GNU bug report logs - #70314
[PATCH] guix: scripts: environment: add tls certs to networked containers

Previous Next

Package: guix-patches;

Reported by: Richard Sent <richard <at> freakingpenguin.com>

Date: Tue, 9 Apr 2024 19:15:01 UTC

Severity: normal

Tags: patch

Merged with 75917

Full log

View this message in rfc822 format

From: Richard Sent <richard <at> freakingpenguin.com>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: Josselin Poiret <dev <at> jpoiret.xyz>, Simon Tournier <zimon.toutoune <at> gmail.com>, Mathieu Othacehe <othacehe <at> gnu.org>, Tobias Geerinckx-Rice <me <at> tobias.gr>, Ricardo Wurmus <rekado <at> elephly.net>, Christopher Baines <guix <at> cbaines.net>, 70314 <at> debbugs.gnu.org
Subject: [bug#70314] [PATCH] guix: scripts: environment: add tls certs to networked containers
Date: Mon, 16 Sep 2024 11:22:03 -0400

Ludovic Courtès <ludo <at> gnu.org> writes:

> Can we delay changes to the manifest until after all options have been
> parsed, so we know whether ‘-C’ has been passed?
> 
> That way ‘guix shell -N --no-tls’ does not add ‘nss-certs’ to the
> environments.

Is `$ guix shell -N -- true` valid? I know it works at present, but my
understanding is sharing the network only works with containers. From
the manual:

> ‘--network’
> ‘-N’
>      For containers, share the network namespace with the host system.
>      Containers created without this flag only have access to the
>      loopback device.

Perhaps instead we should error when -N is passed without -C, ala

--8<---------------cut here---------------start------------->8---
modified   guix/scripts/environment.scm
@@ -1153,7 +1153,9 @@ (define (guix-environment* opts)
       (when nesting?
         (leave (G_ "'--nesting' cannot be used without '--container'~%")))
       (when (pair? symlinks)
-        (leave (G_ "'--symlink' cannot be used without '--container'~%"))))
+        (leave (G_ "'--symlink' cannot be used without '--container'~%")))
+      (when network?
+        (leave (G_ "'--network cannot be used without '--container'~%"))))
 
     (when (and (not network?)
                no-tls?)
--8<---------------cut here---------------end--------------->8---

-- 
Take it easy,
Richard Sent
Making my computer weirder one commit at a time.
This bug report was last modified 80 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.