Set up lima and get mrva/docker-compose running

README.org

@@ -23,108 +23,121 @@
 #+HTML_HEAD: }
 #+HTML_HEAD: </style>
 
-* lima vm for running docker
-  #+BEGIN_SRC sh 
-    limactl  create -h
-    # Create an instance of Lima
-    limactl create --list-templates
+* Lima VM for running Docker with full control
+  Docker Desktop restricts low-level control, especially for tracing inter-container
+  network traffic. To regain full visibility and system-level access, we run Docker
+  inside a Lima VM instead.
 
-    # create deb12
-    limactl create                                  \
-            --arch aarch64                          \
-            --cpus 8                                \
-            --disk 20                               \
-            --memory 8.0                            \
-            --name deb12                            \
-            template://debian-12
+** lima vm setup
+   #+BEGIN_SRC sh 
+     brew install lima
 
-    # admin
-    limactl list
+     # create
+     cd ~/work-gh/mrva/mrva-docker/lima
+     limactl create --name=ubu ubu-docker.yaml
 
-    # start deb12
-    limactl start deb12
+     # setup
+     cd ~/work-gh/mrva/mrva-docker/lima
+     limactl start ubu
+     limactl shell ubu
 
-    # enter deb12
-    limactl shell deb12
+     # in vm
+     sudo systemctl enable --now docker
+
+     sudo systemctl restart docker
+     sudo usermod -aG docker hohn
+     newgrp docker
+     ln -s  /Users/hohn/work-gh /home/hohn.linux/
+
+     sudo apt install golang-go
+
+   #+END_SRC
+
+** docker setup and run
+   #+BEGIN_SRC sh 
+     # 
+     #* Build the containers
+     # 
+     limactl shell ubu
 
 
-    # install docker
-    # 1. Prerequisites
-    sudo apt update
-    sudo apt install -y ca-certificates curl gnupg lsb-release
-
-    # 2. Add Docker’s official GPG key
-    sudo install -m 0755 -d /etc/apt/keyrings
-    curl -fsSL https://download.docker.com/linux/debian/gpg | \
-        sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
-    sudo chmod a+r /etc/apt/keyrings/docker.gpg
-
-    # 3. Add Docker’s APT repo
-    echo \
-      "deb [arch=$(dpkg --print-architecture) \
-       signed-by=/etc/apt/keyrings/docker.gpg] \
-       https://download.docker.com/linux/debian \
-       $(lsb_release -cs) stable" | \
-      sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
-
-    # 4. Install Docker packages
-    sudo apt update
-    sudo apt install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
-
-    # enable daemons
-    sudo systemctl enable docker
-    sudo systemctl start docker
-
-    # add self to docker group
-    sudo usermod -aG docker $USER
-    limactl stop deb12
-    limactl start deb12
-    limactl shell deb12
-    groups  # should now show "docker"
+     cd ~/work-gh/mrva/mrva-docker/containers/ghmrva/
+     sudo docker build -t client-ghmrva-container:0.4.0 .
 
 
-    # Build container images
-    export MAG_VERSION=0.4.0
+     cd ~/work-gh/mrva/mrva-docker/containers/vscode/
+     docker build -t code-server-initialized:0.4.0 .
 
-    {
-        # ghmrva
-        cd /Users/hohn/work-gh/mrva/mrva-docker/containers/ghmrva/
-        docker build --no-cache -t client-ghmrva-container:${MAG_VERSION} .
-    }
-    {
-        # code-server
-        cd /Users/hohn/work-gh/mrva/mrva-docker/containers/vscode/
-        docker build --no-cache -t code-server-initialized:${MAG_VERSION} .
-    }
-    {
-        # hepc
-        cd /Users/hohn/work-gh/mrva/mrva-docker/containers/hepc
-        rm -fR ./mrvahepc && cp -r  ../../../mrvahepc .
 
-        # Usual build
-        docker build --no-cache -t mrva-hepc-container:${MAG_VERSION} .
-    }
-    {
-        # server
-        cd /Users/hohn/work-gh/mrva/mrva-docker/containers/server
-        docker build --no-cache --network host -t mrva-server:${MAG_VERSION} .
-    }
-    {
-        # Agent
-        cd /Users/hohn/work-gh/mrva/mrva-docker/containers/agent/
-        MAG_TARGET=mrva-agent:0.4.0
-        docker build --no-cache --network host -t ${MAG_TARGET} .
-    }
+     cd ~/work-gh/mrva/mrva-docker/containers/hepc &&\
+         rm -fR ./mrvahepc && cp -r  ../../../mrvahepc .
+     docker build -t mrva-hepc-container:0.4.0 -f Dockerfile .
 
-    # list images
-    docker image ls
 
-    # run containers
-    cd /Users/hohn/work-gh/mrva/mrva-docker
-    docker compose -f docker-compose-demo.yml up
+     cd ~/work-gh/mrva/mrva-docker/containers/server/
+     docker build -t mrva-server:0.4.0 .
 
-  #+END_SRC
 
+     cd ~/work-gh/mrva/mrva-docker/containers/agent/
+     docker build -t mrva-agent:0.4.0 .
+
+
+     #
+     #* Start the containers
+     cd ~/work-gh/mrva/mrva-docker/
+     docker-compose -f docker-compose-demo.yml down
+     docker ps
+
+     docker-compose -f docker-compose-demo.yml up 
+
+     # 
+     #* update the binaries in a running container
+     #** compile server locally
+     cd /Users/hohn/work-gh/mrva/mrvaserver
+     go build
+
+     # Check for running containers
+     docker ps --format "table {{.ID}}\t{{.Image}}\t{{.Names}}"
+
+     # Copy the new binary
+     cd /Users/hohn/work-gh/mrva/mrvaserver
+     docker cp mrvaserver mrva-server:/usr/local/bin/mrvaserver
+
+     # Restart the binary
+     docker exec mrva-server pkill mrvaserver
+
+     #** recompile agent
+     # compile locally
+     cd /Users/hohn/work-gh/mrva/mrvaagent
+     go build
+
+     # Look for the agent's name in the process table
+     docker ps --format "table {{.ID}}\t{{.Image}}\t{{.Names}}"
+
+     # Copy the new binary
+     cd /Users/hohn/work-gh/mrva/mrvaagent
+     docker cp mrvaagent mrva-agent:/usr/local/bin/mrvaagent
+
+     # Restart the binary
+     docker exec mrva-agent pkill mrvaagent
+
+     #** gh-mrva
+     # compile locally
+     cd /Users/hohn/work-gh/mrva/gh-mrva
+     go mod edit -replace="github.com/GitHubSecurityLab/gh-mrva=/Users/hohn/work-gh/mrva/gh-mrva"
+     go mod tidy 
+     GOOS=linux GOARCH=arm64 go build
+
+     # Look for the gh-mrva name in the process table
+     docker ps --format "table {{.ID}}\t{{.Image}}\t{{.Names}}"
+
+     # Copy the new binary
+     cd /Users/hohn/work-gh/mrva/gh-mrva
+     docker cp gh-mrva mrva-ghmrva:/usr/local/bin/gh-mrva
+
+   #+END_SRC
+
+   
   
 * TODO lima vm
 ** intro

docker-compose-demo.yml

@@ -17,9 +17,7 @@ services:
             - mrvastore
         networks:
             - backend
-        env_file:
-            - path: .env.container
-              required: true
+        env_file: .env.container
         # entrypoint: ["tail", "-f", "/dev/null"]
         entrypoint: >
             /bin/sh -c "
@@ -37,9 +35,7 @@ services:
         ports:
             - "9000:9000"
             - "9001:9001"
-        env_file:
-            - path: .env.container
-              required: true
+        env_file: .env.container
         command: server /data/mrvacommander/mrvastore-data --console-address ":9001"
         networks:
             backend:
@@ -113,9 +109,7 @@ services:
             - rabbitmq
             - mrvastore
             - postgres
-        env_file:
-            - path: ./.env.container
-              required: true
+        env_file: ./.env.container
         environment:
             POSTGRES_USER: mrva
             POSTGRES_PASSWORD: mrvapg
@@ -151,9 +145,7 @@ services:
         depends_on:
             - rabbitmq
             - mrvastore
-        env_file:
-            - path: ./.env.container
-              required: true
+        env_file: ./.env.container
         environment:
             - MRVA_HEPC_ENDPOINT=http://hepc:8070
             - MRVA_HEPC_CACHE_DURATION=60

lima/ubu-docker.yaml

@@ -0,0 +1,32 @@
+# ubu-docker.yaml
+arch: "aarch64"
+cpus: 4                         
+memory: "32GiB"       
+disk: "64GiB"
+
+images:
+  - location: "https://cloud-images.ubuntu.com/releases/25.04/release/ubuntu-25.04-server-cloudimg-arm64.img"
+    arch: "aarch64"
+
+mounts:
+  - location: "/Users/hohn"
+    writable: true
+
+provision:
+  - mode: system
+    script: |
+      apt-get update
+      apt-get install -y docker.io docker-compose tcpdump iproute2 net-tools
+      usermod -aG docker ubuntu
+
+ssh:
+  localPort: 0
+
+containerd:
+  system: false
+  user: false
+
+firmware:
+  legacyBIOS: false
+
+