GNU bug report logs - #41041
[PATCH] doc: Add container example to run a web browser.

Previous Next

Package: guix-patches;

Reported by: Pierre Neidhardt <mail <at> ambrevar.xyz>

Date: Sun, 3 May 2020 08:14:02 UTC

Severity: normal

Tags: patch

Done: Pierre Neidhardt <mail <at> ambrevar.xyz>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 41041 in the body.
You can then email your comments to 41041 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to guix-patches <at> gnu.org:
bug#41041; Package guix-patches. (Sun, 03 May 2020 08:14:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Pierre Neidhardt <mail <at> ambrevar.xyz>:
New bug report received and forwarded. Copy sent to guix-patches <at> gnu.org. (Sun, 03 May 2020 08:14:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Pierre Neidhardt <mail <at> ambrevar.xyz>
To: guix-patches <at> gnu.org
Subject: [PATCH] doc: Add container example to run a web browser.
Date: Sun,  3 May 2020 10:12:58 +0200

* doc/guix.texi (Invoking `guix environment'): Add paragraph and example to
  run Eolie in a guix environment container.  Add `container' cindex for the
  first container example, and the `certificates' cindex for the web browser
  example.
---
 doc/guix.texi | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/doc/guix.texi b/doc/guix.texi
index d5d8662937..3c31386036 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4786,6 +4786,7 @@ additionally includes Git and strace:
 guix environment --pure guix --ad-hoc git strace
 @end example
 
+@cindex container
 Sometimes it is desirable to isolate the environment as much as
 possible, for maximal purity and reproducibility.  In particular, when
 using Guix on a host distro that is not Guix System, it is desirable to
@@ -4802,6 +4803,23 @@ guix environment --ad-hoc --container guile -- guile
 The @code{--container} option requires Linux-libre 3.19 or newer.
 @end quotation
 
+@cindex certificates
+Another typical use case for containers is to run security-sensitive
+applications such as a web browser.  To run Eolie, we must expose and
+share some files and directories; we include @code{nss-certs} and expose
+@file{/etc/sll/certs/} for HTTPS authentication; finally we use
+@code{env} from the @code{coreutils} package to set the @code{DISPLAY}
+environment variable since containerized graphical applications won't
+display without it.
+
+@example
+guix environment --container --network --expose=/etc/machine-id \
+  --expose=/etc/ssl/certs/ \
+  --share=$HOME/.local/share/eolie/=$HOME/.local/share/eolie/ \
+  --ad-hoc eolie coreutils nss-certs dbus -- \
+  env DISPLAY=$DISPLAY eolie
+@end example
+
 The available options are summarized below.
 
 @table @code
-- 
2.25.1
Information forwarded to guix-patches <at> gnu.org:
bug#41041; Package guix-patches. (Thu, 07 May 2020 07:43:02 GMT) Full text and rfc822 format available.

Message #8 received at 41041 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Pierre Neidhardt <mail <at> ambrevar.xyz>
Cc: 41041 <at> debbugs.gnu.org
Subject: Re: [bug#41041] [PATCH] doc: Add container example to run a web
 browser.
Date: Thu, 07 May 2020 09:42:35 +0200

Hi,

Pierre Neidhardt <mail <at> ambrevar.xyz> skribis:

> * doc/guix.texi (Invoking `guix environment'): Add paragraph and example to
>   run Eolie in a guix environment container.  Add `container' cindex for the
>   first container example, and the `certificates' cindex for the web browser
>   example.

Good idea!

> +@example
> +guix environment --container --network --expose=/etc/machine-id \
> +  --expose=/etc/ssl/certs/ \
> +  --share=$HOME/.local/share/eolie/=$HOME/.local/share/eolie/ \
> +  --ad-hoc eolie coreutils nss-certs dbus -- \
> +  env DISPLAY=$DISPLAY eolie

Instead of ‘env’, you can preserve the ‘DISPLAY’ variable with:

  guix environment -E ^DISPLAY$ …

which in turn allows you to remove ‘coreutils’, maybe.

Otherwise LGTM!

Thanks,
Ludo’.
Information forwarded to guix-patches <at> gnu.org:
bug#41041; Package guix-patches. (Thu, 07 May 2020 07:49:02 GMT) Full text and rfc822 format available.

Message #11 received at 41041 <at> debbugs.gnu.org (full text, mbox):

From: Pierre Neidhardt <mail <at> ambrevar.xyz>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 41041 <at> debbugs.gnu.org
Subject: Re: [bug#41041] [PATCH] doc: Add container example to run a web
 browser.
Date: Thu, 07 May 2020 09:47:53 +0200

[Message part 1 (text/plain, inline)]
Ludovic Courtès <ludo <at> gnu.org> writes:

> Instead of ‘env’, you can preserve the ‘DISPLAY’ variable with:
>
>   guix environment -E ^DISPLAY$ …
>
> which in turn allows you to remove ‘coreutils’, maybe.

Good tip, thanks!  It's strange that I've seen this "coreutils + env"
trick so many times around.  I guess we really lacked examples like this
one :)

-- 
Pierre Neidhardt
https://ambrevar.xyz/

[signature.asc (application/pgp-signature, inline)]
Information forwarded to guix-patches <at> gnu.org:
bug#41041; Package guix-patches. (Thu, 07 May 2020 08:03:02 GMT) Full text and rfc822 format available.

Message #14 received at 41041 <at> debbugs.gnu.org (full text, mbox):

From: Caleb Ristvedt <caleb.ristvedt <at> cune.org>
To: Pierre Neidhardt <mail <at> ambrevar.xyz>
Cc: 41041 <at> debbugs.gnu.org
Subject: Re: [bug#41041] [PATCH] doc: Add container example to run a web
 browser.
Date: Thu, 07 May 2020 03:02:27 -0500

[Message part 1 (text/plain, inline)]
Pierre Neidhardt <mail <at> ambrevar.xyz> writes:

> +share some files and directories; we include @code{nss-certs} and expose
> +@file{/etc/sll/certs/} for HTTPS authentication; finally we use

Typo: sll --> ssl

- reepca

[signature.asc (application/pgp-signature, inline)]
Information forwarded to guix-patches <at> gnu.org:
bug#41041; Package guix-patches. (Thu, 07 May 2020 08:06:01 GMT) Full text and rfc822 format available.

Message #17 received at 41041 <at> debbugs.gnu.org (full text, mbox):

From: Pierre Neidhardt <mail <at> ambrevar.xyz>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 41041 <at> debbugs.gnu.org
Subject: Re: [bug#41041] [PATCH] doc: Add container example to run a web
 browser.
Date: Thu, 07 May 2020 10:05:04 +0200

[Message part 1 (text/plain, inline)]
Merged with 60131df02b521235a311031f9410f530ded60f33.

-- 
Pierre Neidhardt
https://ambrevar.xyz/

[signature.asc (application/pgp-signature, inline)]
bug closed, send any further explanations to 41041 <at> debbugs.gnu.org and Pierre Neidhardt <mail <at> ambrevar.xyz> Request was from Pierre Neidhardt <mail <at> ambrevar.xyz> to control <at> debbugs.gnu.org. (Thu, 07 May 2020 08:06:02 GMT) Full text and rfc822 format available.
Information forwarded to guix-patches <at> gnu.org:
bug#41041; Package guix-patches. (Thu, 07 May 2020 08:40:02 GMT) Full text and rfc822 format available.

Message #22 received at 41041 <at> debbugs.gnu.org (full text, mbox):

From: Pierre Neidhardt <mail <at> ambrevar.xyz>
To: Caleb Ristvedt <caleb.ristvedt <at> cune.org>
Cc: 41041 <at> debbugs.gnu.org
Subject: Re: [bug#41041] [PATCH] doc: Add container example to run a web
 browser.
Date: Thu, 07 May 2020 10:38:03 +0200

[Message part 1 (text/plain, inline)]
Good catch!  I've just fixed it.

-- 
Pierre Neidhardt
https://ambrevar.xyz/

[signature.asc (application/pgp-signature, inline)]
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Thu, 04 Jun 2020 11:24:06 GMT) Full text and rfc822 format available.
This bug report was last modified 5 years and 74 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.