Container Image

The image is available in GitLab’s container registry: registry.gitlab.com/signald/signald

The image is built for amd64 and armv8. Additional architectures may be available upon request.

The images run as user 1337 (as of signald 0.18.0, see note about migrating from previous verisons below)

signald stores both account state files and the unix socket file in /signald. Mount it as a volume:

docker run -v $(pwd)/run:/signald registry.gitlab.com/signald/signald

Beware that if your system uses SELinux, it may silently deny Docker access to the volume you specify.

signaldctl is available in the container and can be used with docker exec.

signaldctl can also be installed outside the container, but needs to know where the /signald volume is mounted on the host. That can be configured with signaldctl config set socketpath /path/to/volume/signald.sock

Docker for Mac does not pass correctly sockets via Docker volumes to the host. This Docker issue lays it out in all the gory details. Attempts to connect to the mounted socket result in Connection Refused errors. Connections from other docker containers should work.

Prior to 0.18.0 the signald container image used the root user, which is not recommended for security reasons. This was fixed in the 0.18.0 release which will start as root, fix permissions on the volume, then drop to the non-root user and start signald. Future images (0.19.0+) will start as the non-root user, so if you’re upgrading make sure to run 0.18.0 at least once.

A special tag, 0.18.0-non-root, will be published. it starts as the non-root user and does not fix permissions on the volume.

In 0.18.1, a fix was added to skip trying to fix permissions and drop privileges if the container is started as non-root by some other means.