From unknown Fri Sep 05 11:01:02 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#67613] Introduce unit tests for oci-container-service-type. Resent-From: paul Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 03 Dec 2023 21:55:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 67613@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.17016404651877 (code B ref -1); Sun, 03 Dec 2023 21:55:02 +0000 Received: (at submit) by debbugs.gnu.org; 3 Dec 2023 21:54:25 +0000 Received: from localhost ([127.0.0.1]:32898 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r9uPx-0000UD-26 for submit@debbugs.gnu.org; Sun, 03 Dec 2023 16:54:25 -0500 Received: from lists.gnu.org ([2001:470:142::17]:51564) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r9uPu-0000Ty-2g for submit@debbugs.gnu.org; Sun, 03 Dec 2023 16:54:23 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r9uPa-0002eL-Fw for guix-patches@gnu.org; Sun, 03 Dec 2023 16:54:03 -0500 Received: from confino.investici.org ([2a11:7980:1::2:0]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r9uPX-0000gP-Vg; Sun, 03 Dec 2023 16:54:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1701640431; bh=hxJtt+cPE2tO1SUtvX7itSPVYgmlqLo4wlkfIM0MtHQ=; h=Date:To:Cc:From:Subject:From; b=W/TzPOD6fk/hjcRz2IkgJcCLdgK2/imgK7da2AGg7yLzCk9fIiIWtVynqhf55cs+V w2H9RRvVRFQ6w256pV5oJyIWzxhJ05Zm0A+mlC9bG/qLat13iArtjuYz1OLXeOxXK+ TFZ/+cqzmJkkpbMq+DiPb7+amrkJ9zWGf2ZdTaGY= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4Sk0tR1csJz11Jw; Sun, 3 Dec 2023 21:53:51 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4Sk0tR0SWlz11Jt; Sun, 3 Dec 2023 21:53:50 +0000 (UTC) Message-ID: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@autistici.org> Date: Sun, 3 Dec 2023 22:53:50 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 Content-Language: en-US From: paul Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a11:7980:1::2:0; envelope-from=goodoldpaul@autistici.org; helo=confino.investici.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.9 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) Hi, as discussed in issue #66160 and #67574 I'm sending a follow up with some unit tests for most of the internals of oci-container-service-type. These tests depend on the hotfix from #67574 since #66160 was merged with a blocking bug due to a last minute feature I added during the review process :( Hence if this gets merged before #67574 tests will fail . Thank you for your help  and apologies for the noise, giacomo From unknown Fri Sep 05 11:01:02 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#67613] [PATCH] tests: Add oci-container-service-type unit tests. References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@autistici.org> In-Reply-To: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@autistici.org> Resent-From: Giacomo Leidi Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 03 Dec 2023 21:57:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 67613@debbugs.gnu.org Cc: Giacomo Leidi Received: via spool by 67613-submit@debbugs.gnu.org id=B67613.17016406142123 (code B ref 67613); Sun, 03 Dec 2023 21:57:01 +0000 Received: (at 67613) by debbugs.gnu.org; 3 Dec 2023 21:56:54 +0000 Received: from localhost ([127.0.0.1]:32903 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r9uSL-0000YA-Lz for submit@debbugs.gnu.org; Sun, 03 Dec 2023 16:56:54 -0500 Received: from confino.investici.org ([93.190.126.19]:39489) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r9uSJ-0000Xz-PO for 67613@debbugs.gnu.org; Sun, 03 Dec 2023 16:56:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1701640600; bh=+c+LP5Pl+Jam/PArkvV5F/+9iVUrD5pHIyKiEYyu8dg=; h=From:To:Cc:Subject:Date:From; b=C+OW7s7wRgtpPmFJp6wGxNSZJ2haTRYCvEssSuwpJvd41bQEKfEN74oknHnIV5yr9 LTzD+mOEQ7Sg5BYV6Vzx0T7NEFcil6fmeL/Wgv9WmsEvoQmFP0u2cjFgaMwNHgrd90 Q3myBD5WP1kDfwimAGVEMzpJPc5XfdnliRZ9a8f0= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4Sk0xh2MrCz11Cc; Sun, 3 Dec 2023 21:56:40 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4Sk0xh13fdz11CX; Sun, 3 Dec 2023 21:56:40 +0000 (UTC) From: Giacomo Leidi Date: Sun, 3 Dec 2023 22:56:28 +0100 Message-ID: <20231203215630.28144-1-goodoldpaul@autistici.org> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) This patch is a followup to issue #66160 and issue #67574. It introduces unit tests for the oci-container-service-type. 8 out 11 tests depend on issue #67574 being merged since issue #66160 was merged with a blocking bug from the beginning. * gnu/services/docker.scm: Export oci-container-configuration-container-user and oci-container-configuration-workdir. * tests/services/docker.scm: New file. * Makefile.am (SCM_TESTS): Register it. Change-Id: I47ed0fe36060ba84dd50b548a66f36e3df8a3710 --- Makefile.am | 1 + gnu/services/docker.scm | 2 + tests/services/docker.scm | 187 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 190 insertions(+) create mode 100644 tests/services/docker.scm diff --git a/Makefile.am b/Makefile.am index cbc3191dfc..91f7a77a94 100644 --- a/Makefile.am +++ b/Makefile.am @@ -564,6 +564,7 @@ SCM_TESTS = \ tests/services.scm \ tests/services/file-sharing.scm \ tests/services/configuration.scm \ + tests/services/docker.scm \ tests/services/lightdm.scm \ tests/services/linux.scm \ tests/services/pam-mount.scm \ diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index ebea0a473a..263cb41df3 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -58,6 +58,8 @@ (define-module (gnu services docker) oci-container-configuration-network oci-container-configuration-ports oci-container-configuration-volumes + oci-container-configuration-container-user + oci-container-configuration-workdir oci-container-service-type oci-container-shepherd-service)) diff --git a/tests/services/docker.scm b/tests/services/docker.scm new file mode 100644 index 0000000000..fad28a228c --- /dev/null +++ b/tests/services/docker.scm @@ -0,0 +1,187 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2023 Giacomo Leidi +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (tests services docker) + #:use-module (gnu packages docker) + #:use-module (gnu services docker) + #:use-module (guix derivations) + #:use-module (guix gexp) + #:use-module (guix monads) + #:use-module (guix packages) + #:use-module (guix store) + #:use-module (guix tests) + #:use-module (ice-9 match) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-64)) + + +;;; Commentary: +;;; +;;; Unit tests for the (gnu services docker) module. +;;; +;;; Code: + + +;;; +;;; Unit tests for the oci-container-service-type. +;;; + + +;;; Access some internals for whitebox testing. +(define %store + (open-connection-for-tests)) +(define (gexp->sexp . x) + (apply (@@ (guix gexp) gexp->sexp) x)) +(define* (gexp->sexp* exp #:optional target) + (run-with-store %store (gexp->sexp exp (%current-system) target) + #:guile-for-build (%guile-for-build))) +(define (list->sexp-list* lst) + (map (lambda (el) + (if (gexp? el) + (gexp->sexp* el) + el)) + lst)) +(define oci-sanitize-mixed-list + (@@ (gnu services docker) oci-sanitize-mixed-list)) +(define (oci-container-configuration->options config) + (list->sexp-list* + ((@@ (gnu services docker) oci-container-configuration->options) config))) + +(test-begin "oci-containers-service") + +(test-group "oci-sanitize-mixed-list" + (define delimiter "=") + (define file-like-key + (plain-file "oci-tests-file-like-key" "some-content")) + (define mixed-list + `("any kind of string" + ("KEY" . "VALUE") + (,#~(string-append "COMPUTED" "_KEY") . "VALUE") + (,file-like-key . "VALUE"))) + + (test-assertm "successfully lower mixed values" + (mlet* %store-monad ((ml -> (oci-sanitize-mixed-list "field-name" mixed-list delimiter)) + (actual -> (list->sexp-list* ml)) + (file-like-item (lower-object file-like-key)) + (expected -> `("any kind of string" + (string-append "KEY" "=" "VALUE") + (string-append (string-append "COMPUTED" "_KEY") "=" "VALUE") + (string-append ,file-like-item "=" "VALUE")))) + (mbegin %store-monad + (return + (every (lambda (pair) + (apply (if (string? (first pair)) + string=? + equal?) + pair)) + (zip expected actual)))))) + + (test-error + "illegal list values" #t + (oci-sanitize-mixed-list "field-name" '(("KEY" . "VALUE") #f) delimiter)) + + (test-error + "illegal pair member values" #t + (oci-sanitize-mixed-list "field-name" '(("KEY" . 1)) delimiter))) + +(test-group "oci-container-configuration->options" + (define config + (oci-container-configuration + (image "guix/guix:latest"))) + + (test-equal "entrypoint" + (list "--entrypoint" "entrypoint") + (oci-container-configuration->options + (oci-container-configuration + (inherit config) + (entrypoint "entrypoint")))) + + (test-equal "environment" + (list "--env" '(string-append "key" "=" "value") + "--env" '(string-append "environment" "=" "variable")) + (oci-container-configuration->options + (oci-container-configuration + (inherit config) + (environment + '(("key" . "value") + ("environment" . "variable")))))) + + (test-equal "network" + (list "--network" "host") + (oci-container-configuration->options + (oci-container-configuration + (inherit config) + (network "host")))) + + (test-equal "container-user" + (list "--user" "service-account") + (oci-container-configuration->options + (oci-container-configuration + (inherit config) + (container-user "service-account")))) + + (test-equal "workdir" + (list "--workdir" "/srv/http") + (oci-container-configuration->options + (oci-container-configuration + (inherit config) + (workdir "/srv/http")))) + + (test-equal "ports" + (list "-p" '(string-append "10443" ":" "443") + "-p" '(string-append "9022" ":" "22")) + (oci-container-configuration->options + (oci-container-configuration + (inherit config) + (ports + '(("10443" . "443") + ("9022" . "22")))))) + + (test-equal "volumes" + (list "-v" '(string-append "/gnu/store" ":" "/gnu/store") + "-v" '(string-append "/var/lib/guix" ":" "/var/lib/guix")) + (oci-container-configuration->options + (oci-container-configuration + (inherit config) + (volumes + '(("/gnu/store" . "/gnu/store") + ("/var/lib/guix" . "/var/lib/guix")))))) + + (test-equal "complete configuration" + (list "--entrypoint" "entrypoint" + "--env" '(string-append "key" "=" "value") + "--network" "host" + "--user" "service-account" + "--workdir" "/srv/http" + "-p" '(string-append "10443" ":" "443") + "-v" '(string-append "/gnu/store" ":" "/gnu/store")) + (oci-container-configuration->options + (oci-container-configuration + (inherit config) + (entrypoint "entrypoint") + (environment + '(("key" . "value"))) + (network "host") + (container-user "service-account") + (workdir "/srv/http") + (ports + '(("10443" . "443"))) + (volumes + '(("/gnu/store" . "/gnu/store"))))))) + +(test-end "oci-containers-service") base-commit: 2c9ac9ab20c76abe570ff83f8746fa089fea3047 -- 2.41.0 From unknown Fri Sep 05 11:01:02 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#67613] Introduce unit tests for oci-container-service-type. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 10 Dec 2023 21:48:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Giacomo Leidi Cc: 67613@debbugs.gnu.org Received: via spool by 67613-submit@debbugs.gnu.org id=B67613.170224485124270 (code B ref 67613); Sun, 10 Dec 2023 21:48:02 +0000 Received: (at 67613) by debbugs.gnu.org; 10 Dec 2023 21:47:31 +0000 Received: from localhost ([127.0.0.1]:51879 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rCRe6-0006JO-Nr for submit@debbugs.gnu.org; Sun, 10 Dec 2023 16:47:31 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:42308) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rCRe3-0006JA-Oz for 67613@debbugs.gnu.org; Sun, 10 Dec 2023 16:47:29 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rCRdh-0007M6-NK; Sun, 10 Dec 2023 16:47:07 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=/MwSfBM5VhpwskLIbe90gupBswZCeAAwnP1ZrxvBnro=; b=DQqvcavaLihGv6Ej4bFR MSfCnT+syKjAWBrLgE56MOo7+tIa8KpO/eGLmUK9sR/pyZMcte6IO3OoJA6iwa+82FlYasrHFGwoA RWF53wJHN1cz/iHPn9nv7/EOcVuoQbTQF5PHb6IJm8eOgU3jytN/R6vcjTDFy0KroNrlJgJ5v7eR3 4S6xLPnoklqW/inShp5xo87V1gOHSKrq7MjJYg8PSMa1U67ReTseNMnFXEXqO82fyRJSkkMwfR32h Xdh9Xyhi61VYciBo/1wyPfFAMJK3Zxb+Gfzd1LlSGeaztChJcguCUFefTyKab3WP0S/NX2CE9duCP IWXe3eEi98kasQ==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= In-Reply-To: <20231203215630.28144-1-goodoldpaul@autistici.org> (Giacomo Leidi's message of "Sun, 3 Dec 2023 22:56:28 +0100") References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@autistici.org> <20231203215630.28144-1-goodoldpaul@autistici.org> Date: Sun, 10 Dec 2023 22:47:01 +0100 Message-ID: <87lea13f3e.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, Giacomo Leidi skribis: > This patch is a followup to issue #66160 and issue #67574. It introduces > unit tests for the oci-container-service-type. 8 out 11 tests depend on > issue #67574 being merged since issue #66160 was merged with a blocking > bug from the beginning. > > * gnu/services/docker.scm: Export > oci-container-configuration-container-user and > oci-container-configuration-workdir. > * tests/services/docker.scm: New file. > * Makefile.am (SCM_TESTS): Register it. > > Change-Id: I47ed0fe36060ba84dd50b548a66f36e3df8a3710 Thanks for working on this! To me, what=E2=80=99s really helpful is a system test: a test that spins up= a VM running an OCI service and makes sure said service is functional. Apologies if I wasn=E2=80=99t clear! Unit tests can be interesting too, but only if their =E2=80=9Cbug-finding performance=E2=80=9D is good. The tests below, for instance, are likely to= be mirroring the implementation too closely to be really able to find bugs: > + (test-equal "environment" > + (list "--env" '(string-append "key" "=3D" "value") > + "--env" '(string-append "environment" "=3D" "variable")) > + (oci-container-configuration->options > + (oci-container-configuration > + (inherit config) > + (environment > + '(("key" . "value") > + ("environment" . "variable")))))) > + > + (test-equal "network" > + (list "--network" "host") > + (oci-container-configuration->options > + (oci-container-configuration > + (inherit config) > + (network "host")))) > + > + (test-equal "container-user" > + (list "--user" "service-account") > + (oci-container-configuration->options > + (oci-container-configuration > + (inherit config) > + (container-user "service-account")))) Thus my suggestion would be to instead focus on a system test, like those in (gnu tests docker). Does that make sense? WDYT? Ludo=E2=80=99. From unknown Fri Sep 05 11:01:02 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#67613] Introduce unit tests for oci-container-service-type. Resent-From: paul Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 10 Dec 2023 22:12:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 67613@debbugs.gnu.org Received: via spool by 67613-submit@debbugs.gnu.org id=B67613.170224626726882 (code B ref 67613); Sun, 10 Dec 2023 22:12:01 +0000 Received: (at 67613) by debbugs.gnu.org; 10 Dec 2023 22:11:07 +0000 Received: from localhost ([127.0.0.1]:51910 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rCS0w-0006zV-Ff for submit@debbugs.gnu.org; Sun, 10 Dec 2023 17:11:06 -0500 Received: from confino.investici.org ([2a11:7980:1::2:0]:26059) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rCS0q-0006yz-JG for 67613@debbugs.gnu.org; Sun, 10 Dec 2023 17:11:05 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1702246243; bh=M+F4RlbkwcQChvxocRRMmefa3QAQdBYKU4g1vaw3vP8=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=ZcnQP+AnY8xm2+gcxWHLWYF+MlTp7XCQd4+NBHE10Z5M/PKwSa08krYSN61L0GSzA r+P4KZ75Bqd7UoLEVArhCcCsjWGm5aXnBg5C275xiws9POhQVdqiSRH1BmjnBBsF8J xJnje310C7UzkXToy/pCHA+/VG8hpYK2LzbrkaFs= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4SpJwg06mtz11KS; Sun, 10 Dec 2023 22:10:43 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4SpJwf5kG7z11Js; Sun, 10 Dec 2023 22:10:42 +0000 (UTC) Content-Type: multipart/alternative; boundary="------------02IP0j4d1R0Zg52ZIAropfkD" Message-ID: Date: Sun, 10 Dec 2023 23:10:42 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 Content-Language: en-US References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@autistici.org> <20231203215630.28144-1-goodoldpaul@autistici.org> <87lea13f3e.fsf_-_@gnu.org> From: paul In-Reply-To: <87lea13f3e.fsf_-_@gnu.org> X-Spam-Score: -2.2 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.2 (---) This is a multi-part message in MIME format. --------------02IP0j4d1R0Zg52ZIAropfkD Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Hi Ludo’, On 12/10/23 22:47, Ludovic Courtès wrote: > Thus my suggestion would be to instead focus on a system test, like > those in (gnu tests docker). > > Does that make sense? WDYT? I definitely misunderstood, I'll work also on system tests like those you pointed out. Thank you, I was not aware of them, I was wondering how do I run them? guix shell --pure -D guix -- make check TESTS=gnu/tests/docker.scm gives me ============================================================================ Testsuite summary for GNU Guix 1.3.0.50882-34e1c ============================================================================ # TOTAL: 0 # PASS:  0 # SKIP:  0 # XFAIL: 0 # FAIL:  0 # XPASS: 0 # ERROR: 0 ============================================================================ Thank you, giacomo --------------02IP0j4d1R0Zg52ZIAropfkD Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit

Hi Ludo’,

On 12/10/23 22:47, Ludovic Courtès wrote:
Thus my suggestion would be to instead focus on a system test, like
those in (gnu tests docker).

Does that make sense?  WDYT?

I definitely misunderstood, I'll work also on system tests like those you pointed out. Thank you, I was not aware of them, I was wondering how do I run them?

guix shell --pure -D guix -- make check TESTS=gnu/tests/docker.scm

gives me

============================================================================
Testsuite summary for GNU Guix 1.3.0.50882-34e1c
============================================================================
# TOTAL: 0
# PASS:  0
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================

Thank you,

giacomo

--------------02IP0j4d1R0Zg52ZIAropfkD-- From unknown Fri Sep 05 11:01:02 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#67613] Introduce unit tests for oci-container-service-type. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 14 Dec 2023 18:36:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: paul Cc: 67613@debbugs.gnu.org Received: via spool by 67613-submit@debbugs.gnu.org id=B67613.170257891032656 (code B ref 67613); Thu, 14 Dec 2023 18:36:02 +0000 Received: (at 67613) by debbugs.gnu.org; 14 Dec 2023 18:35:10 +0000 Received: from localhost ([127.0.0.1]:50906 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rDqY9-0008Ue-G6 for submit@debbugs.gnu.org; Thu, 14 Dec 2023 13:35:09 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:50290) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rDqY7-0008UL-E7 for 67613@debbugs.gnu.org; Thu, 14 Dec 2023 13:35:08 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rDqY1-0005Lg-UX; Thu, 14 Dec 2023 13:35:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=T08gi4YvAPwo/lffJUkiGAyLx7Di3Pa0mCFNZ4kFrYY=; b=e56mbeoqtK9ytZ803dXF J2sTA0r9+cnxNAvqK/u0gOwMVdftYXvEJGtbmVULoiL7XXzCtBI7AYcPjONRRYZsN5Xq/l27z1kkR bp5fJEoO76jzhgIiLI8h5DHiyeZbNIKDnmxXLtiJDGqCUn6COezVwYy6GFU8a8MWrVYw/3MVzdUg1 Zn1omqloYxKaLo5ElldzB51oQse1bGSIIwMInB7LJ/vffeKT3+/MtoHarfdhZ450usGuxR0zX3idL E7RZp9O7qR/rPX0wA8YOfs+DrPAZ6hPR96fpeLGqyiyhMWq7/HaQf3cAfkI7YM0OF537L4fAMU7i4 slDLfCjuJZsESw==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= In-Reply-To: (paul's message of "Sun, 10 Dec 2023 23:10:42 +0100") References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@autistici.org> <20231203215630.28144-1-goodoldpaul@autistici.org> <87lea13f3e.fsf_-_@gnu.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Quartidi 24 Frimaire an 232 de la =?UTF-8?Q?R=C3=A9volution,?= jour de l'Oseille X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 14 Dec 2023 19:34:59 +0100 Message-ID: <87wmtgtyy4.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, paul skribis: > I definitely misunderstood, I'll work also on system tests like those > you pointed out. Thank you, I was not aware of them, I was wondering > how do I run them? With =E2=80=98make check-system TESTS=3D=E2=80=A6=E2=80=99: https://guix.gnu.org/manual/devel/en/html_node/Running-the-Test-Suite.html Apologies for the miscommunication! Ludo=E2=80=99. From unknown Fri Sep 05 11:01:02 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#67613] Introduce unit tests for oci-container-service-type. Resent-From: paul Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 11 Jan 2024 20:40:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 67613@debbugs.gnu.org Received: via spool by 67613-submit@debbugs.gnu.org id=B67613.170500555210356 (code B ref 67613); Thu, 11 Jan 2024 20:40:01 +0000 Received: (at 67613) by debbugs.gnu.org; 11 Jan 2024 20:39:12 +0000 Received: from localhost ([127.0.0.1]:34032 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rO1pY-0002gy-86 for submit@debbugs.gnu.org; Thu, 11 Jan 2024 15:39:12 -0500 Received: from confino.investici.org ([93.190.126.19]:36917) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rO1pU-0002gm-OI for 67613@debbugs.gnu.org; Thu, 11 Jan 2024 15:39:10 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1705005549; bh=suYstArobkyqS5pXH0Hb7rUuKE/QeXEAMbCmEwuTWrw=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=PSFH6qAV+KSBinoeHMP6gr0sFM4CzJFvTfLkrt9K7hWw8PaSS1z0YZp9sTDoWUFO7 sFnyOuzoTIsBn7TQUlBorFAaf5WRi7fz0jsOHu1LCVtBjKc1+zH5eLEaHRWKlgLlpd ghgkP8OrG+cDi8ynb+D8LnBfI1TQLSVtheVm94Ns= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4T9xNF1MLyz112x; Thu, 11 Jan 2024 20:39:09 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4T9xNF0lCYz10w5; Thu, 11 Jan 2024 20:39:09 +0000 (UTC) Message-ID: <05d4f2f7-01ff-65d1-107f-f71b8e103de0@autistici.org> Date: Thu, 11 Jan 2024 21:39:08 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 Content-Language: en-US References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@autistici.org> <20231203215630.28144-1-goodoldpaul@autistici.org> <87lea13f3e.fsf_-_@gnu.org> <87wmtgtyy4.fsf@gnu.org> From: paul In-Reply-To: <87wmtgtyy4.fsf@gnu.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Score: -3.8 (---) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.8 (----) Hi Ludo’ , I should have created a suitable system test for the oci-container-service-type. Thanks to a nice input from @graywolf@emacs.ch on mastodon, and actually to be able to run the test since the vm doesn't have internet access and can't pull OCI images, I implemented a new oci-image record that can be given some lowerable value that can be lowered to an OCI tarballed image and passed to the image field of the oci-container-configuration record. I'd like to point out two things: - It's the first time I use Guix internal API to build derivations, I took most of my implementation from other places around Guix and I hope is sound but I may have missed something. I'd like your feedback about it. - I was tempted to make the image field of the oci-container-configuration record directly only accept oci-image records (hence making the value field of oci-image optional) but that would break existing configurations. I'm not sure about the contract we have for configuration records API, should I wait 1.5.0 for this change? I'm sending an updated patchset, thank you for all your help and efforts. giacomo From unknown Fri Sep 05 11:01:02 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#67613] [PATCH v2 2/5] gnu: docker: Allow setting host environment variables in oci-container-configuration. Resent-From: Giacomo Leidi Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 11 Jan 2024 20:41:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 67613@debbugs.gnu.org Cc: Giacomo Leidi Received: via spool by 67613-submit@debbugs.gnu.org id=B67613.170500561610524 (code B ref 67613); Thu, 11 Jan 2024 20:41:02 +0000 Received: (at 67613) by debbugs.gnu.org; 11 Jan 2024 20:40:16 +0000 Received: from localhost ([127.0.0.1]:34042 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rO1qZ-0002jX-MV for submit@debbugs.gnu.org; Thu, 11 Jan 2024 15:40:16 -0500 Received: from confino.investici.org ([2a11:7980:1::2:0]:54837) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rO1qX-0002j2-4L for 67613@debbugs.gnu.org; Thu, 11 Jan 2024 15:40:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1705005614; bh=mOOk2Rl7z1ZR1MtttF94Yl37JZ7ppTLvHQS+nvfnC40=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jklp8KjoINmvUElFMxOgyVt8NLknAkXMIZQkbWAozs2HP8+oy/PIbycg8PDhvacRS 7SOlkjwqNlH8GNemvFaddewxEPxSBWbX0aQZOaM2G74U1pe2lP8VYrelT+deqG3U10 y/JgQlEVXgxC3bgShcfViLo5Ticuh1htXh0wVIvc= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4T9xPV6Z7Bz112y; Thu, 11 Jan 2024 20:40:14 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4T9xPV5kPXz10w5; Thu, 11 Jan 2024 20:40:14 +0000 (UTC) From: Giacomo Leidi Date: Thu, 11 Jan 2024 21:39:50 +0100 Message-ID: <20240111203954.29335-2-goodoldpaul@autistici.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240111203954.29335-1-goodoldpaul@autistici.org> References: <20240111203954.29335-1-goodoldpaul@autistici.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/docker.scm (oci-container-configuration) [host-environment]: New field; (oci-sanitize-host-environment): sanitize it; (oci-container-shepherd-service): use it. Change-Id: I4d54d37736cf09f042a71cb0b6e673abc0948d9c --- gnu/services/docker.scm | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index b4fd94d1fd..7706b4a29a 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -5,7 +5,7 @@ ;;; Copyright © 2020 Efraim Flashner ;;; Copyright © 2020 Jesse Dowell ;;; Copyright © 2021 Brice Waegeneire -;;; Copyright © 2023 Giacomo Leidi +;;; Copyright © 2023, 2024 Giacomo Leidi ;;; ;;; This file is part of GNU Guix. ;;; @@ -285,6 +285,11 @@ (define (oci-sanitize-mixed-list name value delimiter) name el))))) value)) +(define (oci-sanitize-host-environment value) + ;; Expected spec format: + ;; '(("HOME" . "/home/nobody") "JAVA_HOME=/java") + (oci-sanitize-mixed-list "host-environment" value "=")) + (define (oci-sanitize-environment value) ;; Expected spec format: ;; '(("HOME" . "/home/nobody") "JAVA_HOME=/java") @@ -330,6 +335,24 @@ (define-configuration/no-serialization oci-container-configuration (entrypoint (maybe-string) "Overwrite the default entrypoint (@code{ENTRYPOINT}) of the image.") + (host-environment + (list '()) + "Set environment variables in the host environment where @command{docker run} +is invoked. This is especially useful to pass secrets from the host to the +container without having them on the @command{docker run}'s command line: by +setting the @{MYSQL_PASSWORD} on the host and by passing +@code{--env MYSQL_PASSWORD} through the @code{extra-arguments} field, it is +possible to securely set values in the container environment. This field's +value can be a list of pairs or strings, even mixed: + +@lisp +(list '(\"LANGUAGE\" . \"eo:ca:eu\") + \"JAVA_HOME=/opt/java\") +@end lisp + +Pair members can be strings, gexps or file-like objects. Strings are passed +directly to @code{make-forkexec-constructor}." + (sanitizer oci-sanitize-host-environment)) (environment (list '()) "Set environment variables. This can be a list of pairs or strings, even @@ -450,6 +473,8 @@ (define (guess-name name image) (let* ((docker-command (file-append docker-cli "/bin/docker")) (user (oci-container-configuration-user config)) (group (oci-container-configuration-group config)) + (host-environment + (oci-container-configuration-host-environment config)) (command (oci-container-configuration-command config)) (provision (oci-container-configuration-provision config)) (image (oci-container-configuration-image config)) @@ -471,7 +496,9 @@ (define (guess-name name image) "--name" #$name #$@options #$@extra-arguments #$image #$@command) #:user #$user - #:group #$group)) + #:group #$group + #:environment-variables + (list #$@host-environment))) (stop #~(lambda _ (invoke #$docker-command "rm" "-f" #$name))) -- 2.41.0 From unknown Fri Sep 05 11:01:02 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#67613] [PATCH v2 1/5] gnu: docker: Provide escape hatch in oci-container-configuration. References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@autistici.org> In-Reply-To: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@autistici.org> Resent-From: Giacomo Leidi Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 11 Jan 2024 20:41:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 67613@debbugs.gnu.org Cc: Giacomo Leidi Received: via spool by 67613-submit@debbugs.gnu.org id=B67613.170500561710531 (code B ref 67613); Thu, 11 Jan 2024 20:41:03 +0000 Received: (at 67613) by debbugs.gnu.org; 11 Jan 2024 20:40:17 +0000 Received: from localhost ([127.0.0.1]:34044 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rO1qa-0002jh-DX for submit@debbugs.gnu.org; Thu, 11 Jan 2024 15:40:17 -0500 Received: from confino.investici.org ([93.190.126.19]:45877) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rO1qX-0002j1-1B for 67613@debbugs.gnu.org; Thu, 11 Jan 2024 15:40:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1705005614; bh=XWMm9aw5xTxGJSFe/HmCEMWJtNwk9h+dQ0nFyKudE2U=; h=From:To:Cc:Subject:Date:From; b=B2quKg7pzfri8ER+3yh9ZD0TZWgI2vgJv//pr++iAPwHSBsrA/jGt0pzwynowTKsT SUmqqGWYOBeJDU1H6bNj4Sr2qJ0wxTm8SlnH7F2PYTOX8DcP0BrW0TFNER+gyhwYOA onW4JXk8o5pweuRbkt9/ZBNBQ91AJs55lDpqF4dw= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4T9xPV5N4jz112x; Thu, 11 Jan 2024 20:40:14 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4T9xPV4QQRz10w5; Thu, 11 Jan 2024 20:40:14 +0000 (UTC) From: Giacomo Leidi Date: Thu, 11 Jan 2024 21:39:49 +0100 Message-ID: <20240111203954.29335-1-goodoldpaul@autistici.org> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/services/docker.scm (oci-container-configuration) [extra-arguments]: New field; (oci-sanitize-extra-arguments): sanitize it; (oci-container-shepherd-service): use it; * doc/guix.texi: document it. Change-Id: I54c74ac2fe0f5ca65ca5a1d0d7f3fb55ff428063 --- doc/guix.texi | 13 ++++++++++--- gnu/services/docker.scm | 42 ++++++++++++++++++++++++++++++++++------- 2 files changed, 45 insertions(+), 10 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 395545bed7..ce239c603d 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -39844,7 +39844,8 @@ Set environment variables. This can be a list of pairs or strings, even mixed: "JAVA_HOME=/opt/java") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. +Strings are passed directly to the Docker CLI. You can refer to the @uref{https://docs.docker.com/engine/reference/commandline/run/#env,upstream} documentation for semantics. @@ -39868,7 +39869,8 @@ list of pairs or strings, even mixed: "10443:443") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. +Strings are passed directly to the Docker CLI. You can refer to the @uref{https://docs.docker.com/engine/reference/commandline/run/#publish,upstream} documentation for semantics. @@ -39881,7 +39883,8 @@ list of pairs or strings, even mixed: "/gnu/store:/gnu/store") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. +Strings are passed directly to the Docker CLI. You can refer to the @uref{https://docs.docker.com/engine/reference/commandline/run/#volume,upstream} documentation for semantics. @@ -39896,6 +39899,10 @@ You can refer to the @url{https://docs.docker.com/engine/reference/run/#workdir,upstream} documentation for semantics. +@item @code{extra-arguments} (default: @code{()}) (type: list) +A list of strings, gexps or file-like objects that will be directly +passed to the @command{docker run} invokation. + @end table @end deftp diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index 4d32b96847..b4fd94d1fd 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -58,6 +58,9 @@ (define-module (gnu services docker) oci-container-configuration-network oci-container-configuration-ports oci-container-configuration-volumes + oci-container-configuration-container-user + oci-container-configuration-workdir + oci-container-configuration-extra-arguments oci-container-service-type oci-container-shepherd-service)) @@ -297,6 +300,21 @@ (define (oci-sanitize-volumes value) ;; '(("/mnt/dir" . "/dir") "/run/current-system/profile:/java") (oci-sanitize-mixed-list "volumes" value ":")) +(define (oci-sanitize-extra-arguments value) + (define (valid? member) + (or (string? member) + (gexp? member) + (file-like? member))) + (map + (lambda (el) + (if (valid? el) + el + (raise + (formatted-message + (G_ "extra arguments may only be strings, gexps or file-like objects +but ~a was found") el)))) + value)) + (define-maybe/no-serialization string) (define-configuration/no-serialization oci-container-configuration @@ -322,7 +340,8 @@ (define-configuration/no-serialization oci-container-configuration \"JAVA_HOME=/opt/java\") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. Strings are passed +directly to the Docker CLI. You can refer to the @url{https://docs.docker.com/engine/reference/commandline/run/#env,upstream} documentation for semantics." (sanitizer oci-sanitize-environment)) @@ -347,7 +366,8 @@ (define-configuration/no-serialization oci-container-configuration \"10443:443\") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. Strings are passed +directly to the Docker CLI. You can refer to the @url{https://docs.docker.com/engine/reference/commandline/run/#publish,upstream} documentation for semantics." (sanitizer oci-sanitize-ports)) @@ -361,7 +381,8 @@ (define-configuration/no-serialization oci-container-configuration \"/gnu/store:/gnu/store\") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. Strings are passed +directly to the Docker CLI. You can refer to the @url{https://docs.docker.com/engine/reference/commandline/run/#volume,upstream} documentation for semantics." (sanitizer oci-sanitize-volumes)) @@ -375,7 +396,12 @@ (define-configuration/no-serialization oci-container-configuration "Set the current working for the spawned Shepherd service. You can refer to the @url{https://docs.docker.com/engine/reference/run/#workdir,upstream} -documentation for semantics.")) +documentation for semantics.") + (extra-arguments + (list '()) + "A list of strings, gexps or file-like objects that will be directly passed +to the @command{docker run} invokation." + (sanitizer oci-sanitize-extra-arguments))) (define oci-container-configuration->options (lambda (config) @@ -428,7 +454,9 @@ (define (guess-name name image) (provision (oci-container-configuration-provision config)) (image (oci-container-configuration-image config)) (options (oci-container-configuration->options config)) - (name (guess-name provision image))) + (name (guess-name provision image)) + (extra-arguments + (oci-container-configuration-extra-arguments config))) (shepherd-service (provision `(,(string->symbol name))) (requirement '(dockerd user-processes)) @@ -441,7 +469,7 @@ (define (guess-name name image) ;; docker run [OPTIONS] IMAGE [COMMAND] [ARG...] (list #$docker-command "run" "--rm" "--name" #$name - #$@options #$image #$@command) + #$@options #$@extra-arguments #$image #$@command) #:user #$user #:group #$group)) (stop @@ -482,5 +510,5 @@ (define oci-container-service-type (extend append) (compose concatenate) (description - "This service allows the management of Docker and OCI + "This service allows the management of OCI containers as Shepherd services."))) base-commit: 637b72e2b83a6332849218ef1f193124fa8239eb -- 2.41.0 From unknown Fri Sep 05 11:01:02 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#67613] [PATCH v2 3/5] gnu: docker: Allow setting Shepherd dependencies in oci-container-configuration. Resent-From: Giacomo Leidi Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 11 Jan 2024 20:41:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 67613@debbugs.gnu.org Cc: Giacomo Leidi Received: via spool by 67613-submit@debbugs.gnu.org id=B67613.170500561710538 (code B ref 67613); Thu, 11 Jan 2024 20:41:03 +0000 Received: (at 67613) by debbugs.gnu.org; 11 Jan 2024 20:40:17 +0000 Received: from localhost ([127.0.0.1]:34046 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rO1qb-0002jo-2x for submit@debbugs.gnu.org; Thu, 11 Jan 2024 15:40:17 -0500 Received: from confino.investici.org ([2a11:7980:1::2:0]:33833) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rO1qX-0002j5-C6 for 67613@debbugs.gnu.org; Thu, 11 Jan 2024 15:40:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1705005615; bh=yrJSM07unALGLurAQx4P+SyGutdFXugjekWvX0puvs0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JAkXkhAhzCSqFOXDyfng/wBDftVvT7SGGV+Ih+B+OfdBKlv9t6GKpbV2epDqrCjjI IKtwD4ItGB9lSOsz4aQlylPPnsXNQSkzz4Qu5oMBlr5baatbotnBYbz9G7Sdo7/ZoK kfQpwLcvujcwk4F9z0tF8IIIFyvw0X/BjIV5U21M= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4T9xPW1pMlz1132; Thu, 11 Jan 2024 20:40:15 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4T9xPV6xLjz10w5; Thu, 11 Jan 2024 20:40:14 +0000 (UTC) From: Giacomo Leidi Date: Thu, 11 Jan 2024 21:39:51 +0100 Message-ID: <20240111203954.29335-3-goodoldpaul@autistici.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240111203954.29335-1-goodoldpaul@autistici.org> References: <20240111203954.29335-1-goodoldpaul@autistici.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/docker.scm (oci-container-configuration) [requirement]: New field; (list-of-symbols): sanitize it; (oci-container-shepherd-service): use it. Change-Id: Ic0ba336a2257d6ef7c658cfc6cd630116661f581 --- gnu/services/docker.scm | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index 7706b4a29a..43ffb71901 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -320,6 +320,9 @@ (define (valid? member) but ~a was found") el)))) value)) +(define list-of-symbols? + (list-of symbol?)) + (define-maybe/no-serialization string) (define-configuration/no-serialization oci-container-configuration @@ -376,6 +379,10 @@ (define-configuration/no-serialization oci-container-configuration (provision (maybe-string) "Set the name of the provisioned Shepherd service.") + (requirement + (list-of-symbols '()) + "Set additional Shepherd services dependencies to the provisioned Shepherd +service.") (network (maybe-string) "Set a Docker network for the spawned container.") @@ -477,6 +484,7 @@ (define (guess-name name image) (oci-container-configuration-host-environment config)) (command (oci-container-configuration-command config)) (provision (oci-container-configuration-provision config)) + (requirement (oci-container-configuration-requirement config)) (image (oci-container-configuration-image config)) (options (oci-container-configuration->options config)) (name (guess-name provision image)) @@ -484,7 +492,7 @@ (define (guess-name name image) (oci-container-configuration-extra-arguments config))) (shepherd-service (provision `(,(string->symbol name))) - (requirement '(dockerd user-processes)) + (requirement `(dockerd user-processes ,@requirement)) (respawn? #f) (documentation (string-append -- 2.41.0 From unknown Fri Sep 05 11:01:02 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#67613] [PATCH v2 5/5] gnu: Add tests and documentation for oci-container-service-type. Resent-From: Giacomo Leidi Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 11 Jan 2024 20:41:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 67613@debbugs.gnu.org Cc: Giacomo Leidi Received: via spool by 67613-submit@debbugs.gnu.org id=B67613.170500562210550 (code B ref 67613); Thu, 11 Jan 2024 20:41:04 +0000 Received: (at 67613) by debbugs.gnu.org; 11 Jan 2024 20:40:22 +0000 Received: from localhost ([127.0.0.1]:34048 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rO1qf-0002k4-KO for submit@debbugs.gnu.org; Thu, 11 Jan 2024 15:40:22 -0500 Received: from confino.investici.org ([2a11:7980:1::2:0]:42745) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rO1qY-0002j8-7o for 67613@debbugs.gnu.org; Thu, 11 Jan 2024 15:40:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1705005616; bh=6boZOwO4I0ZIE1UTL8wcix2bNKAFfYQcrb52wh6MITQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=e99uyPf8aVlccV9GJ4FpZWqzFTk9z6L9SNVhDUznE7e7URQ98i2YlyptKi92L83Hm k8Fr2zJNHbonfq1o0WKZZWvUp7NjBu++pO+W9lma9YEwS2924IQ9OuI68Vac9fgFcD F1PSIsH6cr7jf/3q1bm+YwOtfsenY8XnPtMuenkk= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4T9xPX04msz1135; Thu, 11 Jan 2024 20:40:16 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4T9xPW3n5Dz10w5; Thu, 11 Jan 2024 20:40:15 +0000 (UTC) From: Giacomo Leidi Date: Thu, 11 Jan 2024 21:39:53 +0100 Message-ID: <20240111203954.29335-5-goodoldpaul@autistici.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240111203954.29335-1-goodoldpaul@autistici.org> References: <20240111203954.29335-1-goodoldpaul@autistici.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * doc/guix.texi: Add documentation for the oci-image record and update the oci-container-configuration documentation. * gnu/tests/docker.scm (run-oci-container-test): New variable; (%test-oci-container): new variable. Change-Id: Id8f4f5454aa3b88d8aa3fa47de823e921acece05 --- doc/guix.texi | 91 +++++++++++++++++++++++++++- gnu/services/docker.scm | 6 +- gnu/tests/docker.scm | 131 +++++++++++++++++++++++++++++++++++++++- 3 files changed, 221 insertions(+), 7 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index ce239c603d..1916a00412 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -39790,6 +39790,17 @@ processes as Shepherd Services. @lisp (service oci-container-service-type (list + (oci-container-configuration + (image + (oci-image + (repository "guile") + (tag "3") + (value (specifications->manifest '("guile"))) + (pack-options '(#:symlinks (("/bin/guile" -> "bin/guile")) + #:max-layers 2)))) + (entrypoint "/bin/guile") + (command + '("-c" "(display \"hello!\n\")"))) (oci-container-configuration (image "prom/prometheus") (network "host") @@ -39836,6 +39847,23 @@ Overwrite the default command (@code{CMD}) of the image. @item @code{entrypoint} (default: @code{""}) (type: string) Overwrite the default entrypoint (@code{ENTRYPOINT}) of the image. +@item @code{host-environment} (default: @code{()}) (type: list) +Set environment variables in the host environment where @command{docker +run} is invoked. This is especially useful to pass secrets from the +host to the container without having them on the @command{docker run}'s +command line: by setting the @code{MYSQL_PASSWORD} on the host and by passing +@code{--env MYSQL_PASSWORD} through the @code{extra-arguments} field, it is +possible to securely set values in the container environment. This field's +value can be a list of pairs or strings, even mixed: + +@lisp +(list '(\"LANGUAGE\" . \"eo:ca:eu\") + \"JAVA_HOME=/opt/java\") +@end lisp + +Pair members can be strings, gexps or file-like objects. Strings are passed +directly to @code{make-forkexec-constructor}. + @item @code{environment} (default: @code{()}) (type: list) Set environment variables. This can be a list of pairs or strings, even mixed: @@ -39849,14 +39877,19 @@ Strings are passed directly to the Docker CLI. You can refer to the @uref{https://docs.docker.com/engine/reference/commandline/run/#env,upstream} documentation for semantics. -@item @code{image} (type: string) -The image used to build the container. Images are resolved by the -Docker Engine, and follow the usual format +@item @code{image} (type: string-or-oci-image) +The image used to build the container. It can be a string or an +@code{oci-image} record. Strings are resolved by the Docker Engine, and +follow the usual format @code{myregistry.local:5000/testing/test-image:tag}. @item @code{provision} (default: @code{""}) (type: string) Set the name of the provisioned Shepherd service. +@item @code{requirement} (default: @code{()}) (type: list-of-symbols) +Set additional Shepherd services dependencies to the provisioned +Shepherd service. + @item @code{network} (default: @code{""}) (type: string) Set a Docker network for the spawned container. @@ -39908,6 +39941,58 @@ passed to the @command{docker run} invokation. @end deftp +@c %end of fragment + +@c %start of fragment + +@deftp {Data Type} oci-image +Available @code{oci-image} fields are: + +@table @asis +@item @code{repository} (type: string) +A string like @code{myregistry.local:5000/testing/test-image} that names +the OCI image. + +@item @code{tag} (default: @code{"latest"}) (type: string) +A string representing the OCI image tag. Defaults to @code{latest}. + +@item @code{value} (type: oci-lowerable-image) +A @code{manifest} or @code{operating-system} record that will be lowered +into an OCI compatible tarball. Otherwise this field's value can be a +gexp or a file-like object that evaluates to an OCI compatible tarball. + +@item @code{pack-options} (default: @code{()}) (type: list) +An optional set of keyword arguments that will be passed to the +@code{docker-image} procedure from @code{guix scripts pack}. They can +be used to replicate @command{guix pack} behavior: + +@lisp +(oci-image + (repository "guile") + (tag "3") + (value + (specifications->manifest '("guile"))) + (pack-options '(#:symlinks (("/bin/guile" -> "bin/guile")) + #:max-layers 2))) +@end lisp + +If the @code{value} field is an @code{operating-system} record, this field's +value will be ignored. + +@item @code{system} (default: @code{""}) (type: string) +Attempt to build for a given system, e.g. "i686-linux" + +@item @code{target} (default: @code{""}) (type: string) +Attempt to cross-build for a given triple, e.g. "aarch64-linux-gnu" + +@item @code{grafts?} (default: @code{#f}) (type: boolean) +Whether to allow grafting or not in the pack build. + +@end table + +@end deftp + + @c %end of fragment @cindex Audit diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index 58a725737c..7aff8dcc5f 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -420,7 +420,7 @@ (define-configuration/no-serialization oci-container-configuration "Set environment variables in the host environment where @command{docker run} is invoked. This is especially useful to pass secrets from the host to the container without having them on the @command{docker run}'s command line: by -setting the @{MYSQL_PASSWORD} on the host and by passing +setting the @code{MYSQL_PASSWORD} on the host and by passing @code{--env MYSQL_PASSWORD} through the @code{extra-arguments} field, it is possible to securely set values in the container environment. This field's value can be a list of pairs or strings, even mixed: @@ -435,8 +435,8 @@ (define-configuration/no-serialization oci-container-configuration (sanitizer oci-sanitize-host-environment)) (environment (list '()) - "Set environment variables. This can be a list of pairs or strings, even -mixed: + "Set environment variables inside the container. This can be a list of pairs +or strings, even mixed: @lisp (list '(\"LANGUAGE\" . \"eo:ca:eu\") diff --git a/gnu/tests/docker.scm b/gnu/tests/docker.scm index 9e9d2e2d07..d550136b4a 100644 --- a/gnu/tests/docker.scm +++ b/gnu/tests/docker.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2019 Danny Milosavljevic ;;; Copyright © 2019-2023 Ludovic Courtès +;;; Copyright © 2024 Giacomo Leidi ;;; ;;; This file is part of GNU Guix. ;;; @@ -29,6 +30,7 @@ (define-module (gnu tests docker) #:use-module (gnu services networking) #:use-module (gnu services docker) #:use-module (gnu services desktop) + #:use-module (gnu packages) #:use-module ((gnu packages base) #:select (glibc)) #:use-module (gnu packages guile) #:use-module (gnu packages docker) @@ -43,7 +45,8 @@ (define-module (gnu tests docker) #:use-module (guix build-system trivial) #:use-module ((guix licenses) #:prefix license:) #:export (%test-docker - %test-docker-system)) + %test-docker-system + %test-oci-container)) (define %docker-os (simple-operating-system @@ -316,3 +319,129 @@ (define %test-docker-system (locale-libcs (list glibc))) #:type docker-image-type))) run-docker-system-test))))) + + +(define %oci-os + (simple-operating-system + (service dhcp-client-service-type) + (service dbus-root-service-type) + (service polkit-service-type) + (service elogind-service-type) + (service docker-service-type) + (extra-special-file "/shared.txt" + (plain-file "shared.txt" "hello")) + (service oci-container-service-type + (list + (oci-container-configuration + (image + (oci-image + (repository "guile") + (value + (specifications->manifest '("guile"))) + (pack-options + '(#:symlinks (("/bin" -> "bin")))))) + (entrypoint + "/bin/guile") + (command + '("-c" "(let l ((c 300))(display c)(sleep 1)(when(positive? c)(l (- c 1))))")) + (host-environment + '(("VARIABLE" . "value"))) + (volumes + '(("/shared.txt" . "/shared.txt:ro"))) + (extra-arguments + '("--env" "VARIABLE"))))))) + +(define (run-oci-container-test) + "Run IMAGE as an OCI backed Shepherd service, inside OS." + + (define os + (marionette-operating-system + (operating-system-with-gc-roots + %oci-os + (list)) + #:imported-modules '((gnu services herd) + (guix combinators)))) + + (define vm + (virtual-machine + (operating-system os) + (volatile? #f) + (memory-size 1024) + (disk-image-size (* 3000 (expt 2 20))) + (port-forwardings '()))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-11) (srfi srfi-64) + (gnu build marionette)) + + (define marionette + ;; Relax timeout to accommodate older systems and + ;; allow for pulling the image. + (make-marionette (list #$vm) #:timeout 60)) + + (test-runner-current (system-test-runner #$output)) + (test-begin "oci-container") + + (test-assert "dockerd running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (match (start-service 'dockerd) + (#f #f) + (('service response-parts ...) + (match (assq-ref response-parts 'running) + ((pid) (number? pid)))))) + marionette)) + + (sleep 10) ; let service start + + (test-assert "docker-guile running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (match (start-service 'docker-guile) + (#f #f) + (('service response-parts ...) + (match (assq-ref response-parts 'running) + ((pid) (number? pid)))))) + marionette)) + + (test-equal "passing host environment variables and volumes" + '("value" "hello") + (marionette-eval + `(begin + (use-modules (ice-9 popen) + (ice-9 rdelim)) + + (define slurp + (lambda args + (let* ((port (apply open-pipe* OPEN_READ args)) + (output (let ((line (read-line port))) + (if (eof-object? line) + "" + line))) + (status (close-pipe port))) + output))) + (let* ((response1 (slurp + ,(string-append #$docker-cli "/bin/docker") + "exec" "docker-guile" + "/bin/guile" "-c" "(display (getenv \"VARIABLE\"))")) + (response2 (slurp + ,(string-append #$docker-cli "/bin/docker") + "exec" "docker-guile" + "/bin/guile" "-c" "(begin (use-modules (ice-9 popen) (ice-9 rdelim)) +(display (call-with-input-file \"/shared.txt\" read-line)))"))) + (list response1 response2))) + marionette)) + + (test-end)))) + + (gexp->derivation "oci-container-test" test)) + +(define %test-oci-container + (system-test + (name "oci-container") + (description "Test OCI backed Shepherd service.") + (value (run-oci-container-test)))) -- 2.41.0 From unknown Fri Sep 05 11:01:02 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#67613] [PATCH v2 4/5] gnu: docker: Allow passing tarballs for images in oci-container-configuration. Resent-From: Giacomo Leidi Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 11 Jan 2024 20:41:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 67613@debbugs.gnu.org Cc: Giacomo Leidi Received: via spool by 67613-submit@debbugs.gnu.org id=B67613.170500562310558 (code B ref 67613); Thu, 11 Jan 2024 20:41:04 +0000 Received: (at 67613) by debbugs.gnu.org; 11 Jan 2024 20:40:23 +0000 Received: from localhost ([127.0.0.1]:34050 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rO1qg-0002k7-GU for submit@debbugs.gnu.org; Thu, 11 Jan 2024 15:40:23 -0500 Received: from confino.investici.org ([93.190.126.19]:29449) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rO1qX-0002j7-QF for 67613@debbugs.gnu.org; Thu, 11 Jan 2024 15:40:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1705005615; bh=lU7r01dxDSSIwNeQf2hhzS1UJbikwB2UpRWsBi3HYfw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=u1eCDMAOzwKXIM67h44DUgf8n+QEFAJhMHDa0ftfyyipy8dWp10nBaMIzJH7MEH2U rF63UIEWPghWbt9GeA4Fla58QtInaJKJ9b1nQ4sFBhS3dqc17IEsSxa5tOtXxit9d7 0C4yhfXGFux0k7sev9QrxZ4r9h8H1oSby3PHPdeI= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4T9xPW3P7Pz1134; Thu, 11 Jan 2024 20:40:15 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4T9xPW2C6gz10w5; Thu, 11 Jan 2024 20:40:15 +0000 (UTC) From: Giacomo Leidi Date: Thu, 11 Jan 2024 21:39:52 +0100 Message-ID: <20240111203954.29335-4-goodoldpaul@autistici.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240111203954.29335-1-goodoldpaul@autistici.org> References: <20240111203954.29335-1-goodoldpaul@autistici.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) This commit allows for loading an OCI image tarball before running an OCI backed Shepherd service. It does so by adding a one shot Shepherd service to the dependencies of the OCI backed service that at boot runs docker load on the tarball. * gnu/services/docker.scm (oci-image): New record; (lower-oci-image): new variable, lower it; (string-or-oci-image?): sanitize it; (oci-container-configuration)[image]: allow also for oci-image records; (oci-container-shepherd-service): use it; (%oci-image-loader): new variable. Change-Id: Ie504f479ea0d47f74b0ec5df9085673ffd3f639d --- gnu/services/docker.scm | 244 ++++++++++++++++++++++++++++++++++++---- 1 file changed, 219 insertions(+), 25 deletions(-) diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index 43ffb71901..58a725737c 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -23,11 +23,14 @@ ;;; along with GNU Guix. If not, see . (define-module (gnu services docker) + #:use-module (gnu image) #:use-module (gnu services) #:use-module (gnu services configuration) #:use-module (gnu services base) #:use-module (gnu services dbus) #:use-module (gnu services shepherd) + #:use-module (gnu system) + #:use-module (gnu system image) #:use-module (gnu system setuid) #:use-module (gnu system shadow) #:use-module (gnu packages admin) ;shadow @@ -37,7 +40,11 @@ (define-module (gnu services docker) #:use-module (guix diagnostics) #:use-module (guix gexp) #:use-module (guix i18n) + #:use-module (guix monads) #:use-module (guix packages) + #:use-module (guix profiles) + #:use-module ((guix scripts pack) #:prefix pack:) + #:use-module (guix store) #:use-module (srfi srfi-1) #:use-module (ice-9 format) #:use-module (ice-9 match) @@ -45,6 +52,16 @@ (define-module (gnu services docker) #:export (docker-configuration docker-service-type singularity-service-type + oci-image + oci-image? + oci-image-fields + oci-image-repository + oci-image-tag + oci-image-value + oci-image-pack-options + oci-image-target + oci-image-system + oci-image-grafts? oci-container-configuration oci-container-configuration? oci-container-configuration-fields @@ -52,9 +69,11 @@ (define-module (gnu services docker) oci-container-configuration-group oci-container-configuration-command oci-container-configuration-entrypoint + oci-container-configuration-host-environment oci-container-configuration-environment oci-container-configuration-image oci-container-configuration-provision + oci-container-configuration-requirement oci-container-configuration-network oci-container-configuration-ports oci-container-configuration-volumes @@ -62,7 +81,8 @@ (define-module (gnu services docker) oci-container-configuration-workdir oci-container-configuration-extra-arguments oci-container-service-type - oci-container-shepherd-service)) + oci-container-shepherd-service + %oci-container-accounts)) (define-maybe file-like) @@ -320,11 +340,68 @@ (define (valid? member) but ~a was found") el)))) value)) +(define (oci-image-reference image) + (if (string? image) + image + (string-append (oci-image-repository image) + ":" (oci-image-tag image)))) + +(define (oci-lowerable-image? image) + (or (manifest? image) + (operating-system? image) + (gexp? image) + (file-like? image))) + +(define (string-or-oci-image? image) + (or (string? image) + (oci-image? image))) + (define list-of-symbols? (list-of symbol?)) (define-maybe/no-serialization string) +(define-configuration/no-serialization oci-image + (repository + (string) + "A string like @code{myregistry.local:5000/testing/test-image} that names +the OCI image.") + (tag + (string "latest") + "A string representing the OCI image tag. Defaults to @code{latest}.") + (value + (oci-lowerable-image) + "A @code{manifest} or @code{operating-system} record that will be lowered +into an OCI compatible tarball. Otherwise this field's value can be a gexp +or a file-like object that evaluates to an OCI compatible tarball.") + (pack-options + (list '()) + "An optional set of keyword arguments that will be passed to the +@code{docker-image} procedure from @code{guix scripts pack}. They can be used +to replicate @command{guix pack} behavior: + +@lisp +(oci-image + (repository \"guile\") + (tag \"3\") + (manifest (specifications->manifest '(\"guile\"))) + (pack-options + '(#:symlinks ((\"/bin/guile\" -> \"bin/guile\")) + #:max-layers 2))) +@end lisp + +If the @code{value} field is an @code{operating-system} record, this field's +value will be ignored.") + (system + (maybe-string) + "Attempt to build for a given system, e.g. \"i686-linux\"") + (target + (maybe-string) + "Attempt to cross-build for a given triple, e.g. \"aarch64-linux-gnu\"") + (grafts? + (boolean #f) + "Whether to allow grafting or not in the pack build.")) + (define-configuration/no-serialization oci-container-configuration (user (string "oci-container") @@ -372,8 +449,9 @@ (define-configuration/no-serialization oci-container-configuration documentation for semantics." (sanitizer oci-sanitize-environment)) (image - (string) - "The image used to build the container. Images are resolved by the Docker + (string-or-oci-image) + "The image used to build the container. It can be a string or an +@code{oci-image} record. Strings are resolved by the Docker Engine, and follow the usual format @code{myregistry.local:5000/testing/test-image:tag}.") (provision @@ -470,14 +548,122 @@ (define oci-container-configuration->options (list "-v" spec)) (oci-container-configuration-volumes config)))))))) +(define* (get-keyword-value args keyword #:key (default #f)) + (let ((kv (memq keyword args))) + (if (and kv (>= (length kv) 2)) + (cadr kv) + default))) + +(define (lower-operating-system os target system) + (mlet* %store-monad + ((tarball + (lower-object + (system-image (os->image os #:type docker-image-type)) + system + #:target target))) + (return tarball))) + +(define (lower-manifest name image target system) + (define value (oci-image-value image)) + (define options (oci-image-pack-options image)) + (define image-reference + (oci-image-reference image)) + (define image-tag + (let* ((extra-options + (get-keyword-value options #:extra-options)) + (image-tag-option + (and extra-options + (get-keyword-value extra-options #:image-tag)))) + (if image-tag-option + '() + `(#:extra-options (#:image-tag ,image-reference))))) + + (mlet* %store-monad + ((_ (set-grafting + (oci-image-grafts? image))) + (guile (set-guile-for-build (default-guile))) + (profile + (profile-derivation value + #:target target + #:system system + #:hooks '() + #:locales? #f)) + (tarball (apply pack:docker-image + `(,name ,profile + ,@options + ,@image-tag + #:localstatedir? #t)))) + (return tarball))) + +(define (lower-oci-image name image) + (define value (oci-image-value image)) + (define image-target (oci-image-target image)) + (define image-system (oci-image-system image)) + (define target + (if (maybe-value-set? image-target) + image-target + (%current-target-system))) + (define system + (if (maybe-value-set? image-system) + image-system + (%current-system))) + (with-store store + (run-with-store store + (match value + ((? manifest? value) + (lower-manifest name image target system)) + ((? operating-system? value) + (lower-operating-system value target system)) + ((or (? gexp? value) + (? file-like? value)) + value) + (_ + (raise + (formatted-message + (G_ "oci-image value must contain only manifest, +operating-system, gexp or file-like records but ~a was found") + value)))) + #:target target + #:system system))) + +(define (%oci-image-loader name image tag) + (let ((docker (file-append docker-cli "/bin/docker")) + (tarball (lower-oci-image name image))) + (with-imported-modules '((guix build utils)) + (program-file (format #f "~a-image-loader" name) + #~(begin + (use-modules (guix build utils) + (ice-9 popen) + (ice-9 rdelim)) + + (format #t "Loading image for ~a from ~a...~%" #$name #$tarball) + (define line + (read-line + (open-input-pipe + (string-append #$docker " load -i " #$tarball)))) + + (unless (or (eof-object? line) + (string-null? line)) + (format #t "~a~%" line) + (let ((repository&tag + (string-drop line + (string-length + "Loaded image: ")))) + + (invoke #$docker "tag" repository&tag #$tag) + (format #t "Tagged ~a with ~a...~%" #$tarball #$tag)))))))) + (define (oci-container-shepherd-service config) (define (guess-name name image) (if (maybe-value-set? name) name (string-append "docker-" - (basename (car (string-split image #\:)))))) + (basename + (if (string? image) + (first (string-split image #\:)) + (oci-image-repository image)))))) - (let* ((docker-command (file-append docker-cli "/bin/docker")) + (let* ((docker (file-append docker-cli "/bin/docker")) (user (oci-container-configuration-user config)) (group (oci-container-configuration-group config)) (host-environment @@ -486,6 +672,7 @@ (define (guess-name name image) (provision (oci-container-configuration-provision config)) (requirement (oci-container-configuration-requirement config)) (image (oci-container-configuration-image config)) + (image-reference (oci-image-reference image)) (options (oci-container-configuration->options config)) (name (guess-name provision image)) (extra-arguments @@ -496,30 +683,37 @@ (define (guess-name name image) (respawn? #f) (documentation (string-append - "Docker backed Shepherd service for image: " image)) + "Docker backed Shepherd service for " + (if (oci-image? image) name image) ".")) (start - #~(make-forkexec-constructor - ;; docker run [OPTIONS] IMAGE [COMMAND] [ARG...] - (list #$docker-command "run" "--rm" - "--name" #$name - #$@options #$@extra-arguments #$image #$@command) - #:user #$user - #:group #$group - #:environment-variables - (list #$@host-environment))) + #~(lambda () + (when #$(oci-image? image) + (invoke #$(%oci-image-loader + name image image-reference))) + (fork+exec-command + ;; docker run [OPTIONS] IMAGE [COMMAND] [ARG...] + (list #$docker "run" "--rm" "--name" #$name + #$@options #$@extra-arguments + #$image-reference #$@command) + #:user #$user + #:group #$group + #:environment-variables + (list #$@host-environment)))) (stop #~(lambda _ - (invoke #$docker-command "rm" "-f" #$name))) + (invoke #$docker "rm" "-f" #$name))) (actions - (list - (shepherd-action - (name 'pull) - (documentation - (format #f "Pull ~a's image (~a)." - name image)) - (procedure - #~(lambda _ - (invoke #$docker-command "pull" #$image))))))))) + (if (oci-image? image) + '() + (list + (shepherd-action + (name 'pull) + (documentation + (format #f "Pull ~a's image (~a)." + name image)) + (procedure + #~(lambda _ + (invoke #$docker "pull" #$image)))))))))) (define %oci-container-accounts (list (user-account -- 2.41.0 From unknown Fri Sep 05 11:01:02 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#67613] Introduce unit tests for oci-container-service-type. Resent-From: paul Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 03 May 2024 22:11:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 67613@debbugs.gnu.org Received: via spool by 67613-submit@debbugs.gnu.org id=B67613.171477423921332 (code B ref 67613); Fri, 03 May 2024 22:11:01 +0000 Received: (at 67613) by debbugs.gnu.org; 3 May 2024 22:10:39 +0000 Received: from localhost ([127.0.0.1]:49136 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s3171-0005Y0-1A for submit@debbugs.gnu.org; Fri, 03 May 2024 18:10:39 -0400 Received: from confino.investici.org ([2a11:7980:1::2:0]:36177) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s316y-0005Xs-JA for 67613@debbugs.gnu.org; Fri, 03 May 2024 18:10:38 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1714774211; bh=R7lyqdQsPgqcSG7TAAhUwgcspMKnYNg/umAAX0O06+M=; h=Date:Subject:From:To:Cc:References:In-Reply-To:From; b=XmyaqowtpNA1eZiQ0Jyo7bDyWMm+CT1cFUFPPo5RgJHWRmWceR8xlQOK4sJQKcEoX W4QyYGRoqybZS7CNFMBxtjb6W7FZl5bZUBqSCPl6+4BB97EZh4Us2Lt3BicMtn2nYL 2bfxtO7PxooesVgDi9He1X0KLlKCwNxuwmAemNAg= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4VWQ3719V6z11Bg; Fri, 3 May 2024 22:10:11 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4VWQ370lT3z11BS; Fri, 3 May 2024 22:10:11 +0000 (UTC) Message-ID: <237dfee6-5280-7d4f-4fec-c07f4f083880@autistici.org> Date: Sat, 4 May 2024 00:10:10 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 From: paul References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@autistici.org> <20231203215630.28144-1-goodoldpaul@autistici.org> <87lea13f3e.fsf_-_@gnu.org> <87wmtgtyy4.fsf@gnu.org> <05d4f2f7-01ff-65d1-107f-f71b8e103de0@autistici.org> Content-Language: en-US In-Reply-To: <05d4f2f7-01ff-65d1-107f-f71b8e103de0@autistici.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) Hi Ludo’ , I'm sending a patchset rebased on current master. I hope patch 1-3 are non-controversial enough to be directly merged as they add features without breaking existing configurations. About patch 4 and 5 I stand by my request for help in my last email. Thank you for your work, giacomo From unknown Fri Sep 05 11:01:02 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#67613] [PATCH v3 4/5] gnu: docker: Allow passing tarballs for images in oci-container-configuration. Resent-From: Giacomo Leidi Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 03 May 2024 22:13:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 67613@debbugs.gnu.org Cc: Giacomo Leidi Received: via spool by 67613-submit@debbugs.gnu.org id=B67613.171477432521431 (code B ref 67613); Fri, 03 May 2024 22:13:02 +0000 Received: (at 67613) by debbugs.gnu.org; 3 May 2024 22:12:05 +0000 Received: from localhost ([127.0.0.1]:49149 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s318O-0005ZS-GT for submit@debbugs.gnu.org; Fri, 03 May 2024 18:12:05 -0400 Received: from confino.investici.org ([2a11:7980:1::2:0]:32315) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s318L-0005Yp-ON for 67613@debbugs.gnu.org; Fri, 03 May 2024 18:12:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1714774298; bh=HH2mMLsliNtIIe8z875yGhYONaeqILotnGkQ2QwHgsI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Oj804NXgGvTkxRBoZcmU5CK0BFSZ89Fpcy1dOL8RFKu28/f5HyXQh7vHNCL+ozejA KrLAA9zs4OWF//TQuGJv77Mg2Mhlt67bvZKTzUtHuhrNLolSer+dWny4rJE7sG6mQm pNjDxPAP+0nVA19GZ7Utf81aSiwAgxLoL5gS1jPo= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4VWQ4p48mNz11CB; Fri, 3 May 2024 22:11:38 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4VWQ4p3hD6z11BS; Fri, 3 May 2024 22:11:38 +0000 (UTC) From: Giacomo Leidi Date: Sat, 4 May 2024 00:11:16 +0200 Message-ID: <0c4d11411cd8efcea9c3252146cbc69c9155f2e9.1714774277.git.goodoldpaul@autistici.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <306393d4c3b28f242fb735d793ef127427f3d072.1714774276.git.goodoldpaul@autistici.org> References: <306393d4c3b28f242fb735d793ef127427f3d072.1714774276.git.goodoldpaul@autistici.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) This commit allows for loading an OCI image tarball before running an OCI backed Shepherd service. It does so by adding a one shot Shepherd service to the dependencies of the OCI backed service that at boot runs docker load on the tarball. * gnu/services/docker.scm (oci-image): New record; (lower-oci-image): new variable, lower it; (string-or-oci-image?): sanitize it; (oci-container-configuration)[image]: allow also for oci-image records; (oci-container-shepherd-service): use it; (%oci-image-loader): new variable. Change-Id: Ie504f479ea0d47f74b0ec5df9085673ffd3f639d --- doc/guix.texi | 70 +++++++++++- gnu/services/docker.scm | 244 ++++++++++++++++++++++++++++++++++++---- 2 files changed, 286 insertions(+), 28 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 2b9cc5602c..451bee5615 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -40390,6 +40390,17 @@ Miscellaneous Services @lisp (service oci-container-service-type (list + (oci-container-configuration + (image + (oci-image + (repository "guile") + (tag "3") + (value (specifications->manifest '("guile"))) + (pack-options '(#:symlinks (("/bin/guile" -> "bin/guile")) + #:max-layers 2)))) + (entrypoint "/bin/guile") + (command + '("-c" "(display \"hello!\n\")"))) (oci-container-configuration (image "prom/prometheus") (network "host") @@ -40466,9 +40477,10 @@ Miscellaneous Services @uref{https://docs.docker.com/engine/reference/commandline/run/#env,upstream} documentation for semantics. -@item @code{image} (type: string) -The image used to build the container. Images are resolved by the -Docker Engine, and follow the usual format +@item @code{image} (type: string-or-oci-image) +The image used to build the container. It can be a string or an +@code{oci-image} record. Strings are resolved by the Docker Engine, and +follow the usual format @code{myregistry.local:5000/testing/test-image:tag}. @item @code{provision} (default: @code{""}) (type: string) @@ -40529,6 +40541,58 @@ Miscellaneous Services @end deftp +@c %end of fragment + +@c %start of fragment + +@deftp {Data Type} oci-image +Available @code{oci-image} fields are: + +@table @asis +@item @code{repository} (type: string) +A string like @code{myregistry.local:5000/testing/test-image} that names +the OCI image. + +@item @code{tag} (default: @code{"latest"}) (type: string) +A string representing the OCI image tag. Defaults to @code{latest}. + +@item @code{value} (type: oci-lowerable-image) +A @code{manifest} or @code{operating-system} record that will be lowered +into an OCI compatible tarball. Otherwise this field's value can be a +gexp or a file-like object that evaluates to an OCI compatible tarball. + +@item @code{pack-options} (default: @code{'()}) (type: list) +An optional set of keyword arguments that will be passed to the +@code{docker-image} procedure from @code{guix scripts pack}. They can +be used to replicate @command{guix pack} behavior: + +@lisp +(oci-image + (repository "guile") + (tag "3") + (value + (specifications->manifest '("guile"))) + (pack-options '(#:symlinks (("/bin/guile" -> "bin/guile")) + #:max-layers 2))) +@end lisp + +If the @code{value} field is an @code{operating-system} record, this field's +value will be ignored. + +@item @code{system} (default: @code{""}) (type: string) +Attempt to build for a given system, e.g. "i686-linux" + +@item @code{target} (default: @code{""}) (type: string) +Attempt to cross-build for a given triple, e.g. "aarch64-linux-gnu" + +@item @code{grafts?} (default: @code{#f}) (type: boolean) +Whether to allow grafting or not in the pack build. + +@end table + +@end deftp + + @c %end of fragment @cindex Audit diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index a5b1614fa9..7aff8dcc5f 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -23,11 +23,14 @@ ;;; along with GNU Guix. If not, see . (define-module (gnu services docker) + #:use-module (gnu image) #:use-module (gnu services) #:use-module (gnu services configuration) #:use-module (gnu services base) #:use-module (gnu services dbus) #:use-module (gnu services shepherd) + #:use-module (gnu system) + #:use-module (gnu system image) #:use-module (gnu system setuid) #:use-module (gnu system shadow) #:use-module (gnu packages admin) ;shadow @@ -37,7 +40,11 @@ (define-module (gnu services docker) #:use-module (guix diagnostics) #:use-module (guix gexp) #:use-module (guix i18n) + #:use-module (guix monads) #:use-module (guix packages) + #:use-module (guix profiles) + #:use-module ((guix scripts pack) #:prefix pack:) + #:use-module (guix store) #:use-module (srfi srfi-1) #:use-module (ice-9 format) #:use-module (ice-9 match) @@ -45,6 +52,16 @@ (define-module (gnu services docker) #:export (docker-configuration docker-service-type singularity-service-type + oci-image + oci-image? + oci-image-fields + oci-image-repository + oci-image-tag + oci-image-value + oci-image-pack-options + oci-image-target + oci-image-system + oci-image-grafts? oci-container-configuration oci-container-configuration? oci-container-configuration-fields @@ -52,9 +69,11 @@ (define-module (gnu services docker) oci-container-configuration-group oci-container-configuration-command oci-container-configuration-entrypoint + oci-container-configuration-host-environment oci-container-configuration-environment oci-container-configuration-image oci-container-configuration-provision + oci-container-configuration-requirement oci-container-configuration-network oci-container-configuration-ports oci-container-configuration-volumes @@ -62,7 +81,8 @@ (define-module (gnu services docker) oci-container-configuration-workdir oci-container-configuration-extra-arguments oci-container-service-type - oci-container-shepherd-service)) + oci-container-shepherd-service + %oci-container-accounts)) (define-maybe file-like) @@ -320,11 +340,68 @@ (define (oci-sanitize-extra-arguments value) but ~a was found") el)))) value)) +(define (oci-image-reference image) + (if (string? image) + image + (string-append (oci-image-repository image) + ":" (oci-image-tag image)))) + +(define (oci-lowerable-image? image) + (or (manifest? image) + (operating-system? image) + (gexp? image) + (file-like? image))) + +(define (string-or-oci-image? image) + (or (string? image) + (oci-image? image))) + (define list-of-symbols? (list-of symbol?)) (define-maybe/no-serialization string) +(define-configuration/no-serialization oci-image + (repository + (string) + "A string like @code{myregistry.local:5000/testing/test-image} that names +the OCI image.") + (tag + (string "latest") + "A string representing the OCI image tag. Defaults to @code{latest}.") + (value + (oci-lowerable-image) + "A @code{manifest} or @code{operating-system} record that will be lowered +into an OCI compatible tarball. Otherwise this field's value can be a gexp +or a file-like object that evaluates to an OCI compatible tarball.") + (pack-options + (list '()) + "An optional set of keyword arguments that will be passed to the +@code{docker-image} procedure from @code{guix scripts pack}. They can be used +to replicate @command{guix pack} behavior: + +@lisp +(oci-image + (repository \"guile\") + (tag \"3\") + (manifest (specifications->manifest '(\"guile\"))) + (pack-options + '(#:symlinks ((\"/bin/guile\" -> \"bin/guile\")) + #:max-layers 2))) +@end lisp + +If the @code{value} field is an @code{operating-system} record, this field's +value will be ignored.") + (system + (maybe-string) + "Attempt to build for a given system, e.g. \"i686-linux\"") + (target + (maybe-string) + "Attempt to cross-build for a given triple, e.g. \"aarch64-linux-gnu\"") + (grafts? + (boolean #f) + "Whether to allow grafting or not in the pack build.")) + (define-configuration/no-serialization oci-container-configuration (user (string "oci-container") @@ -372,8 +449,9 @@ (define-configuration/no-serialization oci-container-configuration documentation for semantics." (sanitizer oci-sanitize-environment)) (image - (string) - "The image used to build the container. Images are resolved by the Docker + (string-or-oci-image) + "The image used to build the container. It can be a string or an +@code{oci-image} record. Strings are resolved by the Docker Engine, and follow the usual format @code{myregistry.local:5000/testing/test-image:tag}.") (provision @@ -470,14 +548,122 @@ (define oci-container-configuration->options (list "-v" spec)) (oci-container-configuration-volumes config)))))))) +(define* (get-keyword-value args keyword #:key (default #f)) + (let ((kv (memq keyword args))) + (if (and kv (>= (length kv) 2)) + (cadr kv) + default))) + +(define (lower-operating-system os target system) + (mlet* %store-monad + ((tarball + (lower-object + (system-image (os->image os #:type docker-image-type)) + system + #:target target))) + (return tarball))) + +(define (lower-manifest name image target system) + (define value (oci-image-value image)) + (define options (oci-image-pack-options image)) + (define image-reference + (oci-image-reference image)) + (define image-tag + (let* ((extra-options + (get-keyword-value options #:extra-options)) + (image-tag-option + (and extra-options + (get-keyword-value extra-options #:image-tag)))) + (if image-tag-option + '() + `(#:extra-options (#:image-tag ,image-reference))))) + + (mlet* %store-monad + ((_ (set-grafting + (oci-image-grafts? image))) + (guile (set-guile-for-build (default-guile))) + (profile + (profile-derivation value + #:target target + #:system system + #:hooks '() + #:locales? #f)) + (tarball (apply pack:docker-image + `(,name ,profile + ,@options + ,@image-tag + #:localstatedir? #t)))) + (return tarball))) + +(define (lower-oci-image name image) + (define value (oci-image-value image)) + (define image-target (oci-image-target image)) + (define image-system (oci-image-system image)) + (define target + (if (maybe-value-set? image-target) + image-target + (%current-target-system))) + (define system + (if (maybe-value-set? image-system) + image-system + (%current-system))) + (with-store store + (run-with-store store + (match value + ((? manifest? value) + (lower-manifest name image target system)) + ((? operating-system? value) + (lower-operating-system value target system)) + ((or (? gexp? value) + (? file-like? value)) + value) + (_ + (raise + (formatted-message + (G_ "oci-image value must contain only manifest, +operating-system, gexp or file-like records but ~a was found") + value)))) + #:target target + #:system system))) + +(define (%oci-image-loader name image tag) + (let ((docker (file-append docker-cli "/bin/docker")) + (tarball (lower-oci-image name image))) + (with-imported-modules '((guix build utils)) + (program-file (format #f "~a-image-loader" name) + #~(begin + (use-modules (guix build utils) + (ice-9 popen) + (ice-9 rdelim)) + + (format #t "Loading image for ~a from ~a...~%" #$name #$tarball) + (define line + (read-line + (open-input-pipe + (string-append #$docker " load -i " #$tarball)))) + + (unless (or (eof-object? line) + (string-null? line)) + (format #t "~a~%" line) + (let ((repository&tag + (string-drop line + (string-length + "Loaded image: ")))) + + (invoke #$docker "tag" repository&tag #$tag) + (format #t "Tagged ~a with ~a...~%" #$tarball #$tag)))))))) + (define (oci-container-shepherd-service config) (define (guess-name name image) (if (maybe-value-set? name) name (string-append "docker-" - (basename (car (string-split image #\:)))))) + (basename + (if (string? image) + (first (string-split image #\:)) + (oci-image-repository image)))))) - (let* ((docker-command (file-append docker-cli "/bin/docker")) + (let* ((docker (file-append docker-cli "/bin/docker")) (user (oci-container-configuration-user config)) (group (oci-container-configuration-group config)) (host-environment @@ -486,6 +672,7 @@ (define (oci-container-shepherd-service config) (provision (oci-container-configuration-provision config)) (requirement (oci-container-configuration-requirement config)) (image (oci-container-configuration-image config)) + (image-reference (oci-image-reference image)) (options (oci-container-configuration->options config)) (name (guess-name provision image)) (extra-arguments @@ -496,30 +683,37 @@ (define (oci-container-shepherd-service config) (respawn? #f) (documentation (string-append - "Docker backed Shepherd service for image: " image)) + "Docker backed Shepherd service for " + (if (oci-image? image) name image) ".")) (start - #~(make-forkexec-constructor - ;; docker run [OPTIONS] IMAGE [COMMAND] [ARG...] - (list #$docker-command "run" "--rm" - "--name" #$name - #$@options #$@extra-arguments #$image #$@command) - #:user #$user - #:group #$group - #:environment-variables - (list #$@host-environment))) + #~(lambda () + (when #$(oci-image? image) + (invoke #$(%oci-image-loader + name image image-reference))) + (fork+exec-command + ;; docker run [OPTIONS] IMAGE [COMMAND] [ARG...] + (list #$docker "run" "--rm" "--name" #$name + #$@options #$@extra-arguments + #$image-reference #$@command) + #:user #$user + #:group #$group + #:environment-variables + (list #$@host-environment)))) (stop #~(lambda _ - (invoke #$docker-command "rm" "-f" #$name))) + (invoke #$docker "rm" "-f" #$name))) (actions - (list - (shepherd-action - (name 'pull) - (documentation - (format #f "Pull ~a's image (~a)." - name image)) - (procedure - #~(lambda _ - (invoke #$docker-command "pull" #$image))))))))) + (if (oci-image? image) + '() + (list + (shepherd-action + (name 'pull) + (documentation + (format #f "Pull ~a's image (~a)." + name image)) + (procedure + #~(lambda _ + (invoke #$docker "pull" #$image)))))))))) (define %oci-container-accounts (list (user-account -- 2.41.0 From unknown Fri Sep 05 11:01:02 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#67613] [PATCH v3 3/5] gnu: docker: Allow setting Shepherd dependencies in oci-container-configuration. Resent-From: Giacomo Leidi Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 03 May 2024 22:13:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 67613@debbugs.gnu.org Cc: Giacomo Leidi Received: via spool by 67613-submit@debbugs.gnu.org id=B67613.171477432721440 (code B ref 67613); Fri, 03 May 2024 22:13:02 +0000 Received: (at 67613) by debbugs.gnu.org; 3 May 2024 22:12:07 +0000 Received: from localhost ([127.0.0.1]:49151 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s318Q-0005Zj-TW for submit@debbugs.gnu.org; Fri, 03 May 2024 18:12:07 -0400 Received: from confino.investici.org ([2a11:7980:1::2:0]:30459) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s318M-0005Yo-GF for 67613@debbugs.gnu.org; Fri, 03 May 2024 18:12:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1714774298; bh=IF73yfKJAY2tF8cE07yKmM09fnTiSTMU/R+ha729Atk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pWxW8/7cLw/wpJcNrVE/1WiL5WwP10QZMlN9ibtm1XCt4hoIT5xn0N1cyr2vDjxVu fTIcqwnlUYHX+xR7AXMt6hOedJMcJNBpYPR11Bcmh5gFlKWAddMnicF/HuwbhcMPHK PIwj1lm9MAnLSSWqEVI4u4Y0zd+uAZr0EBjEncBs= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4VWQ4p2Pd1z11C2; Fri, 3 May 2024 22:11:38 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4VWQ4p1wkYz11BS; Fri, 3 May 2024 22:11:38 +0000 (UTC) From: Giacomo Leidi Date: Sat, 4 May 2024 00:11:15 +0200 Message-ID: <9506edfb6edd9d3f2a8b832caf39005883a04ac2.1714774277.git.goodoldpaul@autistici.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <306393d4c3b28f242fb735d793ef127427f3d072.1714774276.git.goodoldpaul@autistici.org> References: <306393d4c3b28f242fb735d793ef127427f3d072.1714774276.git.goodoldpaul@autistici.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/services/docker.scm (oci-container-configuration) [requirement]: New field; (list-of-symbols): sanitize it; (oci-container-shepherd-service): use it. * doc/guix.texi: Document it. Change-Id: Ic0ba336a2257d6ef7c658cfc6cd630116661f581 --- doc/guix.texi | 4 ++++ gnu/services/docker.scm | 10 +++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/doc/guix.texi b/doc/guix.texi index fad0bf8c7c..2b9cc5602c 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -40474,6 +40474,10 @@ Miscellaneous Services @item @code{provision} (default: @code{""}) (type: string) Set the name of the provisioned Shepherd service. +@item @code{requirement} (default: @code{'()}) (type: list-of-symbols) +Set additional Shepherd services dependencies to the provisioned +Shepherd service. + @item @code{network} (default: @code{""}) (type: string) Set a Docker network for the spawned container. diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index df5884aca1..a5b1614fa9 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -320,6 +320,9 @@ (define (oci-sanitize-extra-arguments value) but ~a was found") el)))) value)) +(define list-of-symbols? + (list-of symbol?)) + (define-maybe/no-serialization string) (define-configuration/no-serialization oci-container-configuration @@ -376,6 +379,10 @@ (define-configuration/no-serialization oci-container-configuration (provision (maybe-string) "Set the name of the provisioned Shepherd service.") + (requirement + (list-of-symbols '()) + "Set additional Shepherd services dependencies to the provisioned Shepherd +service.") (network (maybe-string) "Set a Docker network for the spawned container.") @@ -477,6 +484,7 @@ (define (oci-container-shepherd-service config) (oci-container-configuration-host-environment config)) (command (oci-container-configuration-command config)) (provision (oci-container-configuration-provision config)) + (requirement (oci-container-configuration-requirement config)) (image (oci-container-configuration-image config)) (options (oci-container-configuration->options config)) (name (guess-name provision image)) @@ -484,7 +492,7 @@ (define (oci-container-shepherd-service config) (oci-container-configuration-extra-arguments config))) (shepherd-service (provision `(,(string->symbol name))) - (requirement '(dockerd user-processes)) + (requirement `(dockerd user-processes ,@requirement)) (respawn? #f) (documentation (string-append -- 2.41.0 From unknown Fri Sep 05 11:01:02 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#67613] [PATCH v3 5/5] gnu: Add tests for oci-container-service-type. Resent-From: Giacomo Leidi Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 03 May 2024 22:13:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 67613@debbugs.gnu.org Cc: Giacomo Leidi Received: via spool by 67613-submit@debbugs.gnu.org id=B67613.171477432821448 (code B ref 67613); Fri, 03 May 2024 22:13:02 +0000 Received: (at 67613) by debbugs.gnu.org; 3 May 2024 22:12:08 +0000 Received: from localhost ([127.0.0.1]:49153 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s318R-0005Zl-9z for submit@debbugs.gnu.org; Fri, 03 May 2024 18:12:07 -0400 Received: from confino.investici.org ([93.190.126.19]:21143) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s318M-0005Yt-Aj for 67613@debbugs.gnu.org; Fri, 03 May 2024 18:12:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1714774298; bh=Xbm+8P4WPH98zxI4eyd0IgFpoZ6bIgnMgYZdledOUOk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=UU4ewKN8CN6xNvKHDMdsO/bP9xmP4O8BJMOnSZNSsrtao9c90eEOXZMUuoRuo6vot 7My2XV/8cq9gKkDGCcsqVIdP7oeFwXdZ9UXSmJ5oE3ta8POE6IipIYYuHiOgl5W1ke yUeXlDU+B1VM12f2hLHMeATTRMRBaaPSqUCl/PSQ= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4VWQ4p5jmmz11CJ; Fri, 3 May 2024 22:11:38 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4VWQ4p5FJMz11BS; Fri, 3 May 2024 22:11:38 +0000 (UTC) From: Giacomo Leidi Date: Sat, 4 May 2024 00:11:17 +0200 Message-ID: <24a83c33df8bf8f71df9fea01b0485982799bdc1.1714774277.git.goodoldpaul@autistici.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <306393d4c3b28f242fb735d793ef127427f3d072.1714774276.git.goodoldpaul@autistici.org> References: <306393d4c3b28f242fb735d793ef127427f3d072.1714774276.git.goodoldpaul@autistici.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/tests/docker.scm (run-oci-container-test): New variable; (%test-oci-container): new variable. Change-Id: Idefc3840bdc6e0ed4264e8f27373cd9a670f87a0 --- gnu/tests/docker.scm | 131 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 130 insertions(+), 1 deletion(-) diff --git a/gnu/tests/docker.scm b/gnu/tests/docker.scm index 9e9d2e2d07..d550136b4a 100644 --- a/gnu/tests/docker.scm +++ b/gnu/tests/docker.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2019 Danny Milosavljevic ;;; Copyright © 2019-2023 Ludovic Courtès +;;; Copyright © 2024 Giacomo Leidi ;;; ;;; This file is part of GNU Guix. ;;; @@ -29,6 +30,7 @@ (define-module (gnu tests docker) #:use-module (gnu services networking) #:use-module (gnu services docker) #:use-module (gnu services desktop) + #:use-module (gnu packages) #:use-module ((gnu packages base) #:select (glibc)) #:use-module (gnu packages guile) #:use-module (gnu packages docker) @@ -43,7 +45,8 @@ (define-module (gnu tests docker) #:use-module (guix build-system trivial) #:use-module ((guix licenses) #:prefix license:) #:export (%test-docker - %test-docker-system)) + %test-docker-system + %test-oci-container)) (define %docker-os (simple-operating-system @@ -316,3 +319,129 @@ (define %test-docker-system (locale-libcs (list glibc))) #:type docker-image-type))) run-docker-system-test))))) + + +(define %oci-os + (simple-operating-system + (service dhcp-client-service-type) + (service dbus-root-service-type) + (service polkit-service-type) + (service elogind-service-type) + (service docker-service-type) + (extra-special-file "/shared.txt" + (plain-file "shared.txt" "hello")) + (service oci-container-service-type + (list + (oci-container-configuration + (image + (oci-image + (repository "guile") + (value + (specifications->manifest '("guile"))) + (pack-options + '(#:symlinks (("/bin" -> "bin")))))) + (entrypoint + "/bin/guile") + (command + '("-c" "(let l ((c 300))(display c)(sleep 1)(when(positive? c)(l (- c 1))))")) + (host-environment + '(("VARIABLE" . "value"))) + (volumes + '(("/shared.txt" . "/shared.txt:ro"))) + (extra-arguments + '("--env" "VARIABLE"))))))) + +(define (run-oci-container-test) + "Run IMAGE as an OCI backed Shepherd service, inside OS." + + (define os + (marionette-operating-system + (operating-system-with-gc-roots + %oci-os + (list)) + #:imported-modules '((gnu services herd) + (guix combinators)))) + + (define vm + (virtual-machine + (operating-system os) + (volatile? #f) + (memory-size 1024) + (disk-image-size (* 3000 (expt 2 20))) + (port-forwardings '()))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-11) (srfi srfi-64) + (gnu build marionette)) + + (define marionette + ;; Relax timeout to accommodate older systems and + ;; allow for pulling the image. + (make-marionette (list #$vm) #:timeout 60)) + + (test-runner-current (system-test-runner #$output)) + (test-begin "oci-container") + + (test-assert "dockerd running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (match (start-service 'dockerd) + (#f #f) + (('service response-parts ...) + (match (assq-ref response-parts 'running) + ((pid) (number? pid)))))) + marionette)) + + (sleep 10) ; let service start + + (test-assert "docker-guile running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (match (start-service 'docker-guile) + (#f #f) + (('service response-parts ...) + (match (assq-ref response-parts 'running) + ((pid) (number? pid)))))) + marionette)) + + (test-equal "passing host environment variables and volumes" + '("value" "hello") + (marionette-eval + `(begin + (use-modules (ice-9 popen) + (ice-9 rdelim)) + + (define slurp + (lambda args + (let* ((port (apply open-pipe* OPEN_READ args)) + (output (let ((line (read-line port))) + (if (eof-object? line) + "" + line))) + (status (close-pipe port))) + output))) + (let* ((response1 (slurp + ,(string-append #$docker-cli "/bin/docker") + "exec" "docker-guile" + "/bin/guile" "-c" "(display (getenv \"VARIABLE\"))")) + (response2 (slurp + ,(string-append #$docker-cli "/bin/docker") + "exec" "docker-guile" + "/bin/guile" "-c" "(begin (use-modules (ice-9 popen) (ice-9 rdelim)) +(display (call-with-input-file \"/shared.txt\" read-line)))"))) + (list response1 response2))) + marionette)) + + (test-end)))) + + (gexp->derivation "oci-container-test" test)) + +(define %test-oci-container + (system-test + (name "oci-container") + (description "Test OCI backed Shepherd service.") + (value (run-oci-container-test)))) -- 2.41.0 From unknown Fri Sep 05 11:01:02 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#67613] [PATCH v3 2/5] gnu: docker: Allow setting host environment variables in oci-container-configuration. Resent-From: Giacomo Leidi Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 03 May 2024 22:13:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 67613@debbugs.gnu.org Cc: Giacomo Leidi Received: via spool by 67613-submit@debbugs.gnu.org id=B67613.171477432821456 (code B ref 67613); Fri, 03 May 2024 22:13:03 +0000 Received: (at 67613) by debbugs.gnu.org; 3 May 2024 22:12:08 +0000 Received: from localhost ([127.0.0.1]:49155 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s318R-0005Zs-S6 for submit@debbugs.gnu.org; Fri, 03 May 2024 18:12:08 -0400 Received: from confino.investici.org ([93.190.126.19]:51261) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s318N-0005Ym-5I for 67613@debbugs.gnu.org; Fri, 03 May 2024 18:12:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1714774298; bh=6sFpoz0Yh+7fXTBxs9Sticus2j2Ta1iLLk8267xgzrM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=XIrtfITk8ZZ4xochigA8QlQGrBMm7luzc88sKS3FTdkACgLE659dDZgZF/yFp+ZOd hd460bAOkd0g+05u9pP0Me04QrrL9gnkBZkZHgy9/oy8RfOimtLhlGUkV9eJp8SACD VwuKdDwLT+DC3rLVRPqs2fhZD4DESuHQciZfsQSw= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4VWQ4p0dmRz11Bm; Fri, 3 May 2024 22:11:38 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4VWQ4p0704z11BS; Fri, 3 May 2024 22:11:37 +0000 (UTC) From: Giacomo Leidi Date: Sat, 4 May 2024 00:11:14 +0200 Message-ID: <0136493778f7159c4cdddf460b71f9d9f5094115.1714774277.git.goodoldpaul@autistici.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <306393d4c3b28f242fb735d793ef127427f3d072.1714774276.git.goodoldpaul@autistici.org> References: <306393d4c3b28f242fb735d793ef127427f3d072.1714774276.git.goodoldpaul@autistici.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/services/docker.scm (oci-container-configuration) [host-environment]: New field; (oci-sanitize-host-environment): sanitize it; (oci-container-shepherd-service): use it. * doc/guix.texi: Document it. Change-Id: I4d54d37736cf09f042a71cb0b6e673abc0948d9c --- doc/guix.texi | 17 +++++++++++++++++ gnu/services/docker.scm | 31 +++++++++++++++++++++++++++++-- 2 files changed, 46 insertions(+), 2 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 19b7563916..fad0bf8c7c 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -40436,6 +40436,23 @@ Miscellaneous Services @item @code{entrypoint} (default: @code{""}) (type: string) Overwrite the default entrypoint (@code{ENTRYPOINT}) of the image. +@item @code{host-environment} (default: @code{'()}) (type: list) +Set environment variables in the host environment where @command{docker +run} is invoked. This is especially useful to pass secrets from the +host to the container without having them on the @command{docker run}'s +command line: by setting the @code{MYSQL_PASSWORD} on the host and by passing +@code{--env MYSQL_PASSWORD} through the @code{extra-arguments} field, it is +possible to securely set values in the container environment. This field's +value can be a list of pairs or strings, even mixed: + +@lisp +(list '(\"LANGUAGE\" . \"eo:ca:eu\") + \"JAVA_HOME=/opt/java\") +@end lisp + +Pair members can be strings, gexps or file-like objects. Strings are passed +directly to @code{make-forkexec-constructor}. + @item @code{environment} (default: @code{'()}) (type: list) Set environment variables. This can be a list of pairs or strings, even mixed: diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index 824c4ecbe6..df5884aca1 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -5,7 +5,7 @@ ;;; Copyright © 2020 Efraim Flashner ;;; Copyright © 2020 Jesse Dowell ;;; Copyright © 2021 Brice Waegeneire -;;; Copyright © 2023 Giacomo Leidi +;;; Copyright © 2023, 2024 Giacomo Leidi ;;; ;;; This file is part of GNU Guix. ;;; @@ -285,6 +285,11 @@ (define (oci-sanitize-mixed-list name value delimiter) name el))))) value)) +(define (oci-sanitize-host-environment value) + ;; Expected spec format: + ;; '(("HOME" . "/home/nobody") "JAVA_HOME=/java") + (oci-sanitize-mixed-list "host-environment" value "=")) + (define (oci-sanitize-environment value) ;; Expected spec format: ;; '(("HOME" . "/home/nobody") "JAVA_HOME=/java") @@ -330,6 +335,24 @@ (define-configuration/no-serialization oci-container-configuration (entrypoint (maybe-string) "Overwrite the default entrypoint (@code{ENTRYPOINT}) of the image.") + (host-environment + (list '()) + "Set environment variables in the host environment where @command{docker run} +is invoked. This is especially useful to pass secrets from the host to the +container without having them on the @command{docker run}'s command line: by +setting the @code{MYSQL_PASSWORD} on the host and by passing +@code{--env MYSQL_PASSWORD} through the @code{extra-arguments} field, it is +possible to securely set values in the container environment. This field's +value can be a list of pairs or strings, even mixed: + +@lisp +(list '(\"LANGUAGE\" . \"eo:ca:eu\") + \"JAVA_HOME=/opt/java\") +@end lisp + +Pair members can be strings, gexps or file-like objects. Strings are passed +directly to @code{make-forkexec-constructor}." + (sanitizer oci-sanitize-host-environment)) (environment (list '()) "Set environment variables inside the container. This can be a list of pairs @@ -450,6 +473,8 @@ (define (oci-container-shepherd-service config) (let* ((docker-command (file-append docker-cli "/bin/docker")) (user (oci-container-configuration-user config)) (group (oci-container-configuration-group config)) + (host-environment + (oci-container-configuration-host-environment config)) (command (oci-container-configuration-command config)) (provision (oci-container-configuration-provision config)) (image (oci-container-configuration-image config)) @@ -471,7 +496,9 @@ (define (oci-container-shepherd-service config) "--name" #$name #$@options #$@extra-arguments #$image #$@command) #:user #$user - #:group #$group)) + #:group #$group + #:environment-variables + (list #$@host-environment))) (stop #~(lambda _ (invoke #$docker-command "rm" "-f" #$name))) -- 2.41.0 From unknown Fri Sep 05 11:01:02 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#67613] [PATCH v3 1/5] gnu: docker: Provide escape hatch in oci-container-configuration. References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@autistici.org> In-Reply-To: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@autistici.org> Resent-From: Giacomo Leidi Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 03 May 2024 22:13:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 67613@debbugs.gnu.org Cc: Giacomo Leidi Received: via spool by 67613-submit@debbugs.gnu.org id=B67613.171477432921462 (code B ref 67613); Fri, 03 May 2024 22:13:03 +0000 Received: (at 67613) by debbugs.gnu.org; 3 May 2024 22:12:09 +0000 Received: from localhost ([127.0.0.1]:49157 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s318S-0005a1-JL for submit@debbugs.gnu.org; Fri, 03 May 2024 18:12:09 -0400 Received: from confino.investici.org ([2a11:7980:1::2:0]:44617) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s318L-0005Yl-0X for 67613@debbugs.gnu.org; Fri, 03 May 2024 18:12:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1714774297; bh=uSPDQeyoMmWjrm+wlpvtf+0KB72qQd7O83h3OB7mS5k=; h=From:To:Cc:Subject:Date:From; b=XReK/9sv+QlDPhl1nMB0IOcnVuqCWGpL8JSHcIIpt9VC7hIhG+DhmCTW6DPb53rpO HLvqwqByiAc2rj6WYoH6sN60kXKFyQWBz9UtmftIOdu80GieI9cuBvEIgthhk524d6 qWsN15QIQD7QE/Go/y2rHy6K1rQsxYiCXDsYNLic= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4VWQ4n5ysXz11Bg; Fri, 3 May 2024 22:11:37 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4VWQ4n5TTxz11BS; Fri, 3 May 2024 22:11:37 +0000 (UTC) From: Giacomo Leidi Date: Sat, 4 May 2024 00:11:13 +0200 Message-ID: <306393d4c3b28f242fb735d793ef127427f3d072.1714774276.git.goodoldpaul@autistici.org> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) * gnu/services/docker.scm (exports): Add missing procedures; (oci-container-service-type)[description]: Docker and OCI images should mean the same thing; (oci-container-configuration): clarify field types; [extra-arguments]: new field; (oci-sanitize-extra-arguments): sanitize it; (oci-container-shepherd-service): use it. * doc/guix.texi: Document it. Change-Id: I64e9d82c8ae538d59d1c482f23070a880156ddf7 --- doc/guix.texi | 21 ++++++++++++------- gnu/services/docker.scm | 46 +++++++++++++++++++++++++++++++++-------- 2 files changed, 51 insertions(+), 16 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 3f5d4e7f0d..19b7563916 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -40430,13 +40430,13 @@ Miscellaneous Services @item @code{group} (default: @code{"docker"}) (type: string) The group under whose authority docker commands will be run. -@item @code{command} (default: @code{()}) (type: list-of-strings) +@item @code{command} (default: @code{'()}) (type: list-of-strings) Overwrite the default command (@code{CMD}) of the image. @item @code{entrypoint} (default: @code{""}) (type: string) Overwrite the default entrypoint (@code{ENTRYPOINT}) of the image. -@item @code{environment} (default: @code{()}) (type: list) +@item @code{environment} (default: @code{'()}) (type: list) Set environment variables. This can be a list of pairs or strings, even mixed: @lisp @@ -40444,7 +40444,8 @@ Miscellaneous Services "JAVA_HOME=/opt/java") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. +Strings are passed directly to the Docker CLI. You can refer to the @uref{https://docs.docker.com/engine/reference/commandline/run/#env,upstream} documentation for semantics. @@ -40459,7 +40460,7 @@ Miscellaneous Services @item @code{network} (default: @code{""}) (type: string) Set a Docker network for the spawned container. -@item @code{ports} (default: @code{()}) (type: list) +@item @code{ports} (default: @code{'()}) (type: list) Set the port or port ranges to expose from the spawned container. This can be a list of pairs or strings, even mixed: @@ -40468,11 +40469,12 @@ Miscellaneous Services "10443:443") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. +Strings are passed directly to the Docker CLI. You can refer to the @uref{https://docs.docker.com/engine/reference/commandline/run/#publish,upstream} documentation for semantics. -@item @code{volumes} (default: @code{()}) (type: list) +@item @code{volumes} (default: @code{'()}) (type: list) Set volume mappings for the spawned container. This can be a list of pairs or strings, even mixed: @@ -40481,7 +40483,8 @@ Miscellaneous Services "/gnu/store:/gnu/store") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. +Strings are passed directly to the Docker CLI. You can refer to the @uref{https://docs.docker.com/engine/reference/commandline/run/#volume,upstream} documentation for semantics. @@ -40496,6 +40499,10 @@ Miscellaneous Services @url{https://docs.docker.com/engine/reference/run/#workdir,upstream} documentation for semantics. +@item @code{extra-arguments} (default: @code{'()}) (type: list) +A list of strings, gexps or file-like objects that will be directly +passed to the @command{docker run} invokation. + @end table @end deftp diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index 4d32b96847..824c4ecbe6 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -58,6 +58,9 @@ (define-module (gnu services docker) oci-container-configuration-network oci-container-configuration-ports oci-container-configuration-volumes + oci-container-configuration-container-user + oci-container-configuration-workdir + oci-container-configuration-extra-arguments oci-container-service-type oci-container-shepherd-service)) @@ -297,6 +300,21 @@ (define (oci-sanitize-volumes value) ;; '(("/mnt/dir" . "/dir") "/run/current-system/profile:/java") (oci-sanitize-mixed-list "volumes" value ":")) +(define (oci-sanitize-extra-arguments value) + (define (valid? member) + (or (string? member) + (gexp? member) + (file-like? member))) + (map + (lambda (el) + (if (valid? el) + el + (raise + (formatted-message + (G_ "extra arguments may only be strings, gexps or file-like objects +but ~a was found") el)))) + value)) + (define-maybe/no-serialization string) (define-configuration/no-serialization oci-container-configuration @@ -314,15 +332,16 @@ (define-configuration/no-serialization oci-container-configuration "Overwrite the default entrypoint (@code{ENTRYPOINT}) of the image.") (environment (list '()) - "Set environment variables. This can be a list of pairs or strings, even -mixed: + "Set environment variables inside the container. This can be a list of pairs +or strings, even mixed: @lisp (list '(\"LANGUAGE\" . \"eo:ca:eu\") \"JAVA_HOME=/opt/java\") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. Strings are passed +directly to the Docker CLI. You can refer to the @url{https://docs.docker.com/engine/reference/commandline/run/#env,upstream} documentation for semantics." (sanitizer oci-sanitize-environment)) @@ -347,7 +366,8 @@ (define-configuration/no-serialization oci-container-configuration \"10443:443\") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. Strings are passed +directly to the Docker CLI. You can refer to the @url{https://docs.docker.com/engine/reference/commandline/run/#publish,upstream} documentation for semantics." (sanitizer oci-sanitize-ports)) @@ -361,7 +381,8 @@ (define-configuration/no-serialization oci-container-configuration \"/gnu/store:/gnu/store\") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. Strings are passed +directly to the Docker CLI. You can refer to the @url{https://docs.docker.com/engine/reference/commandline/run/#volume,upstream} documentation for semantics." (sanitizer oci-sanitize-volumes)) @@ -375,7 +396,12 @@ (define-configuration/no-serialization oci-container-configuration "Set the current working for the spawned Shepherd service. You can refer to the @url{https://docs.docker.com/engine/reference/run/#workdir,upstream} -documentation for semantics.")) +documentation for semantics.") + (extra-arguments + (list '()) + "A list of strings, gexps or file-like objects that will be directly passed +to the @command{docker run} invokation." + (sanitizer oci-sanitize-extra-arguments))) (define oci-container-configuration->options (lambda (config) @@ -428,7 +454,9 @@ (define (oci-container-shepherd-service config) (provision (oci-container-configuration-provision config)) (image (oci-container-configuration-image config)) (options (oci-container-configuration->options config)) - (name (guess-name provision image))) + (name (guess-name provision image)) + (extra-arguments + (oci-container-configuration-extra-arguments config))) (shepherd-service (provision `(,(string->symbol name))) (requirement '(dockerd user-processes)) @@ -441,7 +469,7 @@ (define (oci-container-shepherd-service config) ;; docker run [OPTIONS] IMAGE [COMMAND] [ARG...] (list #$docker-command "run" "--rm" "--name" #$name - #$@options #$image #$@command) + #$@options #$@extra-arguments #$image #$@command) #:user #$user #:group #$group)) (stop @@ -482,5 +510,5 @@ (define oci-container-service-type (extend append) (compose concatenate) (description - "This service allows the management of Docker and OCI + "This service allows the management of OCI containers as Shepherd services."))) base-commit: 7d4ae2fca723114fb1df56de33b82177fbc4d0a6 -- 2.41.0 From unknown Fri Sep 05 11:01:02 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: paul Subject: bug#67613: closed (Re: bug#67613: Introduce unit tests for oci-container-service-type.) Message-ID: References: <87ikz20z9w.fsf_-_@gnu.org> <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@autistici.org> X-Gnu-PR-Message: they-closed 67613 X-Gnu-PR-Package: guix-patches Reply-To: 67613@debbugs.gnu.org Date: Sat, 25 May 2024 13:59:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1716645542-31262-1" This is a multi-part message in MIME format... ------------=_1716645542-31262-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #67613: Introduce unit tests for oci-container-service-type. which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 67613@debbugs.gnu.org. --=20 67613: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D67613 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1716645542-31262-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 67613-done) by debbugs.gnu.org; 25 May 2024 13:58:24 +0000 Received: from localhost ([127.0.0.1]:43569 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sAruh-00086T-FG for submit@debbugs.gnu.org; Sat, 25 May 2024 09:58:23 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45460) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sAruf-000864-2R for 67613-done@debbugs.gnu.org; Sat, 25 May 2024 09:58:21 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sAruR-0000Gk-St; Sat, 25 May 2024 09:58:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=Y9QKdrF6Nhl4Px/89zkkB+LHaUTB0tlADpUzXImbrPw=; b=NmAHCViK3PsYRG7LdpB6 0jua+aOXVKyOO0u5x2Vn+LEW9atnG2nw+XN6RHlTNpRkdufl+nhMvIgGe/vaBVn+2z8oUQeir+mJS NJWs9GrdNa75AO41I25UN3gG+AFKbahEAmPhj3jh3CzSj83aQ+jmPurUtU60LGzAhXVIDw4c045bA cr6+fG4QgVwDFf+CTYGJ22iC8x7ltVJ0LagZVk3WKHO/MGJqsAlh2UTAG45CEdYIMssOTr2/fVpc8 DH3wysraQKgWW1wcG/7keh4+RDia6iLD9Yv8kaiA7MTOoj9Z9gYLzSw9buBHROhEjiUh5Id3Al6Lm iv/eQBVd05gurw==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Giacomo Leidi Subject: Re: bug#67613: Introduce unit tests for oci-container-service-type. In-Reply-To: <306393d4c3b28f242fb735d793ef127427f3d072.1714774276.git.goodoldpaul@autistici.org> (Giacomo Leidi's message of "Sat, 4 May 2024 00:11:13 +0200") References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@autistici.org> <306393d4c3b28f242fb735d793ef127427f3d072.1714774276.git.goodoldpaul@autistici.org> Date: Sat, 25 May 2024 15:58:03 +0200 Message-ID: <87ikz20z9w.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 67613-done Cc: 67613-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, I went ahead and finally applied this series, thanks! (I=E2=80=99m still waiting for the system test to complete on my laptop: it requires quite a lot of disk space so I had to GC and try again a couple of times already=E2=80=A6) Thanks, Ludo=E2=80=99. ------------=_1716645542-31262-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 3 Dec 2023 21:54:25 +0000 Received: from localhost ([127.0.0.1]:32898 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r9uPx-0000UD-26 for submit@debbugs.gnu.org; Sun, 03 Dec 2023 16:54:25 -0500 Received: from lists.gnu.org ([2001:470:142::17]:51564) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1r9uPu-0000Ty-2g for submit@debbugs.gnu.org; Sun, 03 Dec 2023 16:54:23 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r9uPa-0002eL-Fw for guix-patches@gnu.org; Sun, 03 Dec 2023 16:54:03 -0500 Received: from confino.investici.org ([2a11:7980:1::2:0]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r9uPX-0000gP-Vg; Sun, 03 Dec 2023 16:54:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1701640431; bh=hxJtt+cPE2tO1SUtvX7itSPVYgmlqLo4wlkfIM0MtHQ=; h=Date:To:Cc:From:Subject:From; b=W/TzPOD6fk/hjcRz2IkgJcCLdgK2/imgK7da2AGg7yLzCk9fIiIWtVynqhf55cs+V w2H9RRvVRFQ6w256pV5oJyIWzxhJ05Zm0A+mlC9bG/qLat13iArtjuYz1OLXeOxXK+ TFZ/+cqzmJkkpbMq+DiPb7+amrkJ9zWGf2ZdTaGY= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4Sk0tR1csJz11Jw; Sun, 3 Dec 2023 21:53:51 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4Sk0tR0SWlz11Jt; Sun, 3 Dec 2023 21:53:50 +0000 (UTC) Message-ID: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@autistici.org> Date: Sun, 3 Dec 2023 22:53:50 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 To: guix-patches@gnu.org Content-Language: en-US From: paul Subject: Introduce unit tests for oci-container-service-type. Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a11:7980:1::2:0; envelope-from=goodoldpaul@autistici.org; helo=confino.investici.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.9 (/) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?Q?Ludovic_Court=c3=a8s?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) Hi, as discussed in issue #66160 and #67574 I'm sending a follow up with some unit tests for most of the internals of oci-container-service-type. These tests depend on the hotfix from #67574 since #66160 was merged with a blocking bug due to a last minute feature I added during the review process :( Hence if this gets merged before #67574 tests will fail . Thank you for your help  and apologies for the noise, giacomo ------------=_1716645542-31262-1--