From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id qXE5DVIjtF8pYQAA0tVLHw (envelope-from ) for ; Tue, 17 Nov 2020 19:24:02 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id MEeoCFIjtF+vIgAA1q6Kng (envelope-from ) for ; Tue, 17 Nov 2020 19:24:02 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A6BDC94006E for ; Tue, 17 Nov 2020 19:24:01 +0000 (UTC) Received: from localhost ([::1]:50412 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kf6a7-0005wt-2e for larch@yhetil.org; Tue, 17 Nov 2020 14:23:59 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35094) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kf6Zj-0005wU-Gp for guix-devel@gnu.org; Tue, 17 Nov 2020 14:23:36 -0500 Received: from dd26836.kasserver.com ([85.13.145.193]:43282) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kf6Zb-0002hV-7E; Tue, 17 Nov 2020 14:23:35 -0500 Received: from localhost (80-110-126-103.cgn.dynamic.surfer.at [80.110.126.103]) by dd26836.kasserver.com (Postfix) with ESMTPSA id B80033363BE7; Tue, 17 Nov 2020 20:23:23 +0100 (CET) Date: Tue, 17 Nov 2020 20:23:20 +0100 From: Danny Milosavljevic To: zimoun Subject: Re: Release: Docker Image? DockerHub? skopeo? Message-ID: <20201117202320.3e12fff0@scratchpost.org> In-Reply-To: <868sazoppq.fsf@gmail.com> References: <20200922115019.08d40bec@scratchpost.org> <86tuu5fklj.fsf@gmail.com> <20201104155010.0b83ab17@scratchpost.org> <86k0ums3xw.fsf@gmail.com> <20201117173103.31703c84@scratchpost.org> <868sazoppq.fsf@gmail.com> X-Mailer: Claws Mail 3.17.7 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/3hq9uuURUJCQGaPpXe5dau+"; protocol="application/pgp-signature"; micalg=pgp-sha512 Received-SPF: none client-ip=85.13.145.193; envelope-from=dannym@scratchpost.org; helo=dd26836.kasserver.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/11/17 14:23:24 X-ACL-Warn: Detected OS = Linux 3.11 and newer [fuzzy] X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Scanner: ns3122888.ip-94-23-21.eu Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Spam-Score: -0.11 X-TUID: BMX3u/C81+1e --Sig_/3hq9uuURUJCQGaPpXe5dau+ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hi zimoun, On Tue, 17 Nov 2020 18:30:57 +0100 zimoun wrote: > > Yeah, someone needs to create /tmp. That someone is not Guix (it > > would be weird). =20 >=20 > Created where? Created when creating the docker image--presumably by Docker when evaluating Composefile. AFAIK Docker images are supposed to be composed of multiple things using a Composefile.[1] So Docker has to have some mechanism to set up the shared space that all th= ose multiple things need. Ideally, we/the user should use this mechanism to add /tmp--not create it manually by some weird script in the running container. > If with the container: >=20 > --8<---------------cut here---------------start------------->8--- > docker exec guix mkdir -h > OCI runtime exec failed: exec failed: container_linux.go:349: starting co= ntainer process caused "exec: \"mkdir\": executable file not found in $PATH= ": unknown You have to use guix repl, then it will work. There's no coreutils in there, just guix. That's what /with-guix-daemon.scm in guix-on-docker does (it's already in t= he image), among other weird things. I paste it in full here: (use-modules (ice-9 match)) (if (not (file-exists? "/tmp")) (mkdir "/tmp")) (system "/root/.config/guix/current/bin/guix-daemon --build-users-group=3Dg= uixbuild --disable-chroot &") (sleep 2) (match (command-line) ((me next-executable rest ...) (match (cons next-executable rest) ;; gitlab runner invokes "sh -c" for a shell existence check. ;; Replace it by bash. (("sh" "-c" rest ...) (apply execlp "guix" '("guix" "environment" "--ad-hoc" "bash" "coreutil= s" "--" "bash"))) ((next-executable rest) (apply execlp next-executable (cons next-executable rest))))) ((me) ;; For gitlab runner, see . (apply execlp "guix" '("guix" "repl")))) (exit 1) It's used as entrypoint by me manually (because it's full of weird workarou= nds like this it's NOT the default entrypoint), overriding docker's entrypoint = by ["guix", "repl", "--", "/with-guix-daemon.scm"]. > Sorry to be so naive. No, I don't use docker that much--and when I do, it's to run simple images others have created. So I just really don't know how this is supposed to be set up. I mean there has to be a way to set this up--that is one of the first things anyone would need--shared /tmp, /etc/passwd, /etc/group, /etc/services and so on. The parts that are composed together by Docker ha= ve to negotiate a common version of those, right? > > /tmp is a common directory, so it does not belong to any of the parts t= hat > > have been composed, or maybe there should be a standard "/tmp" part? > > > > Is there such a standard "/tmp" part in Docker-land? > > > > Similarly, but worse, with /etc/passwd, /etc/group, /etc/services and s= o on. =20 >=20 > I do not know. I hope that others will chime in explaining what the standard way to do this is. The workaround above *does* work, though (and is the wrong thing to do= ). [1] https://docs.docker.com/compose/ --Sig_/3hq9uuURUJCQGaPpXe5dau+ Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl+0IygACgkQ5xo1VCww uqUGQgf/TaRW0d1qpp+BxOy/F6L8kDtwogDoUmq2OZUjbMwNtTagwSsJBqluZ4j1 7WX5+//p5SHkMcS8F+xljDpsgymel8bV+Z9AYfxTOOKCcg4qUBFCVO+bT3twxxUu 3gPAZZlTLmlgVG7z4CqZTU0qKJ04MWN7SEUj9E04n/QhrLtGnoU7fFLOSJH1gKzm UX+UfDxpD9zxFa/tM6FxiSionslUysvUPFmPJ9vM6kqJSQR0YR+TQazcAqYdbpsi Nf0SG7s6F/TrCL5Qj8HRJLOm6O0PdqNVK3MxZcI27JQPmubxFsXzNE/Fk7zndBBz E5Q6hJkALYVL8KxPH0ah+393O91f4A== =3dKR -----END PGP SIGNATURE----- --Sig_/3hq9uuURUJCQGaPpXe5dau+--