diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..eb62d23 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,215 @@ + +# Regarding contributions + +All types of contributions are encouraged and valued. See the [Table of contents](#table-of-contents) for different ways to help and details about how this project handles them. Please make sure to read the relevant section before making your contribution. It will make it a lot easier for us maintainers and smooth out the experience for all involved. We look forward to your contributions. + +> And if you like the project, but just don't have time to contribute, that's fine. There are other easy ways to support the project and show your appreciation, which we would also be very happy about: +> +> - Star the project +> - Tweet about it +> - Refer this project in your project's readme +> - Mention the project at local meetups and tell your friends/colleagues + + +## Table of contents + +- [I have a question](#i-have-a-question) +- [I want to contribute](#i-want-to-contribute) + - [Reporting bugs](#reporting-bugs) + - [Before submitting a bug report](#before-submitting-a-bug-report) + - [How do I submit a good bug report?](#how-do-i-submit-a-good-bug-report) + - [Suggesting enhancements](#suggesting-enhancements) + - [Before Submitting an Enhancement](#before-submitting-an-enhancement) + - [How do I submit a good enhancement suggestion?](#how-do-i-submit-a-good-enhancement-suggestion) + - [Your first code contribution](#your-first-code-contribution) + - [Test of codebase](#test-of-codebase) + - [Lint of codebase](#lint-of-codebase) + - [Linters in GitHub Action](#linters-in-github-action) + - [Run super-linter locally](#run-super-linter-locally) + - [Run super-linter interactively](#run-super-linter-interactively) + +## I have a question + +Before you ask a question, it is best to search for existing [issues][issues] that might help you. In case you have found a suitable issue and still need clarification, you can write your question in this issue. It is also advisable to search the internet for answers first. + +If you then still feel the need to ask a question and need clarification, please +follow the steps in [Reporting bugs](#reporting-bugs). + +## I want to contribute + +### Reporting bugs + +#### Before submitting a bug report + +A good bug report shouldn't leave others needing to chase you up for more information. Therefore, we ask you to investigate carefully, collect information and describe the issue in detail in your report. Please complete the following steps in advance to help us fix any potential bug as fast as possible: + +- Make sure that you are using the latest version. +- Determine if your bug is really a bug and not an error on your side e.g. using incompatible environment components/versions. +- To see if other users have experienced (and potentially already solved) the same issue you are having, check if there is not already a bug report existing for your bug or error in the [bug tracker][issues_bugs]. +- Also make sure to search the internet to see if users outside of the GitHub community have discussed the issue. +- Collect information about the bug: + - Axis device model + - Axis device firmware version + - Stack trace + - OS and version (Windows, Linux, macOS, x86, ARM) + - Version of the interpreter, compiler, SDK, runtime environment, package manager, depending on what seems relevant + - Possibly your input and the output + - Can you reliably reproduce the issue? And can you also reproduce it with older versions? + +#### How do I submit a good bug report? + +We use GitHub issues to track bugs and errors. If you run into an issue with the project: + +- Open an [issue][issues_new]. +- Explain the behavior you would expect and the actual behavior. +- Please provide as much context as possible and describe the *reproduction steps* that someone else can follow to recreate the issue on their own. +- Provide the information you collected in the previous section. + +Once it's filed: + +- The project team will label the issue accordingly. +- A team member will try to reproduce the issue with your provided steps. If there are no reproduction steps or no obvious way to reproduce the issue, the team will ask you for those steps. Bugs without steps will not be addressed until they can be reproduced. +- If the team is able to reproduce the issue, it will be prioritized according to severity. + +### Suggesting enhancements + +This section guides you through submitting an enhancement suggestion, **including completely new features and minor improvements to existing functionality**. Following these guidelines will help maintainers and the community to understand your suggestion and find related suggestions. + +#### Before Submitting an Enhancement + +- Make sure that you are using the latest version. +- Read the documentation carefully and find out if the functionality is already covered, maybe by an individual configuration. +- Perform a [search][issues] to see if the enhancement has already been suggested. If it has, add a comment to the existing issue instead of opening a new one. +- Find out whether your idea fits with the scope and aims of the project. Keep in mind that we want features that will be useful to the majority of our users and not just a small subset. + +#### How do I submit a good enhancement suggestion? + +Enhancement suggestions are tracked as [GitHub issues][issues]. + +- Use a **clear and descriptive title** for the issue to identify the suggestion. +- Provide a **step-by-step description of the suggested enhancement** in as many details as possible. +- **Describe the current behavior** and **explain which behavior you expected to see instead** and why. At this point you can also tell which alternatives do not work for you. +- You may want to **include screenshots and animated GIFs** which help you demonstrate the steps or point out the part which the suggestion is related to. +- **Explain why this enhancement would be useful** to most users. You may also want to point out the other projects that solved it better and which could serve as inspiration. + +### Your first code contribution + +Start by [forking the repository](https://docs.github.com/en/github/getting-started-with-github/fork-a-repo), i.e. copying the repository to your account to grant you write access. Continue with cloning the forked repository to your local machine. + +```sh +git clone https://github.com//AxisCommunications/acap-runtime.git +``` + +Navigate into the cloned directory and create a new branch: + +```sh +cd acap-runtime +git switch -c +``` + +Update the code according to your requirements, and commit the changes using the [conventional commits](https://www.conventionalcommits.org) message style: + +```sh +git commit -a -m 'Follow the conventional commit messages style to write this message' +``` + +Continue with pushing the local commits to GitHub: + +```sh +git push origin +``` + +Before opening a Pull Request (PR), please consider the following guidelines: + +- Please make sure that the code builds perfectly fine on your local system. +- Make sure that all linters pass, see [Lint of codebase](#lint-of-codebase) +- The PR will have to meet the code standard already available in the repository. +- Explanatory comments related to code functions are required. Please write code comments for a better understanding of the code for other developers. +- Note that code changes or additions to the `.github` folder (or sub-folders) will not be accepted. + +And finally when you are satisfied with your changes, open a new PR. + +### Test of codebase + +The repo has a CI/CD workflow setup that includes testing of the codebase. The steps of the workflow are, for each architecture: + +1. Build the ACAP Runtime [test suite][test-suite] Docker image and push to Docker Hub. +2. Pull the test suite Docker image and run it on an external device. +3. Build the ACAP Runtime Docker image and push to Docker Hub. +4. Build the ACAP Runtime containerized Docker image and push to Docker Hub. + +The workflow should be possible to run from a fork with the following updates: + +- Create your own Docker repository and refer to it in the workflow. Make sure to add your own secrets for login to the repository. +- Setup devices to test on and update the workflow with their IP addresses and provide secrets for the user name and login to the devices. + +### Lint of codebase + +A set of different linters test the codebase and these must pass in order to get a pull request approved. + +#### Linters in GitHub Action + +When you create a pull request, a set of linters will run syntax and format checks on different file types in GitHub actions by making use of a tool called [super-linter][super-linter]. If any of the linters gives an error, this will be shown in the action connected to the pull request. + +In order to speed up development, it's possible to run linters as part of your local development environment. + +#### Run super-linter locally + +Since super-linter is using a Docker image in GitHub Actions, users of other editors may run it locally to lint the codebase. For complete instructions and guidance, see super-linter page for [running locally][super-linter-local]. + +To run a number of linters on the codebase from command line: + +```sh +docker run --rm \ + -v $PWD:/tmp/lint \ + -e RUN_LOCAL=true \ + -e LINTER_RULES_PATH=/ \ + -e VALIDATE_BASH=true \ + -e VALIDATE_DOCKERFILE_HADOLINT=true \ + -e VALIDATE_MARKDOWN=true \ + -e VALIDATE_SHELL_SHFMT=true \ + -e VALIDATE_YAML=true \ + github/super-linter:slim-v4 +``` + +See [`.github/workflows/lint.yml`](.github/workflows/lint.yml) for the exact setup used by this project. + +#### Run super-linter interactively + +It might be more convenient to run super-linter interactively. Run container and enter command line: + +```sh +docker run --rm \ + -v $PWD:/tmp/lint \ + -w /tmp/lint \ + --entrypoint /bin/bash \ + -it github/super-linter:slim-v4 +``` + +Then from the container terminal, the following commands can lint the the code base for different file types: + +```sh +# Lint Dockerfile files +hadolint $(find -type f -name "Dockerfile*") + +# Lint Markdown files +markdownlint . + +# Lint YAML files +yamllint . + +# Lint shell script files +shellcheck $(shfmt -f .) +shfmt -d . +``` + +To lint only a specific file, replace `.` or `$(COMMAND)` with the file path. + + +[issues]: https://github.com/AxisCommunications/acap-runtime/issues +[issues_new]: https://github.com/AxisCommunications/acap-runtime/issues/new +[issues_bugs]: https://github.com/AxisCommunications/acap-runtime/issues?q=label%3Abug +[super-linter]: https://github.com/github/super-linter +[super-linter-local]: https://github.com/github/super-linter/blob/main/docs/run-linter-locally.md +[test-suite]: https://github.com/AxisCommunications/acap-runtime#test-suite + diff --git a/README.md b/README.md index ad71ede..15412d3 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,80 @@ + # The Docker Compose ACAP -This ACAP contains both the Docker Engine and the binaries necessary to interact with it. -Installing this ACAP will make it possible to run Docker containers and Docker commands directly -on the Axis device. +The Docker Compose ACAP application provides the means to run rootless Docker on a compatible Axis +device. In addition it bundles the docker CLI and the docker Compose CLI. -## Compatibility +> **Note** +> +> This is a preview of the rootless Docker Compose ACAP. Even though it uses a non-root user at runtime, +> it requires root privileges during installation and uninstallation. This can be accomplished by +> setting the `AllowRoot` toggle to `true` when installing and uninstalling the application. +> See the [VAPIX documentation][vapix-allow-root] for details. +> +> **Known Issues** +> +> * Only uid and gid are properly mapped between device and containers, not the other groups that +> the user is a member of. This means that resources on the device, even if they are volume or device +> mounted can be inaccessible inside the container. This can also affect usage of unsupported dbus +> methods from the container. +> * iptables use is disabled. +> * The docker.socket group ownership is set to `addon`. + + +## Table of contents + +- [Overview](#overview) +- [Requirements](#requirements) +- [Installation and Usage](#installation-and-usage) + - [Installation](#installation) + - [Securing the Docker Compose ACAP using TLS](#securing-the-docker-compose-acap-using-tls) + - [TLS Setup](#tls-setup) + - [The Certificate Authority (CA) certificate](#the-certificate-authority-ca-certificate) + - [The server certificate](#the-server-certificate) + - [The private server key](#the-private-server-key) + - [Client key and certificate](#client-key-and-certificate) + - [Using an SD card as storage](#using-an-sd-card-as-storage) +- [Using the Docker Compose ACAP](#using-the-docker-compose-acap) + - [Using the Docker Compose ACAP on the Axis device](#using-the-docker-compose-acap-on-the-axis-device) + - [Using the Docker Compose ACAP remotely](#using-the-docker-compose-acap-remotely) + - [Test that the Docker ACAP can run a container](#test-that-the-docker-acap-can-run-a-container) + - [Loading images onto a device](#loading-images-onto-a-device) +- [Building the Docker Compose ACAP](#building-the-docker-compose-acap) +- [Installing a locally built Docker Compose ACAP](#installing-a-locally-built-docker-compose-acap) +- [Contributing](#contributing) +- [License](#license) + +## Overview + +The Docker Compose ACAP provides the means to run a Docker daemon on an Axis device, thereby +making it possible to deploy and run Docker containers on it. When started the daemon +will run in rootless mode, i.e. the user owning the daemon process will not be root, +and in extension, the containers will not have root access to the host system. +See [Rootless Mode][docker-rootless-mode] on Docker.com for details. That page also +contains known limitations when running rootless Docker. +In addition the [docker CLI[dockerCLI]] and [docker compose CLI][dockerComposeCLI] +are included in the application, thereby providing the means to access these e.g. +from a separate ACAP application running on the device. + +> **Note** +> +> The Docker Compose ACAP application can be run with TLS authentication or without. +> Be aware that running without TLS authentication is extremely insecure and we +strongly recommend against this. +> See [Securing the Docker Compose ACAP using TLS](#securing-the-docker-compose-acap-using-tls) +for information on how to generate certificates for TLS authentication when using +the Docker Compose ACAP application. + +## Requirements -### Device +The following requirements need to be met. -The Docker Compose ACAP requires a container capable device. You may check the compatibility of your -device by running: +- Axis device: + - Axis OS version 11.7 or higher. + - The device needs to have ACAP Native SDK support. See [Axis devices & compatibility][devices] + for more information. + - Additionally, the device must be container capable. To check the compatibility + of your device run: ```sh DEVICE_IP= @@ -18,23 +83,18 @@ DEVICE_PASSWORD='' curl -s --anyauth -u "root:$DEVICE_PASSWORD" \ "http://$DEVICE_IP/axis-cgi/param.cgi?action=update&root.Network.SSH.Enabled=yes" -ssh root@$DEVICE_IP 'command -v containerd >/dev/null 2>&1 && echo Compatible with Docker ACAP || echo Not compatible with Docker ACAP' +ssh root@$DEVICE_IP 'command -v containerd >/dev/null 2>&1 && echo Compatible with Docker Compose ACAP || echo Not compatible with Docker Compose ACAP' ``` where `` is the IP address of the Axis device and `` is the root password. Please note that you need to enclose your password with quotes (`'`) if it contains special characters. -### Host +- Computer: + - Either [Docker Desktop][dockerDesktop] version 4.11.1 or higher, or + [Docker Engine][dockerEngine] version 20.10.17 or higher. + - To build Docker Compose ACAP locally it is required to have [Buildx][buildx] installed. -The host machine is recommended to have [Docker](https://docs.docker.com/get-docker/) and -[Docker Compose](https://docs.docker.com/compose/install/) installed. -To build Docker Compose ACAP locally it is required to have [Docker Engine](https://docs.docker.com/engine/) -and [Buildx](https://docs.docker.com/build/install-buildx/) installed. - -## Installing - -The Docker Compose application is available as a **signed** eap-file in [Releases][latest-releases], -this is the recommended way to install this ACAP. +## Installation and Usage > [!IMPORTANT] > From AXIS OS 11.8 `root` user is not allowed by default and in 12.0 it will be disallowed completely. Read more on the [Developer Community](https://www.axis.com/developer-community/news/axis-os-root-acap-signing). \ @@ -47,7 +107,9 @@ this is the recommended way to install this ACAP. The prebuilt Docker Compose ACAP application is signed, read more about signing [here][signing-documentation]. -Download and install any signed eap-file from [prereleases or releases][all-releases] +### Installation + +Install and use any signed eap-file from [prereleases or releases][all-releases] with a tag on the form `_`, where `` is the docker-compose-acap release version and `` is either `armv7hf` or `aarch64` depending on device architecture. E.g. `Docker_Daemon_with_Compose_1_3_0_aarch64_signed.eap`. @@ -60,34 +122,19 @@ where it can be controlled in the device GUI **Apps** tab. curl -s https://api.github.com/repos/AxisCommunications/docker-compose-acap/releases/latest | grep "browser_download_url.*Docker_Daemon_with_Compose_.*_\_signed.eap" ``` -### Installation of version 1.2.5 and previous - -To install this ACAP with version 1.2.5 or previous use the pre-built -[docker hub](https://hub.docker.com/r/axisecp/docker-compose-acap) image: - -```sh -docker run --rm axisecp/docker-compose-acap:latest- install -``` - -Where `` is either `armv7hf` or `aarch64` depending on device architecture. - -It's also possible to build and use a locally built image. See the -[Building the Docker Compose ACAP](#building-the-docker-compose-acap) section for more information. - -## Securing the Docker Compose ACAP using TLS +### Securing the Docker Compose ACAP using TLS The Docker Compose ACAP can be run either unsecured or in TLS mode. The Docker Compose ACAP uses TLS as default. Use the "Use TLS" dropdown in the web interface to switch between the two different modes. It's also possible to toggle this option by -calling the parameter management API in [VAPIX](https://www.axis.com/vapix-library/) and setting the -`root.dockerdwrapperwithcompose.UseTLS` parameter to `yes` or `no`. The following commands would +calling the parameter management API in [VAPIX][vapix] and setting the +`root.dockerdwrapperwithcompose.UseTLS` parameter to `yes` or `no`. The following command would enable TLS: ```sh DEVICE_IP= -DEVICE_PASSWORD='' -curl -s --anyauth -u "root:$DEVICE_PASSWORD" \ +curl -s --anyauth -u "root:" \ "http://$DEVICE_IP/axis-cgi/param.cgi?action=update&root.dockerdwrapperwithcompose.UseTLS=yes" ``` @@ -95,11 +142,11 @@ Note that the dockerd service will be restarted every time TLS is activated or deactivated. Running the ACAP using TLS requires some additional setup, see next chapter. Running the ACAP without TLS requires no further setup. -### TLS Setup +#### TLS Setup -TLS requires a few keys and certificates to work, which are listed in the +TLS requires a keys and certificates to work, which are listed in the subsections below. For more information on how to generate these files, please -consult the official [Docker documentation](https://docs.docker.com/engine/security/protect-access/). +consult the official [Docker documentation][docker-tls]. Most of these keys and certificates need to be moved to the Axis device. There are multiple ways to achieve this, for example by using `scp` to copy the files from a remote machine onto the device. This can be done by running the following command on the remote machine: @@ -108,25 +155,32 @@ This can be done by running the following command on the remote machine: scp ca.pem server-cert.pem server-key.pem root@:/usr/local/packages/dockerdwrapperwithcompose/ ``` -#### The Certificate Authority (CA) certificate +Once copied to the Axis device the correct permissions need to be set for the certificates: + +```sh +ssh root@ 'chown acap-dockerdwrapperwithcompose /usr/local/packages/dockerdwrapperwithcompose/*.pem' + +``` + +##### The Certificate Authority (CA) certificate This certificate needs to be present in the dockerdwrapperwithcompose package folder on the Axis device and be named `ca.pem`. The full path of the file should be `/usr/local/packages/dockerdwrapperwithcompose/ca.pem`. -#### The server certificate +##### The server certificate This certificate needs to be present in the dockerdwrapperwithcompose package folder on the Axis device and be named `server-cert.pem`. The full path of the file should be `/usr/local/packages/dockerdwrapperwithcompose/server-cert.pem`. -#### The private server key +##### The private server key This key needs to be present in the dockerdwrapperwithcompose package folder on the Axis device and be named `server-key.pem`. The full path of the file should be `/usr/local/packages/dockerdwrapperwithcompose/server-key.pem`. -#### Client key and certificate +##### Client key and certificate A client will need to have its own private key, together with a certificate authorized by the CA. Key, certificate and CA shall be used when running Docker against the dockerd daemon on @@ -138,7 +192,7 @@ docker --tlsverify \ --tlscacert=ca.pem \ --tlscert=client-cert.pem \ --tlskey=client-key.pem \ - -H=:$DOCKER_PORT \ + --host tcp://$DEVICE_IP:$DOCKER_PORT \ version ``` @@ -149,14 +203,14 @@ automatically use your key and certificate, please export the `DOCKER_CERT_PATH` export DOCKER_CERT_PATH= DOCKER_PORT=2376 docker --tlsverify \ - -H=:$DOCKER_PORT \ + --host tcp://$DEVICE_IP:$DOCKER_PORT \ version ``` where `` is the directory on your computer where the files `ca.pem`, -`cert.pem` and `key.pem` are stored. +`client-cert.pem` and `client-key.pem` are stored. -## Using an SD card as storage +### Using an SD card as storage An SD card might be necessary to run the Docker Compose ACAP correctly. Docker containers and docker images can be quite large, and putting them on an SD card @@ -164,13 +218,13 @@ gives more freedom in how many and how large images can be stored. Switching between storage on the SD card or internal storage is done by toggling the "SD card support" dropdown in the web interface. It's also possible to toggle this option by calling the parameter management API in -[VAPIX](https://www.axis.com/vapix-library/) (accessing this documentation +[VAPIX][vapix] (accessing this documentation requires creating a free account) and setting the `root.dockerdwrapperwithcompose.SDCardSupport` parameter to `yes` or `no`. Toggling this setting will automatically restart the docker daemon using the specified storage. The default setting is to use the internal storage on the -device. +Axis device. Note that dockerdwrapperwithcompose requires that Unix permissions are supported by the file system. Examples of file systems which support this are ext4, ext3 and xfs. @@ -180,10 +234,18 @@ example if the original file system of the SD card is vfat. Make sure to use an SD card that has enough capacity to hold your applications. Other properties of the SD card, like the speed, might also affect the performance of your applications. For example, the Computer Vision SDK example -[object-detector-python](https://github.com/AxisCommunications/acap-computer-vision-sdk-examples/tree/main/object-detector-python) +[object-detector-python][object-detector-python] has a significantly higher inference time when using a small and slow SD card. To get more informed about specifications, check the -[SD Card Standards](https://www.sdcard.org/developers/sd-standard-overview/). +[SD Card Standards][sd-card-standards]. + +>**Note** +> +>If Docker Compose ACAP v1.3 or previous has been used on the device with SD card as storage +>the storage directory might already be created with root permissions. +>Since v2.0 the Docker Compose ACAP is run in rootless mode and it will then not be able +>to access that directory. To solve this, either reformat the SD card or manually +>remove the directory that is used by the Docker Compose ACAP. ## Using the Docker Compose ACAP @@ -205,13 +267,13 @@ The docker client binary will be reachable in the terminal without any additiona docker version ``` -The [docker compose](https://docs.docker.com/compose/cli-command) functionality is also available: +The [docker compose][dockerCLI] functionality is also available: ```sh docker compose version ``` -Note that the ACAP is shipped with [Compose V2](https://docs.docker.com/compose/cli-command). +Note that the ACAP is shipped with [Compose V2][dockerComposeCLI]. ### Using the Docker Compose ACAP remotely @@ -235,18 +297,66 @@ See [Client key and certificate](#client-key-and-certificate) for an example of how to remotely run docker commands on a device running a secured Docker Compose ACAP using TLS. +#### Test that the Docker ACAP can run a container + +Make sure the Docker Compose ACAP, using TLS, is running, then pull and run the +[hello-world][docker-hello-world] image from Docker Hub: + +```sh +>docker --tlsverify --host tcp://$DEVICE_IP:$DOCKER_PORT pull hello-world +Using default tag: latest +latest: Pulling from library/hello-world +70f5ac315c5a: Pull complete +Digest: sha256:88ec0acaa3ec199d3b7eaf73588f4518c25f9d34f58ce9a0df68429c5af48e8d +Status: Downloaded newer image for hello-world:latest +docker.io/library/hello-world:latest +>docker --tlsverify --host tcp://$DEVICE_IP:$DOCKER_PORT run hello-world + +Hello from Docker! +This message shows that your installation appears to be working correctly. + +To generate this message, Docker took the following steps: + 1. The Docker client contacted the Docker daemon. + 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. + (arm64v8) + 3. The Docker daemon created a new container from that image which runs the + executable that produces the output you are currently reading. + 4. The Docker daemon streamed that output to the Docker client, which sent it + to your terminal. + +To try something more ambitious, you can run an Ubuntu container with: + $ docker run -it ubuntu bash + +Share images, automate workflows, and more with a free Docker ID: + https://hub.docker.com/ + +For more examples and ideas, visit: + https://docs.docker.com/get-started/ + +``` + +#### Loading images onto a device + +If you have images in a local repository that you want to transfer to a device, or +if you have problems getting the `pull` command to work in your environment, `save` +and `load` can be used. + +```sh +docker save | docker --tlsverify --host tcp://$DEVICE_IP:$DOCKER_PORT load +``` + ## Building the Docker Compose ACAP To build the Docker Compose ACAP use docker buildx with the provided Dockerfile: ```sh -# Build Docker ACAP image +# Build Docker Compose ACAP image docker buildx build --file Dockerfile --tag docker-acap-with-compose: --build-arg ACAPARCH= . ``` where `` is either `armv7hf` or `aarch64`. -To extract the Docker ACAP eap-file use docker cp to copy it to a `build` folder: +To extract the Docker Compose ACAP eap-file use docker cp to copy it to a `build` folder: ```sh docker cp "$(docker create "docker-acap-with-compose:")":/opt/app/ ./build @@ -270,10 +380,30 @@ Go to your device web page above > Click on the tab **App** in the device GUI > Add **(+)** sign and browse to the newly built .eap-file > Click **Install** > Run the application by enabling the **Start** switch. +## Contributing + +Take a look at the [CONTRIBUTING.md](CONTRIBUTING.md) file. + +## License + +[Apache 2.0](LICENSE) + [all-releases]: https://github.com/AxisCommunications/docker-compose-acap/releases +[buildx]: https://docs.docker.com/build/install-buildx/ +[devices]: https://axiscommunications.github.io/acap-documentation/docs/axis-devices-and-compatibility#sdk-and-device-compatibility +[dockerDesktop]: https://docs.docker.com/desktop/ +[dockerEngine]: https://docs.docker.com/engine/ +[dockerCLI]: https://docs.docker.com/engine/reference/commandline/cli/ +[dockerComposeCLI]: https://docs.docker.com/compose/reference/ +[docker-hello-world]: https://hub.docker.com/_/hello-world +[docker-tls]: https://docs.docker.com/engine/security/protect-access/ +[docker-rootless-mode]: https://docs.docker.com/engine/security/rootless/ [latest-releases]: https://github.com/AxisCommunications/docker-compose-acap/releases/latest +[object-detector-python]: https://github.com/AxisCommunications/acap-computer-vision-sdk-examples/tree/main/object-detector-python +[sd-card-standards]: https://www.sdcard.org/developers/sd-standard-overview/ [signing-documentation]: https://axiscommunications.github.io/acap-documentation/docs/faq/security.html#sign-acap-applications - +[vapix]: https://www.axis.com/vapix-library/ +[vapix-allow-root]: https://www.axis.com/vapix-library/subjects/t10102231/section/t10036126/display?section=t10036126-t10185050