From: Danny Milosavljevic <dannym@scratchpost.org>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: guix-devel@gnu.org, Ryan Prior <ryanprior@hey.com>
Subject: Re: /etc/passwd & co. in Docker images
Date: Sun, 22 Nov 2020 17:00:55 +0100 [thread overview]
Message-ID: <20201122165841.348c802a@scratchpost.org> (raw)
In-Reply-To: <874klkfej4.fsf_-_@gnu.org>
[-- Attachment #1: Type: text/plain, Size: 2877 bytes --]
Hi Ludo,
On Fri, 20 Nov 2020 12:34:07 +0100
Ludovic Courtès <ludo@gnu.org> wrote:
> Danny Milosavljevic <dannym@scratchpost.org> skribis:
>
> > After Ryan Prior's E-Mail I'm pretty sure my workaround of creating /tmp,
> > /etc/passwd, /etc/group etc is what Docker actually expects one to do.
>
> I’ve been pondering whether to create those files in ‘guix pack -f
> docker’ and…
>
> > ADD etc/passwd /etc
> > ADD etc/group /etc
> > ADD etc/services /etc
> > ADD with-guix-daemon.scm /
> > RUN ["/usr/local/bin/guix", "repl", "/set-mtimes.scm"]
>
> … what you’re doing here suggest that ‘guix pack’ should indeed create
> those files.
>
> Thoughts?
If guix pack can be used to put multiple packages into one pack,
are then packs like profiles, or would that be too much?
Because the question is what to do if you invoke
guix pack -f docker guix postgresql
.
Both need user accounts--and thus the total required user accounts (and thus
the contents of /etc/passwd) are the union of the respective required user
accounts of both packages.
So someone needs to merge those, and for that the packages need to require
these user accounts in the first place.
But usually in Guix it's Guix *services* that require user accounts and not
Guix packages. (which makes sense!)
So I would suggest that
guix system docker-image ...
create /etc/passwd by merging the required user accounts like described
above, but
guix pack -f docker a b c
really can't do that. I mean where would it know the requirements from?
But creating /tmp with the right permissions should be easy enough (?).
That leaves how we want to do a Guix release to a Docker registry.
I think if you pack guix-the-package-manager, the question is whether
there are scenarios (100% offloading for example) that allow you to
use guix without the guix daemon also running inside the docker container.
If so, it doesn't make sense to add /etc/passwd and /etc/services and so
on for guix-daemon in the guix pack case, especially since it singles out
one Guix package, guix, for special consideration.
Then you'd use the guix pack'ed image for using guix-the-package-manager
with 100% offload.
We should release a minimal guix-the-operating-system to a docker registry
so the guix-daemon also works (i.e. built using guix system docker-image).
You'd use this Docker system image when you want to use both guix and
guix-daemon.
Are there any downsides to just using a trimmed-down operating-system
definition in order to have a docker image with a working guix-daemon ?
Or we can instead add a static /etc/passwd in Docker after the fact and then
release that to a Docker registry--that's what guix-on-docker does now
(though that doubles the size of the result because Docker is being silly).
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
next prev parent reply other threads:[~2020-11-22 16:01 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-22 9:51 Releasing guix binary in Docker format too? Danny Milosavljevic
2020-09-23 11:07 ` Pjotr Prins
2020-09-23 12:53 ` zimoun
2020-09-24 7:59 ` Danny Milosavljevic
2020-10-20 10:29 ` zimoun
2020-10-21 9:12 ` Ludovic Courtès
2020-10-21 10:57 ` zimoun
2020-10-21 15:42 ` Ludovic Courtès
2020-11-04 14:43 ` Danny Milosavljevic
2020-11-06 9:59 ` Ludovic Courtès
2020-11-06 12:47 ` zimoun
2020-11-06 13:28 ` Danny Milosavljevic
2020-11-08 17:33 ` Ludovic Courtès
2020-11-15 18:30 ` zimoun
2020-11-17 16:38 ` Danny Milosavljevic
2020-11-18 12:56 ` Bengt Richter
2020-11-18 13:52 ` Ryan Prior
2020-11-18 14:25 ` zimoun
2020-10-21 11:04 ` Size of package 'guix' zimoun
2020-10-21 15:44 ` Ludovic Courtès
2020-10-21 16:04 ` zimoun
2020-11-04 11:05 ` Release: Docker Image? DockerHub? skopeo? zimoun
2020-11-04 13:44 ` Jelle Licht
2020-11-04 14:50 ` Danny Milosavljevic
2020-11-15 21:30 ` zimoun
2020-11-17 16:31 ` Danny Milosavljevic
2020-11-17 16:50 ` Danny Milosavljevic
2020-11-17 17:30 ` zimoun
2020-11-17 19:23 ` Danny Milosavljevic
2020-11-17 19:28 ` Danny Milosavljevic
2020-11-17 21:44 ` Ryan Prior
2020-11-17 22:05 ` Carlo Zancanaro
2020-11-19 9:21 ` zimoun
2020-11-19 10:49 ` Danny Milosavljevic
2020-11-20 11:34 ` /etc/passwd & co. in Docker images Ludovic Courtès
2020-11-20 18:53 ` Ryan Prior
2020-11-22 16:00 ` Danny Milosavljevic [this message]
2020-11-22 16:49 ` Ryan Prior
2020-11-29 12:51 ` Danny Milosavljevic
2020-12-05 15:08 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201122165841.348c802a@scratchpost.org \
--to=dannym@scratchpost.org \
--cc=guix-devel@gnu.org \
--cc=ludo@gnu.org \
--cc=ryanprior@hey.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).