Merge pull request #923 from AkihiroSuda/clarify-p2p-optional

docs: clarify that P2P image distribution (IPFS) is completely optional

Author: AkihiroSuda

README.md

@@ -11,18 +11,20 @@
 
  ✅ Supports Docker Compose (`nerdctl compose up`)
 
- ✅ Supports [rootless mode, without slirp overhead](./docs/rootless.md) (`nerdctl run --label nerdctl/bypass4netns=true`)
+ ✅ [Optional] Supports [rootless mode, without slirp overhead (bypass4netns)](./docs/rootless.md)
 
- ✅ Supports [lazy-pulling (Stargz)](./docs/stargz.md)
+ ✅ [Optional] Supports [lazy-pulling (Stargz)](./docs/stargz.md)
 
- ✅ Supports [encrypted images (ocicrypt)](./docs/ocicrypt.md)
+ ✅ [Optional] Supports [encrypted images (ocicrypt)](./docs/ocicrypt.md)
 
- ✅ Supports [P2P image distribution (IPFS)](./docs/ipfs.md)
+ ✅ [Optional] Supports [P2P image distribution (IPFS)](./docs/ipfs.md) (\*1)
 
- ✅ Supports [container image signing and verifying (cosign)](./docs/cosign.md)
+ ✅ [Optional] Supports [container image signing and verifying (cosign)](./docs/cosign.md)
 
 nerdctl is a **non-core** sub-project of containerd.
 
+\*1: P2P image distribution (IPFS) is completely optional. Your host is NOT connected to any P2P network, unless you opt in to [install and run IPFS daemon](https://docs.ipfs.io/install/).
+
 ## Examples
 
 ### Basic usage
@@ -153,7 +155,8 @@ Also, `nerdctl` might be potentially useful for debugging Kubernetes clusters, b
 Major:
 - [On-demand image pulling (lazy-pulling) using Stargz Snapshotter](./docs/stargz.md): `nerdctl --snapshotter=stargz run IMAGE` .
 - [Image encryption and decryption using ocicrypt (imgcrypt)](./docs/ocicrypt.md): `nerdctl image (encrypt|decrypt) SRC DST`
-- [P2P image distribution using IPFS](./docs/ipfs.md): `nerdctl run ipfs://CID`
+- [P2P image distribution using IPFS](./docs/ipfs.md): `nerdctl run ipfs://CID` .
+  P2P image distribution (IPFS) is completely optional. Your host is NOT connected to any P2P network, unless you opt in to [install and run IPFS daemon](https://docs.ipfs.io/install/).
 - Recursive read-only (RRO) bind-mount: `nerdctl run -v /mnt:/mnt:rro` (make children such as `/mnt/usb` to be read-only, too).
   Requires kernel >= 5.12, and crun >= 1.4 or runc >= 1.1 (PR [#3272](https://github.com/opencontainers/runc/pull/3272)).
 - [Cosign integration](./docs/cosign.md): `nerdctl pull --verify=cosign` and `nerdctl push --sign=cosign`
@@ -1359,6 +1362,8 @@ Flags:
 
 ## IPFS management
 
+P2P image distribution (IPFS) is completely optional. Your host is NOT connected to any P2P network, unless you opt in to [install and run IPFS daemon](https://docs.ipfs.io/install/).
+
 ### :nerd_face: nerdctl ipfs registry up
 Start read-only local registry backed by IPFS.
 See [`./docs/ipfs.md`](./docs/ipfs.md) for details.

docs/ipfs.md

@@ -2,6 +2,8 @@
 
 You can distribute container images without registries, using IPFS.
 
+IPFS support is completely optional. Your host is NOT connected to any P2P network, unless you opt in to [install and run IPFS daemon](https://docs.ipfs.io/install/).
+
 ## Prerequisites
 
 To use this feature, make sure `ipfs daemon` is running on your host.

go.mod

@@ -106,6 +106,7 @@ require (
 	github.com/jbenet/goprocess v0.1.4 // indirect
 	github.com/klauspost/compress v1.15.1 // indirect
 	github.com/klauspost/cpuid/v2 v2.0.6 // indirect
+	// NOTE: P2P image distribution (IPFS) is completely optional. Your host is NOT connected to any P2P network, unless you opt in to install and run IPFS daemon.
 	github.com/libp2p/go-buffer-pool v0.0.2 // indirect
 	github.com/libp2p/go-libp2p-core v0.8.6 // indirect
 	github.com/libp2p/go-openssl v0.0.7 // indirect