From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id mNpKC8hNtl9KAgAA0tVLHw (envelope-from ) for ; Thu, 19 Nov 2020 10:49:44 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id YFBDB8hNtl+qcgAAbx9fmQ (envelope-from ) for ; Thu, 19 Nov 2020 10:49:44 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 6E2E69402B0 for ; Thu, 19 Nov 2020 10:49:43 +0000 (UTC) Received: from localhost ([::1]:43250 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kfhVW-0000Si-7q for larch@yhetil.org; Thu, 19 Nov 2020 05:49:42 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:55190) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kfhVF-0000R1-IK for guix-devel@gnu.org; Thu, 19 Nov 2020 05:49:25 -0500 Received: from dd26836.kasserver.com ([85.13.145.193]:34392) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kfhVD-00046b-0w; Thu, 19 Nov 2020 05:49:25 -0500 Received: from localhost (80-110-126-103.cgn.dynamic.surfer.at [80.110.126.103]) by dd26836.kasserver.com (Postfix) with ESMTPSA id 738813362EBD; Thu, 19 Nov 2020 11:49:19 +0100 (CET) Date: Thu, 19 Nov 2020 11:49:11 +0100 From: Danny Milosavljevic To: zimoun Subject: Re: Release: Docker Image? DockerHub? skopeo? Message-ID: <20201119114829.5f77f516@scratchpost.org> In-Reply-To: <86zh3d1z3n.fsf@gmail.com> References: <20200922115019.08d40bec@scratchpost.org> <86tuu5fklj.fsf@gmail.com> <20201104155010.0b83ab17@scratchpost.org> <86k0ums3xw.fsf@gmail.com> <20201117173103.31703c84@scratchpost.org> <868sazoppq.fsf@gmail.com> <20201117202320.3e12fff0@scratchpost.org> <86zh3d1z3n.fsf@gmail.com> X-Mailer: Claws Mail 3.17.7 (GTK+ 2.24.32; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/D2nZ6wFVr7_X8FyPnhrKGy="; protocol="application/pgp-signature"; micalg=pgp-sha512 Received-SPF: none client-ip=85.13.145.193; envelope-from=dannym@scratchpost.org; helo=dd26836.kasserver.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/11/19 05:49:20 X-ACL-Warn: Detected OS = Linux 3.11 and newer [fuzzy] X-Spam_score_int: -25 X-Spam_score: -2.6 X-Spam_bar: -- X-Spam_report: (-2.6 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org, Ryan Prior Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Scanner: ns3122888.ip-94-23-21.eu Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Spam-Score: -0.11 X-TUID: 43LValLj/8l7 --Sig_/D2nZ6wFVr7_X8FyPnhrKGy= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi zimoun, On Thu, 19 Nov 2020 10:21:16 +0100 zimoun wrote: > Let=E2=80=99s postpone this Docker image work and start a new fresh threa= d once > v1.2.0 is published and the goal to have something for v1.3.0, well > that=E2=80=99s my point of view. After Ryan Prior's E-Mail I'm pretty sure my workaround of creating /tmp, /etc/passwd, /etc/group etc is what Docker actually expects one to do. So we can just create those--either at runtime, or maybe even have guix system docker-image do it at build time (if it doesn't already). I have no opinion on when we should do that (at this release or the next one), except to state that I am certain that it works (and pretty easily), because guix-on-docker does that already and guix works just fine there. That still leaves to explain how to prevent Docker from keeping older layers when it doesn't need to. In guix-on-docker I have a Dockerfile like this FROM alpine:3.12 AS bootstrap-guix-on-alpine [...] FROM scratch AS guix-on-docker COPY --from=3Dbootstrap-guix-on-alpine /etc/guix /etc/guix COPY --from=3Dbootstrap-guix-on-alpine /var/guix /var/guix COPY --from=3Dbootstrap-guix-on-alpine /gnu /gnu COPY --from=3Dbootstrap-guix-on-alpine /usr/local /usr/local COPY --from=3Dbootstrap-guix-on-alpine /root/.config/guix /root/.config/guix ADD set-mtimes.scm / ADD etc/passwd /etc ADD etc/group /etc ADD etc/services /etc ADD with-guix-daemon.scm / RUN ["/usr/local/bin/guix", "repl", "/set-mtimes.scm"] in order to prevent Docker from keeping older layers[1]. The "set-times.scm" invocation there is in order to fix the timestamps. "COPY --from=3D" does not preserve timestamps. Then guile is very annoyed because it can't use any of the ".go" files--because they are older than the respective ".scm" files. Using set-times.scm means it will create yet another layer where the only difference is the timestamps--so it doubles the size of the resulting image. But then it works. [1] https://docs.docker.com/develop/develop-images/multistage-build/ --Sig_/D2nZ6wFVr7_X8FyPnhrKGy= Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl+2TacACgkQ5xo1VCww uqUt1Qf/eVfR/ow33NI1uhEgpn0scdftFnHV1VHzy1jg4OSQ6ew2O5ZYKANK9NAQ F6Fv9Bg+ac0+9Vn1ZwnXJjbJ+P5/Dbb3+ySNiCc8cxNHmmeeh6B0n/NBDJJ5SS7E LYl2xxWFcKpSH9eca9A9wbzgQ37W1/1IKCQLoYpOnMuU0aWYi2sa/sYoIVf764NX +XCIRft+yThRzVg8ws8hmFqjGyVaS+W0e2y1b8khhJYy9Y6PuexLjGlICh/1vAfX rF0fnB4er4nJXAWHxagYkPNHhug2MQwxiPQ34SMibPYSjvxYXkrzwfMSLXHP6dy8 h8lX0nZZht8U4acbsETOXWCqijTsiA== =cXE2 -----END PGP SIGNATURE----- --Sig_/D2nZ6wFVr7_X8FyPnhrKGy=--