From unknown Fri Jun 13 11:45:11 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70265] Add docker cli Guix Home service and some docker authentication plugins Resent-From: paul Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 07 Apr 2024 20:56:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 70265 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 70265@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.171252330420048 (code B ref -1); Sun, 07 Apr 2024 20:56:04 +0000 Received: (at submit) by debbugs.gnu.org; 7 Apr 2024 20:55:04 +0000 Received: from localhost ([127.0.0.1]:44865 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rtZXc-0005DI-D7 for submit@debbugs.gnu.org; Sun, 07 Apr 2024 16:55:04 -0400 Received: from lists.gnu.org ([2001:470:142::17]:49786) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rtZXa-0005CO-6I for submit@debbugs.gnu.org; Sun, 07 Apr 2024 16:55:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rtZXL-0003Jo-NB for guix-patches@gnu.org; Sun, 07 Apr 2024 16:54:47 -0400 Received: from confino.investici.org ([2a11:7980:1::2:0]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rtZXJ-0008Aw-TK for guix-patches@gnu.org; Sun, 07 Apr 2024 16:54:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1712523274; bh=Qg1A6uJwi4ZPl8Py8+89kJH7+JL8Qovvz23WzA9TRCo=; h=Date:To:From:Subject:From; b=cvUagh3LuZvInVqZYItVHoxS6+vf7NLCePR1KuHnnf4gvKxW033zOwi7TMMamcr9F HKLXfFj7Vp67AXtG1UQqBpF/ACUICqIy58xipFrDduBypYZtlR5ZEosyEKcnoL6EfC ZhyO+8k6O6pTnhQ/ylXdc6eGg8sVPz7DgJU2Bwtg= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4VCPbt1JRbz11NH for ; Sun, 7 Apr 2024 20:54:34 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4VCPbt0vmbz11NC for ; Sun, 7 Apr 2024 20:54:34 +0000 (UTC) Message-ID: Date: Sun, 7 Apr 2024 22:54:33 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 Content-Language: en-US From: paul Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=2a11:7980:1::2:0; envelope-from=goodoldpaul@autistici.org; helo=confino.investici.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.9 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) Hello Guixers, I'm sending a patchset to: - add two docker cli authentication plugins for libsecret and pass respectively - a Guix Home service to make the docker cli aware of Guix provided plugins. this could be used for docker compose v2 in the future ( I actually do use it now with a binary package and it works as far as I can tell). Thank you for your work, giacomo From unknown Fri Jun 13 11:45:11 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70265] [PATCH 1/3] gnu: Add docker-credential-secretservice. References: In-Reply-To: Resent-From: Giacomo Leidi Original-Sender: "Debbugs-submit" Resent-CC: liliana.prikler@gmail.com, maxim.cournoyer@gmail.com, rg@raghavgururajan.name, vivien@planete-kraus.eu, guix-patches@gnu.org Resent-Date: Sun, 07 Apr 2024 20:59:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70265 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 70265@debbugs.gnu.org Cc: Giacomo Leidi , Liliana Marie Prikler , Maxim Cournoyer , Raghav Gururajan , Vivien Kraus X-Debbugs-Original-Xcc: Liliana Marie Prikler , Maxim Cournoyer , Raghav Gururajan , Vivien Kraus Received: via spool by 70265-submit@debbugs.gnu.org id=B70265.171252350920987 (code B ref 70265); Sun, 07 Apr 2024 20:59:02 +0000 Received: (at 70265) by debbugs.gnu.org; 7 Apr 2024 20:58:29 +0000 Received: from localhost ([127.0.0.1]:44875 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rtZat-0005S3-04 for submit@debbugs.gnu.org; Sun, 07 Apr 2024 16:58:28 -0400 Received: from confino.investici.org ([2a11:7980:1::2:0]:52577) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rtZaq-0005Ri-8A for 70265@debbugs.gnu.org; Sun, 07 Apr 2024 16:58:25 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1712523496; bh=bfhUaWCIY4fftVWcv+nM/6SxGv/p4xKcbtVWaI3LRn4=; h=From:To:Cc:Subject:Date:From; b=E+Shgg+XYW7guHXdlUh7Ywd55m9f5myWjYpSVjQpyE4waGBr4ulUJhXcP0Rvu7rM+ OuYJMO8Fv4xukIFwFdRpGVKGchowk0ugzsilTKL8CSaD3Sg4UkEa1f6Ed7NE5uoF5N vPMqX+CYw3B2SguWquh+a9brIyRjmzBTRdGl/Aa4= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4VCPh84HkDz11NH; Sun, 7 Apr 2024 20:58:16 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4VCPh81vLZz11NC; Sun, 7 Apr 2024 20:58:16 +0000 (UTC) From: Giacomo Leidi Date: Sun, 7 Apr 2024 22:57:17 +0200 Message-ID: <95e5c6e85e09ead19a43fc37612d62bc91a64048.1712523439.git.goodoldpaul@autistici.org> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/packages/docker.scm (docker-credential-helpers): New variable. * gnu/packages/gnome.scm (docker-credential-secretservice): New variable. Change-Id: I6c46d429fa2842969b0fcde58ded72e5b04ee321 --- gnu/packages/docker.scm | 70 ++++++++++++++++++++++++++++++++++++++++- gnu/packages/gnome.scm | 6 +++- 2 files changed, 74 insertions(+), 2 deletions(-) diff --git a/gnu/packages/docker.scm b/gnu/packages/docker.scm index 0fe1f2c1c7..31501e50b9 100644 --- a/gnu/packages/docker.scm +++ b/gnu/packages/docker.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2020 Jesse Dowell ;;; Copyright © 2021, 2022 Oleg Pykhalov ;;; Copyright © 2022 Pierre Langlois +;;; Copyright © 2024 Giacomo Leidi ;;; ;;; This file is part of GNU Guix. ;;; @@ -51,7 +52,8 @@ (define-module (gnu packages docker) #:use-module (gnu packages python-web) #:use-module (gnu packages python-xyz) #:use-module (gnu packages version-control) - #:use-module (gnu packages virtualization)) + #:use-module (gnu packages virtualization) + #:export (docker-credential-helpers)) ;; Note - when changing Docker versions it is important to update the versions ;; of several associated packages (docker-libnetwork and go-sctp). @@ -670,6 +672,72 @@ (define-public docker-cli (home-page "https://www.docker.com/") (license license:asl2.0))) +;; Actual users of this procedure are +;; docker-credentials-secretservice and docker-credential-pass, they live in +;; different modules to avoid circular imports. +(define* (docker-credential-helpers plugin-name #:key (inputs '())) + (package + (name (string-append "docker-credential-" plugin-name)) + (version "0.8.1") + (source + (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/docker/docker-credential-helpers") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 "1kric2yrgypdqncqfrmrh7l7904km5zisygi3fg6zlfkyh6rsm23")))) + (build-system go-build-system) + (arguments + (list + #:install-source? #f + #:go go-1.19 + #:unpack-path "github.com/docker/docker-credential-helpers" + #:import-path + (string-append "github.com/docker/docker-credential-helpers/" + plugin-name "/cmd") + #:phases + #~(modify-phases %standard-phases + (replace 'build + (lambda* (#:key unpack-path import-path build-flags #:allow-other-keys) + (apply invoke "go" "build" + "-v" + "-x" + (string-append "-ldflags=-s -w " + "-X github.com/docker/docker-credential-helpers" + "/credentials.Version=" #$version " " + "-X github.com/docker/docker-credential-helpers" + "/credentials.Package=" unpack-path " " + "-X github.com/docker/docker-credential-helpers" + "/credentials.Name=" #$name) + "-o" (string-append "bin/" #$name) + `(,@build-flags ,import-path)))) + (replace 'install + (lambda _ + (let* ((bin + (string-append #$output "/bin")) + (lib + (string-append #$output "/libexec/docker/cli-plugins")) + (entrypoint + (string-append lib "/" #$name))) + (mkdir-p bin) + (mkdir-p lib) + (copy-file (string-append "bin/" #$name) entrypoint) + (symlink entrypoint + (string-append bin "/" #$name)))))))) + (native-inputs + (list pkg-config)) + (inputs inputs) + (home-page "https://github.com/docker/docker-credential-helpers") + (synopsis "Store Docker login credentials in platform keystores") + (description + (string-append "docker-credential-helpers is a suite of programs to use native stores to keep +Docker credentials safe. + +This package provides the @code{" name "} plugin.")) + (license license:expat))) + (define-public cqfd (package (name "cqfd") diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 06256066bc..58b53aba22 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -36,7 +36,7 @@ ;;; Copyright © 2019 Danny Milosavljevic ;;; Copyright © 2019, 2020, 2022 Marius Bakke ;;; Copyright © 2019 Florian Pelz -;;; Copyright © 2019 Giacomo Leidi +;;; Copyright © 2019, 2024 Giacomo Leidi ;;; Copyright © 2019 Jelle Licht ;;; Copyright © 2019 Jonathan Frederickson ;;; Copyright © 2019, 2020, 2021, 2022, 2023 Maxim Cournoyer @@ -5229,6 +5229,10 @@ (define-public libsecret and other secrets. It communicates with the \"Secret Service\" using DBus.") (license license:lgpl2.1+))) +(define-public docker-credential-secretservice + (docker-credential-helpers "secretservice" + #:inputs (list libsecret))) + (define-public five-or-more (package (name "five-or-more") base-commit: 69951a61a1d8f1f2135ea2dc836738be282b97bc -- 2.41.0 From unknown Fri Jun 13 11:45:11 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70265] [PATCH 2/3] gnu: Add docker-credential-pass. Resent-From: Giacomo Leidi Original-Sender: "Debbugs-submit" Resent-CC: liliana.prikler@gmail.com, maxim.cournoyer@gmail.com, rg@raghavgururajan.name, vivien@planete-kraus.eu, guix-patches@gnu.org Resent-Date: Sun, 07 Apr 2024 20:59:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70265 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 70265@debbugs.gnu.org Cc: Giacomo Leidi , Liliana Marie Prikler , Maxim Cournoyer , Raghav Gururajan , Vivien Kraus X-Debbugs-Original-Xcc: Liliana Marie Prikler , Maxim Cournoyer , Raghav Gururajan , Vivien Kraus Received: via spool by 70265-submit@debbugs.gnu.org id=B70265.171252351021007 (code B ref 70265); Sun, 07 Apr 2024 20:59:02 +0000 Received: (at 70265) by debbugs.gnu.org; 7 Apr 2024 20:58:30 +0000 Received: from localhost ([127.0.0.1]:44877 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rtZau-0005SS-TS for submit@debbugs.gnu.org; Sun, 07 Apr 2024 16:58:30 -0400 Received: from confino.investici.org ([2a11:7980:1::2:0]:44161) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rtZaq-0005Rj-Uc for 70265@debbugs.gnu.org; Sun, 07 Apr 2024 16:58:25 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1712523497; bh=hA3YI6IZU96A3wXRpgkQHLw9rJmfzPtWjrBdBLSQlr8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=VNEs75sWGfzvmUISw7GLt7MlGH3Jry6KA4et55NMeGLFbg68wleZRSgH36L1JkQS7 YXgj8LzKm7RQhHWGR68c+pghyELmh+RlVgu+zqMungjJtpWuFIht9UBCQ2hi0MwFqm s6aRU/yeKzepk7FaATk+EEBeY98ZWWA+Y6PxH+B4= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4VCPh92NJwz11Pg; Sun, 7 Apr 2024 20:58:17 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4VCPh86NwSz11NC; Sun, 7 Apr 2024 20:58:16 +0000 (UTC) From: Giacomo Leidi Date: Sun, 7 Apr 2024 22:57:18 +0200 Message-ID: <70e8777b04110b3b20c489d91da72ec629ef6617.1712523439.git.goodoldpaul@autistici.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <95e5c6e85e09ead19a43fc37612d62bc91a64048.1712523439.git.goodoldpaul@autistici.org> References: <95e5c6e85e09ead19a43fc37612d62bc91a64048.1712523439.git.goodoldpaul@autistici.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/packages/gnome.scm (docker-credential-pass): New variable. Change-Id: I442ff509aaed8cc3809de27714710abd24f7e8e0 --- gnu/packages/gnome.scm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm index 58b53aba22..6f5f28e008 100644 --- a/gnu/packages/gnome.scm +++ b/gnu/packages/gnome.scm @@ -5229,6 +5229,10 @@ (define-public libsecret and other secrets. It communicates with the \"Secret Service\" using DBus.") (license license:lgpl2.1+))) +(define-public docker-credential-pass + (docker-credential-helpers "pass" + #:inputs (list password-store))) + (define-public docker-credential-secretservice (docker-credential-helpers "secretservice" #:inputs (list libsecret))) -- 2.41.0 From unknown Fri Jun 13 11:45:11 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70265] [PATCH 3/3] gnu: Add home-docker-cli-service-type. Resent-From: Giacomo Leidi Original-Sender: "Debbugs-submit" Resent-CC: , guix-patches@gnu.org Resent-Date: Sun, 07 Apr 2024 20:59:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70265 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 70265@debbugs.gnu.org Cc: Giacomo Leidi , ( , Andrew Tropin , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Tanguy Le Carrour X-Debbugs-Original-Xcc: ( , Andrew Tropin , Ludovic =?UTF-8?Q?Court=C3=A8s?= , Tanguy Le Carrour Received: via spool by 70265-submit@debbugs.gnu.org id=B70265.171252351821071 (code B ref 70265); Sun, 07 Apr 2024 20:59:03 +0000 Received: (at 70265) by debbugs.gnu.org; 7 Apr 2024 20:58:38 +0000 Received: from localhost ([127.0.0.1]:44879 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rtZb0-0005T7-8a for submit@debbugs.gnu.org; Sun, 07 Apr 2024 16:58:37 -0400 Received: from confino.investici.org ([2a11:7980:1::2:0]:45423) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rtZar-0005Rl-Dv for 70265@debbugs.gnu.org; Sun, 07 Apr 2024 16:58:26 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1712523497; bh=0tPiOteJ1jJCw3ZhCP9T3sjkiNYfOfI5TBGeyhXf+bk=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=o3P8ctTdGzRf3g1ry7LChglReB36jQKj54Fh7bqXIEJwFVUQO0mi7fStQZT7MBIEc XQJSd4z1QdiNY+w292lGzhAgcZ58ZnVw1sQgdzjd8P45qTUvlDR4RzEU7mEcowRBwo ET+3faC3Z59eBepQDmENe3oJEgt430mH5iLoDxWU= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4VCPh95xprz11Pm; Sun, 7 Apr 2024 20:58:17 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4VCPh94Tgsz11NC; Sun, 7 Apr 2024 20:58:17 +0000 (UTC) From: Giacomo Leidi Date: Sun, 7 Apr 2024 22:57:19 +0200 Message-ID: <814c5c6c8ba59b4069966f46c995e7a8fd0d9b88.1712523439.git.goodoldpaul@autistici.org> X-Mailer: git-send-email 2.41.0 In-Reply-To: <95e5c6e85e09ead19a43fc37612d62bc91a64048.1712523439.git.goodoldpaul@autistici.org> References: <95e5c6e85e09ead19a43fc37612d62bc91a64048.1712523439.git.goodoldpaul@autistici.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) * gnu/home/services/containers.scm (home-docker-cli-service-type): New variable; * doc/guix.texi: document it; * gnu/local.mk: add it. Change-Id: I71e7a2805fe8754511c8e02ee4ae667e34e4aaf6 --- doc/guix.texi | 53 +++++++++++ gnu/home/services/containers.scm | 148 +++++++++++++++++++++++++++++++ gnu/local.mk | 1 + 3 files changed, 202 insertions(+) create mode 100644 gnu/home/services/containers.scm diff --git a/doc/guix.texi b/doc/guix.texi index 20f007b1c0..61cc904f9d 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -46500,6 +46500,59 @@ Miscellaneous Home Services (dicod-configuration @dots{}))) @end lisp +@subsubheading Container Services + +@cindex docker cli service, for Home +The @code{(gnu home services containers)} module provides the following service: + +@defvar home-docker-cli-service-type +This service allows for configuring the Docker command line interface, for +example to make it aware of Guix provided plugins. +@end defvar + +For example, you can use it like this to make Docker safely store your registry +credentials with the system +@uref{https://wiki.gnome.org/Projects/Libsecret, libsecret} compatible Secret service: + +@lisp +(use-modules (gnu packages docker)) + +(service home-docker-cli-service-type + (docker-cli-configuration + (creds-store "secretservice") + (cli-plugins + (list docker-credential-secretservice)) + (extra-content ", \"auths\": @{\"https://index.docker.io/v1/\": @{@}@}"))) +@end lisp + + +@c %start of fragment + +@deftp {Data Type} docker-cli-configuration +Available @code{docker-cli-configuration} fields are: + +@table @asis +@item @code{docker-cli} (default: @code{docker-cli}) (type: package) +The Docker cli package installed to the Home profile. + +@item @code{creds-store} (type: maybe-string) +A native secrets store used to store Docker credentials. + +@item @code{cli-plugins} (default: @code{()}) (type: list-of-docker-cli-plugins) +A list of Docker cli plugin package records that will be configured to +work with Docker's cli. + +@item @code{extra-content} (default: @code{""}) (type: string) +Additional literal content that will be appended to Docker cli +config.json. + +@end table + +@end deftp + + +@c %end of fragment + @node Invoking guix home @section Invoking @command{guix home} diff --git a/gnu/home/services/containers.scm b/gnu/home/services/containers.scm new file mode 100644 index 0000000000..89d6ad5f39 --- /dev/null +++ b/gnu/home/services/containers.scm @@ -0,0 +1,148 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2024 Giacomo Leidi +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify +;;; it under the terms of the GNU General Public License as published by +;;; the Free Software Foundation, either version 3 of the License, or +;;; (at your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see . + +(define-module (gnu home services containers) + #:use-module (guix gexp) + #:use-module (guix packages) + #:use-module (gnu packages docker) + #:use-module (gnu services configuration) + #:use-module (gnu home services) + #:use-module (ice-9 match) + #:use-module (ice-9 string-fun) + #:export (docker-cli-configuration + docker-cli-configuration? + docker-cli-configuration-fields + docker-cli-configuration-docker-cli + docker-cli-configuration-creds-store + docker-cli-configuration-cli-plugins + + home-docker-cli-service-type + home-docker-cli-configuration-file + docker-cli-configuration->json-fields)) + +;; Turn field names, which are Scheme symbols into strings +;; cli-plugins-extra-dirs -> cliPluginsExtraDirs +(define (format-name name) + (define without-dashes (string-replace-substring (symbol->string name) "-" " ")) + (define splitted (string-split without-dashes #\space)) + (string-replace-substring + (apply string-append + `(,(car splitted) + ,@(map string-capitalize (cdr splitted)))) + " " "")) + +(define (serialize-json-value name value) + #~(begin + (use-modules (ice-9 format)) + (format #f "\"~a\": ~a" #$(format-name name) #$value))) + +(define (serialize-json-list values) + #~(string-append "[" + (string-join + (map (lambda (s) (string-append "\"" s "\"")) + (list #$@values)) + ", ") + "]")) + +(define (serialize-string field-name value) + (serialize-json-value field-name (string-append "\"" value "\""))) + +(define (serialize-maybe-string field-name value) + (if (maybe-value-set? value) + (serialize-string field-name value) + '())) + +(define (serialize-list-of-strings field-name value) + (serialize-json-value field-name (serialize-json-list value))) + +(define (serialize-list-of-docker-cli-plugins value) + (serialize-json-value 'cli-plugins-extra-dirs + (serialize-json-list + (map (lambda (p) + (file-append p "/libexec/docker/cli-plugins")) + value)))) + +(define list-of-strings? + (list-of string?)) + +(define list-of-docker-cli-plugins? + (list-of package?)) + +(define-maybe string) + +(define-configuration/no-serialization docker-cli-configuration + (docker-cli + (package docker-cli) + "The Docker cli package installed to the Home profile.") + (creds-store + (maybe-string) + "A native secrets store used to store Docker credentials.") + (cli-plugins + (list-of-docker-cli-plugins '()) + "A list of Docker cli plugin package records that will be configured to work with Docker's cli.") + (extra-content + (string "") + "Additional literal content that will be appended to Docker cli config.json.")) + +(define docker-cli-configuration->json-fields + (lambda (config) + (filter (compose not (lambda (f) (or (null? f) (and (string? f) (string-null? f))))) + (map (lambda (f) + (let ((field-name (configuration-field-name f)) + (type (configuration-field-type f)) + (value ((configuration-field-getter f) config))) + (if (not (member field-name '(docker-cli extra-content))) + (match type + ('string + (serialize-string field-name value)) + ('maybe-string + (serialize-maybe-string field-name value)) + ('list-of-strings + (serialize-list-of-strings field-name value)) + ('list-of-docker-cli-plugins + (serialize-list-of-docker-cli-plugins value)) + (_ + (raise + (formatted-message + (G_ "Unknown docker-cli-configuration field type: ~a") + type)))) + '()))) + docker-cli-configuration-fields)))) + +(define (home-docker-cli-configuration-file config) + `((".docker/config.json" + ,(computed-file "docker-cli-config.json" + #~(with-output-to-file #$output + (lambda _ + (display + (string-append "{" + (string-join (list #$@(docker-cli-configuration->json-fields config)) ",") + #$(docker-cli-configuration-extra-content config) + "}\n")))))))) + +(define home-docker-cli-service-type + (service-type (name 'docker-cli) + (extensions (list (service-extension home-profile-service-type + (lambda (config) + `(,(docker-cli-configuration-docker-cli config) + ,@(docker-cli-configuration-cli-plugins config)))) + (service-extension home-files-service-type + home-docker-cli-configuration-file))) + (default-value (docker-cli-configuration)) + (description + "This service install and configures Docker's command line interface."))) diff --git a/gnu/local.mk b/gnu/local.mk index 7f1006010b..4960f32a1a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -95,6 +95,7 @@ GNU_SYSTEM_MODULES = \ %D%/compression.scm \ %D%/home.scm \ %D%/home/services.scm \ + %D%/home/services/containers.scm \ %D%/home/services/desktop.scm \ %D%/home/services/dict.scm \ %D%/home/services/dotfiles.scm \ -- 2.41.0 From unknown Fri Jun 13 11:45:11 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70265] Add docker cli Guix Home service and some docker authentication plugins Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 04 May 2024 16:38:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70265 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Giacomo Leidi Cc: 70265@debbugs.gnu.org, Andrew Tropin , Tanguy Le Carrour , paren@disroot.org Received: via spool by 70265-submit@debbugs.gnu.org id=B70265.171484063610812 (code B ref 70265); Sat, 04 May 2024 16:38:01 +0000 Received: (at 70265) by debbugs.gnu.org; 4 May 2024 16:37:16 +0000 Received: from localhost ([127.0.0.1]:54571 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s3INv-0002oK-Aj for submit@debbugs.gnu.org; Sat, 04 May 2024 12:37:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50840) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s3INs-0002oC-RO for 70265@debbugs.gnu.org; Sat, 04 May 2024 12:37:14 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s3INP-0007ZG-2p; Sat, 04 May 2024 12:36:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=4pfOoduC+V3A3ZIb13MFIrFmh6EujsURluV+ZQY3ZKc=; b=Z/GOpXhP9B+AbitsPwvS VBD1vvcAhnY3yHYiPavo3MVCAeXB0I+B+717HxcYIFRkA/aA+/gzQKg34GHcFTOcnkaQbgPWt0eJK SXY6fUOvcNNwhFnAbjgmfShQd71JM/aIks72TmAwQOjV8WTBBgnNPwxfr5jjgrU13i4M0aR4LNpaj TNZVc+hRk0Q8UQHKAaFfF5P6E/P1yobEKA98BPi6hDE+DwUdlqSH8M2xcOtjvueZq7Vm8wmIyY6mm t+B5vDVUtW58pHsCra5QSxqJb1oaOqySl4nDEfe4dvbwXSm7oG1IHNsaZ+r+98qiTEJLXgLXYBTiw 3lCnIVIZPBfN4g==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= In-Reply-To: <814c5c6c8ba59b4069966f46c995e7a8fd0d9b88.1712523439.git.goodoldpaul@autistici.org> (Giacomo Leidi's message of "Sun, 7 Apr 2024 22:57:19 +0200") References: <95e5c6e85e09ead19a43fc37612d62bc91a64048.1712523439.git.goodoldpaul@autistici.org> <814c5c6c8ba59b4069966f46c995e7a8fd0d9b88.1712523439.git.goodoldpaul@autistici.org> Date: Sat, 04 May 2024 18:36:14 +0200 Message-ID: <87a5l5ttz5.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Giacomo Leidi skribis: > * gnu/home/services/containers.scm (home-docker-cli-service-type): New > variable; > * doc/guix.texi: document it; > * gnu/local.mk: add it. Nice. For the documentation part, the convention is something like: * doc/guix.texi (Miscellaneous Services)[Container Services]: New heading. > +@cindex docker cli service, for Home s/docker cli/Docker command-line interface/ > +The @code{(gnu home services containers)} module provides the following = service: > + > +@defvar home-docker-cli-service-type > +This service allows for configuring the Docker command line interface, f= or > +example to make it aware of Guix provided plugins. > +@end defvar > + > +For example, you can use it like this to make Docker safely store your r= egistry > +credentials with the system > +@uref{https://wiki.gnome.org/Projects/Libsecret, libsecret} compatible S= ecret service: Rather: @uref{https://wiki.gnome.org/Projects/Libsecret, libsecret-compatible} secret service: (So that the parenthesized URL appears in the right place in Info and PDF.) > +@lisp > +(use-modules (gnu packages docker)) > + > +(service home-docker-cli-service-type > + (docker-cli-configuration > + (creds-store "secretservice") > + (cli-plugins > + (list docker-credential-secretservice)) > + (extra-content ", \"auths\": @{\"https://index.docker.io/v1/\= ": @{@}@}"))) Sounds scary: how can I know as a user where that comma is going to be stuck in the resulting file? Providing partial JSON strings should rather be avoided IMO. Also, if that part is necessary, it should be explained. > +(define (format-name name) > + (define without-dashes (string-replace-substring (symbol->string name)= "-" " ")) > + (define splitted (string-split without-dashes #\space)) > + (string-replace-substring > + (apply string-append > + `(,(car splitted) > + ,@(map string-capitalize (cdr splitted)))) > + " " "")) Rather: (match split ;past participate of =E2=80=9Cto split=E2=80=9D ((head . rest) (string-concatenate (cons head (map string-capitalize rest))))) See for the rationale. > +(define docker-cli-configuration->json-fields > + (lambda (config) > + (filter (compose not (lambda (f) (or (null? f) (and (string? f) (str= ing-null? f))))) > + (map (lambda (f) To improve readability, I=E2=80=99d make it: (filter-map (lambda (f) (match f (() #f) ("" #f) (_ =E2=80=A6))) docker-cli-configuration-fields) > +(define (home-docker-cli-configuration-file config) > + `((".docker/config.json" > + ,(computed-file "docker-cli-config.json" > + #~(with-output-to-file #$output > + (lambda _ > + (display > + (string-append "{" > + (string-join (list #$@(docker-cli-configura= tion->json-fields config)) ",") > + #$(docker-cli-configuration-extra-content c= onfig) I think the comma should be automatically added when =E2=80=98extra-content= =E2=80=99 is non-empty. A more general question: do you think this particular example (libsecret plugin) could be solved in another way without involving Home? (For example by having a plugin search path in the package.) Do you have other use cases in mind? The reason I=E2=80=99m asking is that it feels heavyweight for what looks l= ike =E2=80=9Cbasic=E2=80=9D Docker configuration. But maybe Docker is like thi= s and a Home service is what it takes to make it more easily configurable (I=E2=80=99m n= ot really familiar with Docker), in which case I=E2=80=99m all for this patch series! Thanks, Ludo=E2=80=99. From unknown Fri Jun 13 11:45:11 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#70265] Add docker cli Guix Home service and some docker authentication plugins Resent-From: paul Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 15 May 2024 22:50:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 70265 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 70265@debbugs.gnu.org, Andrew Tropin , Tanguy Le Carrour , paren@disroot.org Received: via spool by 70265-submit@debbugs.gnu.org id=B70265.17158133841724 (code B ref 70265); Wed, 15 May 2024 22:50:01 +0000 Received: (at 70265) by debbugs.gnu.org; 15 May 2024 22:49:44 +0000 Received: from localhost ([127.0.0.1]:44897 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s7NRP-0000Rk-VS for submit@debbugs.gnu.org; Wed, 15 May 2024 18:49:44 -0400 Received: from confino.investici.org ([93.190.126.19]:37145) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s7NRN-0000Re-Lf for 70265@debbugs.gnu.org; Wed, 15 May 2024 18:49:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1715813378; bh=SUWL+yMYVJnQpgMkWaH8PsFKH1ND7fJLoxpJTm4O9J8=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=NOPFSCFK47rXI8WhUZ+2qThiT2XhvPhhwvFYQNMqJS9fUABnUjJoC3h3wDgAjBg4T WgfSFWVtDUITxNl5rTRyr9PEVKmwA3UGeeIFikIWt6L7f13pa4+KGnj6spf21SisFX BUWV76ZQpV1Qsot/kIRWP7aAPSdSfT6nUzKFUYus= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4VfpM60dynz117q; Wed, 15 May 2024 22:49:38 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4VfpM56v5Yz117l; Wed, 15 May 2024 22:49:37 +0000 (UTC) Message-ID: Date: Thu, 16 May 2024 00:49:37 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 References: <95e5c6e85e09ead19a43fc37612d62bc91a64048.1712523439.git.goodoldpaul@autistici.org> <814c5c6c8ba59b4069966f46c995e7a8fd0d9b88.1712523439.git.goodoldpaul@autistici.org> <87a5l5ttz5.fsf_-_@gnu.org> Content-Language: en-US From: paul In-Reply-To: <87a5l5ttz5.fsf_-_@gnu.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Score: -4.1 (----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.1 (-----) Hello Ludo’ , I think you are raising a fair point. I was also not sure about whether to upstream this service, even if I have been using it for some months. On 5/4/24 18:36, Ludovic Courtès wrote: > A more general question: do you think this particular example (libsecret > plugin) could be solved in another way without involving Home? (For > example by having a plugin search path in the package.) > > Do you have other use cases in mind? My main use case for this is currently is docker compose v2. I packaged the binary from github in my personal channel [0] and with this service [1]in my home-environment I'm able to use docker compose (without dash) commands. > The reason I’m asking is that it feels heavyweight for what looks like > “basic” Docker configuration. It definitely is and whether to accept this patch imho depends on the ETA for the optimal solution. Assuming someone packages docker compose v2 and its dependencies, then as far as I'm aware there are are 3 ways to make docker-cli aware of plugins on Guix: 1. this service, i.e. listing plugins in docker's configuration file. the advantage of this solution is that it doesn't require changing the docker-cli package. the disadvantage is that docker for some reason always tries to write the following to the config file, even if it is not needed : "auths": { "https://index.docker.io/v1/": {} } this is why i added it in the documentation, but as you pointed out it is useless. 2. We make a docker-cli-with-bundled-plugins function or similar that takes a list of plugin packages and hardcodes their paths into docker's source code before compilation. This is the approach I took here [2]. This currently requires recompilation every time since docker compose v2 is not in guix. 3. We patch docker [3] to make it aware of plugins with a search path like DOCKER_CLI_PLUGINS . But I don't think this patch should live in Guix. It should go into docker mainline to make sure that it is supported also in future releases. I never tried contributing to docker, this does not seem a complex change but I wonder why it was never done until now. Given all of the above the shortest way to achieve my goal of using docker compose v2 seemed #1 but I can see how for the Guix project the best would be #3. What do you think (and everyone CCed as well)? Could this service be a temporary workaround (after addressing your comments), while I try to see whether docker mainline could be interested in a patch? I will address your comments after we reach consensus on how to proceed, so that I don't make everyone lose more time than I already have. Thank you all for your work, giacomo [0]: https://gitlab.com/orang3/small-guix/-/blob/master/small-guix/packages/compose.scm [1]: https://gitlab.com/orang3/guix-deployments/-/blob/main/modules/common/home/fishinthecalculator/home-configuration.scm?ref_type=heads#L71 [2]: https://github.com/bonfire-networks/bonfire-app/blob/main/manifest.scm#L57 [3]: https://github.com/docker/cli/blob/master/cli-plugins/manager/manager_unix.go