From mboxrd@z Thu Jan 1 00:00:00 1970 From: Maxim Cournoyer Subject: bug#37162: =?UTF-8?Q?=E2=80=98guix?= pack -f =?UTF-8?Q?docker=E2=80=99?= creates an image without /etc/passwd Date: Mon, 26 Aug 2019 06:32:41 +0900 Message-ID: <87a7bxexs6.fsf@gmail.com> References: <87r25c3p0e.fsf@inria.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:34290) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i1rid-000303-Rg for bug-guix@gnu.org; Sun, 25 Aug 2019 08:34:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i1ric-0007Ak-Nv for bug-guix@gnu.org; Sun, 25 Aug 2019 08:34:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:34901) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1i1ric-0007Ae-Ki for bug-guix@gnu.org; Sun, 25 Aug 2019 08:34:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1i1ric-0005jV-IV for bug-guix@gnu.org; Sun, 25 Aug 2019 08:34:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([2001:470:142:3::10]:34265) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i1riR-0002zy-Nm for bug-Guix@gnu.org; Sun, 25 Aug 2019 08:33:52 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i1riQ-00073Z-IT for bug-Guix@gnu.org; Sun, 25 Aug 2019 08:33:51 -0400 Received: from mail-pl1-x635.google.com ([2607:f8b0:4864:20::635]:37290) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1i1riQ-00072l-Ak for bug-Guix@gnu.org; Sun, 25 Aug 2019 08:33:50 -0400 Received: by mail-pl1-x635.google.com with SMTP id bj8so8432031plb.4 for ; Sun, 25 Aug 2019 05:33:50 -0700 (PDT) In-Reply-To: <87r25c3p0e.fsf@inria.fr> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22\?\= \=\?utf-8\?Q\?'s\?\= message of "Fri, 23 Aug 2019 17:00:49 +0200") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: bug-Guix@gnu.org Hi Ludovic, Ludovic Court=C3=A8s writes: > =E2=80=98guix pack -f docker=E2=80=99 currently creates an image without > /etc/{passwd,group,shadow}. > > It=E2=80=99s OK most of the time, but again it looks like a gratuitous an= noyance > for those cases where having them around matters (that=E2=80=99s also the= reason > why guix-daemon creates them.) Would that include the files required for PAM authentication to work correctly? I remember struggling with this use case: using the Docker image with CQFD wrapper, which must be able to create a user and sudo'ing (or 'su') to it in the docker container. I had started populating base files such as shadow, passwd, etc. but when confronted with the PAM configuration (which sudo was complaining about), it appeared intimidating. I then decided to modify my operating system declaration so that it'd contain the required Shepherd services that populate /etc, and devise a hack to call '/var/guix/profiles/system/boot' when the container would start. The minimal system configuration (+ python stuff, which was the requirement) I came up with was: --8<---------------cut here---------------end--------------->8--- ;; This is an operating system configuration template for a bare-bone, ;; containerization-friendly setup, with no X11 display server and ;; no Guix daemon / client. (use-modules (gnu) (gnu packages bash) (gnu packages python) (gnu packages python-xyz) (gnu packages xml) (guix packages)) (operating-system (host-name "robot-framework") (timezone "America/Montreal") ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the ;; target hard disk, and "my-root" is the label of the target ;; root file system. (bootloader (bootloader-configuration (bootloader grub-bootloader) (target "/dev/sda"))) (file-systems (cons (file-system (device (file-system-label "my-root")) (mount-point "/") (type "ext4")) %base-file-systems)) (users (cons (user-account (name "builder") (group "users") (supplementary-groups '("wheel")) (home-directory "/home/builder")) %base-user-accounts)) ;; Globally-installed packages. (packages (cons* python-wrapper (list python "tk") python-robotframework python-robotframework-sshlibrary python-robotframework-lint python-xmltodict %base-packages)) (services (list ;; Enable #!/bin/sh and #!/bin/bash shebangs. (service special-files-service-type `(("/bin/bash" ,(file-append (canonical-package bash) "/bin/bash")))) (service special-files-service-type `(("/bin/sh" ,(file-append (canonical-package bash) "/bin/sh")))) ;; The following is a very small subset extracted of ;; %base-services. (service login-service-type) (service udev-service-type (udev-configuration)) (syslog-service))) ;; When using sudo, by default some environment variables such as ;; PYTHONPATH are dropped. Make it so that any environment ;; variables are honored. This is important so that the Guix system ;; profile can work correctly for any user. (sudoers-file (plain-file "sudoers" "\ root ALL=3D(ALL) ALL %wheel ALL=3D(ALL) ALL Defaults !env_reset,!env_delete\n"))) --8<---------------cut here---------------end--------------->8--- Maxim