	// and set 777 to these files
-	if out, err := runner.RunCmd(exec.Command("sudo", "chmod", "777", "/usr/local/bin/nerdctl", "/usr/local/bin/nerdctld")); err != nil {
-		exit.Error(reason.StartNerdctld, fmt.Sprintf("Failed setting permission for nerdctl: %s", out.Output()), err)
-	}
-
-	// sudo systemctl start nerdctld.socket
-	if out, err := runner.RunCmd(exec.Command("sudo", "systemctl", "start", "nerdctld.socket")); err != nil {
-		exit.Error(reason.StartNerdctld, fmt.Sprintf("Failed to enable nerdctld.socket: %s", out.Output()), err)
-	}
-	// sudo systemctl start nerdctld.service
-	if out, err := runner.RunCmd(exec.Command("sudo", "systemctl", "start", "nerdctld.service")); err != nil {
-		exit.Error(reason.StartNerdctld, fmt.Sprintf("Failed to enable nerdctld.service: %s", out.Output()), err)
+	// sudo systemctl start nerdctl.socket
+	if out, err := runner.RunCmd(exec.Command("sudo", "systemctl", "start", "nerdctl.socket")); err != nil {
+		exit.Error(reason.StartNerdctld, fmt.Sprintf("Failed to enable nerdctl.socket: %s", out.Output()), err)
 	}
 
 	// set up environment variable on remote machine. docker client uses 'non-login & non-interactive shell' therefore the only way is to modify .bashrc file of user 'docker'
 	// insert this at 4th line
-	envSetupCommand := exec.Command("/bin/bash", "-c", "sed -i '4i export DOCKER_HOST=unix:///run/nerdctld.sock' .bashrc")
+	envSetupCommand := exec.Command("/bin/bash", "-c", "sed -i '4i export DOCKER_HOST=unix:///var/run/nerdctl.sock' .bashrc")
 	if out, err := runner.RunCmd(envSetupCommand); err != nil {
 		exit.Error(reason.StartNerdctld, fmt.Sprintf("Failed to set up DOCKER_HOST: %s", out.Output()), err)
 	}

deploy/kicbase/Dockerfile

@@ -59,8 +59,8 @@ COPY deploy/kicbase/containerd_docker_io_hosts.toml /etc/containerd/certs.d/dock
 COPY deploy/kicbase/clean-install /usr/local/bin/clean-install
 COPY deploy/kicbase/entrypoint /usr/local/bin/entrypoint
 COPY deploy/kicbase/CHANGELOG ./CHANGELOG
-COPY deploy/kicbase/nerdctld/nerdctld.socket  /etc/systemd/system/nerdctld.socket
-COPY deploy/kicbase/nerdctld/nerdctld.service  /etc/systemd/system/nerdctld.service
+COPY deploy/kicbase/nerdctld/nerdctl.socket /usr/local/lib/systemd/system/nerdctl.socket
+COPY deploy/kicbase/nerdctld/nerdctl.service /usr/local/lib/systemd/system/nerdctl.service
 COPY --from=auto-pause /src/cmd/auto-pause/auto-pause-${TARGETARCH} /bin/auto-pause
 
 # Install dependencies, first from apt, then from release tarballs.
@@ -148,8 +148,8 @@ RUN export ARCH=$(dpkg --print-architecture) \
         tar -C /usr/local/bin -xzvf /tmp/nerdctl.tgz &&\
         curl -L --retry 5 --output /tmp/nerdctld.tgz "https://github.com/afbjorklund/nerdctld/releases/download/v${NERDCTLD_VERSION}/nerdctld-${NERDCTLD_VERSION}-linux-$ARCH.tar.gz" &&\
         tar -C /usr/local/bin -xzvf /tmp/nerdctld.tgz &&\
-        chmod 777  /usr/local/bin/nerdctl &&\
-        chmod 777 /usr/local/bin/nerdctld; \
+        chmod 755 /usr/local/bin/nerdctl &&\
+        chmod 755 /usr/local/bin/nerdctld; \
     fi
 
 # install docker

deploy/kicbase/nerdctld/nerdctl.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=nerdctl
+Requires=nerdctl.socket containerd.service
+After=nerdctl.socket containerd.service
+Documentation=https://github.com/containerd/nerdctl
+
+[Service]
+Type=notify
+Environment=CONTAINERD_NAMESPACE=k8s.io
+ExecStart=nerdctld --addr fd://
+
+[Install]
+WantedBy=multi-user.target

deploy/kicbase/nerdctld/nerdctl.socket

@@ -0,0 +1,10 @@
+[Unit]
+Description=nerdctl
+Documentation=https://github.com/containerd/nerdctl
+
+[Socket]
+ListenStream=%t/nerdctl.sock
+SocketMode=0660
+
+[Install]
+WantedBy=sockets.target