staticバイナリを入れる。
https://docs.docker.com/engine/install/binaries/
Install daemon and client binaries on Linux

Prerequisites
Before attempting to install Docker from binaries, be sure your host machine meets the prerequisites:
・A 64-bit installation
(OK)
・Version 3.10 or higher of the Linux kernel. The latest version of the kernel available for your platform is recommended.
(OK)
・iptables version 1.4 or higher
$ sudo installpkg n/iptables-1.8.7-x86_64-3.txz
$ sudo installpkg l/libpcap-1.10.1-x86_64-1.txz (不足lib)
・git version 1.7 or higher
$ sudo installpkg d/git-2.35.1-x86_64-1.txz
・A ps executable, usually provided by procps or a similar package.
(OK)
・XZ Utils 4.9 or higher
(OK)
・A properly mounted cgroupfs hierarchy; a single, all-encompassing cgroup mount point is not sufficient. See Github issues #2683, #3485, #4568).
(OK)

Secure your environment as much as possible
OS considerations
Enable SELinux or AppArmor if possible.
It is recommended to use AppArmor or SELinux if your Linux distribution supports either of the two. This helps improve security and blocks certain types of exploits. Review the documentation for your Linux distribution for instructions for enabling and configuring AppArmor or SELinux.
(多分どちらも使ってないから無問題?)

Docker daemon considerations
Enable seccomp security profiles if possible. See Enabling seccomp for Docker.
$ zcat /proc/config.gz | grep CONFIG_SECCOMP
CONFIG_SECCOMP=y
CONFIG_SECCOMP_FILTER=y
# CONFIG_SECCOMP_CACHE_DEBUG is not set
(OK)
Enable user namespaces if possible. See the Daemon user namespace options.
$ zcat /proc/config.gz | grep NAME
CONFIG_NAMESPACES=y
(OK?)
user namespaces とは、でググった：
https://gihyo.jp/admin/serial/01/linux_containers/0016
(unshareコマンド(util-linux)が使えるってことはOKだろう)

Install static binaries
Download the static binary archive. Go to https://download.docker.com/linux/static/stable/ , choose your hardware platform, and download the .tgz file relating to the version of Docker Engine you want to install.
Extract the archive using the tar utility. The dockerd and docker binaries are extracted.
$ tar xzvf docker-20.10.9.tgz
Optional: Move the binaries to a directory on your executable path, such as /usr/bin/. If you skip this step, you must provide the path to the executable when you invoke docker or dockerd commands.
($ sudo cp docker/* /usr/bin/ 簡単に外せるようにpkg化するため、実行しない)
$ sudo mkdir -p package-docker/usr
$ sudo mv docker package-docker/usr/bin
$ sudo chown -R root:root package-docker/usr
$ cd package-docker
$ sudo makepkg ../docker-20.10.9-x86_64-1.tgz
$ sudo installpkg ../docker-20.10.9-x86_64-1.tgz
Start the Docker daemon:
$ sudo dockerd &
$ docker run hello-world
Error getting v2 registry: Get “https://registry-1.docker.io/v2/”: x509: certificate signed by unknown authority
https://stackoverflow.com/questions/50619911/docke…
\
https://docs.docker.com/engine/reference/commandli…
Running a Docker daemon behind an HTTPS_PROXY
When running inside a LAN that uses an HTTPS proxy, the Docker Hub certificates will be replaced by the proxy’s certificates. These certificates need to be added to your Docker host’s configuration:
1.Install the ca-certificates package for your distribution
2.Ask your network admin for the proxy’s CA certificate and append them to /etc/pki/tls/certs/ca-bundle.crt
3.Then start your Docker daemon with HTTPS_PROXY=http://username:password@proxy:port/ dockerd. The username: and password@ are optional – and are only needed if your proxy is set up to require authentication.
This will only add the proxy and authentication to the Docker daemon’s requests – your docker builds and running containers will need extra configuration to use the proxy

$ sudo installpkg n/ca-certificates-20211216-noarch-1.txz
$ sudo installpkg a/dcron-4.5-x86_64-11.txz (update-ca-certificatesはrun-partsが必要)
ここで独自(root)CAを作るのか?、証明書ファイル作らないかんのか。メンドクサくなってきたが、
どうせいづれやらなきゃならんだろうし、やるかぁ。(結局はやらずに済んだ、以降参照)
$ sudo update-ca-certificates

と思ったが、しばらくしてやってみると今度はできたらしい。update-ca-certificatesしてから
dockerdを起動し直したからか?
$ sudo dockerd &
[5] 9926
darkstar:~$ INFO[2025-05-25Txx:yy:zz.543477443+09:00] Starting up
WARN[2025-05-25Txx:yy:zz.548029884+09:00] could not change group /var/run/docker.sock to docker: group docker not found
INFO[2025-05-25Txx:yy:zz.553847081+09:00] libcontainerd: started new containerd process pid=9935
INFO[2025-05-25Txx:yy:zz.554750713+09:00] parsed scheme: “unix” module=grpc
INFO[2025-05-25Txx:yy:zz.554781622+09:00] scheme “unix” not registered, fallback to default scheme module=grpc
INFO[2025-05-25Txx:yy:zz.554812931+09:00] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 }] } module=grpc
INFO[2025-05-25Txx:yy:zz.554844709+09:00] ClientConn switching balancer to “pick_first” module=grpc
INFO[2025-05-25Txx:yy:zz.689367447+09:00] starting containerd revision=5b46e404f6b9f661a205e28d59c982d3634148f8 version=v1.4.11
INFO[2025-05-25Txx:yy:zz.714826691+09:00] loading plugin “io.containerd.content.v1.content”… type=io.containerd.content.v1
INFO[2025-05-25Txx:yy:zz.715117400+09:00] loading plugin “io.containerd.snapshotter.v1.aufs”… type=io.containerd.snapshotter.v1
INFO[2025-05-25Txx:yy:zz.717565718+09:00] skip loading plugin “io.containerd.snapshotter.v1.aufs”… error=”aufs is not supported (modprobe aufs failed: exit status 1 \”modprobe: FATAL: Module aufs not found in directory /lib/modules/5.15.19\\n\”): skip plugin” type=io.containerd.snapshotter.v1
INFO[2025-05-25Txx:yy:zz.717601981+09:00] loading plugin “io.containerd.snapshotter.v1.btrfs”… type=io.containerd.snapshotter.v1
INFO[2025-05-25Txx:yy:zz.717780566+09:00] skip loading plugin “io.containerd.snapshotter.v1.btrfs”… error=”path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs (ext3) must be a btrfs filesystem to be used with the btrfs snapshotter: skip plugin” type=io.containerd.snapshotter.v1
INFO[2025-05-25Txx:yy:zz.717810871+09:00] loading plugin “io.containerd.snapshotter.v1.devmapper”… type=io.containerd.snapshotter.v1
WARN[2025-05-25Txx:yy:zz.718392712+09:00] failed to load plugin io.containerd.snapshotter.v1.devmapper error=”devmapper not configured”
INFO[2025-05-25Txx:yy:zz.718416264+09:00] loading plugin “io.containerd.snapshotter.v1.native”… type=io.containerd.snapshotter.v1
INFO[2025-05-25Txx:yy:zz.718621600+09:00] loading plugin “io.containerd.snapshotter.v1.overlayfs”… type=io.containerd.snapshotter.v1
INFO[2025-05-25Txx:yy:zz.718903426+09:00] loading plugin “io.containerd.snapshotter.v1.zfs”… type=io.containerd.snapshotter.v1
INFO[2025-05-25Txx:yy:zz.719100742+09:00] skip loading plugin “io.containerd.snapshotter.v1.zfs”… error=”path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter: skip plugin” type=io.containerd.snapshotter.v1
INFO[2025-05-25Txx:yy:zz.719126222+09:00] loading plugin “io.containerd.metadata.v1.bolt”… type=io.containerd.metadata.v1
WARN[2025-05-25Txx:yy:zz.719158962+09:00] could not use snapshotter devmapper in metadata plugin error=”devmapper not configured”
INFO[2025-05-25Txx:yy:zz.719174466+09:00] metadata content store policy set policy=shared
INFO[2025-05-25Txx:yy:zz.720702146+09:00] loading plugin “io.containerd.differ.v1.walking”… type=io.containerd.differ.v1
INFO[2025-05-25Txx:yy:zz.720753008+09:00] loading plugin “io.containerd.gc.v1.scheduler”… type=io.containerd.gc.v1
INFO[2025-05-25Txx:yy:zz.721326067+09:00] loading plugin “io.containerd.service.v1.introspection-service”… type=io.containerd.service.v1
INFO[2025-05-25Txx:yy:zz.721400543+09:00] loading plugin “io.containerd.service.v1.containers-service”… type=io.containerd.service.v1
INFO[2025-05-25Txx:yy:zz.721437447+09:00] loading plugin “io.containerd.service.v1.content-service”… type=io.containerd.service.v1
INFO[2025-05-25Txx:yy:zz.721491970+09:00] loading plugin “io.containerd.service.v1.diff-service”… type=io.containerd.service.v1
INFO[2025-05-25Txx:yy:zz.721529789+09:00] loading plugin “io.containerd.service.v1.images-service”… type=io.containerd.service.v1
INFO[2025-05-25Txx:yy:zz.721567686+09:00] loading plugin “io.containerd.service.v1.leases-service”… type=io.containerd.service.v1
INFO[2025-05-25Txx:yy:zz.721608787+09:00] loading plugin “io.containerd.service.v1.namespaces-service”… type=io.containerd.service.v1
INFO[2025-05-25Txx:yy:zz.721643480+09:00] loading plugin “io.containerd.service.v1.snapshots-service”… type=io.containerd.service.v1
INFO[2025-05-25Txx:yy:zz.721681065+09:00] loading plugin “io.containerd.runtime.v1.linux”… type=io.containerd.runtime.v1
INFO[2025-05-25Txx:yy:zz.721841740+09:00] loading plugin “io.containerd.runtime.v2.task”… type=io.containerd.runtime.v2
INFO[2025-05-25Txx:yy:zz.721982847+09:00] loading plugin “io.containerd.monitor.v1.cgroups”… type=io.containerd.monitor.v1
INFO[2025-05-25Txx:yy:zz.723903133+09:00] loading plugin “io.containerd.service.v1.tasks-service”… type=io.containerd.service.v1
INFO[2025-05-25Txx:yy:zz.723970729+09:00] loading plugin “io.containerd.internal.v1.restart”… type=io.containerd.internal.v1
INFO[2025-05-25Txx:yy:zz.724600003+09:00] loading plugin “io.containerd.grpc.v1.containers”… type=io.containerd.grpc.v1
INFO[2025-05-25Txx:yy:zz.724625834+09:00] loading plugin “io.containerd.grpc.v1.content”… type=io.containerd.grpc.v1
INFO[2025-05-25Txx:yy:zz.724655042+09:00] loading plugin “io.containerd.grpc.v1.diff”… type=io.containerd.grpc.v1
INFO[2025-05-25Txx:yy:zz.724680312+09:00] loading plugin “io.containerd.grpc.v1.events”… type=io.containerd.grpc.v1
INFO[2025-05-25Txx:yy:zz.724700156+09:00] loading plugin “io.containerd.grpc.v1.healthcheck”… type=io.containerd.grpc.v1
INFO[2025-05-25Txx:yy:zz.724719115+09:00] loading plugin “io.containerd.grpc.v1.images”… type=io.containerd.grpc.v1
INFO[2025-05-25Txx:yy:zz.724737810+09:00] loading plugin “io.containerd.grpc.v1.leases”… type=io.containerd.grpc.v1
INFO[2025-05-25Txx:yy:zz.724759070+09:00] loading plugin “io.containerd.grpc.v1.namespaces”… type=io.containerd.grpc.v1
INFO[2025-05-25Txx:yy:zz.724777408+09:00] loading plugin “io.containerd.internal.v1.opt”… type=io.containerd.internal.v1
INFO[2025-05-25Txx:yy:zz.725049703+09:00] loading plugin “io.containerd.grpc.v1.snapshots”… type=io.containerd.grpc.v1
INFO[2025-05-25Txx:yy:zz.725076598+09:00] loading plugin “io.containerd.grpc.v1.tasks”… type=io.containerd.grpc.v1
INFO[2025-05-25Txx:yy:zz.725096642+09:00] loading plugin “io.containerd.grpc.v1.version”… type=io.containerd.grpc.v1
INFO[2025-05-25Txx:yy:zz.725114468+09:00] loading plugin “io.containerd.grpc.v1.introspection”… type=io.containerd.grpc.v1
INFO[2025-05-25Txx:yy:zz.725311362+09:00] serving… address=/var/run/docker/containerd/containerd-debug.sock
INFO[2025-05-25Txx:yy:zz.725369312+09:00] serving… address=/var/run/docker/containerd/containerd.sock.ttrpc
INFO[2025-05-25Txx:yy:zz.725434351+09:00] serving… address=/var/run/docker/containerd/containerd.sock
INFO[2025-05-25Txx:yy:zz.725469637+09:00] containerd successfully booted in 0.040271s
INFO[2025-05-25Txx:yy:zz.743241931+09:00] parsed scheme: “unix” module=grpc
INFO[2025-05-25Txx:yy:zz.743289346+09:00] scheme “unix” not registered, fallback to default scheme module=grpc
INFO[2025-05-25Txx:yy:zz.743334299+09:00] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 }] } module=grpc
INFO[2025-05-25Txx:yy:zz.743356330+09:00] ClientConn switching balancer to “pick_first” module=grpc
INFO[2025-05-25Txx:yy:zz.744515692+09:00] parsed scheme: “unix” module=grpc
INFO[2025-05-25Txx:yy:zz.744548766+09:00] scheme “unix” not registered, fallback to default scheme module=grpc
INFO[2025-05-25Txx:yy:zz.744580908+09:00] ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0 }] } module=grpc
INFO[2025-05-25Txx:yy:zz.744604324+09:00] ClientConn switching balancer to “pick_first” module=grpc
INFO[2025-05-25Txx:yy:zz.766432592+09:00] [graphdriver] using prior storage driver: overlay2
WARN[2025-05-25Txx:yy:zz.803766357+09:00] Your kernel does not support cgroup blkio weight
WARN[2025-05-25Txx:yy:zz.803792119+09:00] Your kernel does not support cgroup blkio weight_device
INFO[2025-05-25Txx:yy:zz.804324604+09:00] Loading containers: start.
INFO[2025-05-25Txx:yy:zz.059651622+09:00] Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option –bip can be used to set a preferred IP address
INFO[2025-05-25Txx:yy:zz.138552587+09:00] Loading containers: done.
INFO[2025-05-25Txx:yy:zz.197337722+09:00] Docker daemon commit=79ea9d3 graphdriver(s)=overlay2 version=20.10.9
INFO[2025-05-25Txx:yy:zz.198506658+09:00] Daemon has completed initialization
INFO[2025-05-25Txx:yy:zz.223809737+09:00] API listen on /var/run/docker.sock
(起動ログは、だいぶ後になってから採った。2025.05)
$ docker run hello-world

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the “hello-world” image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/

For more examples and ideas, visit:
https://docs.docker.com/get-started/

Slackの基本環境をコンテナのベースにする
https://shirakawa.weblike.jp/blog-page/2022/03/11…

/*************************************************************************************/
2025.05
$ docker compose up -d
を実行したら、docker compose が無いときた。https://shirakawa.weblike.jp/blog-page/2024/01/27…
上のdocker-20.10.9には、docker-compose(V1)が入っておらず、別途入れなければならないが、docker-20.10
からは、dockerに入っていてV2となっているらしい(DeepSeek)。docker-20.10.10をInstする事にした。前回と
同じく以下を参考。
https://docs.docker.com/engine/install/binaries/
$ tar xzvf docker-20.10.10.tgz
($ sudo cp docker/* /usr/bin/ 簡単に外せるようにpkg化するため、実行しない)
$ sudo mkdir -p package-docker/usr
$ sudo mv docker package-docker/usr/bin
$ sudo chown -R root:root package-docker/usr
$ cd package-docker
$ sudo makepkg ../docker-20.10.10-x86_64-1.tgz
$ sudo removepkg /var/log/docker-20.10.9-x86_64-1
$ sudo installpkg ../docker-20.10.10-x86_64-1.tgz
$ grep -E ‘bin|lib’ /var/log/packages/docker-20.10.10-x86_64-1 | sed s@^@/@ | xargs ldd | grep found
(依存の不足は無かった)
Start the Docker daemon:
$ sudo dockerd &
$ docker run hello-world

Instした後からよく見たら、docker-20.10.9もdocker-20.10.10も同じdocker-20.10なので意味が無かった。
docker-composeが無い件は、ChatGPTに聞いてInstした。
Docker Compose CLI プラグインを手動でインストールする必要があります。
$ mkdir -p ~/.docker/cli-plugins/
$ curl -SL https://github.com/docker/compose/releases/download/v2.23.3/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose
$ chmod +x ~/.docker/cli-plugins/docker-compose

/*************************************************************************************/

参考情報：
CA（Certificate Authority）：セキュリティ用語事典 – ＠IT
https://atmarkit.itmedia.co.jp/ait/articles/0401/0…
Ubuntu では ca-certificates パッケージで CA 証明書をインストールできるぞ
https://vividcode.hatenablog.com/entry/linux/ubunt…
buster の ca-certificates パッケージに関する詳細 – Debian
https://packages.debian.org/ja/buster/ca-certifica…
Mozilla ブラウザに同梱の証明書の証明機関が含まれています。SSL ベースの アプリケーションが SSL 接続時の認証で接続先を確認するのに使われます。 (Slackも同じ)
\
docker update-ca-certificates not found、でググった：
独自(root)CA のインストール方法
https://qiita.com/msi/items/9cb90271836386dafce3
証明書ファイル 作成、でググった：
自己署名証明書の作成
https://qiita.com/sanyamarseille/items/46fc6ff5a0a…
https://weblabo.oscasierra.net/openssl-gencert-1/

Installまたは展開時のメッセージ：
\# ca-certificates (PEM Files of CA Certificates)
\# This package includes PEM files of CA certificates to allow SSL-based
\# applications to check for the authenticity of SSL connections.
\
\# dcron (Dillon’s Cron daemon)
\# The cron daemon runs in the background and executes tasks on behalf of
\# users at the appropriate time. Many timed system tasks are started
\# with cron, such as the nightly indexing with updatedb.
\# dcron was written entirely from scratch by Matthew Dillon.