From: ludo@gnu.org (Ludovic Courtès)
To: Mike Gerwitz <mtg@gnu.org>
Cc: help-guix@gnu.org
Subject: Re: Running IceCat in a container
Date: Thu, 25 Jan 2018 23:16:47 +0100 [thread overview]
Message-ID: <87zi51r3cg.fsf@gnu.org> (raw)
In-Reply-To: <87efmeuhvb.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Thu, 25 Jan 2018 15:34:48 +0100")
[-- Attachment #1: Type: text/plain, Size: 882 bytes --]
ludo@gnu.org (Ludovic Courtès) skribis:
> Mike Gerwitz <mtg@gnu.org> skribis:
>
>> On Tue, Jan 16, 2018 at 17:30:42 +0100, Ludovic Courtès wrote:
>
> [...]
>
>>> But really, we should make a specific tool for this.
>>>
>>> Thoughts?
>>
>> Yes, though I'd be curious how you'd approach it---each package requires
>> certain paths be shared, and those paths would further depend on user
>> privacy preferences, so need to be able to be overridden.
>
> For a start, we could simply share everything that’s in:
>
> guix gc -R $(guix build the-package)
>
> plus /tmp/.X11-unix, maybe $PWD, and a few more.
If you drop the attached file under guix/scripts/, you can then run:
guix run icecat icecat
and similar. This particular example doesn’t work well because of the
font issue you’re familiar with, but you get the idea. :-)
Ludo’.
[-- Attachment #2: The 'guix run' command. --]
[-- Type: text/x-scheme, Size: 4288 bytes --]
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2018 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (guix scripts run)
#:use-module (guix ui)
#:use-module (guix scripts)
#:use-module (guix store)
#:use-module (guix packages)
#:use-module (guix derivations)
#:use-module ((guix build utils) #:select (which mkdir-p))
#:use-module (gnu build linux-container)
#:use-module (gnu system file-systems)
#:use-module (gnu packages)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-11)
#:use-module (srfi srfi-37)
#:use-module (ice-9 match)
#:export (guix-run))
(define %options
(list (option '(#\h "help") #f #f
(lambda args
(show-help)
(exit 0)))
(option '(#\V "version") #f #f
(lambda args
(show-version-and-exit "guix run")))))
(define (show-help)
(display (G_ "Usage: guix run PACKAGE COMMAND...
Run COMMAND from PACKAGE in a container.\n"))
(newline)
(display (G_ "
-h, --help display this help and exit"))
(display (G_ "
-V, --version display version information and exit"))
(newline)
(show-bug-report-information))
\f
(define (bind-mount-spec/ro item)
(and (file-exists? item)
(file-system
(device item)
(mount-point item)
(title 'device)
(type "none")
(flags '(bind-mount read-only))
(check? #f))))
(define (bind-mount-spec/rw item)
(and (file-exists? item)
(file-system
(inherit (bind-mount-spec/ro item))
(flags '(bind-mount)))))
(define %writable-things
(list "/var/run/nscd/socket"
(string-append (getenv "HOME") "/.Xauthority")
"/tmp/.X11-unix"
"/etc/machine-id"))
(define (guix-run . args)
(with-error-handling
(match (reverse (parse-command-line args %options '(())
#:argument-handler cons))
((spec command args ...)
(with-store store
(let-values (((package output)
(specification->package+output spec)))
(let* ((drv (package-derivation store package))
(prefix (derivation->output-path drv output)))
(show-what-to-build store (list drv))
(build-derivations store (list drv))
(let* ((items (requisites store (list prefix)))
(env (environ))
(full (search-path (list (string-append prefix "/bin")
(string-append prefix "/sbin"))
command)))
(unless full
(leave (G_ "command '~a' not found in package '~a'~%")
command (package-name package)))
(call-with-container
(append (filter-map bind-mount-spec/ro items)
(filter-map bind-mount-spec/rw %writable-things))
(lambda ()
(environ env) ;TODO: filter ENV
(mkdir-p (getenv "HOME"))
(newline)
(catch #t
(lambda ()
(apply execl full command args))
(lambda (key . args)
(print-exception (current-error-port) #f key args)
(exit 1))))
#:namespaces (delq 'net %namespaces))))))))))
next prev parent reply other threads:[~2018-01-25 22:16 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-16 1:56 Running IceCat in a container Mike Gerwitz
2018-01-16 16:30 ` Ludovic Courtès
2018-01-17 2:25 ` Mike Gerwitz
2018-01-17 19:05 ` Mike Gerwitz
2018-01-17 23:20 ` Leo Famulari
2018-01-18 1:53 ` Mike Gerwitz
2018-01-25 14:34 ` Ludovic Courtès
2018-01-25 22:16 ` Ludovic Courtès [this message]
2018-01-26 3:52 ` Mike Gerwitz
2018-01-29 16:47 ` Ludovic Courtès
2018-01-30 2:19 ` Ricardo Wurmus
2018-01-30 17:21 ` Running code from packs in containers Ludovic Courtès
2018-03-19 17:42 ` Running IceCat in a container ng0
2018-01-29 16:48 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87zi51r3cg.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=help-guix@gnu.org \
--cc=mtg@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).