From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 04 16:52:17 2019 Received: (at submit) by debbugs.gnu.org; 4 Jun 2019 20:52:17 +0000 Received: from localhost ([127.0.0.1]:45865 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hYGPp-0005nO-34 for submit@debbugs.gnu.org; Tue, 04 Jun 2019 16:52:17 -0400 Received: from eggs.gnu.org ([209.51.188.92]:55345) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hYGPn-0005nB-55 for submit@debbugs.gnu.org; Tue, 04 Jun 2019 16:52:15 -0400 Received: from lists.gnu.org ([209.51.188.17]:53038) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1hYGPh-0007w2-Ta for submit@debbugs.gnu.org; Tue, 04 Jun 2019 16:52:09 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41485) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hYGPf-0007pu-TV for guix-patches@gnu.org; Tue, 04 Jun 2019 16:52:09 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.5 required=5.0 tests=ALL_TRUSTED,BAYES_05, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:470:142:3::e]:42399) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hYGPf-0007sC-Dq; Tue, 04 Jun 2019 16:52:07 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=53528 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hYGPe-0002Cl-Ky; Tue, 04 Jun 2019 16:52:07 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: guix-patches@gnu.org Subject: [PATCH 0/2] 'guix pack --entry-point' and Singularity service Date: Tue, 4 Jun 2019 22:51:51 +0200 Message-Id: <20190604205151.24258-1-ludo@gnu.org> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, This patch adds a ‘--entry-point’ flag to ‘guix pack’, which I think is long overdue. It also adds a Singularity service whose primary purpose is to allow us to test ‘guix pack -f squashfs’. (It would be nice to have Singularity 3.x for testing purposes.) Thoughts? Ludo’. Ludovic Courtès (2): services: Add Singularity. pack: Add '--entry-point'. doc/guix.texi | 36 +++++++++- gnu/local.mk | 1 + gnu/packages/linux.scm | 10 ++- gnu/services/docker.scm | 53 ++++++++++++++- gnu/tests/docker.scm | 19 ++++-- gnu/tests/singularity.scm | 137 ++++++++++++++++++++++++++++++++++++++ guix/scripts/pack.scm | 41 ++++++++++++ 7 files changed, 285 insertions(+), 12 deletions(-) create mode 100644 gnu/tests/singularity.scm -- 2.21.0 From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 04 17:01:40 2019 Received: (at 36093) by debbugs.gnu.org; 4 Jun 2019 21:01:40 +0000 Received: from localhost ([127.0.0.1]:45876 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hYGYp-00062P-1q for submit@debbugs.gnu.org; Tue, 04 Jun 2019 17:01:39 -0400 Received: from eggs.gnu.org ([209.51.188.92]:57804) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hYGYm-00062B-CY for 36093@debbugs.gnu.org; Tue, 04 Jun 2019 17:01:33 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:42549) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hYGYg-00015H-G1; Tue, 04 Jun 2019 17:01:26 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=53544 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hYGYf-0002hD-W6; Tue, 04 Jun 2019 17:01:26 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 36093@debbugs.gnu.org Subject: [PATCH 1/2] services: Add Singularity. Date: Tue, 4 Jun 2019 23:01:14 +0200 Message-Id: <20190604210115.24477-1-ludo@gnu.org> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 36093 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) From: Ludovic Courtès * gnu/packages/linux.scm (singularity)[source](snippet): Change file name of setuid helpers in libexec/cli/*.exec. [arguments]: Remove "--disable-suid". * gnu/services/docker.scm (%singularity-activation): New variable. (singularity-setuid-programs): New procedure. (singularity-service-type): New variable. * gnu/tests/singularity.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * doc/guix.texi (Miscellaneous Services): Document it. --- doc/guix.texi | 13 +++- gnu/local.mk | 1 + gnu/packages/linux.scm | 10 ++- gnu/services/docker.scm | 53 +++++++++++++++- gnu/tests/singularity.scm | 128 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 200 insertions(+), 5 deletions(-) create mode 100644 gnu/tests/singularity.scm diff --git a/doc/guix.texi b/doc/guix.texi index a8f3a5ad27..2189f297bd 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -24090,7 +24090,7 @@ The following is an example @code{dicod-service} configuration. @cindex Docker @subsubheading Docker Service -The @code{(gnu services docker)} module provides the following service. +The @code{(gnu services docker)} module provides the following services. @defvr {Scheme Variable} docker-service-type @@ -24114,6 +24114,17 @@ The Containerd package to use. @end table @end deftp +@defvr {Scheme Variable} singularity-service-type +This is the type of the service that runs +@url{https://www.sylabs.io/singularity/, Singularity}, a Docker-style tool to +create and run application bundles (aka. ``containers''). The value for this +service is the Singularity package to use. + +The service does not install a daemon; instead, it installs helper programs as +setuid-root (@pxref{Setuid Programs}) such that unprivileged users can invoke +@command{singularity run} and similar commands. +@end defvr + @node Setuid Programs @section Setuid Programs diff --git a/gnu/local.mk b/gnu/local.mk index b0992547b4..251c1eab64 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -586,6 +586,7 @@ GNU_SYSTEM_MODULES = \ %D%/tests/networking.scm \ %D%/tests/rsync.scm \ %D%/tests/security-token.scm \ + %D%/tests/singularity.scm \ %D%/tests/ssh.scm \ %D%/tests/version-control.scm \ %D%/tests/virtualization.scm \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index ef45465288..4997fac181 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -2884,12 +2884,16 @@ thanks to the use of namespaces.") (substitute* "bin/singularity.in" (("^PATH=.*" all) (string-append "#" all "\n"))) + + (substitute* (find-files "libexec/cli" "\\.exec$") + (("\\$SINGULARITY_libexecdir/singularity/bin/([a-z]+)-suid" + _ program) + (string-append "/run/setuid-programs/singularity-" + program "-helper"))) #t)))) (build-system gnu-build-system) (arguments - `(#:configure-flags - (list "--disable-suid" - "--localstatedir=/var") + `(#:configure-flags '("--localstatedir=/var") #:phases (modify-phases %standard-phases (add-after 'unpack 'patch-reference-to-squashfs-tools diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index 94a04c8996..b245513913 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -24,12 +24,14 @@ #:use-module (gnu services shepherd) #:use-module (gnu system shadow) #:use-module (gnu packages docker) + #:use-module (gnu packages linux) ;singularity #:use-module (guix records) #:use-module (guix gexp) #:use-module (guix packages) #:export (docker-configuration - docker-service-type)) + docker-service-type + singularity-service-type)) ;;; We're not using serialize-configuration, but we must define this because ;;; the define-configuration macro validates it exists. @@ -120,3 +122,52 @@ bundles in Docker containers.") (service-extension account-service-type (const %docker-accounts)))) (default-value (docker-configuration)))) + + +;;; +;;; Singularity. +;;; + +(define %singularity-activation + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + + ;; Create the directories that Singularity 2.6 expects to find. + (for-each (lambda (directory) + (mkdir-p (string-append "/var/singularity/mnt/" + directory))) + '("container" "final" "overlay" "session"))))) + +(define (singularity-setuid-programs singularity) + "Return the setuid-root programs that SINGULARITY needs." + (define helpers + ;; The helpers, under a meaningful name. + (computed-file "singularity-setuid-helpers" + #~(begin + (mkdir #$output) + (for-each (lambda (program) + (symlink (string-append #$singularity + "/libexec/singularity" + "/bin/" + program "-suid") + (string-append #$output + "/singularity-" + program + "-helper"))) + '("action" "mount" "start"))))) + + (list (file-append helpers "/singularity-action-helper") + (file-append helpers "/singularity-mount-helper") + (file-append helpers "/singularity-start-helper"))) + +(define singularity-service-type + (service-type (name 'singularity) + (description + "Install the Singularity application bundle tool.") + (extensions + (list (service-extension setuid-program-service-type + singularity-setuid-programs) + (service-extension activation-service-type + (const %singularity-activation)))) + (default-value singularity))) diff --git a/gnu/tests/singularity.scm b/gnu/tests/singularity.scm new file mode 100644 index 0000000000..55324ef9ea --- /dev/null +++ b/gnu/tests/singularity.scm @@ -0,0 +1,128 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2019 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu tests singularity) + #:use-module (gnu tests) + #:use-module (gnu system) + #:use-module (gnu system vm) + #:use-module (gnu system shadow) + #:use-module (gnu services) + #:use-module (gnu services docker) + #:use-module (gnu packages bash) + #:use-module (gnu packages guile) + #:use-module (gnu packages linux) ;singularity + #:use-module (guix gexp) + #:use-module (guix store) + #:use-module (guix grafts) + #:use-module (guix monads) + #:use-module (guix packages) + #:use-module (guix profiles) + #:use-module (guix scripts pack) + #:export (%test-singularity)) + +(define %singularity-os + (simple-operating-system + (service singularity-service-type) + (simple-service 'guest-account + account-service-type + (list (user-account (name "guest") (uid 1000) (group "guest")) + (user-group (name "guest") (id 1000)))))) + +(define (run-singularity-test image) + "Load IMAGE, a Squashfs image, as a Singularity image and run it inside +%SINGULARITY-OS." + (define os + (marionette-operating-system %singularity-os)) + + (define singularity-exec + #~(begin + (use-modules (ice-9 popen) (rnrs io ports)) + + (let* ((pipe (open-pipe* OPEN_READ + #$(file-append singularity + "/bin/singularity") + "exec" #$image "/bin/guile" + "-c" "(display \"hello, world\")")) + (str (get-string-all pipe)) + (status (close-pipe pipe))) + (and (zero? status) + (string=? str "hello, world"))))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-11) (srfi srfi-64) + (gnu build marionette)) + + (define marionette + (make-marionette (list #$(virtual-machine os)))) + + (mkdir #$output) + (chdir #$output) + + (test-begin "singularity") + + (test-assert "singularity exec /bin/guile (as root)" + (marionette-eval '#$singularity-exec + marionette)) + + (test-equal "singularity exec /bin/guile (unprivileged)" + 0 + (marionette-eval + `(begin + (use-modules (ice-9 match)) + + (match (primitive-fork) + (0 + (dynamic-wind + (const #f) + (lambda () + (setgid 1000) + (setuid 1000) + (execl #$(program-file "singularity-exec-test" + #~(exit #$singularity-exec)) + "test")) + (lambda () + (primitive-exit 127)))) + (pid + (cdr (waitpid pid))))) + marionette)) + + (test-end) + (exit (= (test-runner-fail-count (test-runner-current)) 0))))) + + (gexp->derivation "singularity-test" test)) + +(define (build-tarball&run-singularity-test) + (mlet* %store-monad + ((_ (set-grafting #f)) + (guile (set-guile-for-build (default-guile))) + ;; 'singularity exec' insists on having /bin/sh in the image. + (profile (profile-derivation (packages->manifest + (list bash-minimal guile-2.2)) + #:hooks '() + #:locales? #f)) + (tarball (squashfs-image "singularity-pack" profile + #:symlinks '(("/bin" -> "bin"))))) + (run-singularity-test tarball))) + +(define %test-singularity + (system-test + (name "singularity") + (description "Test Singularity container of Guix.") + (value (build-tarball&run-singularity-test)))) -- 2.21.0 From debbugs-submit-bounces@debbugs.gnu.org Tue Jun 04 17:01:41 2019 Received: (at 36093) by debbugs.gnu.org; 4 Jun 2019 21:01:41 +0000 Received: from localhost ([127.0.0.1]:45879 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hYGYu-00062d-S1 for submit@debbugs.gnu.org; Tue, 04 Jun 2019 17:01:41 -0400 Received: from eggs.gnu.org ([209.51.188.92]:57811) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hYGYp-00062F-UR for 36093@debbugs.gnu.org; Tue, 04 Jun 2019 17:01:36 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:42550) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hYGYk-0001DX-Ng; Tue, 04 Jun 2019 17:01:30 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=53544 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hYGYk-0002hD-7J; Tue, 04 Jun 2019 17:01:30 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 36093@debbugs.gnu.org Subject: [PATCH 2/2] pack: Add '--entry-point'. Date: Tue, 4 Jun 2019 23:01:15 +0200 Message-Id: <20190604210115.24477-2-ludo@gnu.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190604210115.24477-1-ludo@gnu.org> References: <20190604210115.24477-1-ludo@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 36093 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) From: Ludovic Courtès * guix/scripts/pack.scm (self-contained-tarball): Add #:entry-point and warn when it's true. (squashfs-image): Add #:entry-point and honor it. (docker-image): Add #:entry-point and honor it. (%options, show-help): Add '--entry-point'. (guix-pack): Honor '--entry-point' and pass #:entry-point to BUILD-IMAGE. * gnu/tests/docker.scm (run-docker-test): Test 'docker run' with the default entry point. (build-tarball&run-docker-test): Pass #:entry-point to 'docker-image'. * doc/guix.texi (Invoking guix pack): Document it. * gnu/tests/singularity.scm (run-singularity-test)["singularity run"]: New test. (build-tarball&run-singularity-test): Pass #:entry-point to 'squashfs-image'. --- doc/guix.texi | 23 ++++++++++++++++++++++ gnu/tests/docker.scm | 19 +++++++++++------- gnu/tests/singularity.scm | 9 +++++++++ guix/scripts/pack.scm | 41 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 85 insertions(+), 7 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 2189f297bd..37af0ebd83 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -4866,6 +4866,29 @@ advantage to work without requiring special kernel support, but it incurs run-time overhead every time a system call is made. @end quotation +@cindex entry point, for Docker images +@item --entry-point=@var{command} +Use @var{command} as the @dfn{entry point} of the resulting pack, if the pack +format supports it---currently @code{docker} and @code{squashfs} (Singularity) +support it. @var{command} must be relative to the profile contained in the +pack. + +The entry point specifies the command that tools like @code{docker run} or +@code{singularity run} automatically start by default. For example, you can +do: + +@example +guix pack -f docker --entry-point=bin/guile guile +@end example + +The resulting pack can easily be loaded and @code{docker run} with no extra +arguments will spawn @code{bin/guile}: + +@example +docker load -i pack.tar.gz +docker run @var{image-id} +@end example + @item --expression=@var{expr} @itemx -e @var{expr} Consider the package @var{expr} evaluates to. diff --git a/gnu/tests/docker.scm b/gnu/tests/docker.scm index 3cd3a27884..f2674cdbe8 100644 --- a/gnu/tests/docker.scm +++ b/gnu/tests/docker.scm @@ -101,7 +101,7 @@ inside %DOCKER-OS." marionette)) (test-equal "Load docker image and run it" - "hello world" + '("hello world" "hi!") (marionette-eval `(begin (define slurp @@ -117,12 +117,16 @@ inside %DOCKER-OS." (repository&tag (string-drop raw-line (string-length "Loaded image: "))) - (response (slurp - ,(string-append #$docker-cli "/bin/docker") - "run" "--entrypoint" "bin/Guile" - repository&tag - "/aa.scm"))) - response)) + (response1 (slurp + ,(string-append #$docker-cli "/bin/docker") + "run" "--entrypoint" "bin/Guile" + repository&tag + "/aa.scm")) + (response2 (slurp ;default entry point + ,(string-append #$docker-cli "/bin/docker") + "run" repository&tag + "-c" "(display \"hi!\")"))) + (list response1 response2))) marionette)) (test-end) @@ -161,6 +165,7 @@ standard output device and then enters a new line.") (tarball (docker-image "docker-pack" profile #:symlinks '(("/bin/Guile" -> "bin/guile") ("aa.scm" -> "a.scm")) + #:entry-point "bin/guile" #:localstatedir? #t))) (run-docker-test tarball))) diff --git a/gnu/tests/singularity.scm b/gnu/tests/singularity.scm index 55324ef9ea..668043a0bc 100644 --- a/gnu/tests/singularity.scm +++ b/gnu/tests/singularity.scm @@ -103,6 +103,14 @@ (cdr (waitpid pid))))) marionette)) + (test-equal "singularity run" ;test the entry point + 42 + (marionette-eval + `(status:exit-val + (system* #$(file-append singularity "/bin/singularity") + "run" #$image "-c" "(exit 42)")) + marionette)) + (test-end) (exit (= (test-runner-fail-count (test-runner-current)) 0))))) @@ -118,6 +126,7 @@ #:hooks '() #:locales? #f)) (tarball (squashfs-image "singularity-pack" profile + #:entry-point "bin/guile" #:symlinks '(("/bin" -> "bin"))))) (run-singularity-test tarball))) diff --git a/guix/scripts/pack.scm b/guix/scripts/pack.scm index c17b374330..5da23e038b 100644 --- a/guix/scripts/pack.scm +++ b/guix/scripts/pack.scm @@ -152,6 +152,7 @@ dependencies are registered." #:key target (profile-name "guix-profile") deduplicate? + entry-point (compressor (first %compressors)) localstatedir? (symlinks '()) @@ -275,6 +276,10 @@ added to the pack." (_ #f)) directives))))))))) + (when entry-point + (warning (G_ "entry point not supported in the '~a' format~%") + 'tarball)) + (gexp->derivation (string-append name ".tar" (compressor-extension compressor)) build @@ -284,6 +289,7 @@ added to the pack." #:key target (profile-name "guix-profile") (compressor (first %compressors)) + entry-point localstatedir? (symlinks '()) (archiver squashfs-tools-next)) @@ -315,6 +321,7 @@ added to the pack." (ice-9 match)) (define database #+database) + (define entry-point #$entry-point) (setenv "PATH" (string-append #$archiver "/bin")) @@ -371,6 +378,28 @@ added to the pack." target))))))) '#$symlinks) + ;; Create /.singularity.d/actions, and optionally the 'run' + ;; script, used by 'singularity run'. + "-p" "/.singularity.d d 555 0 0" + "-p" "/.singularity.d/actions d 555 0 0" + ,@(if entry-point + `(;; This one if for Singularity 2.x. + "-p" + ,(string-append + "/.singularity.d/actions/run s 777 0 0 " + (relative-file-name "/.singularity.d/actions" + (string-append #$profile "/" + entry-point))) + + ;; This one is for Singularity 3.x. + "-p" + ,(string-append + "/.singularity.d/runscript s 777 0 0 " + (relative-file-name "/.singularity.d" + (string-append #$profile "/" + entry-point)))) + '()) + ;; Create empty mount points. "-p" "/proc d 555 0 0" "-p" "/sys d 555 0 0" @@ -392,6 +421,7 @@ added to the pack." #:key target (profile-name "guix-profile") (compressor (first %compressors)) + entry-point localstatedir? (symlinks '()) (archiver tar)) @@ -425,6 +455,8 @@ the image." #$profile #:database #+database #:system (or #$target (utsname:machine (uname))) + #:entry-point (string-append #$profile "/" + #$entry-point) #:symlinks '#$symlinks #:compressor '#$(compressor-command compressor) #:creation-time (make-time time-utc 0 1)))))) @@ -689,6 +721,9 @@ please email '~a'~%") (lambda (opt name arg result) (alist-cons 'system arg (alist-delete 'system result eq?)))) + (option '("entry-point") #t #f + (lambda (opt name arg result) + (alist-cons 'entry-point arg result))) (option '("target") #t #f (lambda (opt name arg result) (alist-cons 'target arg @@ -765,6 +800,9 @@ Create a bundle of PACKAGE.\n")) -S, --symlink=SPEC create symlinks to the profile according to SPEC")) (display (G_ " -m, --manifest=FILE create a pack with the manifest from FILE")) + (display (G_ " + --entry-point=PROGRAM + use PROGRAM as the entry point of the pack")) (display (G_ " --save-provenance save provenance information")) (display (G_ " @@ -889,6 +927,7 @@ Create a bundle of PACKAGE.\n")) (leave (G_ "~a: unknown pack format~%") pack-format)))) (localstatedir? (assoc-ref opts 'localstatedir?)) + (entry-point (assoc-ref opts 'entry-point)) (profile-name (assoc-ref opts 'profile-name)) (gc-root (assoc-ref opts 'gc-root))) (when (null? (manifest-entries manifest)) @@ -919,6 +958,8 @@ Create a bundle of PACKAGE.\n")) symlinks #:localstatedir? localstatedir? + #:entry-point + entry-point #:profile-name profile-name #:archiver -- 2.21.0 From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 05 11:02:25 2019 Received: (at 36093) by debbugs.gnu.org; 5 Jun 2019 15:02:25 +0000 Received: from localhost ([127.0.0.1]:47851 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hYXQn-00035z-Al for submit@debbugs.gnu.org; Wed, 05 Jun 2019 11:02:25 -0400 Received: from dd26836.kasserver.com ([85.13.145.193]:52752) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hYXQl-00035q-7R for 36093@debbugs.gnu.org; Wed, 05 Jun 2019 11:02:23 -0400 Received: from localhost (77.117.225.172.wireless.dyn.drei.com [77.117.225.172]) by dd26836.kasserver.com (Postfix) with ESMTPSA id 4EC643360AA7; Wed, 5 Jun 2019 17:02:21 +0200 (CEST) Date: Wed, 5 Jun 2019 17:02:17 +0200 From: Danny Milosavljevic To: Ludovic =?ISO-8859-1?Q?Court=E8s?= Subject: Re: [bug#36093] [PATCH 1/2] services: Add Singularity. Message-ID: <20190605170217.4e4c7fed@scratchpost.org> In-Reply-To: <20190604210115.24477-1-ludo@gnu.org> References: <20190604205151.24258-1-ludo@gnu.org> <20190604210115.24477-1-ludo@gnu.org> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/vs=boL_X2E7Il8OfbPbQ6PO"; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 36093 Cc: Ludovic =?ISO-8859-1?Q?Court=E8s?= , 36093@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --Sig_/vs=boL_X2E7Il8OfbPbQ6PO Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Ludo, On Tue, 4 Jun 2019 23:01:14 +0200 Ludovic Court=C3=A8s wrote: > +@defvr {Scheme Variable} singularity-service-type > +This is the type of the service that runs > +@url{https://www.sylabs.io/singularity/, Singularity},=20 Does it? Doesn't it just "allow you to invoke"? > + (substitute* (find-files "libexec/cli" "\\.exec$") > + (("\\$SINGULARITY_libexecdir/singularity/bin/([a-z]+= )-suid" > + _ program) > + (string-append "/run/setuid-programs/singularity-" > + program "-helper"))) Is absolute path OK? There have been some efforts to get guix to relocate = in the past. Does this apply here? > + ;; Create the directories that Singularity 2.6 expects to find. > + (for-each (lambda (directory) > + (mkdir-p (string-append "/var/singularity/mnt/" > + directory))) > + '("container" "final" "overlay" "session"))))) Are permissions OK? LGTM! --Sig_/vs=boL_X2E7Il8OfbPbQ6PO Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAlz32XoACgkQ5xo1VCww uqU02Qf/blTfTCpN5qNeAXmPudiVAtFjlLRStYw8GwPs7PhDuJM9i4o8C4jSRbPg qKQ9jGMQtb1Od6zhFwJ/48AykSpQ8F+hul+iz1nC4TUYyCj3n3IfmR/7f9XefzSL JiwPo7HKmoWJy4+WYMWqMpOoOa5wPjPPLgmOiQ/nTEzzgKYUj53ImScb/mg64Ntw xF46mLK+yeXOEQIRHkpxTvB44kc0RcA5eWt9EMAD07c5m3zML121daR2X5pORr0I W589gtSsN1k+2ZgNsY2pEPJPbTw4GovyvocNrC4UT1yaDsxk2dr9JchqwqNYGrmY dIQiODxBmugPnsGs48Ou9ImQuaumGA== =IoQc -----END PGP SIGNATURE----- --Sig_/vs=boL_X2E7Il8OfbPbQ6PO-- From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 05 11:06:57 2019 Received: (at 36093) by debbugs.gnu.org; 5 Jun 2019 15:06:57 +0000 Received: from localhost ([127.0.0.1]:47862 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hYXVB-0003Ci-16 for submit@debbugs.gnu.org; Wed, 05 Jun 2019 11:06:57 -0400 Received: from dd26836.kasserver.com ([85.13.145.193]:53152) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hYXVA-0003Cb-0l for 36093@debbugs.gnu.org; Wed, 05 Jun 2019 11:06:56 -0400 Received: from localhost (77.117.225.172.wireless.dyn.drei.com [77.117.225.172]) by dd26836.kasserver.com (Postfix) with ESMTPSA id 9D2D43360AA7; Wed, 5 Jun 2019 17:06:54 +0200 (CEST) Date: Wed, 5 Jun 2019 17:06:53 +0200 From: Danny Milosavljevic To: Ludovic =?ISO-8859-1?Q?Court=E8s?= Subject: Re: [bug#36093] [PATCH 2/2] pack: Add '--entry-point'. Message-ID: <20190605170653.5be950ca@scratchpost.org> In-Reply-To: <20190604210115.24477-2-ludo@gnu.org> References: <20190604210115.24477-1-ludo@gnu.org> <20190604210115.24477-2-ludo@gnu.org> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/i5.N8esC/3Uh312koL3zX/0"; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 36093 Cc: Ludovic =?ISO-8859-1?Q?Court=E8s?= , 36093@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --Sig_/i5.N8esC/3Uh312koL3zX/0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi Ludo, On Tue, 4 Jun 2019 23:01:15 +0200 Ludovic Court=C3=A8s wrote: > + ,@(if entry-point > + `(;; This one if for Singularity 2.x. > + "-p" > + ,(string-append > + "/.singularity.d/actions/run s 777 0 0 " > + (relative-file-name "/.singularity.d/action= s" > + (string-append #$profil= e "/" > + entry-po= int))) > + > + ;; This one is for Singularity 3.x. > + "-p" > + ,(string-append > + "/.singularity.d/runscript s 777 0 0 " > + (relative-file-name "/.singularity.d" > + (string-append #$profil= e "/" > + entry-po= int)))) Hmm, 777 (anyone can write)? It it necessary? Also, in general, do we conflate "squashfs" and "singularity"? It has been that way in guix/scripts/pack.scm's squashfs-image before this patch already and a few extra files can't hurt, but we could also just provide a function "singularity-image" or something. LGTM! --Sig_/i5.N8esC/3Uh312koL3zX/0 Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAlz32o0ACgkQ5xo1VCww uqUo7Qf/ccYCgRIV2Js+8jUqQpI2nPd3GwaD4ELnrF2EbmbIyaTsmMksozmt4jUs AkDXHiaNk4xwh85fpaOEuOa9z0PcTreFrdJNNmjiFhHFSOcKUFjWIaNgA2mvIBQl Nl2PMFmtAbBRc+MC5pkHZzgSyi4nIMSWgLz64xi9j08TzVRo8EDvtWyI75nmMF2O lExjUXyXR7wRVEylO2pODFKmgJ5mjifLVoaHUcA3SxHK3jLGZJ0hNDKIlo+cHf8K 1znJPDxstKLo3eCBflvVC3KmqFxJisehapEa7kISGqeyhVc9LwsUDt9gp+zHzZ34 ajiK0Jt8r2YMmf9ByTMX3bpTCie9Rw== =9XSL -----END PGP SIGNATURE----- --Sig_/i5.N8esC/3Uh312koL3zX/0-- From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 05 16:24:19 2019 Received: (at 36093) by debbugs.gnu.org; 5 Jun 2019 20:24:20 +0000 Received: from localhost ([127.0.0.1]:48255 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hYcSJ-0005Bi-In for submit@debbugs.gnu.org; Wed, 05 Jun 2019 16:24:19 -0400 Received: from eggs.gnu.org ([209.51.188.92]:53006) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hYcSI-0005BY-2z for 36093@debbugs.gnu.org; Wed, 05 Jun 2019 16:24:18 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60780) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hYcS9-00048L-54; Wed, 05 Jun 2019 16:24:10 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59286 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hYcS7-00042v-P4; Wed, 05 Jun 2019 16:24:09 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Danny Milosavljevic Subject: Re: [bug#36093] [PATCH 1/2] services: Add Singularity. References: <20190604205151.24258-1-ludo@gnu.org> <20190604210115.24477-1-ludo@gnu.org> <20190605170217.4e4c7fed@scratchpost.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 17 Prairial an 227 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 05 Jun 2019 22:24:05 +0200 In-Reply-To: <20190605170217.4e4c7fed@scratchpost.org> (Danny Milosavljevic's message of "Wed, 5 Jun 2019 17:02:17 +0200") Message-ID: <87v9xjye56.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 36093 Cc: 36093@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Danny, Danny Milosavljevic skribis: > On Tue, 4 Jun 2019 23:01:14 +0200 > Ludovic Court=C3=A8s wrote: > >> +@defvr {Scheme Variable} singularity-service-type >> +This is the type of the service that runs >> +@url{https://www.sylabs.io/singularity/, Singularity},=20 > > Does it? > Doesn't it just "allow you to invoke"? Yes, you=E2=80=99re right. I=E2=80=99ll reword as you suggest. >> + (substitute* (find-files "libexec/cli" "\\.exec$") >> + (("\\$SINGULARITY_libexecdir/singularity/bin/([a-z]= +)-suid" >> + _ program) >> + (string-append "/run/setuid-programs/singularity-" >> + program "-helper"))) > > Is absolute path OK? There have been some efforts to get guix to relocat= e in > the past. Does this apply here? I think it=E2=80=99s OK: those setuid helpers can only be used on Guix Syst= em, not on a foreign distro, and it goes hand-in-hand with =E2=80=98singularity-service-type=E2=80=99. >> + ;; Create the directories that Singularity 2.6 expects to find. >> + (for-each (lambda (directory) >> + (mkdir-p (string-append "/var/singularity/mnt/" >> + directory))) >> + '("container" "final" "overlay" "session"))))) > > Are permissions OK? They=E2=80=99re good enough for the test, but perhaps it should be #o700. I=E2=80=99ll check if it works like that. There=E2=80=99s been a nice CVE for Singularity 3.x in this area recently: https://nvd.nist.gov/vuln/detail/CVE-2019-11328 It=E2=80=99s not directly applicable here but there could be similar issues. Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Jun 05 16:27:44 2019 Received: (at 36093) by debbugs.gnu.org; 5 Jun 2019 20:27:44 +0000 Received: from localhost ([127.0.0.1]:48262 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hYcVc-0005GO-Ca for submit@debbugs.gnu.org; Wed, 05 Jun 2019 16:27:44 -0400 Received: from eggs.gnu.org ([209.51.188.92]:53592) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hYcVa-0005GC-B7 for 36093@debbugs.gnu.org; Wed, 05 Jun 2019 16:27:42 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60822) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hYcVP-0007zo-SA; Wed, 05 Jun 2019 16:27:32 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=59302 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hYcVN-0004RQ-S9; Wed, 05 Jun 2019 16:27:31 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Danny Milosavljevic Subject: Re: [bug#36093] [PATCH 2/2] pack: Add '--entry-point'. References: <20190604210115.24477-1-ludo@gnu.org> <20190604210115.24477-2-ludo@gnu.org> <20190605170653.5be950ca@scratchpost.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 17 Prairial an 227 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 05 Jun 2019 22:27:27 +0200 In-Reply-To: <20190605170653.5be950ca@scratchpost.org> (Danny Milosavljevic's message of "Wed, 5 Jun 2019 17:06:53 +0200") Message-ID: <87blzbydzk.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 36093 Cc: Ricardo Wurmus , 36093@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, Danny Milosavljevic skribis: > On Tue, 4 Jun 2019 23:01:15 +0200 > Ludovic Court=C3=A8s wrote: >> + ,@(if entry-point >> + `(;; This one if for Singularity 2.x. >> + "-p" >> + ,(string-append >> + "/.singularity.d/actions/run s 777 0 0 " >> + (relative-file-name "/.singularity.d/actio= ns" >> + (string-append #$profi= le "/" >> + entry-p= oint))) >> + >> + ;; This one is for Singularity 3.x. >> + "-p" >> + ,(string-append >> + "/.singularity.d/runscript s 777 0 0 " >> + (relative-file-name "/.singularity.d" >> + (string-append #$profi= le "/" >> + entry-p= oint)))) > > Hmm, 777 (anyone can write)? It it necessary? For a symlink it doesn=E2=80=99t matter, AIUI. > Also, in general, do we conflate "squashfs" and "singularity"? It has be= en > that way in guix/scripts/pack.scm's squashfs-image before this patch alre= ady > and a few extra files can't hurt, but we could also just provide a > function "singularity-image" or something. Yes, we do conflate Singularity and Squashfs, but I think there=E2=80=99s no other =E2=80=9Ccontainer tool=E2=80=9D that uses Squashfs anyway. We could rename it to =E2=80=9Csingularity=E2=80=9D, but it turns out Singu= larity 3.x has its own image format unimaginatively called SIF, so perhaps we=E2=80=99= re better off with the status quo. Thoughts? Ricardo? Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 06 07:03:27 2019 Received: (at 36093) by debbugs.gnu.org; 6 Jun 2019 11:03:27 +0000 Received: from localhost ([127.0.0.1]:49083 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hYqB1-00035v-12 for submit@debbugs.gnu.org; Thu, 06 Jun 2019 07:03:27 -0400 Received: from eggs.gnu.org ([209.51.188.92]:44765) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hYqAz-00035c-Et for 36093@debbugs.gnu.org; Thu, 06 Jun 2019 07:03:22 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:43076) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hYqAt-00052l-Ds; Thu, 06 Jun 2019 07:03:15 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=43662 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hYqAs-0006a8-F6; Thu, 06 Jun 2019 07:03:15 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 36093@debbugs.gnu.org Subject: [PATCH v2 1/2] services: Add Singularity. Date: Thu, 6 Jun 2019 13:03:05 +0200 Message-Id: <20190606110306.9831-1-ludo@gnu.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <87blzbydzk.fsf@gnu.org> References: <87blzbydzk.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 36093 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) From: Ludovic Courtès * gnu/packages/linux.scm (singularity)[source](snippet): Change file name of setuid helpers in libexec/cli/*.exec. [arguments]: Remove "--disable-suid". * gnu/services/docker.scm (%singularity-activation): New variable. (singularity-setuid-programs): New procedure. (singularity-service-type): New variable. * gnu/tests/singularity.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES): Add it. * doc/guix.texi (Miscellaneous Services): Document it. --- doc/guix.texi | 13 +++- gnu/local.mk | 1 + gnu/packages/linux.scm | 10 ++- gnu/services/docker.scm | 61 +++++++++++++++++- gnu/tests/singularity.scm | 128 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 208 insertions(+), 5 deletions(-) create mode 100644 gnu/tests/singularity.scm diff --git a/doc/guix.texi b/doc/guix.texi index 996255d9dc..c89df4ade3 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -24090,7 +24090,7 @@ The following is an example @code{dicod-service} configuration. @cindex Docker @subsubheading Docker Service -The @code{(gnu services docker)} module provides the following service. +The @code{(gnu services docker)} module provides the following services. @defvr {Scheme Variable} docker-service-type @@ -24114,6 +24114,17 @@ The Containerd package to use. @end table @end deftp +@defvr {Scheme Variable} singularity-service-type +This is the type of the service that allows you to run +@url{https://www.sylabs.io/singularity/, Singularity}, a Docker-style tool to +create and run application bundles (aka. ``containers''). The value for this +service is the Singularity package to use. + +The service does not install a daemon; instead, it installs helper programs as +setuid-root (@pxref{Setuid Programs}) such that unprivileged users can invoke +@command{singularity run} and similar commands. +@end defvr + @node Setuid Programs @section Setuid Programs diff --git a/gnu/local.mk b/gnu/local.mk index 6878aef44a..c61ccff5e8 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -586,6 +586,7 @@ GNU_SYSTEM_MODULES = \ %D%/tests/networking.scm \ %D%/tests/rsync.scm \ %D%/tests/security-token.scm \ + %D%/tests/singularity.scm \ %D%/tests/ssh.scm \ %D%/tests/version-control.scm \ %D%/tests/virtualization.scm \ diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index ffc5e9736e..e3cf2d729c 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -2884,12 +2884,16 @@ thanks to the use of namespaces.") (substitute* "bin/singularity.in" (("^PATH=.*" all) (string-append "#" all "\n"))) + + (substitute* (find-files "libexec/cli" "\\.exec$") + (("\\$SINGULARITY_libexecdir/singularity/bin/([a-z]+)-suid" + _ program) + (string-append "/run/setuid-programs/singularity-" + program "-helper"))) #t)))) (build-system gnu-build-system) (arguments - `(#:configure-flags - (list "--disable-suid" - "--localstatedir=/var") + `(#:configure-flags '("--localstatedir=/var") #:phases (modify-phases %standard-phases (add-after 'unpack 'patch-reference-to-squashfs-tools diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index 94a04c8996..04f9127346 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -24,12 +24,14 @@ #:use-module (gnu services shepherd) #:use-module (gnu system shadow) #:use-module (gnu packages docker) + #:use-module (gnu packages linux) ;singularity #:use-module (guix records) #:use-module (guix gexp) #:use-module (guix packages) #:export (docker-configuration - docker-service-type)) + docker-service-type + singularity-service-type)) ;;; We're not using serialize-configuration, but we must define this because ;;; the define-configuration macro validates it exists. @@ -120,3 +122,60 @@ bundles in Docker containers.") (service-extension account-service-type (const %docker-accounts)))) (default-value (docker-configuration)))) + + +;;; +;;; Singularity. +;;; + +(define %singularity-activation + (with-imported-modules '((guix build utils)) + #~(begin + (use-modules (guix build utils)) + + (define %mount-directory + "/var/singularity/mnt/") + + ;; Create the directories that Singularity 2.6 expects to find. Make + ;; them #o755 like the 'install-data-hook' rule in 'Makefile.am' of + ;; Singularity 2.6.1. + (for-each (lambda (directory) + (let ((directory (string-append %mount-directory + directory))) + (mkdir-p directory) + (chmod directory #o755))) + '("container" "final" "overlay" "session")) + (chmod %mount-directory #o755)))) + +(define (singularity-setuid-programs singularity) + "Return the setuid-root programs that SINGULARITY needs." + (define helpers + ;; The helpers, under a meaningful name. + (computed-file "singularity-setuid-helpers" + #~(begin + (mkdir #$output) + (for-each (lambda (program) + (symlink (string-append #$singularity + "/libexec/singularity" + "/bin/" + program "-suid") + (string-append #$output + "/singularity-" + program + "-helper"))) + '("action" "mount" "start"))))) + + (list (file-append helpers "/singularity-action-helper") + (file-append helpers "/singularity-mount-helper") + (file-append helpers "/singularity-start-helper"))) + +(define singularity-service-type + (service-type (name 'singularity) + (description + "Install the Singularity application bundle tool.") + (extensions + (list (service-extension setuid-program-service-type + singularity-setuid-programs) + (service-extension activation-service-type + (const %singularity-activation)))) + (default-value singularity))) diff --git a/gnu/tests/singularity.scm b/gnu/tests/singularity.scm new file mode 100644 index 0000000000..55324ef9ea --- /dev/null +++ b/gnu/tests/singularity.scm @@ -0,0 +1,128 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2019 Ludovic Courtès +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu tests singularity) + #:use-module (gnu tests) + #:use-module (gnu system) + #:use-module (gnu system vm) + #:use-module (gnu system shadow) + #:use-module (gnu services) + #:use-module (gnu services docker) + #:use-module (gnu packages bash) + #:use-module (gnu packages guile) + #:use-module (gnu packages linux) ;singularity + #:use-module (guix gexp) + #:use-module (guix store) + #:use-module (guix grafts) + #:use-module (guix monads) + #:use-module (guix packages) + #:use-module (guix profiles) + #:use-module (guix scripts pack) + #:export (%test-singularity)) + +(define %singularity-os + (simple-operating-system + (service singularity-service-type) + (simple-service 'guest-account + account-service-type + (list (user-account (name "guest") (uid 1000) (group "guest")) + (user-group (name "guest") (id 1000)))))) + +(define (run-singularity-test image) + "Load IMAGE, a Squashfs image, as a Singularity image and run it inside +%SINGULARITY-OS." + (define os + (marionette-operating-system %singularity-os)) + + (define singularity-exec + #~(begin + (use-modules (ice-9 popen) (rnrs io ports)) + + (let* ((pipe (open-pipe* OPEN_READ + #$(file-append singularity + "/bin/singularity") + "exec" #$image "/bin/guile" + "-c" "(display \"hello, world\")")) + (str (get-string-all pipe)) + (status (close-pipe pipe))) + (and (zero? status) + (string=? str "hello, world"))))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-11) (srfi srfi-64) + (gnu build marionette)) + + (define marionette + (make-marionette (list #$(virtual-machine os)))) + + (mkdir #$output) + (chdir #$output) + + (test-begin "singularity") + + (test-assert "singularity exec /bin/guile (as root)" + (marionette-eval '#$singularity-exec + marionette)) + + (test-equal "singularity exec /bin/guile (unprivileged)" + 0 + (marionette-eval + `(begin + (use-modules (ice-9 match)) + + (match (primitive-fork) + (0 + (dynamic-wind + (const #f) + (lambda () + (setgid 1000) + (setuid 1000) + (execl #$(program-file "singularity-exec-test" + #~(exit #$singularity-exec)) + "test")) + (lambda () + (primitive-exit 127)))) + (pid + (cdr (waitpid pid))))) + marionette)) + + (test-end) + (exit (= (test-runner-fail-count (test-runner-current)) 0))))) + + (gexp->derivation "singularity-test" test)) + +(define (build-tarball&run-singularity-test) + (mlet* %store-monad + ((_ (set-grafting #f)) + (guile (set-guile-for-build (default-guile))) + ;; 'singularity exec' insists on having /bin/sh in the image. + (profile (profile-derivation (packages->manifest + (list bash-minimal guile-2.2)) + #:hooks '() + #:locales? #f)) + (tarball (squashfs-image "singularity-pack" profile + #:symlinks '(("/bin" -> "bin"))))) + (run-singularity-test tarball))) + +(define %test-singularity + (system-test + (name "singularity") + (description "Test Singularity container of Guix.") + (value (build-tarball&run-singularity-test)))) -- 2.21.0 From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 06 07:03:27 2019 Received: (at 36093) by debbugs.gnu.org; 6 Jun 2019 11:03:28 +0000 Received: from localhost ([127.0.0.1]:49085 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hYqB5-000361-CE for submit@debbugs.gnu.org; Thu, 06 Jun 2019 07:03:27 -0400 Received: from eggs.gnu.org ([209.51.188.92]:44768) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hYqAz-00035e-SS for 36093@debbugs.gnu.org; Thu, 06 Jun 2019 07:03:22 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:43077) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hYqAu-00054J-Nb; Thu, 06 Jun 2019 07:03:16 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=43662 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hYqAt-0006a8-PC; Thu, 06 Jun 2019 07:03:16 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 36093@debbugs.gnu.org Subject: [PATCH v2 2/2] pack: Add '--entry-point'. Date: Thu, 6 Jun 2019 13:03:06 +0200 Message-Id: <20190606110306.9831-2-ludo@gnu.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190606110306.9831-1-ludo@gnu.org> References: <87blzbydzk.fsf@gnu.org> <20190606110306.9831-1-ludo@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 36093 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) From: Ludovic Courtès * guix/scripts/pack.scm (self-contained-tarball): Add #:entry-point and warn when it's true. (squashfs-image): Add #:entry-point and honor it. (docker-image): Add #:entry-point and honor it. (%options, show-help): Add '--entry-point'. (guix-pack): Honor '--entry-point' and pass #:entry-point to BUILD-IMAGE. * gnu/tests/docker.scm (run-docker-test): Test 'docker run' with the default entry point. (build-tarball&run-docker-test): Pass #:entry-point to 'docker-image'. * doc/guix.texi (Invoking guix pack): Document it. * gnu/tests/singularity.scm (run-singularity-test)["singularity run"]: New test. (build-tarball&run-singularity-test): Pass #:entry-point to 'squashfs-image'. --- doc/guix.texi | 23 ++++++++++++++++++++++ gnu/tests/docker.scm | 19 +++++++++++------- gnu/tests/singularity.scm | 9 +++++++++ guix/scripts/pack.scm | 41 +++++++++++++++++++++++++++++++++++++++ 4 files changed, 85 insertions(+), 7 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index c89df4ade3..6851b911c0 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -4866,6 +4866,29 @@ advantage to work without requiring special kernel support, but it incurs run-time overhead every time a system call is made. @end quotation +@cindex entry point, for Docker images +@item --entry-point=@var{command} +Use @var{command} as the @dfn{entry point} of the resulting pack, if the pack +format supports it---currently @code{docker} and @code{squashfs} (Singularity) +support it. @var{command} must be relative to the profile contained in the +pack. + +The entry point specifies the command that tools like @code{docker run} or +@code{singularity run} automatically start by default. For example, you can +do: + +@example +guix pack -f docker --entry-point=bin/guile guile +@end example + +The resulting pack can easily be loaded and @code{docker run} with no extra +arguments will spawn @code{bin/guile}: + +@example +docker load -i pack.tar.gz +docker run @var{image-id} +@end example + @item --expression=@var{expr} @itemx -e @var{expr} Consider the package @var{expr} evaluates to. diff --git a/gnu/tests/docker.scm b/gnu/tests/docker.scm index 3cd3a27884..f2674cdbe8 100644 --- a/gnu/tests/docker.scm +++ b/gnu/tests/docker.scm @@ -101,7 +101,7 @@ inside %DOCKER-OS." marionette)) (test-equal "Load docker image and run it" - "hello world" + '("hello world" "hi!") (marionette-eval `(begin (define slurp @@ -117,12 +117,16 @@ inside %DOCKER-OS." (repository&tag (string-drop raw-line (string-length "Loaded image: "))) - (response (slurp - ,(string-append #$docker-cli "/bin/docker") - "run" "--entrypoint" "bin/Guile" - repository&tag - "/aa.scm"))) - response)) + (response1 (slurp + ,(string-append #$docker-cli "/bin/docker") + "run" "--entrypoint" "bin/Guile" + repository&tag + "/aa.scm")) + (response2 (slurp ;default entry point + ,(string-append #$docker-cli "/bin/docker") + "run" repository&tag + "-c" "(display \"hi!\")"))) + (list response1 response2))) marionette)) (test-end) @@ -161,6 +165,7 @@ standard output device and then enters a new line.") (tarball (docker-image "docker-pack" profile #:symlinks '(("/bin/Guile" -> "bin/guile") ("aa.scm" -> "a.scm")) + #:entry-point "bin/guile" #:localstatedir? #t))) (run-docker-test tarball))) diff --git a/gnu/tests/singularity.scm b/gnu/tests/singularity.scm index 55324ef9ea..668043a0bc 100644 --- a/gnu/tests/singularity.scm +++ b/gnu/tests/singularity.scm @@ -103,6 +103,14 @@ (cdr (waitpid pid))))) marionette)) + (test-equal "singularity run" ;test the entry point + 42 + (marionette-eval + `(status:exit-val + (system* #$(file-append singularity "/bin/singularity") + "run" #$image "-c" "(exit 42)")) + marionette)) + (test-end) (exit (= (test-runner-fail-count (test-runner-current)) 0))))) @@ -118,6 +126,7 @@ #:hooks '() #:locales? #f)) (tarball (squashfs-image "singularity-pack" profile + #:entry-point "bin/guile" #:symlinks '(("/bin" -> "bin"))))) (run-singularity-test tarball))) diff --git a/guix/scripts/pack.scm b/guix/scripts/pack.scm index c17b374330..5da23e038b 100644 --- a/guix/scripts/pack.scm +++ b/guix/scripts/pack.scm @@ -152,6 +152,7 @@ dependencies are registered." #:key target (profile-name "guix-profile") deduplicate? + entry-point (compressor (first %compressors)) localstatedir? (symlinks '()) @@ -275,6 +276,10 @@ added to the pack." (_ #f)) directives))))))))) + (when entry-point + (warning (G_ "entry point not supported in the '~a' format~%") + 'tarball)) + (gexp->derivation (string-append name ".tar" (compressor-extension compressor)) build @@ -284,6 +289,7 @@ added to the pack." #:key target (profile-name "guix-profile") (compressor (first %compressors)) + entry-point localstatedir? (symlinks '()) (archiver squashfs-tools-next)) @@ -315,6 +321,7 @@ added to the pack." (ice-9 match)) (define database #+database) + (define entry-point #$entry-point) (setenv "PATH" (string-append #$archiver "/bin")) @@ -371,6 +378,28 @@ added to the pack." target))))))) '#$symlinks) + ;; Create /.singularity.d/actions, and optionally the 'run' + ;; script, used by 'singularity run'. + "-p" "/.singularity.d d 555 0 0" + "-p" "/.singularity.d/actions d 555 0 0" + ,@(if entry-point + `(;; This one if for Singularity 2.x. + "-p" + ,(string-append + "/.singularity.d/actions/run s 777 0 0 " + (relative-file-name "/.singularity.d/actions" + (string-append #$profile "/" + entry-point))) + + ;; This one is for Singularity 3.x. + "-p" + ,(string-append + "/.singularity.d/runscript s 777 0 0 " + (relative-file-name "/.singularity.d" + (string-append #$profile "/" + entry-point)))) + '()) + ;; Create empty mount points. "-p" "/proc d 555 0 0" "-p" "/sys d 555 0 0" @@ -392,6 +421,7 @@ added to the pack." #:key target (profile-name "guix-profile") (compressor (first %compressors)) + entry-point localstatedir? (symlinks '()) (archiver tar)) @@ -425,6 +455,8 @@ the image." #$profile #:database #+database #:system (or #$target (utsname:machine (uname))) + #:entry-point (string-append #$profile "/" + #$entry-point) #:symlinks '#$symlinks #:compressor '#$(compressor-command compressor) #:creation-time (make-time time-utc 0 1)))))) @@ -689,6 +721,9 @@ please email '~a'~%") (lambda (opt name arg result) (alist-cons 'system arg (alist-delete 'system result eq?)))) + (option '("entry-point") #t #f + (lambda (opt name arg result) + (alist-cons 'entry-point arg result))) (option '("target") #t #f (lambda (opt name arg result) (alist-cons 'target arg @@ -765,6 +800,9 @@ Create a bundle of PACKAGE.\n")) -S, --symlink=SPEC create symlinks to the profile according to SPEC")) (display (G_ " -m, --manifest=FILE create a pack with the manifest from FILE")) + (display (G_ " + --entry-point=PROGRAM + use PROGRAM as the entry point of the pack")) (display (G_ " --save-provenance save provenance information")) (display (G_ " @@ -889,6 +927,7 @@ Create a bundle of PACKAGE.\n")) (leave (G_ "~a: unknown pack format~%") pack-format)))) (localstatedir? (assoc-ref opts 'localstatedir?)) + (entry-point (assoc-ref opts 'entry-point)) (profile-name (assoc-ref opts 'profile-name)) (gc-root (assoc-ref opts 'gc-root))) (when (null? (manifest-entries manifest)) @@ -919,6 +958,8 @@ Create a bundle of PACKAGE.\n")) symlinks #:localstatedir? localstatedir? + #:entry-point + entry-point #:profile-name profile-name #:archiver -- 2.21.0 From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 07 03:58:57 2019 Received: (at 36093-done) by debbugs.gnu.org; 7 Jun 2019 07:58:57 +0000 Received: from localhost ([127.0.0.1]:51342 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hZ9m5-0006X6-B7 for submit@debbugs.gnu.org; Fri, 07 Jun 2019 03:58:57 -0400 Received: from eggs.gnu.org ([209.51.188.92]:46118) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hZ9m3-0006Wt-Nb for 36093-done@debbugs.gnu.org; Fri, 07 Jun 2019 03:58:55 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:59189) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hZ9lv-0001LG-2D for 36093-done@debbugs.gnu.org; Fri, 07 Jun 2019 03:58:47 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=37832 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hZ9lt-00057M-9E for 36093-done@debbugs.gnu.org; Fri, 07 Jun 2019 03:58:45 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: 36093-done@debbugs.gnu.org Subject: Re: [bug#36093] [PATCH v2 2/2] pack: Add '--entry-point'. References: <87blzbydzk.fsf@gnu.org> <20190606110306.9831-1-ludo@gnu.org> <20190606110306.9831-2-ludo@gnu.org> Date: Fri, 07 Jun 2019 09:58:43 +0200 In-Reply-To: <20190606110306.9831-2-ludo@gnu.org> ("Ludovic \=\?utf-8\?Q\?Cour\?\= \=\?utf-8\?Q\?t\=C3\=A8s\=22's\?\= message of "Thu, 6 Jun 2019 13:03:06 +0200") Message-ID: <877e9xj07g.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 36093-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Pushed as a0f352b30f4869a7af7017b8a5011ac7602dd115! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 07 06:21:49 2019 Received: (at 36093) by debbugs.gnu.org; 7 Jun 2019 10:21:49 +0000 Received: from localhost ([127.0.0.1]:51417 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hZC0J-0001bZ-9o for submit@debbugs.gnu.org; Fri, 07 Jun 2019 06:21:47 -0400 Received: from c2062.mx.srv.dfn.de ([194.95.238.172]:60745) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hZC0G-0001bO-Th for 36093@debbugs.gnu.org; Fri, 07 Jun 2019 06:21:45 -0400 Received: from localhost (localhost [127.0.0.1]) by c2062.mx.srv.dfn.de (Postfix) with ESMTP id EDA1930005A; Fri, 7 Jun 2019 12:21:41 +0200 (CEST) Received: from c2062.mx.srv.dfn.de ([127.0.0.1]) by localhost (mgw4-erl.srv.dfn.de [127.0.0.1]) (amavisd-new, port 20134) with ESMTP id 5fhNYWlkbQzf; Fri, 7 Jun 2019 12:21:38 +0200 (CEST) Received: from SW-IT-P-CAS1.mdc-berlin.net (mgw10-1.mdc-berlin.de [141.80.113.53]) by c2062.mx.srv.dfn.de (Postfix) with ESMTPS; Fri, 7 Jun 2019 12:21:38 +0200 (CEST) Received: from localhost (141.80.247.90) by SW-IT-P-CAS1.mdc-berlin.net (141.80.113.53) with Microsoft SMTP Server (TLS) id 14.3.439.0; Fri, 7 Jun 2019 12:21:37 +0200 References: <20190604210115.24477-1-ludo@gnu.org> <20190604210115.24477-2-ludo@gnu.org> <20190605170653.5be950ca@scratchpost.org> <87blzbydzk.fsf@gnu.org> User-agent: mu4e 1.2.0; emacs 26.2 From: Ricardo Wurmus To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#36093] [PATCH 2/2] pack: Add '--entry-point'. In-Reply-To: <87blzbydzk.fsf@gnu.org> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Fri, 7 Jun 2019 12:21:32 +0200 Message-ID: <87ftolk85v.fsf@mdc-berlin.de> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Originating-IP: [141.80.247.90] X-TM-AS-Product-Ver: SMEX-12.5.0.1684-8.5.1010-24662.007 X-TM-AS-Result: No-3.711700-8.000000-10 X-TMASE-MatchedRID: HXSqh3WYKftq0U6EhO9EE7u9iqQJLR0vTXhEHixAlLmqvcIF1TcLYAVF HBHRPrhREgtIWWRSp46L/S4ZMx3GTEibx2WCCMTIdhnFihmbnwUiJN3aXuV/oSNGK7UC7ElMCZa CKWxv/7elBC695IVM5VLttnBt0KJUZtQ29wVh4RW/W88A/PbYWZhoXhL48wE7JOfu75iz227TI4 8G/UH1dk/M/MbU335ahJIKce0oK6EfKML5AJtfLZ3bt4XlQMWjQfblIp3oBdGbKItl61J/yZkw8 KdMzN86KrauXd3MZDUal568aygjl7DyQhKDRgJWS5sZuCpVvi3S3cXIz3/6SALspJkYPtrZeskg 0oXQSZl8FrtasqkFumegLH81wBdE9cZVpF/Vn9EVISDtVGx4AQuaVUeqWIZAi6Qt27lYQ3Z2shE RkJ+vEkaIi8g0cYa+ftwZ3X11IV0= X-TM-AS-User-Approved-Sender: Yes X-TM-AS-User-Blocked-Sender: No X-TMASE-Result: 10--3.711700-8.000000 X-TMASE-Version: SMEX-12.5.0.1684-8.5.1010-24662.007 X-TM-SNTS-SMTP: A4606BF946CC3B28048CFF09C6BFBAD9B621150D193A4C87F784591F150C37222000:9 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 36093 Cc: Danny Milosavljevic , 36093@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Ludovic Court=C3=A8s writes: >> Also, in general, do we conflate "squashfs" and "singularity"? It has b= een >> that way in guix/scripts/pack.scm's squashfs-image before this patch alr= eady >> and a few extra files can't hurt, but we could also just provide a >> function "singularity-image" or something. > > Yes, we do conflate Singularity and Squashfs, but I think there=E2=80=99s= no > other =E2=80=9Ccontainer tool=E2=80=9D that uses Squashfs anyway. When I originally added the squashfs support to =E2=80=9Cguix pack=E2=80=9D= I had Singularity in mind, but since it didn=E2=80=99t do anything particular for Singularity I named it =E2=80=9Csquashfs=E2=80=9D. squashfs is used as a format by Snap (which we don=E2=80=99t explicitly sup= port yet), but it is also generally useful as a way to share disk images, which could for example be used with lxc containers. > We could rename it to =E2=80=9Csingularity=E2=80=9D, but it turns out Sin= gularity 3.x > has its own image format unimaginatively called SIF, so perhaps we=E2=80= =99re > better off with the status quo. > > Thoughts? Ricardo? In my opinion, going forward we should not conflate =E2=80=9Csquashfs=E2=80= =9D and Singularity more and eventually *add* a format handler for Singularity 3.x. But these changes to the =E2=80=9Csquashfs=E2=80=9D format handler look fin= e to me. Let=E2=80=99s deal with Singularity 3.x later. Thanks! -- Ricardo From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 07 09:15:52 2019 Received: (at 36093) by debbugs.gnu.org; 7 Jun 2019 13:15:52 +0000 Received: from localhost ([127.0.0.1]:51535 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hZEim-0003qr-Ct for submit@debbugs.gnu.org; Fri, 07 Jun 2019 09:15:52 -0400 Received: from eggs.gnu.org ([209.51.188.92]:58270) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hZEik-0003qe-IA for 36093@debbugs.gnu.org; Fri, 07 Jun 2019 09:15:51 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:47877) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hZEid-00046j-NS; Fri, 07 Jun 2019 09:15:43 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=39700 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hZEid-0006nB-0b; Fri, 07 Jun 2019 09:15:43 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Ricardo Wurmus Subject: Re: [bug#36093] [PATCH 2/2] pack: Add '--entry-point'. References: <20190604210115.24477-1-ludo@gnu.org> <20190604210115.24477-2-ludo@gnu.org> <20190605170653.5be950ca@scratchpost.org> <87blzbydzk.fsf@gnu.org> <87ftolk85v.fsf@mdc-berlin.de> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 19 Prairial an 227 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Fri, 07 Jun 2019 15:15:39 +0200 In-Reply-To: <87ftolk85v.fsf@mdc-berlin.de> (Ricardo Wurmus's message of "Fri, 7 Jun 2019 12:21:32 +0200") Message-ID: <87imthedtw.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 36093 Cc: Danny Milosavljevic , 36093@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, Ricardo Wurmus skribis: > Ludovic Court=C3=A8s writes: > >>> Also, in general, do we conflate "squashfs" and "singularity"? It has = been >>> that way in guix/scripts/pack.scm's squashfs-image before this patch al= ready >>> and a few extra files can't hurt, but we could also just provide a >>> function "singularity-image" or something. >> >> Yes, we do conflate Singularity and Squashfs, but I think there=E2=80=99= s no >> other =E2=80=9Ccontainer tool=E2=80=9D that uses Squashfs anyway. > > When I originally added the squashfs support to =E2=80=9Cguix pack=E2=80= =9D I had > Singularity in mind, but since it didn=E2=80=99t do anything particular f= or > Singularity I named it =E2=80=9Csquashfs=E2=80=9D. > > squashfs is used as a format by Snap (which we don=E2=80=99t explicitly s= upport > yet), but it is also generally useful as a way to share disk images, > which could for example be used with lxc containers. Oh, I didn=E2=80=99t know LXC and Snap support squashfs. >> We could rename it to =E2=80=9Csingularity=E2=80=9D, but it turns out Si= ngularity 3.x >> has its own image format unimaginatively called SIF, so perhaps we=E2=80= =99re >> better off with the status quo. >> >> Thoughts? Ricardo? > > In my opinion, going forward we should not conflate =E2=80=9Csquashfs=E2= =80=9D and > Singularity more and eventually *add* a format handler for Singularity > 3.x. > > But these changes to the =E2=80=9Csquashfs=E2=80=9D format handler look f= ine to me. > Let=E2=80=99s deal with Singularity 3.x later. What about: 1. Renaming =E2=80=98squashfs=E2=80=99 to =E2=80=98singularity-squashfs= =E2=80=99, and deprecating =E2=80=98squashfs=E2=80=99. 2. Eventually, add a =E2=80=98sif=E2=80=99 format for Singularity 3=E2=80= =99s native image format. 3. Add a =E2=80=98snap=E2=80=99 backend, and perhaps an =E2=80=98lxc=E2= =80=99 backend too. Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sat Jun 08 13:21:55 2019 Received: (at 36093) by debbugs.gnu.org; 8 Jun 2019 17:21:55 +0000 Received: from localhost ([127.0.0.1]:53649 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hZf2R-0002bQ-KQ for submit@debbugs.gnu.org; Sat, 08 Jun 2019 13:21:55 -0400 Received: from a2062.mx.srv.dfn.de ([194.95.232.172]:57471) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hZf2P-0002bE-B2 for 36093@debbugs.gnu.org; Sat, 08 Jun 2019 13:21:54 -0400 Received: from localhost (localhost [127.0.0.1]) by a2062.mx.srv.dfn.de (Postfix) with ESMTP id 40331A0065; Sat, 8 Jun 2019 19:21:52 +0200 (CEST) Received: from a2062.mx.srv.dfn.de ([127.0.0.1]) by localhost (mgw4-han.srv.dfn.de [127.0.0.1]) (amavisd-new, port 20134) with ESMTP id 2n1YuOubbiSh; Sat, 8 Jun 2019 19:21:51 +0200 (CEST) Received: from SW-IT-P-CAS3.mdc-berlin.net (mgw10-3.mdc-berlin.de [141.80.113.58]) by a2062.mx.srv.dfn.de (Postfix) with ESMTPS; Sat, 8 Jun 2019 19:21:51 +0200 (CEST) Received: from localhost (79.213.167.33) by SW-IT-P-CAS3.mdc-berlin.net (141.80.113.58) with Microsoft SMTP Server (TLS) id 14.3.439.0; Sat, 8 Jun 2019 19:21:51 +0200 References: <20190604210115.24477-1-ludo@gnu.org> <20190604210115.24477-2-ludo@gnu.org> <20190605170653.5be950ca@scratchpost.org> <87blzbydzk.fsf@gnu.org> <87ftolk85v.fsf@mdc-berlin.de> <87imthedtw.fsf@gnu.org> User-agent: mu4e 1.2.0; emacs 26.2 From: Ricardo Wurmus To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#36093] [PATCH 2/2] pack: Add '--entry-point'. In-Reply-To: <87imthedtw.fsf@gnu.org> X-URL: https://elephly.net X-PGP-Key: https://elephly.net/rekado.pubkey X-PGP-Fingerprint: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC Date: Sat, 8 Jun 2019 19:21:50 +0200 Message-ID: <87lfycc7rl.fsf@mdc-berlin.de> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Originating-IP: [79.213.167.33] X-TM-AS-Product-Ver: SMEX-12.5.0.1684-8.5.1010-24664.003 X-TM-AS-Result: No-1.719100-8.000000-10 X-TMASE-MatchedRID: u1zqiMeMcrpq0U6EhO9EE7u9iqQJLR0vTXhEHixAlLmqvcIF1TcLYL7I tozLGgGl0NmT5OIoWwJpCMaUXaIVKdsHczJMLPGnngIgpj8eDcByZ8zcONpAsdmzcdRxL+xwKra uXd3MZDWuikCL8VXXTMgo3puFgB8V93P69S66kpOx8sa9Kcx1kxVEKgU2EP13bGnZYSEWkHp7g0 S+mmzdW5OvmsuDv11E0luiaG/1G68PBuvvoQfFww== X-TM-AS-User-Approved-Sender: Yes X-TM-AS-User-Blocked-Sender: No X-TMASE-Result: 10--1.719100-8.000000 X-TMASE-Version: SMEX-12.5.0.1684-8.5.1010-24664.003 X-TM-SNTS-SMTP: BF4730828DECC86C836AC93EFD85C65EEB260A0E3591AD65CEF53FAF0168F6F32000:9 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 36093 Cc: Danny Milosavljevic , 36093@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Ludovic Court=C3=A8s writes: > What about: > > 1. Renaming =E2=80=98squashfs=E2=80=99 to =E2=80=98singularity-squashfs= =E2=80=99, and deprecating > =E2=80=98squashfs=E2=80=99. > > 2. Eventually, add a =E2=80=98sif=E2=80=99 format for Singularity 3=E2= =80=99s native image > format. > > 3. Add a =E2=80=98snap=E2=80=99 backend, and perhaps an =E2=80=98lxc=E2= =80=99 backend too. Sounds like a good plan! --=20 Ricardo From unknown Sat Aug 16 17:02:26 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sun, 07 Jul 2019 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator