From unknown Fri Jun 20 07:11:39 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#54377 <54377@debbugs.gnu.org> To: bug#54377 <54377@debbugs.gnu.org> Subject: Status: [PATCH 0/3] Add 'guix home container' Reply-To: bug#54377 <54377@debbugs.gnu.org> Date: Fri, 20 Jun 2025 14:11:39 +0000 retitle 54377 [PATCH 0/3] Add 'guix home container' reassign 54377 guix-patches submitter 54377 Ludovic Court=C3=A8s severity 54377 normal tag 54377 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Sun Mar 13 17:53:12 2022 Received: (at submit) by debbugs.gnu.org; 13 Mar 2022 21:53:12 +0000 Received: from localhost ([127.0.0.1]:43455 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nTW9I-0007mC-7R for submit@debbugs.gnu.org; Sun, 13 Mar 2022 17:53:12 -0400 Received: from lists.gnu.org ([209.51.188.17]:35734) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nTW9G-0007m5-7s for submit@debbugs.gnu.org; Sun, 13 Mar 2022 17:53:11 -0400 Received: from eggs.gnu.org ([209.51.188.92]:35900) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nTW9G-0001bk-0O for guix-patches@gnu.org; Sun, 13 Mar 2022 17:53:10 -0400 Received: from [2001:470:142:3::e] (port=34762 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nTW9F-000726-O6; Sun, 13 Mar 2022 17:53:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=Yl14KND/SxGThYOtDNZZRtyLBeHxfWqtxfEsdO85n4A=; b=LYSU6EnuptfgvB nFauxt9ldJUcfUucvtSZVjOX60/PGlXu4fU9P/ehY4wQiDo7xAoB6lrYv+dez4iuIdhdCQJxBDMNp BK9+pPXHe6pt5zeUH5FnHhBre7BcsWhym5dTpqRE6ailHl8WMze2b6QVBFs09+xQRaGnYGudBsQGM z65KKThFQvEJWh4xPIUrKnr3RWZUVRH+yNaFOfvPCRMfNZt/xJdmEMJCiPeTGW1qKBaad2ZgF/EW0 DgRgeIwQ2fMnkSszpqKpLW16Rq1zlSpcihS7xdYWX3Fheg1yGfUEqWAbBdrqINL1/att31/dGqD70 oU8SKS6CT01n8OcE1Kiw==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:49623 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nTW9F-00037p-4I; Sun, 13 Mar 2022 17:53:09 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: guix-patches@gnu.org Subject: [PATCH 0/3] Add 'guix home container' Date: Sun, 13 Mar 2022 22:52:59 +0100 Message-Id: <20220313215259.9394-1-ludo@gnu.org> X-Mailer: git-send-email 2.34.0 X-Debbugs-Cc: Andrew Tropin MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello Guix! This patch series adds a ‘guix home container’ command. You can run: guix home container config.scm and you get an interactive shell, started as a login shell, where you can check the effect of your configuration. Handy! The code is a bit redundant with that of ‘guix environment’, but slightly different, so no obvious way to factorize it came to mind. Feedback welcome! Ludo’. Ludovic Courtès (3): linux-container: 'eval/container' honors #:namespaces. linux-container: Add #:guest-uid and #:guest-gid to 'eval/container'. guix home: Add 'container' command. doc/guix.texi | 58 +++++++ gnu/system/linux-container.scm | 15 +- guix/scripts/home.scm | 271 ++++++++++++++++++++++++++++++--- tests/guix-home.sh | 58 +++++-- 4 files changed, 359 insertions(+), 43 deletions(-) base-commit: d41c82b481fd0f5c7d45d6e2629fdf9d2085205b -- 2.34.0 From debbugs-submit-bounces@debbugs.gnu.org Sun Mar 13 17:55:08 2022 Received: (at 54377) by debbugs.gnu.org; 13 Mar 2022 21:55:09 +0000 Received: from localhost ([127.0.0.1]:43466 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nTWBA-0007pv-JN for submit@debbugs.gnu.org; Sun, 13 Mar 2022 17:55:08 -0400 Received: from eggs.gnu.org ([209.51.188.92]:58656) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nTWB8-0007pA-LL for 54377@debbugs.gnu.org; Sun, 13 Mar 2022 17:55:06 -0400 Received: from [2001:470:142:3::e] (port=34774 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nTWB3-00079D-BO; Sun, 13 Mar 2022 17:55:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=VFOrmGxBD7tSW0Plmrs4QGL3rd6UBOIdiASoqy8k1s0=; b=XKZodhOCWfvM93 vBBNZG3cPST7r5eM/bQZKI819VeUoyNyeu+YdZR+7om6PgBk1UOpP5VSWOvhWaTnXloF+oj8ZsCXt aHtBB4L8nX8D+qt+G5O2UkOX3XdeAQO9ITfBgB+Z+f+Fzl2WBWf92MmCQMMSpaq9Kptylka3h3xl4 9XYeuenSlVzEzcRsi4xObzqzBmZoBu0Qqc1wz4IAPsAs61c7UBeygy5PlOjdHCeOiotE0ifeImSrj 1Gt5Y+ZaeG+8ozOZpWVUzf/xVqyFomgGjkzMRVDabwFw5TCUzcyeIxLsR0zvTXgp0vdXVlXyW71kb SHj8h0CBkH/uf+ZX/imA==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:62695 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nTWB2-0003Co-T1; Sun, 13 Mar 2022 17:55:01 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 54377@debbugs.gnu.org Subject: [PATCH 1/3] linux-container: 'eval/container' honors #:namespaces. Date: Sun, 13 Mar 2022 22:54:52 +0100 Message-Id: <20220313215454.9576-1-ludo@gnu.org> X-Mailer: git-send-email 2.34.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54377 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * gnu/system/linux-container.scm (eval/container): Pass #:namespaces to 'call-with-container'. --- gnu/system/linux-container.scm | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm index e6fd0f1315..415d6b9775 100644 --- a/gnu/system/linux-container.scm +++ b/gnu/system/linux-container.scm @@ -291,4 +291,5 @@ (define items lowered)) (list "-c" (object->string - (lowered-gexp-sexp lowered)))))))))))) + (lowered-gexp-sexp lowered)))))) + #:namespaces namespaces)))))) -- 2.34.0 From debbugs-submit-bounces@debbugs.gnu.org Sun Mar 13 17:55:11 2022 Received: (at 54377) by debbugs.gnu.org; 13 Mar 2022 21:55:11 +0000 Received: from localhost ([127.0.0.1]:43468 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nTWBC-0007q9-TA for submit@debbugs.gnu.org; Sun, 13 Mar 2022 17:55:11 -0400 Received: from eggs.gnu.org ([209.51.188.92]:58666) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nTWB9-0007pO-73 for 54377@debbugs.gnu.org; Sun, 13 Mar 2022 17:55:07 -0400 Received: from [2001:470:142:3::e] (port=34776 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nTWB3-00079a-T6; Sun, 13 Mar 2022 17:55:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=9+tFWJSQvSObmGAVOflTp472fIIrYqU8MzHz1aYfnyw=; b=my/x0ZgIIORku8KUYoGe H8VmB4Alvv13SfBoo1/4qMP0yMfniHQhCEIlBDwCXHNmCFElJ2zxnnV9mKnTCkFb8UpYGNm9xeRps 36C/MFYtRUipH1zV8yL+UV8kaokI6Mpx6acYFaLwdgjX96WC68EtGnfLT8dq89jKdtQLMwHmEz2Jv NrWifjwcGEG/SyuQyTZGRXv2fir2atGz60mFU1rOFO/Qed/4bsxA1BFM8ZaNDw0w4mKokrDFGE8ha L8nxokVk7AGgB3th8TjRO6k9/R/VWSOmd+8w8OMDA7wJ4JCe1lstOkW+L7U/56E8honOHfpX4N0xV rTQo/rSyvbgu9A==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:62695 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nTWB3-0003Co-FS; Sun, 13 Mar 2022 17:55:01 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 54377@debbugs.gnu.org Subject: [PATCH 2/3] linux-container: Add #:guest-uid and #:guest-gid to 'eval/container'. Date: Sun, 13 Mar 2022 22:54:53 +0100 Message-Id: <20220313215454.9576-2-ludo@gnu.org> X-Mailer: git-send-email 2.34.0 In-Reply-To: <20220313215454.9576-1-ludo@gnu.org> References: <20220313215454.9576-1-ludo@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54377 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * gnu/system/linux-container.scm (eval/container): Add #:guest-uid and #:guest-gid and honor them. --- gnu/system/linux-container.scm | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm index 415d6b9775..eeb0f68c02 100644 --- a/gnu/system/linux-container.scm +++ b/gnu/system/linux-container.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015 David Thompson -;;; Copyright © 2016, 2017, 2019, 2020, 2021 Ludovic Courtès +;;; Copyright © 2016-2017, 2019-2022 Ludovic Courtès ;;; Copyright © 2019 Arun Isaac ;;; Copyright © 2020 Efraim Flashner ;;; Copyright © 2020 Google LLC @@ -248,11 +248,13 @@ (define (explain pid) (define* (eval/container exp #:key (mappings '()) - (namespaces %namespaces)) + (namespaces %namespaces) + (guest-uid 0) (guest-gid 0)) "Evaluate EXP, a gexp, in a new process executing in separate namespaces as listed in NAMESPACES. Add MAPPINGS, a list of , to the -set of directories visible in the process's mount namespace. Return the -process' exit status as a monadic value. +set of directories visible in the process's mount namespace. Inside the +namespaces, run code as GUEST-UID and GUEST-GID. Return the process' exit +status as a monadic value. This is useful to implement processes that, unlike derivations, are not entirely pure and need to access the outside world or to perform side @@ -292,4 +294,6 @@ (define items (list "-c" (object->string (lowered-gexp-sexp lowered)))))) - #:namespaces namespaces)))))) + #:namespaces namespaces + #:guest-uid guest-uid + #:guest-gid guest-gid)))))) -- 2.34.0 From debbugs-submit-bounces@debbugs.gnu.org Sun Mar 13 17:55:12 2022 Received: (at 54377) by debbugs.gnu.org; 13 Mar 2022 21:55:12 +0000 Received: from localhost ([127.0.0.1]:43470 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nTWBD-0007qB-9U for submit@debbugs.gnu.org; Sun, 13 Mar 2022 17:55:12 -0400 Received: from eggs.gnu.org ([209.51.188.92]:58676) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nTWBA-0007pd-HA for 54377@debbugs.gnu.org; Sun, 13 Mar 2022 17:55:09 -0400 Received: from [2001:470:142:3::e] (port=34784 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nTWB5-0007Hf-8E; Sun, 13 Mar 2022 17:55:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=tuqm1J+OmJYoUh6xyRIgl6+r7sWcFXfG0XtHj+ugrY0=; b=gCUI0eVnE+IUk05u43d9 miCjVLwDhjJjyjVOUoQg34G2G8RXepogu7/FtN9TmyifR3mquvpZVYw74s7c3mDXF9VybB2Wzd/+u AJ1WsgQjAx97ZlQBM0t8Ukg0rLLVQiUHSv0nnzpNBklFEJHmxfe54Y+IPImdc69ZI9nzxKGua6Znq NiEzzbPrYd3H8kld0cJOlB7M6JkLcRwXUtJr9OK/xSbxbFc6qnYUT1r6mqzM+MFYIoD56PBetf842 P6EWSt3OyYqXu3lEzrn04ujQgFsvr3LtNmHyq6NwuoC8j40nILk9fajPY1qzaGnWl/qTDhp0o7qcm 4CLPCOCCsAlwHQ==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:62695 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nTWB4-0003Co-2n; Sun, 13 Mar 2022 17:55:02 -0400 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= To: 54377@debbugs.gnu.org Subject: [PATCH 3/3] guix home: Add 'container' command. Date: Sun, 13 Mar 2022 22:54:54 +0100 Message-Id: <20220313215454.9576-3-ludo@gnu.org> X-Mailer: git-send-email 2.34.0 In-Reply-To: <20220313215454.9576-1-ludo@gnu.org> References: <20220313215454.9576-1-ludo@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54377 Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) * guix/scripts/home.scm (show-help, %options): Add '--network', '--share', and '--expose'. (not-config?, user-shell, spawn-home-container): New procedures. (%default-system-profile): New variable. (perform-action): Add #:file-system-mappings, #:container-command, and #:network?; honor them. (process-action): Adjust accordingly. (guix-home)[parse-sub-command]: Add "container". [parse-args]: New procedure. Use it instead of 'parse-command-line'. * tests/guix-home.sh: Add tests. * doc/guix.texi (Declaring the Home Environment): Mention 'guix home container' as a way to test configuration. (Invoking guix home): Document it. --- doc/guix.texi | 58 +++++++++ guix/scripts/home.scm | 271 ++++++++++++++++++++++++++++++++++++++---- tests/guix-home.sh | 58 ++++++--- 3 files changed, 349 insertions(+), 38 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 4b71fb7010..ba9199f336 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -38071,6 +38071,21 @@ be confused with Shepherd services (@pxref{Shepherd Services}). Using this exte mechanism and some Scheme code that glues things together gives the user the freedom to declare their own, very custom, home environments. +@cindex container, for @command{guix home} +Once the configuration looks good, you can first test it in a throw-away +``container'': + +@example +guix home container config.scm +@end example + +The command above spawns a shell where your home environment is running. +The shell runs in a container, meaning it's isolated from the rest of +the system, so it's a good way to try out your configuration---you can +see if configuration bits are missing or misbehaving, if daemons get +started, and so on. Once you exit that shell, you're back to the prompt +of your original shell ``in the real world''. + Once you have a configuration file that suits your needs, you can reconfigure your home by running: @@ -38699,6 +38714,49 @@ As for @command{guix search}, the result is written in @code{recutils} format, which makes it easy to filter the output (@pxref{Top, GNU recutils databases,, recutils, GNU recutils manual}). +@cindex container, for @command{guix home} +@item container +Spawn a shell in an isolated environment---a +@dfn{container}---containing your home as specified by @var{file}. + +For example, this is how you would start an interactive shell in a +container with your home: + +@example +guix home container config.scm +@end example + +This is a throw-away container where you can lightheartedly fiddle with +files; any changes made within the container, any process started---all +this disappears as soon as you exit that shell. + +As with @command{guix shell}, several options control that container: + +@table @option +@item --network +@itemx -N +Enable networking within the container (it is disabled by default). + +@item --expose=@var{source}[=@var{target}] +@itemx --share=@var{source}[=@var{target}] +As with @command{guix shell}, make directory @var{source} of the host +system available as @var{target} inside the container---read-only if you +pass @option{--expose}, and writable if you pass @option{--share} +(@pxref{Invoking guix shell, @option{--expose} and @option{--share}}). +@end table + +Additionally, you can run a command in that container, instead of +spawning an interactive shell. For instance, here is how you would +check which Shepherd services are started in a throw-away home +container: + +@example +guix home container config.scm -- herd status +@end example + +The command to run in the container must come after @code{--} (double +hyphen). + @item reconfigure Build the home environment described in @var{file}, and switch to it. Switching means that the activation script will be evaluated and (in diff --git a/guix/scripts/home.scm b/guix/scripts/home.scm index 837fd96361..b422cd36e2 100644 --- a/guix/scripts/home.scm +++ b/guix/scripts/home.scm @@ -23,8 +23,21 @@ (define-module (guix scripts home) #:use-module (gnu packages admin) #:use-module ((gnu services) #:hide (delete)) #:use-module (gnu packages) + #:autoload (gnu packages base) (coreutils) + #:autoload (gnu packages bash) (bash) + #:autoload (gnu packages gnupg) (guile-gcrypt) + #:autoload (gnu packages shells) (fish gash zsh) #:use-module (gnu home) #:use-module (gnu home services) + #:autoload (guix modules) (source-module-closure) + #:autoload (gnu build linux-container) (call-with-container %namespaces) + #:autoload (gnu system linux-container) (eval/container) + #:autoload (gnu system file-systems) (file-system-mapping + file-system-mapping-source + file-system-mapping->bind-mount + specification->file-system-mapping + %network-file-mappings) + #:autoload (guix self) (make-config.scm) #:use-module (guix channels) #:use-module (guix derivations) #:use-module (guix ui) @@ -48,6 +61,7 @@ (define-module (guix scripts home) #:use-module (srfi srfi-26) #:use-module (srfi srfi-35) #:use-module (srfi srfi-37) + #:use-module (srfi srfi-71) #:use-module (ice-9 match) #:export (guix-home)) @@ -95,6 +109,16 @@ (define (show-help) (display (G_ " --allow-downgrades for 'reconfigure', allow downgrades to earlier channel revisions")) + (newline) + (display (G_ " + -N, --network allow containers to access the network")) + (display (G_ " + --share=SPEC for containers, share writable host file system + according to SPEC")) + (display (G_ " + --expose=SPEC for containers, expose read-only host file system + according to SPEC")) + (newline) (display (G_ " -v, --verbosity=LEVEL use the given verbosity LEVEL")) (newline) @@ -136,6 +160,22 @@ (define %options (alist-cons 'validate-reconfigure warn-about-backward-reconfigure result))) + + ;; Container options. + (option '(#\N "network") #f #f + (lambda (opt name arg result) + (alist-cons 'network? #t result))) + (option '("share") #t #f + (lambda (opt name arg result) + (alist-cons 'file-system-mapping + (specification->file-system-mapping arg #t) + result))) + (option '("expose") #t #f + (lambda (opt name arg result) + (alist-cons 'file-system-mapping + (specification->file-system-mapping arg #f) + result))) + %standard-build-options)) (define %default-options @@ -149,6 +189,146 @@ (define %default-options (debug . 0) (validate-reconfigure . ,ensure-forward-reconfigure))) + +;;; +;;; Container. +;;; + +(define not-config? + ;; Select (guix …) and (gnu …) modules, except (guix config). + (match-lambda + (('guix 'config) #f) + (('guix _ ...) #t) + (('gnu _ ...) #t) + (_ #f))) + +(define (user-shell) + (match (and=> (or (getenv "SHELL") + (passwd:shell (getpwuid (getuid)))) + basename) + ("zsh" (file-append zsh "/bin/zsh")) + ("fish" (file-append fish "/bin/fish")) + ("gash" (file-append gash "/bin/gash")) + (_ (file-append bash "/bin/bash")))) + +(define %default-system-profile + ;; The "system" profile available when running 'guix home container'. The + ;; activation script currently expects to run "env -0" (XXX), so provide + ;; Coreutils by default. + (delay (profile + (name "home-system-profile") + (content (packages->manifest (list coreutils)))))) + +(define* (spawn-home-container home + #:key + network? + (command '()) + (mappings '()) + (system-profile + (force %default-system-profile))) + "Spawn a login shell within a container running HOME, a home environment. +When COMMAND is a non-empty list, execute it in the container and exit +immediately. Return the exit status of the process in the container." + (define passwd (getpwuid (getuid))) + (define home-directory (or (getenv "HOME") (passwd:dir passwd))) + (define host (gethostname)) + (define uid 1000) + (define gid 1000) + (define user-name (passwd:name passwd)) + (define user-real-name (passwd:gecos passwd)) + + (define (optional-mapping mapping) + (and (file-exists? (file-system-mapping-source mapping)) + mapping)) + + (define network-mappings + (if network? + (filter-map optional-mapping %network-file-mappings) + '())) + + (eval/container + (with-extensions (list guile-gcrypt) + (with-imported-modules `(((guix config) => ,(make-config.scm)) + ,@(source-module-closure + '((gnu build accounts) + (guix profiles) + (guix build utils) + (guix build syscalls)) + #:select? not-config?)) + #~(begin + (use-modules (guix build utils) + (gnu build accounts) + ((guix build syscalls) + #:select (set-network-interface-up))) + + (define shell + #$(user-shell)) + + (define term + #$(getenv "TERM")) + + (define passwd + (password-entry + (name #$user-name) + (real-name #$user-real-name) + (uid #$uid) (gid #$gid) (shell shell) + (directory #$home-directory))) + + (define groups + (list (group-entry (name "users") (gid #$gid)) + (group-entry (gid 65534) ;the overflow GID + (name "overflow")))) + + ;; (guix profiles) loads (guix utils), which calls 'getpw' from the + ;; top level. Thus, arrange so that it's loaded after /etc/passwd + ;; has been created. + (module-autoload! (current-module) + '(guix profiles) '(load-profile)) + + ;; Create /etc/passwd for applications that need it, such as mcron. + (mkdir-p "/etc") + (write-passwd (list passwd)) + (write-group groups) + + (unless #$network? + ;; When isolated from the network, provide a minimal /etc/hosts + ;; to resolve "localhost". + (call-with-output-file "/etc/hosts" + (lambda (port) + (display "127.0.0.1 localhost\n" port) + (chmod port #o444)))) + + ;; Set PATH for things that the activation script might expect, such + ;; as "env". + (load-profile #$system-profile) + + (mkdir-p #$home-directory) + (setenv "HOME" #$home-directory) + (setenv "GUIX_NEW_HOME" #$home) + (primitive-load (string-append #$home "/activate")) + (setenv "GUIX_NEW_HOME" #f) + + (when term + ;; Preserve TERM for proper interactive use. + (setenv "TERM" term)) + + (chdir #$home-directory) + + ;; Invoke SHELL with argv[0] starting with "-": that's how shells + ;; figure out that they are login shells! + (execl shell (string-append "-" (basename shell)) + #$@(match command + (() #~()) + ((_ ...) + #~("-c" #$(string-join command)))))))) + + #:namespaces (if network? + (delq 'net %namespaces) ; share host network + %namespaces) + #:mappings (append network-mappings mappings) + #:guest-uid uid + #:guest-gid gid)) + ;;; ;;; Actions. @@ -159,7 +339,12 @@ (define* (perform-action action he dry-run? derivations-only? use-substitutes? - (validate-reconfigure ensure-forward-reconfigure)) + (validate-reconfigure ensure-forward-reconfigure) + + ;; Container options. + (file-system-mappings '()) + (container-command '()) + network?) "Perform ACTION for home environment. " (define println @@ -180,24 +365,37 @@ (define println (he-out-path -> (derivation->output-path he-drv))) (if (or dry-run? derivations-only?) (return #f) - (begin - (for-each (compose println derivation->output-path) drvs) + (case action + ((reconfigure) + (let* ((number (generation-number %guix-home)) + (generation (generation-file-name + %guix-home (+ 1 number)))) - (case action - ((reconfigure) - (let* ((number (generation-number %guix-home)) - (generation (generation-file-name - %guix-home (+ 1 number)))) - - (switch-symlinks generation he-out-path) - (switch-symlinks %guix-home generation) - (setenv "GUIX_NEW_HOME" he-out-path) - (primitive-load (string-append he-out-path "/activate")) - (setenv "GUIX_NEW_HOME" #f) - (return he-out-path))) - (else - (newline) - (return he-out-path))))))) + (switch-symlinks generation he-out-path) + (switch-symlinks %guix-home generation) + (setenv "GUIX_NEW_HOME" he-out-path) + (primitive-load (string-append he-out-path "/activate")) + (setenv "GUIX_NEW_HOME" #f) + (return he-out-path))) + ((container) + (mlet %store-monad ((status (spawn-home-container + he + #:network? network? + #:mappings file-system-mappings + #:command + container-command))) + (match (status:exit-val status) + (0 (return #t)) + ((? integer? n) (return (exit n))) + (#f + (if (status:term-sig status) + (leave (G_ "process terminated with signal ~a~%") + (status:term-sig status)) + (leave (G_ "process stopped with signal ~a~%") + (status:stop-sig status))))))) + (else + (for-each (compose println derivation->output-path) drvs) + (return he-out-path)))))) (define (process-action action args opts) "Process ACTION, a sub-command, with the arguments are listed in ARGS. @@ -236,6 +434,10 @@ (define (ensure-home-environment file-or-exp obj) (else (leave (G_ "no configuration specified~%"))))))) + (mappings (filter-map (match-lambda + (('file-system-mapping . mapping) mapping) + (_ #f)) + opts)) (dry? (assoc-ref opts 'dry-run?))) (with-store store @@ -256,7 +458,11 @@ (define (ensure-home-environment file-or-exp obj) #:derivations-only? (assoc-ref opts 'derivations-only?) #:use-substitutes? (assoc-ref opts 'substitutes?) #:validate-reconfigure - (assoc-ref opts 'validate-reconfigure)))))) + (assoc-ref opts 'validate-reconfigure) + #:network? (assoc-ref opts 'network?) + #:file-system-mappings mappings + #:container-command + (or (assoc-ref opts 'container-command) '())))))) (warn-about-disk-space))) @@ -345,7 +551,7 @@ (define (parse-sub-command arg result) list-generations describe delete-generations roll-back switch-generation search - import) + import container) (alist-cons 'action action result)) (else (leave (G_ "~a: unknown action~%") action)))))) @@ -383,11 +589,28 @@ (define (fail) (fail)))) args)) + (define (parse-args args) + ;; Parse the list of command line arguments ARGS. + + ;; The '--' token is used to separate the command to run from the rest of + ;; the operands. + (let* ((args rest (break (cut string=? "--" <>) args)) + (opts (parse-command-line args %options (list %default-options) + #:argument-handler + parse-sub-command))) + (match rest + (() opts) + (("--") opts) + (("--" command ...) + (match (assoc-ref opts 'action) + ('container + (alist-cons 'container-command command opts)) + (_ + (leave (G_ "~a: extraneous command~%") + (string-join command)))))))) + (with-error-handling - (let* ((opts (parse-command-line args %options - (list %default-options) - #:argument-handler - parse-sub-command)) + (let* ((opts (parse-args args)) (args (option-arguments opts)) (command (assoc-ref opts 'action))) (parameterize ((%graft? (assoc-ref opts 'graft?))) diff --git a/tests/guix-home.sh b/tests/guix-home.sh index f054d15172..13c02d6269 100644 --- a/tests/guix-home.sh +++ b/tests/guix-home.sh @@ -26,6 +26,16 @@ set -e guix home --version +container_supported () +{ + if guile -c '((@ (guix scripts environment) assert-container-features))' + then + return 0 + else + return 1 + fi +} + NIX_STORE_DIR="$(guile -c '(use-modules (guix config))(display %storedir)')" localstatedir="$(guile -c '(use-modules (guix config))(display %localstatedir)')" GUIX_DAEMON_SOCKET="$localstatedir/guix/daemon-socket/socket" @@ -47,20 +57,6 @@ trap 'chmod -Rf +w "$test_directory"; rm -rf "$test_directory"' EXIT ( cd "$test_directory" || exit 77 - HOME="$test_directory" - export HOME - - # - # Test 'guix home reconfigure'. - # - - echo "# This file will be overridden and backed up." > "$HOME/.bashrc" - mkdir "$HOME/.config" - echo "This file will be overridden too." > "$HOME/.config/test.conf" - echo "This file will stay around." > "$HOME/.config/random-file" - - echo -n "# dot-bashrc test file for guix home" > "dot-bashrc" - cat > "home.scm" <<'EOF' (use-modules (guix gexp) (gnu home) @@ -93,6 +89,40 @@ trap 'chmod -Rf +w "$test_directory"; rm -rf "$test_directory"' EXIT "# the content of bashrc-test-config.sh")))))))) EOF + echo -n "# dot-bashrc test file for guix home" > "dot-bashrc" + + + if container_supported + then + # Run the home in a container. + guix home container home.scm -- true + ! guix home container home.scm -- false + test "$(guix home container home.scm -- echo '$HOME')" = "$HOME" + guix home container home.scm -- cat '~/.config/test.conf' | \ + grep "the content of" + guix home container home.scm -- test -h '~/.bashrc' + test "$(guix home container home.scm -- id -u)" = 1000 + ! guix home container home.scm -- test -f '$HOME/sample/home.scm' + guix home container home.scm --expose="$PWD=$HOME/sample" -- \ + test -f '$HOME/sample/home.scm' + ! guix home container home.scm --expose="$PWD=$HOME/sample" -- \ + rm -v '$HOME/sample/home.scm' + else + echo "'guix home container' test SKIPPED" >&2 + fi + + HOME="$test_directory" + export HOME + + # + # Test 'guix home reconfigure'. + # + + echo "# This file will be overridden and backed up." > "$HOME/.bashrc" + mkdir "$HOME/.config" + echo "This file will be overridden too." > "$HOME/.config/test.conf" + echo "This file will stay around." > "$HOME/.config/random-file" + guix home reconfigure "${test_directory}/home.scm" test -d "${HOME}/.guix-home" test -h "${HOME}/.bash_profile" -- 2.34.0 From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 17 02:24:23 2022 Received: (at 54377) by debbugs.gnu.org; 17 Mar 2022 06:24:23 +0000 Received: from localhost ([127.0.0.1]:52824 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nUjYc-0007O1-2y for submit@debbugs.gnu.org; Thu, 17 Mar 2022 02:24:23 -0400 Received: from mail-lj1-f181.google.com ([209.85.208.181]:38478) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nUjYZ-0007Nn-Qj for 54377@debbugs.gnu.org; Thu, 17 Mar 2022 02:24:21 -0400 Received: by mail-lj1-f181.google.com with SMTP id s25so5961578lji.5 for <54377@debbugs.gnu.org>; Wed, 16 Mar 2022 23:24:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=trop-in.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version; bh=7HzTX2G+/aQ6pGGnfDCOgtfaOW97JuFHMsM/yal9U34=; b=JOJcOEJp1bjIrMOhbc2LzNhL23TcqgzBDXo0Gqkktcn64czJH4BykHJ+q7ZeQdsaUr Db+LfdN9D/jOScjBMMSkwdzQgO0LKrmjjuctZkXIwFr4FU3PkaYaFU791Pb7r+5I6Rgz kAO7dJhsIoMUyJhFwcpLKzV40l9BbDGdqM8PZizfztm9PVuRLBcGkyVI1UqHlZPhdvFd sQhKW+3UCAJ/t4JNhXlw4vdyZoVg1T5mCWZj5x3el80R8ONTDxGjhN8tLjBkEsxryZO2 4+Otz19jGN8R5Y/WIYJNemdTF8qPkOxKCKC01WVMsurJX7oyHoVnfJoz3DW3WO03Ky/b OVGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=7HzTX2G+/aQ6pGGnfDCOgtfaOW97JuFHMsM/yal9U34=; b=WM0QEzhIrcUmJxFAt/bPQByQaDH40pG7DRS3B2fRWgm7okZq8wtCgN/pN4lF1MbxnT BB9dPLd6i6JBTYMe1j7pqXLfBQB4h6GpHmtUrt8o8EMsSyAG3LvMdu3UzlJXdHf6W/I8 KshySRwsrOZGZ5+zBi5Fhw14wM2W4y94txqlA0ty8S1TrqWbZw09sQaDBkpcoZgl/JRs UFWdBe3OUM9ObRmI00kx8It7liBSaaV2OatAeYawTEXpcz3gHYVaYLRlZkQJX86K02mz 7CQgD3PYJ4weko/6NDEfK0IGuAyX6DiSZeaH3YZqgHuZPdURjFXjQ5NywmwGceUk27cm 8K7A== X-Gm-Message-State: AOAM530G3NxHH4MUqCj7WQoLH6n62Ives9ydDKLNaG7juVsgsNd4qZNc XTEK/rZEpxjoPWZBbFwcad5zkg== X-Google-Smtp-Source: ABdhPJzXdzHhNeU5oExIQkYFVRjOw+KBXvxoEXtCaV1xg3ghEN9O7f2haS8sabOh91aQXSJHj9clew== X-Received: by 2002:a05:651c:516:b0:249:23ef:d9c7 with SMTP id o22-20020a05651c051600b0024923efd9c7mr1917615ljp.202.1647498252789; Wed, 16 Mar 2022 23:24:12 -0700 (PDT) Received: from localhost (109-252-132-136.dynamic.spd-mgts.ru. [109.252.132.136]) by smtp.gmail.com with ESMTPSA id be17-20020a05651c171100b00247eaff0ff0sm359491ljb.7.2022.03.16.23.24.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Mar 2022 23:24:12 -0700 (PDT) From: Andrew Tropin To: Ludovic =?utf-8?Q?Court=C3=A8s?= , 54377@debbugs.gnu.org Subject: Re: [bug#54377] [PATCH 3/3] guix home: Add 'container' command. In-Reply-To: <20220313215454.9576-3-ludo@gnu.org> References: <20220313215454.9576-1-ludo@gnu.org> <20220313215454.9576-3-ludo@gnu.org> Date: Thu, 17 Mar 2022 09:24:09 +0300 Message-ID: <87y219hzau.fsf@trop.in> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 54377 Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2022-03-13 22:54, Ludovic Court=C3=A8s wrote: > * guix/scripts/home.scm (show-help, %options): Add '--network', > '--share', and '--expose'. > (not-config?, user-shell, spawn-home-container): New procedures. > (%default-system-profile): New variable. > (perform-action): Add #:file-system-mappings, #:container-command, > and #:network?; honor them. > (process-action): Adjust accordingly. > (guix-home)[parse-sub-command]: Add "container". > [parse-args]: New procedure. > Use it instead of 'parse-command-line'. > * tests/guix-home.sh: Add tests. > * doc/guix.texi (Declaring the Home Environment): Mention 'guix home > container' as a way to test configuration. > (Invoking guix home): Document it. > --- > doc/guix.texi | 58 +++++++++ > guix/scripts/home.scm | 271 ++++++++++++++++++++++++++++++++++++++---- > tests/guix-home.sh | 58 ++++++--- > 3 files changed, 349 insertions(+), 38 deletions(-) > > diff --git a/doc/guix.texi b/doc/guix.texi > index 4b71fb7010..ba9199f336 100644 > --- a/doc/guix.texi > +++ b/doc/guix.texi > @@ -38071,6 +38071,21 @@ be confused with Shepherd services (@pxref{Sheph= erd Services}). Using this exte > mechanism and some Scheme code that glues things together gives the user > the freedom to declare their own, very custom, home environments. >=20=20 > +@cindex container, for @command{guix home} > +Once the configuration looks good, you can first test it in a throw-away > +``container'': > + > +@example > +guix home container config.scm > +@end example > + > +The command above spawns a shell where your home environment is running. > +The shell runs in a container, meaning it's isolated from the rest of > +the system, so it's a good way to try out your configuration---you can > +see if configuration bits are missing or misbehaving, if daemons get > +started, and so on. Once you exit that shell, you're back to the prompt > +of your original shell ``in the real world''. > + > Once you have a configuration file that suits your needs, you can > reconfigure your home by running: >=20=20 > @@ -38699,6 +38714,49 @@ As for @command{guix search}, the result is writ= ten in > @code{recutils} format, which makes it easy to filter the output > (@pxref{Top, GNU recutils databases,, recutils, GNU recutils manual}). >=20=20 > +@cindex container, for @command{guix home} > +@item container > +Spawn a shell in an isolated environment---a > +@dfn{container}---containing your home as specified by @var{file}. > + > +For example, this is how you would start an interactive shell in a s/interactive/login ? or interactive login shell > +container with your home: > + > +@example > +guix home container config.scm > +@end example > + > +This is a throw-away container where you can lightheartedly fiddle with > +files; any changes made within the container, any process started---all > +this disappears as soon as you exit that shell. > + > +As with @command{guix shell}, several options control that container: > + > +@table @option > +@item --network > +@itemx -N > +Enable networking within the container (it is disabled by default). > + > +@item --expose=3D@var{source}[=3D@var{target}] > +@itemx --share=3D@var{source}[=3D@var{target}] > +As with @command{guix shell}, make directory @var{source} of the host > +system available as @var{target} inside the container---read-only if you > +pass @option{--expose}, and writable if you pass @option{--share} > +(@pxref{Invoking guix shell, @option{--expose} and @option{--share}}). > +@end table > + > +Additionally, you can run a command in that container, instead of > +spawning an interactive shell. For instance, here is how you would In fact the sentence is correct, but gives a feeling that the shell won't be executed at all. Don't know if we need to change it somehow. > +check which Shepherd services are started in a throw-away home > +container: > + > +@example > +guix home container config.scm -- herd status > +@end example > + > +The command to run in the container must come after @code{--} (double > +hyphen). > + > @item reconfigure > Build the home environment described in @var{file}, and switch to it. > Switching means that the activation script will be evaluated and (in > diff --git a/guix/scripts/home.scm b/guix/scripts/home.scm > index 837fd96361..b422cd36e2 100644 > --- a/guix/scripts/home.scm > +++ b/guix/scripts/home.scm > @@ -23,8 +23,21 @@ (define-module (guix scripts home) > #:use-module (gnu packages admin) > #:use-module ((gnu services) #:hide (delete)) > #:use-module (gnu packages) > + #:autoload (gnu packages base) (coreutils) > + #:autoload (gnu packages bash) (bash) > + #:autoload (gnu packages gnupg) (guile-gcrypt) > + #:autoload (gnu packages shells) (fish gash zsh) > #:use-module (gnu home) > #:use-module (gnu home services) > + #:autoload (guix modules) (source-module-closure) > + #:autoload (gnu build linux-container) (call-with-container %namespa= ces) > + #:autoload (gnu system linux-container) (eval/container) > + #:autoload (gnu system file-systems) (file-system-mapping > + file-system-mapping-source > + file-system-mapping->bind-mount > + specification->file-system-map= ping > + %network-file-mappings) > + #:autoload (guix self) (make-config.scm) > #:use-module (guix channels) > #:use-module (guix derivations) > #:use-module (guix ui) > @@ -48,6 +61,7 @@ (define-module (guix scripts home) > #:use-module (srfi srfi-26) > #:use-module (srfi srfi-35) > #:use-module (srfi srfi-37) > + #:use-module (srfi srfi-71) > #:use-module (ice-9 match) > #:export (guix-home)) >=20=20 > @@ -95,6 +109,16 @@ (define (show-help) > (display (G_ " > --allow-downgrades for 'reconfigure', allow downgrades to earlier > channel revisions")) > + (newline) > + (display (G_ " > + -N, --network allow containers to access the network")) Is plural form intended? > + (display (G_ " > + --share=3DSPEC for containers, share writable host file syst= em > + according to SPEC")) > + (display (G_ " > + --expose=3DSPEC for containers, expose read-only host file sy= stem > + according to SPEC")) > + (newline) > (display (G_ " > -v, --verbosity=3DLEVEL use the given verbosity LEVEL")) > (newline) > @@ -136,6 +160,22 @@ (define %options > (alist-cons 'validate-reconfigure > warn-about-backward-reconfigure > result))) > + > + ;; Container options. > + (option '(#\N "network") #f #f > + (lambda (opt name arg result) > + (alist-cons 'network? #t result))) > + (option '("share") #t #f > + (lambda (opt name arg result) > + (alist-cons 'file-system-mapping > + (specification->file-system-mapping arg #= t) > + result))) > + (option '("expose") #t #f > + (lambda (opt name arg result) > + (alist-cons 'file-system-mapping > + (specification->file-system-mapping arg #= f) > + result))) > + > %standard-build-options)) >=20=20 > (define %default-options > @@ -149,6 +189,146 @@ (define %default-options > (debug . 0) > (validate-reconfigure . ,ensure-forward-reconfigure))) >=20=20 > + > +;;; > +;;; Container. > +;;; > + > +(define not-config? > + ;; Select (guix =E2=80=A6) and (gnu =E2=80=A6) modules, except (guix c= onfig). > + (match-lambda > + (('guix 'config) #f) > + (('guix _ ...) #t) > + (('gnu _ ...) #t) > + (_ #f))) > + > +(define (user-shell) > + (match (and=3D> (or (getenv "SHELL") Be aware that in some cases $SHELL can differ from the value in /etc/passwd. For example I set SHELL to the full path to zsh and all interactive non-login shells are zsh for me, but my login shell is bash. > + (passwd:shell (getpwuid (getuid)))) > + basename) > + ("zsh" (file-append zsh "/bin/zsh")) > + ("fish" (file-append fish "/bin/fish")) > + ("gash" (file-append gash "/bin/gash")) > + (_ (file-append bash "/bin/bash")))) Why we use hardcoded shell packages? 1. The will be built in case user use a zsh-patched for example. 2. The version of the shell in the container can differ from one user expects. 3. $SHELL and the value in /etc/passwd should be absolute paths to the store already, we can just add a check and throw an exception if $SHELL is misscofigured and the path isn't absolute. > + > +(define %default-system-profile > + ;; The "system" profile available when running 'guix home container'. = The > + ;; activation script currently expects to run "env -0" (XXX), so provi= de > + ;; Coreutils by default. > + (delay (profile > + (name "home-system-profile") > + (content (packages->manifest (list coreutils)))))) > + > +(define* (spawn-home-container home > + #:key > + network? > + (command '()) > + (mappings '()) > + (system-profile > + (force %default-system-profile))) > + "Spawn a login shell within a container running HOME, a home environme= nt. > +When COMMAND is a non-empty list, execute it in the container and exit > +immediately. Return the exit status of the process in the container." > + (define passwd (getpwuid (getuid))) > + (define home-directory (or (getenv "HOME") (passwd:dir passwd))) > + (define host (gethostname)) > + (define uid 1000) > + (define gid 1000) > + (define user-name (passwd:name passwd)) > + (define user-real-name (passwd:gecos passwd)) > + > + (define (optional-mapping mapping) > + (and (file-exists? (file-system-mapping-source mapping)) > + mapping)) > + > + (define network-mappings > + (if network? > + (filter-map optional-mapping %network-file-mappings) > + '())) > + > + (eval/container > + (with-extensions (list guile-gcrypt) > + (with-imported-modules `(((guix config) =3D> ,(make-config.scm)) > + ,@(source-module-closure > + '((gnu build accounts) > + (guix profiles) > + (guix build utils) > + (guix build syscalls)) > + #:select? not-config?)) > + #~(begin > + (use-modules (guix build utils) > + (gnu build accounts) > + ((guix build syscalls) > + #:select (set-network-interface-up))) > + > + (define shell > + #$(user-shell)) > + > + (define term > + #$(getenv "TERM")) > + > + (define passwd > + (password-entry > + (name #$user-name) > + (real-name #$user-real-name) > + (uid #$uid) (gid #$gid) (shell shell) > + (directory #$home-directory))) > + > + (define groups > + (list (group-entry (name "users") (gid #$gid)) > + (group-entry (gid 65534) ;the overflow GID > + (name "overflow")))) > + > + ;; (guix profiles) loads (guix utils), which calls 'getpw' fr= om the > + ;; top level. Thus, arrange so that it's loaded after /etc/p= asswd > + ;; has been created. > + (module-autoload! (current-module) > + '(guix profiles) '(load-profile)) > + > + ;; Create /etc/passwd for applications that need it, such as = mcron. > + (mkdir-p "/etc") > + (write-passwd (list passwd)) > + (write-group groups) > + > + (unless #$network? > + ;; When isolated from the network, provide a minimal /etc/h= osts > + ;; to resolve "localhost". > + (call-with-output-file "/etc/hosts" > + (lambda (port) > + (display "127.0.0.1 localhost\n" port) > + (chmod port #o444)))) > + > + ;; Set PATH for things that the activation script might expec= t, such > + ;; as "env". > + (load-profile #$system-profile) > + > + (mkdir-p #$home-directory) > + (setenv "HOME" #$home-directory) > + (setenv "GUIX_NEW_HOME" #$home) > + (primitive-load (string-append #$home "/activate")) > + (setenv "GUIX_NEW_HOME" #f) > + > + (when term > + ;; Preserve TERM for proper interactive use. > + (setenv "TERM" term)) Just a note: the shell can missbehave if terminfo files for current TERM isn't present in the container (for example terminal package was removed from home profile). Idk how to properly cover this, but just letting you know. We can use TERM=3Ddumb, but I'm not sure if it worth it. > + > + (chdir #$home-directory) > + > + ;; Invoke SHELL with argv[0] starting with "-": that's how sh= ells > + ;; figure out that they are login shells! > + (execl shell (string-append "-" (basename shell)) > + #$@(match command > + (() #~()) > + ((_ ...) > + #~("-c" #$(string-join command)))))))) > + > + #:namespaces (if network? > + (delq 'net %namespaces) ; share host network > + %namespaces) > + #:mappings (append network-mappings mappings) > + #:guest-uid uid > + #:guest-gid gid)) > + > > ;;; > ;;; Actions. > @@ -159,7 +339,12 @@ (define* (perform-action action he > dry-run? > derivations-only? > use-substitutes? > - (validate-reconfigure ensure-forward-reconfigur= e)) > + (validate-reconfigure ensure-forward-reconfigur= e) > + > + ;; Container options. > + (file-system-mappings '()) > + (container-command '()) > + network?) > "Perform ACTION for home environment. " >=20=20 > (define println > @@ -180,24 +365,37 @@ (define println > (he-out-path -> (derivation->output-path he-drv))) > (if (or dry-run? derivations-only?) > (return #f) > - (begin > - (for-each (compose println derivation->output-path) drvs) > + (case action > + ((reconfigure) > + (let* ((number (generation-number %guix-home)) > + (generation (generation-file-name > + %guix-home (+ 1 number)))) >=20=20 > - (case action > - ((reconfigure) > - (let* ((number (generation-number %guix-home)) > - (generation (generation-file-name > - %guix-home (+ 1 number)))) > - > - (switch-symlinks generation he-out-path) > - (switch-symlinks %guix-home generation) > - (setenv "GUIX_NEW_HOME" he-out-path) > - (primitive-load (string-append he-out-path "/activate")) > - (setenv "GUIX_NEW_HOME" #f) > - (return he-out-path))) > - (else > - (newline) > - (return he-out-path))))))) > + (switch-symlinks generation he-out-path) > + (switch-symlinks %guix-home generation) > + (setenv "GUIX_NEW_HOME" he-out-path) > + (primitive-load (string-append he-out-path "/activate")) > + (setenv "GUIX_NEW_HOME" #f) > + (return he-out-path))) > + ((container) > + (mlet %store-monad ((status (spawn-home-container > + he > + #:network? network? > + #:mappings file-system-mappings > + #:command > + container-command))) > + (match (status:exit-val status) > + (0 (return #t)) > + ((? integer? n) (return (exit n))) > + (#f > + (if (status:term-sig status) > + (leave (G_ "process terminated with signal ~a~%") > + (status:term-sig status)) > + (leave (G_ "process stopped with signal ~a~%") > + (status:stop-sig status))))))) > + (else > + (for-each (compose println derivation->output-path) drvs) > + (return he-out-path)))))) >=20=20 > (define (process-action action args opts) > "Process ACTION, a sub-command, with the arguments are listed in ARGS. > @@ -236,6 +434,10 @@ (define (ensure-home-environment file-or-exp obj) > (else > (leave (G_ "no configuration specified~%"))))))) >=20=20 > + (mappings (filter-map (match-lambda > + (('file-system-mapping . mapping) ma= pping) > + (_ #f)) > + opts)) > (dry? (assoc-ref opts 'dry-run?))) >=20=20 > (with-store store > @@ -256,7 +458,11 @@ (define (ensure-home-environment file-or-exp obj) > #:derivations-only? (assoc-ref opts 'derivat= ions-only?) > #:use-substitutes? (assoc-ref opts 'substitu= tes?) > #:validate-reconfigure > - (assoc-ref opts 'validate-reconfigure)))))) > + (assoc-ref opts 'validate-reconfigure) > + #:network? (assoc-ref opts 'network?) > + #:file-system-mappings mappings > + #:container-command > + (or (assoc-ref opts 'container-command) '())= ))))) > (warn-about-disk-space))) >=20=20 >=20=20 > @@ -345,7 +551,7 @@ (define (parse-sub-command arg result) > list-generations describe > delete-generations roll-back > switch-generation search > - import) > + import container) > (alist-cons 'action action result)) > (else (leave (G_ "~a: unknown action~%") action)))))) >=20=20 > @@ -383,11 +589,28 @@ (define (fail) > (fail)))) > args)) >=20=20 > + (define (parse-args args) > + ;; Parse the list of command line arguments ARGS. > + > + ;; The '--' token is used to separate the command to run from the re= st of > + ;; the operands. > + (let* ((args rest (break (cut string=3D? "--" <>) args)) > + (opts (parse-command-line args %options (list %default-option= s) > + #:argument-handler > + parse-sub-command))) > + (match rest > + (() opts) > + (("--") opts) > + (("--" command ...) > + (match (assoc-ref opts 'action) > + ('container > + (alist-cons 'container-command command opts)) > + (_ > + (leave (G_ "~a: extraneous command~%") > + (string-join command)))))))) > + > (with-error-handling > - (let* ((opts (parse-command-line args %options > - (list %default-options) > - #:argument-handler > - parse-sub-command)) > + (let* ((opts (parse-args args)) > (args (option-arguments opts)) > (command (assoc-ref opts 'action))) > (parameterize ((%graft? (assoc-ref opts 'graft?))) > diff --git a/tests/guix-home.sh b/tests/guix-home.sh > index f054d15172..13c02d6269 100644 > --- a/tests/guix-home.sh > +++ b/tests/guix-home.sh > @@ -26,6 +26,16 @@ set -e >=20=20 > guix home --version >=20=20 > +container_supported () > +{ > + if guile -c '((@ (guix scripts environment) assert-container-feature= s))' > + then > + return 0 > + else > + return 1 > + fi > +} > + > NIX_STORE_DIR=3D"$(guile -c '(use-modules (guix config))(display %stored= ir)')" > localstatedir=3D"$(guile -c '(use-modules (guix config))(display %locals= tatedir)')" > GUIX_DAEMON_SOCKET=3D"$localstatedir/guix/daemon-socket/socket" > @@ -47,20 +57,6 @@ trap 'chmod -Rf +w "$test_directory"; rm -rf "$test_di= rectory"' EXIT > ( > cd "$test_directory" || exit 77 >=20=20 > - HOME=3D"$test_directory" > - export HOME > - > - # > - # Test 'guix home reconfigure'. > - # > - > - echo "# This file will be overridden and backed up." > "$HOME/.bashr= c" > - mkdir "$HOME/.config" > - echo "This file will be overridden too." > "$HOME/.config/test.conf" > - echo "This file will stay around." > "$HOME/.config/random-file" > - > - echo -n "# dot-bashrc test file for guix home" > "dot-bashrc" > - > cat > "home.scm" <<'EOF' > (use-modules (guix gexp) > (gnu home) > @@ -93,6 +89,40 @@ trap 'chmod -Rf +w "$test_directory"; rm -rf "$test_di= rectory"' EXIT > "# the content of bashrc-test-config.sh")))))))) > EOF >=20=20 > + echo -n "# dot-bashrc test file for guix home" > "dot-bashrc" > + > + > + if container_supported > + then > + # Run the home in a container. > + guix home container home.scm -- true > + ! guix home container home.scm -- false > + test "$(guix home container home.scm -- echo '$HOME')" =3D "$HOME" > + guix home container home.scm -- cat '~/.config/test.conf' | \ > + grep "the content of" > + guix home container home.scm -- test -h '~/.bashrc' > + test "$(guix home container home.scm -- id -u)" =3D 1000 > + ! guix home container home.scm -- test -f '$HOME/sample/home.scm' > + guix home container home.scm --expose=3D"$PWD=3D$HOME/sample" -- \ > + test -f '$HOME/sample/home.scm' > + ! guix home container home.scm --expose=3D"$PWD=3D$HOME/sample" -- \ > + rm -v '$HOME/sample/home.scm' > + else > + echo "'guix home container' test SKIPPED" >&2 > + fi > + > + HOME=3D"$test_directory" > + export HOME > + > + # > + # Test 'guix home reconfigure'. > + # > + > + echo "# This file will be overridden and backed up." > "$HOME/.bashr= c" > + mkdir "$HOME/.config" > + echo "This file will be overridden too." > "$HOME/.config/test.conf" > + echo "This file will stay around." > "$HOME/.config/random-file" > + > guix home reconfigure "${test_directory}/home.scm" > test -d "${HOME}/.guix-home" > test -h "${HOME}/.bash_profile" Very cool feature! Looking forward to add it to my workflow.=20 =2D-=20 Best regards, Andrew Tropin --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJDBAEBCgAtFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmIy1AkPHGFuZHJld0B0 cm9wLmluAAoJECII0glYwd6wkOoQAIk1tQ4Mgc09D3XcPreRqRcSLvt+/Ln+TQST TSGYgjav5DJ3pjulMh/o2LizMgJCvOy4/HAmFy/mvU8sICYfpg3+ycLFIcUGc76A 4YfP64gjowr+yVqxDjdu7hToz00jMH9LYjzTTpco8RUvhJth1Iwgw3YcDOH7S7kk sAVqHgo3PE/fKQXvbT136Hr2+P0txxuvXaCNFvsW8qxaLUkNDxR3nzIe8MylQlZ4 dethGByEEw+fsSky1nR3AIDizhrhEm1MvlKNNxgcpEck0VF2xb5LRc9JVlnlq8qV GH8ZGT7zls2FGIthzF63nQ8KTSesmhGNcigU76HSL9PmkPa2Id1IXf95vewHM4f0 4YrU3GvVzcO/BYqjxhAmBzmdx5u3hoxkTqenHVcwB5dJntSwWUnlHNzqjQhaenoo eXu+pGon2GdLNtKtE//idTImzuA6aPnxMq8zS55qLXUwLDzgeYLwWF+PjZBNQdfU KceYXRcXnBDv+2MZ7BQ+EGtRgO4EDxsgJyV1RRSMapyfYVcjTozc7cFY/ygcrHdS AiUPV+4rUbpMQxhAeW1JvpxFDLLryuNnNHcbywHdoTc/Kq0xtYpCyj9LVBBdWV1f XRYQiUz63wtstVjNdzVcqpOdZ7PeblAwUIzFHMy9PtnqR4gfnqozm9FhRrdn2mOI Uzmx3l// =9oQN -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Mar 17 11:01:25 2022 Received: (at 54377) by debbugs.gnu.org; 17 Mar 2022 15:01:25 +0000 Received: from localhost ([127.0.0.1]:54956 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nUrcz-0000f1-K0 for submit@debbugs.gnu.org; Thu, 17 Mar 2022 11:01:25 -0400 Received: from mail-pj1-f43.google.com ([209.85.216.43]:37542) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nUrcy-0000eo-DF for 54377@debbugs.gnu.org; Thu, 17 Mar 2022 11:01:24 -0400 Received: by mail-pj1-f43.google.com with SMTP id mz9-20020a17090b378900b001c657559290so5454154pjb.2 for <54377@debbugs.gnu.org>; Thu, 17 Mar 2022 08:01:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:subject:date:message-id:mime-version; bh=HqyGZley4oHlfp07RzVEUSEvsKXPBMas0mCUlDTCHuE=; b=IWInRv42Ap+PW2WyZiI8KmWhC+Yc6eNYT6VI4WrDxbSvSCFN2iNdfhVr/L1JTQ4bon IFxISRmlcoxydowr/bDo6ebMypMNLToHiQIJm+yRxuIo0EAFVWek0qKZq4VJJZ6IpkMZ MfYsFei9q/wWiVFgOMRaBvin6EH8TltEci5L6AoIHZJrDTFMXX9EprfkYUEwG8klgBLp xUI8EUdSips6Yr25yjiUEOL5Jla+cUlV5f6rZRTGMDGZgrwTA5auDVnab+6KCPvvyqYq 9gUAcjFYbzDMDkINR3t4B+r+CC/zhGI2anA+SvV42vFSI7jx/USBXhKdFge+bx9QI9HE w3ew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:mime-version; bh=HqyGZley4oHlfp07RzVEUSEvsKXPBMas0mCUlDTCHuE=; b=lM4Hl0dPVLM6JrzwFZtkmPmOCkKWbowv5pIu8TjRbWbsEYzsA6HTohvXFOPAfXqMLf bV08aWv23u/98SiNBm+lhpdyxGgFJGM3RFtyH/swE1ujdXONYZ0Gqx4/Jd5C2I8peBZa cWPUiQYEewfD/Rsuq9uKfEblyScOTRFZo+s+GN180nFdkyrLAzicTvlcTP9KywO89O8U UXOD/wsu/G6ZS4s3ZJCWC52Mu+fm6/W/E0iaO7mI4AxuU4D6TlAbcCUniU215aW2Tvwi dUhJ+wusrBCqusOdI640O4b1Hzb9PAHOUdvkQYssCXkDwqQxJBAHyVV+78/1ZRnqsfe6 kHbQ== X-Gm-Message-State: AOAM530J6bBsY4HtsAFjdsnh3qNpfUVUpDPhKjxCzR3MGVK6nx/mdGLi AxBtKYoVkQ9rJxx6lT6hZqk= X-Google-Smtp-Source: ABdhPJwGbP41UsQ4fJAbynLC1Xt0g/mCNZfbH+9o4yzGdIf+ghbqEi6AbrjkH+Sg8I3Mi+dmqsodtg== X-Received: by 2002:a17:902:f549:b0:151:f9ce:4ec1 with SMTP id h9-20020a170902f54900b00151f9ce4ec1mr5041229plf.3.1647529277997; Thu, 17 Mar 2022 08:01:17 -0700 (PDT) Received: from Ginko.local ([66.170.190.211]) by smtp.gmail.com with ESMTPSA id lp13-20020a17090b4a8d00b001c18b1114c8sm10121257pjb.10.2022.03.17.08.01.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Mar 2022 08:01:17 -0700 (PDT) From: Frank Pursel To: 54377@debbugs.gnu.org Subject: [PATCH 0/3] Add 'guix home container' Date: Thu, 17 Mar 2022 08:01:16 -0700 Message-ID: <871qz0vd1f.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 54377 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Ludo, This is a very exciting idea. Entry into guix home has some wrinkles in it that are scary. I know it required several iterations over home-configuration.scm and 'guix home reconfigure' before I was able to make peace with my guix home. I see in irc that others are also experiencing challenges getting the environments where they want them to be. This patch allows more control over the adoption of guix home while also cleverly leveraging improvements to guix containers. Very cool, I want it! I ran this patch against my current, working home configuration to see what happened and I ran into a problem. My home-configuration.scm sets the GUIX_PACKAGE_PATH (using simple-service 'local-environment-variables) and then references packages that are in that path (in my case a package called emacs-ix). When I executed 'guix home container ' I received the following errors: guix home: error: emacs-ix: unknown package guix home: error: failed to load '/home/fpp/src/guix-home-config/home-configuration.scm': gnu/packages.scm:544:4: In procedure specification->package+output: IDK if this is the desired behavior. Can the environment set in config.scm be set before loading the packages that may modify the environment? Regards, Frank Pursel acrow#guix From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 18 09:25:40 2022 Received: (at 54377) by debbugs.gnu.org; 18 Mar 2022 13:25:40 +0000 Received: from localhost ([127.0.0.1]:56527 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nVCbs-0002XF-5I for submit@debbugs.gnu.org; Fri, 18 Mar 2022 09:25:40 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41194) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nVCbr-0002X1-BH for 54377@debbugs.gnu.org; Fri, 18 Mar 2022 09:25:39 -0400 Received: from [2001:470:142:3::e] (port=48540 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nVCbl-0002hC-RS; Fri, 18 Mar 2022 09:25:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=+kA91HOoBpLLKQ0o82TOSeH2O6873DuoEt8VB2A51S8=; b=MQBtsyRTEfQD1VS5l+w3 pQn6Y8KYNfOA227+C+jOFOn826SqybKbCelE3xNrUBQEb9gvZ4BwMH9UGBwmf5WzxtxN20CnGzPs2 BY7zxQTc8CjSte0j0I5yGIYIwfO7YXWIKaEZxCbgR/aRndqIaz5EMDTz0Bh3z/5415wUqgZmU7axS oo68ZwGUlIF4NZwq8V7MnhN3dsFJS3C3iNPq2vewf9sJgZ58zv9wxu1v8JwXUnExkxRPD/7ewcPBu Aa1+7Z6AOXHuAD+2+i4FO9MwwiMQlcn/O6vrq02lAAeu9Z5E1ypE7A48gSXuGcY5dCwttNSxCuB0+ lZm3Reit7HFFmQ==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:51978 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nVCbg-0001rW-Um; Fri, 18 Mar 2022 09:25:30 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Andrew Tropin Subject: Re: [bug#54377] [PATCH 3/3] guix home: Add 'container' command. References: <20220313215454.9576-1-ludo@gnu.org> <20220313215454.9576-3-ludo@gnu.org> <87y219hzau.fsf@trop.in> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 28 =?utf-8?Q?Vent=C3=B4se?= an 230 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Fri, 18 Mar 2022 14:25:26 +0100 In-Reply-To: <87y219hzau.fsf@trop.in> (Andrew Tropin's message of "Thu, 17 Mar 2022 09:24:09 +0300") Message-ID: <87v8wbqto9.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54377 Cc: 54377@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Andrew, Andrew Tropin skribis: >> +For example, this is how you would start an interactive shell in a > > s/interactive/login ? > > or interactive login shell Yeah. I thought that as a user, what matters is that it=E2=80=99s interact= ive; the fact that it=E2=80=99s a =E2=80=9Clogin shell=E2=80=9D is more of an im= plementation detail, and too few people understand what that means anyway. :-) [...] >> +Additionally, you can run a command in that container, instead of >> +spawning an interactive shell. For instance, here is how you would > > In fact the sentence is correct, but gives a feeling that the shell > won't be executed at all. Don't know if we need to change it somehow. I agree that the sentence is an approximation of how it does things, but hopefully it gives a good idea of what it. >> + (display (G_ " >> + -N, --network allow containers to access the network")) > > Is plural form intended? (Copied from environment.scm.) I think it=E2=80=99s grammatically OK. >> +(define (user-shell) >> + (match (and=3D> (or (getenv "SHELL") > > Be aware that in some cases $SHELL can differ from the value in > /etc/passwd. For example I set SHELL to the full path to zsh and all > interactive non-login shells are zsh for me, but my login shell is bash. Agreed, that=E2=80=99s why I thought $SHELL should take precedence. (I used =E2=80=9CSHELL=3Dzsh guix home container =E2=80=A6=E2=80=9D and similar to = test other shells.) >> + (passwd:shell (getpwuid (getuid)))) >> + basename) >> + ("zsh" (file-append zsh "/bin/zsh")) >> + ("fish" (file-append fish "/bin/fish")) >> + ("gash" (file-append gash "/bin/gash")) >> + (_ (file-append bash "/bin/bash")))) > > Why we use hardcoded shell packages? For reproducibility. Initially I thought about using the actual $SHELL (as long as it=E2=80=99s = in the store). However, that would make =E2=80=98guix home container=E2=80=99= stateful: it=E2=80=99d provide different results depending on the environment. I thought we=E2=80=99d rather avoid that. > 1. The will be built in case user use a zsh-patched for example. That=E2=80=99s the downside, yes. I don=E2=80=99t have a good answer to that. I guess I value reproducibility more than customization in this case. Perhaps we could eventually add a =E2=80=98--shell=E2=80=99 option or simil= ar if that helps, though. WDYT? >> + (when term >> + ;; Preserve TERM for proper interactive use. >> + (setenv "TERM" term)) > > Just a note: the shell can missbehave if terminfo files for current TERM > isn't present in the container (for example terminal package was removed > from home profile). Idk how to properly cover this, but just letting > you know. We can use TERM=3Ddumb, but I'm not sure if it worth it. Good point. In my tests preserving TERM was good enough for Bash/Readline, Zsh, and less (all from an xterm). I suppose problems could happen with fancy curses apps and the like. > Very cool feature! Looking forward to add it to my workflow.=20 Glad you like it! It makes it easier to test new features or services, much like using =E2=80=98guix system vm=E2=80=99 when testing Guix System c= hanges. Thanks for taking the time to review! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sat Mar 19 01:10:12 2022 Received: (at 54377) by debbugs.gnu.org; 19 Mar 2022 05:10:12 +0000 Received: from localhost ([127.0.0.1]:58867 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nVRLw-0002lg-1x for submit@debbugs.gnu.org; Sat, 19 Mar 2022 01:10:12 -0400 Received: from mail-lj1-f175.google.com ([209.85.208.175]:37747) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nVRLu-0002lM-H2 for 54377@debbugs.gnu.org; Sat, 19 Mar 2022 01:10:11 -0400 Received: by mail-lj1-f175.google.com with SMTP id r22so13642688ljd.4 for <54377@debbugs.gnu.org>; Fri, 18 Mar 2022 22:10:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=trop-in.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version; bh=JY9bniycizL41DJp7PaQqjjKSWgVdaAs6FjGXYTMJzU=; b=c4smzdI6DPVGTivpWoNmolFoJYzapb4mQ0Twk2vVN6KytJqVzVprpbhvLe8S5XgujQ kU9lAScECclqXUENl4KUsBpqaRVlyNVeoJMhyhWOeRaPEKBff6hpEfGPfW22xz5S/BpK XsoySH5b4l2Gc19yCVO+dWJpCOLD0mfDsTJZxQ7DLFsmet4GoDey2ulPhcq+CcjOpH/u SMqinReCcDYfAx/Tgy0csAQqW+WylM8y/oz8PDLR6T+odKGA6BxD6JxCsQN5i0ouha1m 6Di/A++nnvpNWUwuPZ7TUy/gkXL44w7b2vUxl+CBxrQua9lKov1aieIxaX7R93GpvkM6 sZtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=JY9bniycizL41DJp7PaQqjjKSWgVdaAs6FjGXYTMJzU=; b=kj66XAtR8XOTj245rUMCp1e5/gEnjZBPd+9gWwVaSR87MFSyAW/H5z6zL7FUELw3I+ 0XAG9u3Cl5qNsZiIeZtDsijZui0QvcXXoEHsMt8bl/6qIS8Htfl1AAZWxn8CCtWPNdkt iksMjGfy+MV7ZbzyYenCBiZcHWH6RxG4DnfpdjYHizWj946nu2z+Nw4mjAkhRiFOitOG AYj125IuqJYOx1Kz8M8DFIm4AEuJ/6AzXBsJNgXpyfOwtejZU4fP+ngoaRj/Z2rlr1Vl EuvY1UaDkkA8fSRTD/ZH29skTU1KdKSYiPl9K3l0HBqc0M1BbVe6tYL4JYCSB1yz/pxG yr9A== X-Gm-Message-State: AOAM530+epYLK1KiNcJdO9uK33LVeMm6JLU3nlRbAyqCtlNFiZS7qIj0 2jqdmL7j+kb1vF6wSitFcCmObYugSNOK0ETg X-Google-Smtp-Source: ABdhPJwA75Olv9PI7Kl5/sc1C9h2VT/lC6dMu6l/TFaU4DJAbLKzgW4E5yqiKjYdiDdWLrXH6180OA== X-Received: by 2002:a05:651c:2118:b0:249:20cb:a42 with SMTP id a24-20020a05651c211800b0024920cb0a42mr8339913ljq.157.1647666604000; Fri, 18 Mar 2022 22:10:04 -0700 (PDT) Received: from localhost (109-252-132-136.dynamic.spd-mgts.ru. [109.252.132.136]) by smtp.gmail.com with ESMTPSA id h23-20020a2ea497000000b002460e565ed6sm1338912lji.62.2022.03.18.22.10.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Mar 2022 22:10:03 -0700 (PDT) From: Andrew Tropin To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#54377] [PATCH 3/3] guix home: Add 'container' command. In-Reply-To: <87v8wbqto9.fsf@gnu.org> References: <20220313215454.9576-1-ludo@gnu.org> <20220313215454.9576-3-ludo@gnu.org> <87y219hzau.fsf@trop.in> <87v8wbqto9.fsf@gnu.org> Date: Sat, 19 Mar 2022 08:09:59 +0300 Message-ID: <87y216h6jc.fsf@trop.in> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 54377 Cc: 54377@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2022-03-18 14:25, Ludovic Court=C3=A8s wrote: > Hi Andrew, > > Andrew Tropin skribis: > >>> +For example, this is how you would start an interactive shell in a >> >> s/interactive/login ? >> >> or interactive login shell > > Yeah. I thought that as a user, what matters is that it=E2=80=99s intera= ctive; > the fact that it=E2=80=99s a =E2=80=9Clogin shell=E2=80=9D is more of an = implementation detail, > and too few people understand what that means anyway. :-) > > [...] > >>> +Additionally, you can run a command in that container, instead of >>> +spawning an interactive shell. For instance, here is how you would >> >> In fact the sentence is correct, but gives a feeling that the shell >> won't be executed at all. Don't know if we need to change it somehow. > > I agree that the sentence is an approximation of how it does things, but > hopefully it gives a good idea of what it. > >>> + (display (G_ " >>> + -N, --network allow containers to access the network")) >> >> Is plural form intended? > > (Copied from environment.scm.) I think it=E2=80=99s grammatically OK. > >>> +(define (user-shell) >>> + (match (and=3D> (or (getenv "SHELL") >> >> Be aware that in some cases $SHELL can differ from the value in >> /etc/passwd. For example I set SHELL to the full path to zsh and all >> interactive non-login shells are zsh for me, but my login shell is bash. > > Agreed, that=E2=80=99s why I thought $SHELL should take precedence. (I u= sed > =E2=80=9CSHELL=3Dzsh guix home container =E2=80=A6=E2=80=9D and similar t= o test other shells.) > IIRC, $SHELL must contain a full path https://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap08.html If we want to control a shell type inside container it probably should be a different variable, like GUIX_CONTAINER_SHELL=3Dzsh. >>> + (passwd:shell (getpwuid (getuid)))) >>> + basename) >>> + ("zsh" (file-append zsh "/bin/zsh")) >>> + ("fish" (file-append fish "/bin/fish")) >>> + ("gash" (file-append gash "/bin/gash")) >>> + (_ (file-append bash "/bin/bash")))) >> >> Why we use hardcoded shell packages? > > For reproducibility. > > Initially I thought about using the actual $SHELL (as long as it=E2=80=99= s in > the store). However, that would make =E2=80=98guix home container=E2=80= =99 stateful: > it=E2=80=99d provide different results depending on the environment. > > I thought we=E2=80=99d rather avoid that. > What I meant by previous comment: to match a real state of the things it's better to use a shell from /etc/passwd, because it will be launched on user login and will read env vars and run all the following processes, but to make it more reproducible and independent from system state I think we always have to use hardcoded bash and inside the container inspect the value of $SHELL set by login shell (hardcoded bash) and spawn new shell if $SHELL is NOT empty. >> 1. The will be built in case user use a zsh-patched for example. > > That=E2=80=99s the downside, yes. > > I don=E2=80=99t have a good answer to that. I guess I value reproducibil= ity > more than customization in this case. > > Perhaps we could eventually add a =E2=80=98--shell=E2=80=99 option or sim= ilar if that > helps, though. WDYT? > I don't think we need such customization. User can spawn nested shell himself from home profile by `-- zsh` or if we inspect $SHELL and use it value inside container it will be spawned automatically. >>> + (when term >>> + ;; Preserve TERM for proper interactive use. >>> + (setenv "TERM" term)) >> >> Just a note: the shell can missbehave if terminfo files for current TERM >> isn't present in the container (for example terminal package was removed >> from home profile). Idk how to properly cover this, but just letting >> you know. We can use TERM=3Ddumb, but I'm not sure if it worth it. > > Good point. In my tests preserving TERM was good enough for > Bash/Readline, Zsh, and less (all from an xterm). I suppose problems > could happen with fancy curses apps and the like. > >> Very cool feature! Looking forward to add it to my workflow.=20 > > Glad you like it! It makes it easier to test new features or services, > much like using =E2=80=98guix system vm=E2=80=99 when testing Guix System= changes. > > Thanks for taking the time to review! Sure!) =2D-=20 Best regards, Andrew Tropin --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJDBAEBCgAtFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmI1ZagPHGFuZHJld0B0 cm9wLmluAAoJECII0glYwd6w07UQAItt0NuJH4CeAfpfd3GgUKgXmP2MtyIO/JxG 6S1GAlC4SqvVXlujmgl+2BUSfKGcxtYiWVROWoxbYXOMoTZtm3lK0+HDPbocmELD pvUV7m1eCCsIzRsp4hfDng4k0zNQHcXJXGq4fJhgJ/mD5sWaiGb4+uYPyXJ6o1a/ 1kjX5DhmB+kPm78pagoMUW4s3xAHATXg9mdjSVUgke2Vn7F2REAdPoA79AoV9Uir 7dWQ0FzpHeIiA/+Fmb23cRkmIieBjR3YpgPlE1dM1h+tZum2MqzIS36UK3Vh64zS Ucv7qKUAHnBvVG/875xe2+4x/6eWVZweRKWCUf34XsIeJYMXE4mldiRtL5hCG8t7 qBdIXvWWVCgH/ZEQ2JI02BuRnjwtgppSFxSetttx646RhBaaydcLLg0NQRJsJp4W gYihYc+EEiMpxjAgehvZTbftl4yv7s7TssdZtXA7ENSQXKS1A4lD8X8uXtrQ0FAz cMy6Ee7R334Fsw7xdgol6QiK0KR5Q0VdMuyoY09YcmYYNpYq78dk46C++lznuCj/ /nh0uoZPghcmZjQtZsLrZuaaJ7L8WvNhdHZWNHuSCAHo8w9ihkbt7uRxb9bg4dbF q/FqOoL4Z5G6/5DcKOxmIP3dpM2+HusMJ63+urXZmOdd+/fgUzQGUjEcLS958Dma 4H3i0goe =ZcaE -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Mar 19 06:32:19 2022 Received: (at 54377) by debbugs.gnu.org; 19 Mar 2022 10:32:19 +0000 Received: from localhost ([127.0.0.1]:59089 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nVWNf-0005rL-22 for submit@debbugs.gnu.org; Sat, 19 Mar 2022 06:32:19 -0400 Received: from eggs.gnu.org ([209.51.188.92]:60512) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nVWNd-0005r8-Oj for 54377@debbugs.gnu.org; Sat, 19 Mar 2022 06:32:18 -0400 Received: from [2001:470:142:3::e] (port=59328 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nVWNU-0008DE-RL; Sat, 19 Mar 2022 06:32:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=bZMaaF+Kj5obCcgGRprHF8DFeADWMzTRFkKAycz80i8=; b=nocWCBQOEOEnk+CCBSn8 DC9pgIfZ8LkciCW7DB3L3+PBI0ccFTYDx8vrgIKanScnU0GFQGPEu/+rI1IEti/Gr8WosyKzw7h5A pBpUPyJLqNtxOrTG0mKhLgBXVSFsk2O0AcXQ3jWFodVA7KKmQjDzcXp3clcMv8fvKizgZc/JxSKcL HHHZ3kp4GfZmpa8gqRQeMI0mIH8W8O+32jMnP5hv/S81rKs1VICnLohNJaSgWUz9lEewRr9AdosWU XAfudzi/wGxBSFM6RA6lJSp0O1mphHiKOyUMFJXl8DFaLyxEKNtGJ8qkVdUY0J4+Zrs7SoZvM6zuq Va2e3G5NOnQusw==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=51148 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nVWNU-00076O-3x; Sat, 19 Mar 2022 06:32:08 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Frank Pursel Subject: Re: bug#54377: [PATCH 0/3] Add 'guix home container' References: <20220313215259.9394-1-ludo@gnu.org> <871qz0vd1f.fsf@gmail.com> Date: Sat, 19 Mar 2022 11:32:05 +0100 In-Reply-To: <871qz0vd1f.fsf@gmail.com> (Frank Pursel's message of "Thu, 17 Mar 2022 08:01:16 -0700") Message-ID: <87tubunsgq.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54377 Cc: 54377@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Frank, Frank Pursel skribis: > This is a very exciting idea. Entry into guix home has some wrinkles in > it that are scary. I know it required several iterations over > home-configuration.scm and 'guix home reconfigure' before I was able to > make peace with my guix home. I see in irc that others are also > experiencing challenges getting the environments where they want them to > be. This patch allows more control over the adoption of guix home while > also cleverly leveraging improvements to guix containers. Very cool, I > want it! I agree, that very well summarizes my motivation for adding it! > I ran this patch against my current, working home configuration to see > what happened and I ran into a problem. My home-configuration.scm sets > the GUIX_PACKAGE_PATH (using simple-service > 'local-environment-variables) and then references packages that are in > that path (in my case a package called emacs-ix). When I executed 'guix > home container ' I received the following errors: > > guix home: error: emacs-ix: unknown package > guix home: error: failed to load '/home/fpp/src/guix-home-config/home-con= figuration.scm': > gnu/packages.scm:544:4: In procedure specification->package+output: > > IDK if this is the desired behavior. Can the environment set in > config.scm be set before loading the packages that may modify the > environment? If you want =E2=80=98home-configuration.scm=E2=80=99 to refer to files in t= hat path, then GUIX_PACKAGE_PATH needs to be set in the environment of where =E2=80= =98guix home=E2=80=99 itself is running. Like so: export GUIX_PACKAGE_PATH=3D/path/to/your/packages guix home container =E2=80=A6 Alternatively, you can run: guix home container -L /path/to/your/packages =E2=80=A6 HTH! Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sat Mar 19 06:39:27 2022 Received: (at 54377) by debbugs.gnu.org; 19 Mar 2022 10:39:27 +0000 Received: from localhost ([127.0.0.1]:59107 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nVWUZ-00062m-0T for submit@debbugs.gnu.org; Sat, 19 Mar 2022 06:39:27 -0400 Received: from eggs.gnu.org ([209.51.188.92]:32950) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nVWUX-00062W-0O for 54377@debbugs.gnu.org; Sat, 19 Mar 2022 06:39:25 -0400 Received: from [2001:470:142:3::e] (port=59356 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nVWUR-0000bA-MC; Sat, 19 Mar 2022 06:39:19 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=Qwb+Ky1pqv6on3RXKvLQB/ajFwHpHugUpmXKyalJRYg=; b=aG67yXhTVRNCOYvJEJWy IFUvvFopoV2c8bYcdHawnQL9R8u6C8wXO9lfipnIWrqROVfLhsmYQLBb0OwlHaPo26yyZnNaDfeD5 4K6pYG2B7BaJSViIj6Ptms0ZteB3MQCK1eS7aChyDviFh35+Lie/DhsZx35r67BQ8ncg8usEpqryB tSIZvVZE80o9E0j5XMAOBI4rRT7pq3u1I31hI8yOxEddehY8rRoq0sEo9+Sexnnj1nu45CpjoBlrI uEEoY1sgZPeTP/GGpO5VMpxm391zurfiLvnEA+aiBHZx1CdDZ5a9bXyMKuFym+G1mH2Bi7b5I8DJT aVeDJm4JOY1mgg==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:59192 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nVWUR-0000OL-Al; Sat, 19 Mar 2022 06:39:19 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Andrew Tropin Subject: Re: bug#54377: [PATCH 0/3] Add 'guix home container' References: <20220313215454.9576-1-ludo@gnu.org> <20220313215454.9576-3-ludo@gnu.org> <87y219hzau.fsf@trop.in> <87v8wbqto9.fsf@gnu.org> <87y216h6jc.fsf@trop.in> Date: Sat, 19 Mar 2022 11:39:17 +0100 In-Reply-To: <87y216h6jc.fsf@trop.in> (Andrew Tropin's message of "Sat, 19 Mar 2022 08:09:59 +0300") Message-ID: <87lex6ns4q.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54377 Cc: 54377@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Andrew Tropin skribis: > What I meant by previous comment: to match a real state of the things > it's better to use a shell from /etc/passwd, because it will be launched > on user login and will read env vars and run all the following > processes, but to make it more reproducible and independent from system > state I think we always have to use hardcoded bash and inside the > container inspect the value of $SHELL set by login shell (hardcoded > bash) and spawn new shell if $SHELL is NOT empty. Yeah, there=E2=80=99s a tension between conflicting criteria: independence = from system state, and faithful reproduction of what would happen on the system. I feel like checking $SHELL is a middle ground. I don=E2=80=99t know, we can revisit that as we gain more experience with t= he tool I guess. Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sat Mar 19 11:03:52 2022 Received: (at 54377) by debbugs.gnu.org; 19 Mar 2022 15:03:52 +0000 Received: from localhost ([127.0.0.1]:60296 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nVacS-00033a-IU for submit@debbugs.gnu.org; Sat, 19 Mar 2022 11:03:52 -0400 Received: from mail-lj1-f181.google.com ([209.85.208.181]:35470) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nVacQ-00033N-7N for 54377@debbugs.gnu.org; Sat, 19 Mar 2022 11:03:50 -0400 Received: by mail-lj1-f181.google.com with SMTP id h11so14702741ljb.2 for <54377@debbugs.gnu.org>; Sat, 19 Mar 2022 08:03:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=trop-in.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version; bh=o8SxuSE8xTfStScb4EyNa/DrxFEmIjASUpl+mZ5ItvA=; b=cyHUCWS8xurcKNBhY57bOp3lvPeuL/DeM9cSWlcswyPMG37CBYgHS9FcMnJf2OxcvQ fRT4cgW9BJyz/Ewhmcq4pYXttrM3kASoLEocJX+r4FGAF0S2pTnMLIhctyamXD8jd4Mu fdpM3F8WesIZw/6lSfSLc3PydRifNL9OOV2MpM3zGj4szL4zb30CGA/EZ9ZBeplzmube daDvF+MVoEWvuCVHjJVviKumFf9z9j5NRisT0cf5KbQ9zjCI6PRgwZU/CLAOCxMifgDN 7la+17BY1LXSMATkQaFjit014Xg+Zkj8smnunzLbqFmWLYv4MwHVlEP4EW7hMKGttEWx yDUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=o8SxuSE8xTfStScb4EyNa/DrxFEmIjASUpl+mZ5ItvA=; b=3SYKHl22/DJGjUUMtAk7nvobDcs8coa1F/9xlS7HumfjE2o9LqGR5i1Ji6FIM9GAMh 5emJnhWF/m9fcFlo4KZvRNY2jfP6Kwdq8I6OvBtfnYgSCl0l7qxErDItjk76SS9XiXfQ LrcZMkQqTbAAtgG6tFh80iU19dNfhQbfDBJqMHjBKMDTyerZqxiCuE7Oz77jMsc3s/LS 8EkzFfixT1hiomkeqTbmBtD+SIOja8JQOjs5ZRKlA6ua4lo7HqOkg88vfE9wqOEtyv+e xpg/nwoBUNNQz21bEb4py0fFvSpE0D6vw86eezsWv34D5x3Sc+RM5pdh/OEuLLCNfCU4 ZYPw== X-Gm-Message-State: AOAM533v45EmtfX0xaTMf+r8G4aDHQQeXtqRzxklqUcSU4c8VmksdGax ivOzAkiSjDHdvpm5mK6uuZB1mQ== X-Google-Smtp-Source: ABdhPJx/H3hzFO2cywq/V3DnEW+W3XCJaOcsu8+byPQSFP9X7NmWKMTkz4AmsOPD/IDnnnnBKjNS5Q== X-Received: by 2002:a2e:5753:0:b0:249:7bc1:3934 with SMTP id r19-20020a2e5753000000b002497bc13934mr1714622ljd.414.1647702223860; Sat, 19 Mar 2022 08:03:43 -0700 (PDT) Received: from localhost (109-252-132-136.dynamic.spd-mgts.ru. [109.252.132.136]) by smtp.gmail.com with ESMTPSA id c13-20020a056512238d00b0044a1d3a783bsm277964lfv.286.2022.03.19.08.03.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 19 Mar 2022 08:03:43 -0700 (PDT) From: Andrew Tropin To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#54377: [PATCH 0/3] Add 'guix home container' In-Reply-To: <87lex6ns4q.fsf_-_@gnu.org> References: <20220313215454.9576-1-ludo@gnu.org> <20220313215454.9576-3-ludo@gnu.org> <87y219hzau.fsf@trop.in> <87v8wbqto9.fsf@gnu.org> <87y216h6jc.fsf@trop.in> <87lex6ns4q.fsf_-_@gnu.org> Date: Sat, 19 Mar 2022 18:03:40 +0300 Message-ID: <87tubugf1v.fsf@trop.in> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 54377 Cc: 54377@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2022-03-19 11:39, Ludovic Court=C3=A8s wrote: > Hi, > > Andrew Tropin skribis: > >> What I meant by previous comment: to match a real state of the things >> it's better to use a shell from /etc/passwd, because it will be launched >> on user login and will read env vars and run all the following >> processes, but to make it more reproducible and independent from system >> state I think we always have to use hardcoded bash and inside the >> container inspect the value of $SHELL set by login shell (hardcoded >> bash) and spawn new shell if $SHELL is NOT empty. > > Yeah, there=E2=80=99s a tension between conflicting criteria: independenc= e from > system state, and faithful reproduction of what would happen on the > system. I feel like checking $SHELL is a middle ground. > > I don=E2=80=99t know, we can revisit that as we gain more experience with= the > tool I guess. I think the good implementation will be a hardcoded bash (or other shell defined in /etc/passwd) launched as a login shell, which tries to execute $SHELL if it is present in bash_profile or somewhere else in shell startup files (not the $SHELL defined in host environment, but the one which will be set inside container by login shell). It both makes the container reproducible and adds possibility to use patched zsh, fish or whatever unusual shell user set in his $SHELL. The current solution probably ok as well. =2D-=20 Best regards, Andrew Tropin --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJDBAEBCgAtFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmI18MwPHGFuZHJld0B0 cm9wLmluAAoJECII0glYwd6wKAMP/0CXrVX3gV//Je9xujiWkh5SVgQWblm+WFG3 JwXZ5flc7/b+7wngrA0p4L6ZwP1d188RbrMt+eOyzD23jOt37KFkPpHSg/bVbzlY jmTquNttg6hSRz2ciGhSycnW4ETlYnefin2kPGddTqYdXdmgHNXbnuESydn6OWNQ mozul36sBsxhw1f1USBbxfz1hUTmVEBC/cifgDXCrb9Xmh8V+Gip3p270eCSgyOT oIRIlOV8A6E7nUXvMs8DDpTzSmoVmFaGCakpalQFZnH76yNuaVhfUOAsul+N6Vks 8R7Xy07/wZ3qiOYNPN//oatqaEeEeIOKLe9///Jjn2wymH0x/xeCFA0FsSvjQFdP +uVUGQlalL9NxSugr7YjfQCiBQrB+koG5m4yPH6UxGz5KHQKOiQNtFGv0X1hPx7m dv1D/GWYQr4WpD5LgGRYxAqqnxgjhIpyqIXXflNQn2J54+5SlYxdpgjoJFNvqYAJ bzgYSQdV3PwnY5qF0PFZfXexM79FtEtNbs7Z73inyiFxw15pETBGeggW3pMAbgqU Ua10V8u2UY3VrsZKPGx0sMB1jLnUjWjjJgxgSXJVokaCMF4JJazkoRtalb7VM9IU qmi96rixZQRW4FEfALzGIkoii7daaZ24S62FswXzYdMkNWQbTJwQqZA5RIKRuXbM J/nwv74c =X/+I -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Mar 19 14:24:50 2022 Received: (at 54377-done) by debbugs.gnu.org; 19 Mar 2022 18:24:50 +0000 Received: from localhost ([127.0.0.1]:60567 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nVdkv-0000Aa-TN for submit@debbugs.gnu.org; Sat, 19 Mar 2022 14:24:50 -0400 Received: from eggs.gnu.org ([209.51.188.92]:34082) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nVdku-0000AL-Lt for 54377-done@debbugs.gnu.org; Sat, 19 Mar 2022 14:24:49 -0400 Received: from [2001:470:142:3::e] (port=36898 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nVdkp-0003fE-BD; Sat, 19 Mar 2022 14:24:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=0u2wS8Ae5YhBlxg9Yo3Bnns7I817qg3XZSyBn6rK3rc=; b=XGHX2UCdCFOAoTsbwM5l +YXarGLA3jyX6cttt3e/TLv+zhTXNsixNvX/b3n2Fk6DQIryxuNN/qOLYop/R53xLURM9nWMuZ65Y KTEr0B2M++zmccL6WkqwoBl9qfWawrzgzYWqxHdyVzJOWWuOM9cCFcT+5nwQ5+eLqL4TtMIo3+dq4 pcxXc8tdYoE9pKK55VqURl15wxMQTks4uwiqjMsGdeEuYi0SO1BlIWmYxyc21BRKowlpLI2LPFN0q 5at/pEklnFW5IbHBvGopcnlqc+Ps3ne/L7n6Epmj7PWT47JNmee1LBuW52712lYZk6lP2tUARGCmc ou+5vDv0D6lAvQ==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:49607 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nVdko-0008Q6-SY; Sat, 19 Mar 2022 14:24:43 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Andrew Tropin Subject: Re: bug#54377: [PATCH 0/3] Add 'guix home container' References: <20220313215454.9576-1-ludo@gnu.org> <20220313215454.9576-3-ludo@gnu.org> <87y219hzau.fsf@trop.in> <87v8wbqto9.fsf@gnu.org> <87y216h6jc.fsf@trop.in> Date: Sat, 19 Mar 2022 19:24:40 +0100 In-Reply-To: <87y216h6jc.fsf@trop.in> (Andrew Tropin's message of "Sat, 19 Mar 2022 08:09:59 +0300") Message-ID: <87k0cpn6l3.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54377-done Cc: 54377-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi! I pushed the series together with a news entry: a58defdae8 news: Add entry about 'guix home container'. 094a2cfbe4 guix home: Add 'container' command. cff9fee82a linux-container: Add #:guest-uid and #:guest-gid to 'eval/cont= ainer'. c77544b387 linux-container: 'eval/container' honors #:namespaces. Let=E2=80=99s tweak things such as the default shell as we get more hands-on feedback. I also expect we might want a =E2=80=98--system-manifest=E2=80=99 option fo= r users who=E2=80=99d like to have more than just Coreutils in the container. Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 22 23:06:31 2022 Received: (at 54377) by debbugs.gnu.org; 23 Mar 2022 03:06:31 +0000 Received: from localhost ([127.0.0.1]:42337 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nWrKQ-0001Wo-Re for submit@debbugs.gnu.org; Tue, 22 Mar 2022 23:06:31 -0400 Received: from mail-ej1-f53.google.com ([209.85.218.53]:36657) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nWrKP-0001Wa-4S for 54377@debbugs.gnu.org; Tue, 22 Mar 2022 23:06:29 -0400 Received: by mail-ej1-f53.google.com with SMTP id bi12so285541ejb.3 for <54377@debbugs.gnu.org>; Tue, 22 Mar 2022 20:06:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YtFdrTLF+ljHcsvEVkWfZsuL6ZlICFzbx5p0V0gwosQ=; b=foJRLKv0gbNyaED7sqbUnOs4nmifVQz+p7eKvpkMcPBSaImTqH0le/+JO9s2wditFD sAvjf7579ogY3nbzjNQ/GjSB2zfS7RGfpuIscK68aKehaoe0vGQx+GnEHkhLbcHrWstQ edh0Ik3nKDP55ah5k9330pJ5+N2AK9g/daXG3lCUExERaWlQdg4vE9GRN6VO43RvpPOP ILKI5XlKESXscnSV66FnOtEgwjSCDYsAWEjVhQv8VnCwev3gnZLDQUanpZoJApCXn+oV 7tF6Qv0GoRcD0IEQ1UQ4mlEmrxM7ovXQ8uIc4BS5S3mex76RooPzgIyNLDaoJtcrmhgH JY9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YtFdrTLF+ljHcsvEVkWfZsuL6ZlICFzbx5p0V0gwosQ=; b=gQMagKuAjA71fYGE5l6xxYl3FoC39R6WfsX2WLgJvGZPuzAIklfw7fKmKd7y9ncqEf xcYA/wzo8qh5JQvaCVCPj5yXn+0yx20krd/LG7A51tZFLno9FnsPfUVJBth+Y43/62s/ vbEanurRSHHrah/DZ1vb+pqrzpnDDUdT9ZZXIhRLgM3xqzILiV7mk0K0Lpq32+wHJs9M 9BdZC+PKTMAlu7Dy8cbWhdWrxG+uCLqdJX+8B6zRgFZBk1C1ipWXHTfAXEog2UXAtiTB LeczM0nLtBvIRQJvAy8aNuX35FB6WOjDeoQEMLCa8A4ZNJlIJtsu05oQTsoWZhCqp6eC 7mkg== X-Gm-Message-State: AOAM531TkLwrT0IgzuY9uvSGumkNahwNmzvZjTKtj4CAHTXkaR5MBz66 H6C4FUoWvkzSy9cQyHW5SXFHV5qBU6XchmiHj0GaQcw2 X-Google-Smtp-Source: ABdhPJx4bNvEmSefECPHkNhzAIy2vgIgXUPCSprGj4m3mZuKVz1yBUFNjKT4b3rXZQOy1lSTd+Nxv67mPIrQcEAMriQ= X-Received: by 2002:a17:907:1690:b0:6db:325:3088 with SMTP id hc16-20020a170907169000b006db03253088mr29702133ejc.718.1648004783069; Tue, 22 Mar 2022 20:06:23 -0700 (PDT) MIME-Version: 1.0 References: <20220313215259.9394-1-ludo@gnu.org> <871qz0vd1f.fsf@gmail.com> <87tubunsgq.fsf_-_@gnu.org> In-Reply-To: <87tubunsgq.fsf_-_@gnu.org> From: Frank Pursel Date: Wed, 23 Mar 2022 03:06:09 +0000 Message-ID: Subject: Re: bug#54377: [PATCH 0/3] Add 'guix home container' To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= Content-Type: multipart/alternative; boundary="000000000000aede8c05dada03af" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 54377 Cc: 54377@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --000000000000aede8c05dada03af Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Yes, of course, export or -L were needed to get my GUIX_PACKAGE_PATH recognized. and so it was helpful. After catching a configuration error the GUIX_PACKAGE_PATH I had added to an instance of home-environment-service-type works; so that, I no longer need to do this. I'm in the process of finding out how helpful the new guix home container is in rooting out problems in guix home configurations. Thank you, Frank On Sat, Mar 19, 2022 at 10:32 AM Ludovic Court=C3=A8s wrote: > Hi Frank, > > Frank Pursel skribis: > > > This is a very exciting idea. Entry into guix home has some wrinkles i= n > > it that are scary. I know it required several iterations over > > home-configuration.scm and 'guix home reconfigure' before I was able to > > make peace with my guix home. I see in irc that others are also > > experiencing challenges getting the environments where they want them t= o > > be. This patch allows more control over the adoption of guix home whil= e > > also cleverly leveraging improvements to guix containers. Very cool, I > > want it! > > I agree, that very well summarizes my motivation for adding it! > > > I ran this patch against my current, working home configuration to see > > what happened and I ran into a problem. My home-configuration.scm sets > > the GUIX_PACKAGE_PATH (using simple-service > > 'local-environment-variables) and then references packages that are in > > that path (in my case a package called emacs-ix). When I executed 'gui= x > > home container ' I received the following errors: > > > > guix home: error: emacs-ix: unknown package > > guix home: error: failed to load > '/home/fpp/src/guix-home-config/home-configuration.scm': > > gnu/packages.scm:544:4: In procedure specification->package+output: > > > > IDK if this is the desired behavior. Can the environment set in > > config.scm be set before loading the packages that may modify the > > environment? > > If you want =E2=80=98home-configuration.scm=E2=80=99 to refer to files in= that path, > then GUIX_PACKAGE_PATH needs to be set in the environment of where =E2=80= =98guix > home=E2=80=99 itself is running. Like so: > > export GUIX_PACKAGE_PATH=3D/path/to/your/packages > guix home container =E2=80=A6 > > Alternatively, you can run: > > guix home container -L /path/to/your/packages =E2=80=A6 > > HTH! > > Ludo=E2=80=99. > --000000000000aede8c05dada03af Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Yes, of course, export or -L were needed to get my GU= IX_PACKAGE_PATH recognized.=C2=A0 and so it was helpful.=C2=A0 After catchi= ng a configuration error the GUIX_PACKAGE_PATH I had added to an instance o= f home-environment-service-type works; so that, I no longer need to do this= .

I'm in the process of finding out how helpfu= l the new guix home container is in rooting out problems in guix home confi= gurations.=C2=A0

Thank you,
Fra= nk


On Sat, Mar 19, 2022 at 10:32 AM Ludovic Court= =C3=A8s <ludo@gnu.org> wrote:
=
Hi Frank,

Frank Pursel <frank.pursel@gmail.com> skribis:

> This is a very exciting idea.=C2=A0 Entry into guix home has some wrin= kles in
> it that are scary.=C2=A0 I know it required several iterations over > home-configuration.scm and 'guix home reconfigure' before I wa= s able to
> make peace with my guix home.=C2=A0 I see in irc that others are also<= br> > experiencing challenges getting the environments where they want them = to
> be.=C2=A0 This patch allows more control over the adoption of guix hom= e while
> also cleverly leveraging improvements to guix containers.=C2=A0 Very c= ool, I
> want it!

I agree, that very well summarizes my motivation for adding it!

> I ran this patch against my current, working home configuration to see=
> what happened and I ran into a problem.=C2=A0 My home-configuration.sc= m sets
> the GUIX_PACKAGE_PATH (using simple-service
> 'local-environment-variables) and then references packages that ar= e in
> that path (in my case a package called emacs-ix).=C2=A0 When I execute= d 'guix
> home container <my-config.scm>' I received the following err= ors:
>
> guix home: error: emacs-ix: unknown package
> guix home: error: failed to load '/home/fpp/src/guix-home-config/h= ome-configuration.scm':
> gnu/packages.scm:544:4: In procedure specification->package+output:=
>
> IDK if this is the desired behavior.=C2=A0 Can the environment set in<= br> > config.scm be set before loading the packages that may modify the
> environment?

If you want =E2=80=98home-configuration.scm=E2=80=99 to refer to files in t= hat path,
then GUIX_PACKAGE_PATH needs to be set in the environment of where =E2=80= =98guix
home=E2=80=99 itself is running.=C2=A0 Like so:

=C2=A0 export GUIX_PACKAGE_PATH=3D/path/to/your/packages
=C2=A0 guix home container =E2=80=A6

Alternatively, you can run:

=C2=A0 guix home container -L /path/to/your/packages =E2=80=A6

HTH!

Ludo=E2=80=99.
--000000000000aede8c05dada03af-- From unknown Fri Jun 20 07:11:39 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Wed, 20 Apr 2022 11:24:13 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator