From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id iPTXCheVjWMV5AAAbAwnHQ (envelope-from ) for ; Mon, 05 Dec 2022 07:52:07 +0100 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id qGvsCReVjWPaRAAAG6o9tA (envelope-from ) for ; Mon, 05 Dec 2022 07:52:07 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id B91E32AC08 for ; Mon, 5 Dec 2022 07:52:06 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1p25KQ-0007eT-Uf; Mon, 05 Dec 2022 01:51:50 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p25KP-0007eC-7a; Mon, 05 Dec 2022 01:51:49 -0500 Received: from koszko.org ([93.95.227.159]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p25KM-0006VA-Gs; Mon, 05 Dec 2022 01:51:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=koszko.org; s=mail; h=Content-Type:MIME-Version:References:In-Reply-To:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=UEV15EAqRSdZIF3CLrkKeNTd+Z7lRlLvrE3tse212T4=; b=EoK69V/kJj7fDsIU5lsronrp2m bvvCOVj0xusE6m7dkXvINtp1a4r86VF26KIj1+keRyMSqXMWncRjz077FYfpBlIIS1kt3WKfv4V/x nNaeQOW9jH5eLpVPZi+45Ayk/j6+TpOK9WEQlydi+oS37AxgNlzRSGgcTmwtZNlH2hVMagER7qz3b eVztDfB3IgYw3ouK+KN6G9PRyKOLjfc0UCyDbLnGvydkwNk9Z1Ff8WGLzdu80cMUqe496sB+2CZTU 0ViWYoaddaeneTdYa0Wu+TxGo0Xjp+/wMu3wros2aBci0a3z+tF1+24GrQ7HyUwlDHby5da86s8di OMRHU5XfmQnT+X6SSqwiRIQR3EsQRZmIzg5NX2hx6slJ3/PAyV5tsQDkx1COhicw5brW9VWkCM+GC dTXr1z3SetXv9XVp4ZufTsw8ipZIpNc3U6Nff8CLtv/hzZxK+bRmcEaxOuvTUiM9bqyfN4sMIkj1Q hQdjDO8MV1gSKcS1CxzaTVRxqMr7pfEBASMUQSu9kmNU7873oe+/u0L+kgDHgUsL+7bqU/82YZU+o jRqpkuQBf0nyHdWLYIWHF9bY05sqKkqXu+QsOYo46okyjnUj2Zcsx9pY/bgZK9JPZWG9QqDNVrD9W 3uqg7Lc/ZCtK+vhRkl5Mz4FsLKGZn7EVK95sX19U0=; Received: from [77.252.47.239] (helo=koszkonutek-tmp.pl.eu.org) by koszko.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1p25KG-000502-2Y; Mon, 05 Dec 2022 07:51:40 +0100 Date: Mon, 5 Dec 2022 07:51:38 +0100 To: John Kehayias Cc: Guix Devel , help-guix@gnu.org Subject: Re: Drafting a Guix blog post on the FHS container Message-ID: <20221205075138.02fd3ec4.koszko@koszko.org> In-Reply-To: <87pmcy4m2j.fsf@protonmail.com> References: <87pmcy4m2j.fsf@protonmail.com> X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/BpM+_auMx9FZ1++9QY_iKns"; protocol="application/pgp-signature"; micalg=pgp-sha256 Received-SPF: pass client-ip=93.95.227.159; envelope-from=koszko@koszko.org; helo=koszko.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Wojtek Kosior From: Wojtek Kosior via Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1670223126; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=UEV15EAqRSdZIF3CLrkKeNTd+Z7lRlLvrE3tse212T4=; b=sXWl1dDDexCqTrJ81QLYnqExlPsxz+RraRrUrkdk86tlkLHz4qtS0Y+iPTsCv0Gm0nLIdi yy0R27se4dCjG57zRV969b9tLz3zEopCCoxP6xy/9uPLtl6cpzE4+7FFIWOl0mPIThTD6i 6NfYa0th2qUkGhhVoSr4fQZN76J6o2lGag5fuTNOPH/eFR5XR8XsYzsuE8N3cBoFMIPPfo 77Jqj3pGfaawjEkWoP+GMR/RBFrPp4r28pHJC4ZZ10pT9M0bvOPVBNGT8ymvD6lBs1fx1v lzyCxNzcdcY7Qv5GHx5wtg/yaSiCh56nvqdHkEcYJ6T5SsIsDoSYOApgMN/urw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1670223126; a=rsa-sha256; cv=none; b=raFVCvGJOz6Jq8GCC+qa6clbW8f+CRrfm18Ojt4Y4cCZ8HrRkvLSoExIoFw8OxHIp8qOZK WnyV96fD0Y6mdwfYbqZqP+3R5mYrudRqDL877gxQCYMrNzlu46A9H9H6XlQRPs3J98xDAJ zXGxDWqGWiPTPfLzglWPb6/TNJTERqbWQmeW9gOGBz3Kn+WrVL1BFnRYYSSgYLhFMQFoaW hj8az0wRx0RQKH6HC6JvLKHclnZ0W6KVzHO1LxISJz8WTNyo7GqZk/GRylbF3Fgx1+lhcz 5Av4D20sMhgM5xVkKeiFyPyG7frelGQOBoepttv/Q1wPgiVxCZx6M1FDNCx5Cw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=koszko.org header.s=mail header.b="EoK69V/k"; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -5.37 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=koszko.org header.s=mail header.b="EoK69V/k"; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: B91E32AC08 X-Spam-Score: -5.37 X-Migadu-Scanner: scn1.migadu.com X-TUID: FdyPNwJB6a1f --Sig_/BpM+_auMx9FZ1++9QY_iKns Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hello, > Hi Guixers! >=20 > I've started working on a little blog post about our new > --emulate-fhs option for Guix containers. In short, this sets up an > FHS-like (Filesystem Hierarchy Standard) container which has things > like /lib and /bin. >=20 > I would like to get some suggestions on good examples to include. > More general feedback, questions, and other comments are also > welcome! I've included a rough draft of the beginning of the post, > leading up to showing some examples. Hi, One recent real-life example of `--emulate-fhs` being useful is with Python's virtualenv. I mentioned it in one help-guix thread which you can see here[1] :) Wojtek [1] https://lists.gnu.org/archive/html/help-guix/2022-11/msg00305.html -- (sig_start) website: https://koszko.org/koszko.html PGP: https://koszko.org/key.gpg fingerprint: E972 7060 E3C5 637C 8A4F 4B42 4BC5 221C 5A79 FD1A Meet Krak=C3=B3w saints! #11: saint Jacek Odrow=C4=85=C5=BC Poznaj =C5=9Bwi=C4=99tych krakowskich! #11: =C5=9Bwi=C4=99ty Jacek Odrow= =C4=85=C5=BC https://pl.wikipedia.org/wiki/Jacek_Odrow=C4=85=C5=BC -- (sig_end) On Mon, 05 Dec 2022 02:32:40 +0000 John Kehayias wrote: > Hi Guixers! >=20 > I've started working on a little blog post about our new --emulate-fhs op= tion for Guix containers. In short, this sets up an FHS-like (Filesystem Hi= erarchy Standard) container which has things like /lib and /bin. >=20 > I would like to get some suggestions on good examples to include. More ge= neral feedback, questions, and other comments are also welcome! I've includ= ed a rough draft of the beginning of the post, leading up to showing some e= xamples. >=20 > (I've sent this to the devel and help list as I think input from differen= t types of users will be helpful given the feature being discussed. I'm not= currently subscribed to the help list, so please cc the devel list or me d= irectly.) >=20 > One question: what is appropriate or recommended for examples concerning = things like pre-built binaries? As an example, I had tested the FHS contain= er by running the Siril appimage, which has since been packaged for Guix (n= ice work!). There are ones that I don't see that happening for anytime soon= , like an Electron-based app. Something like VSCodium is very popular, free= (as in freedom and I believe the FSDG sense), but just not something you c= an package fully from source due to JavaScript as I understand it. It runs = in the FHS container. >=20 > Examples I was thinking of including: using rustup (uses pre-build rust b= inaries) and building a package that depends on newer (nightly) rust, like = eww This builds and nicely is screenshot-a= ble with pretty looking desktop widgets. >=20 > What would be useful examples? What is the right line to toe regarding bi= naries? I don't want to necessarily advocate for that, yet sometimes we may= feel we have no other choice or want to be able to test something. I was t= hinking to keep it to what we do have packaged in Guix yet may want to run = in a different way, or something that would fit if the language ecosystem w= asn't so at odds with the Guix approach (and reproducibility more generally= ). >=20 > Appreciative of any and all thoughts! >=20 > John >=20 >=20 > Here is a current (rough!) draft. For the ease of plain text email I've e= xported from the org source to text with some light edits: >=20 >=20 > ______________________________ >=20 > FHS COMES TO GUIX CONTAINERS >=20 > John Kehayias > ______________________________ >=20 >=20 > GNU Guix is different from most other GNU/Linux distributions and > perhaps nowhere is that more obvious than the organization of the > filesystem: Guix does not conform to the [File Hierarchy Standard] > (FHS). In practical terms, this means there is no global `/lib' > containing libraries, `/bin' containing binaries[1], and so on. This is > very much at the core of how Guix works and some of the convenient > features, like per-user installation of programs (different versions, > for instance) and a declarative system configuration where the system is > determined from a configuration file. >=20 > However, this also leads to a difference in how many pieces of software > expect their world to look like, relying on finding a library in `/lib' > or an external tool in `/bin'. When these are hard coded and not > overcome with appropriate build options, we patch code to refer to > absolute paths in the store, like > `/gnu/store/hrgqa7m498wfavq4awai3xz86ifkjxdr-grep-3.6/bin/grep', to keep > everything consistently contained within the store. >=20 > It all works great and is thanks to the hard work of everyone that has > contributed to Guix. But what if we need a more FHS-like environment for > developing, testing, or running a piece of software? >=20 > To that end, we've [recently added] a new option for Guix containers, > `--emulate-fhs' (or `-F'). This will set up an environment in the > container that follows FHS expectations, so that libraries are visible > in `/lib' in the container, as an example. Additionally, for the more > technically-minded, the [`glibc' used in this container] will read from > a global cache in `/etc/ld.so.cache' contrary to the behavior in [Guix > otherwise]. >=20 > Here is a very simple example: > ,---- > guix shell --container --emulate-fhs coreutils -- ls /bin > `---- >=20 > [ > b2sum > base32 > base64 > basename > basenc > cat > catchsegv > chcon > chgrp > chmod > ... >=20 > Contrast that with `/bin' on a Guix system: > ,---- > ls /bin -la > `---- >=20 > lrwxrwxrwx 1 root root 61 Dec 3 16:37 sh -> /gnu/store/d99ykvj= 3axzzidygsmdmzxah4lvxd6hw-bash-5.1.8/bin/sh >=20 > There are several uses that spring to mind for such a container in Guix. > For developers, or those aspiring to hack on a project, this is a > helpful tool when needing to emulate a different (non-Guix) environment. > For example, one could use this to more easily follow build instructions > meant for a general distribution, say when a Guix package is not (yet) > available or easy to write immediately. Another usage is to be able to > use tools that don't really fit into Guix's model, like ones that use > pre-built binaries. There are many reasons why this is not ideal and > Guix strives to replace or supplement such tools, but practically > speaking they can be hard to avoid entirely. The FHS container helps > bridge this gap, providing an isolated and reproducible environment as > needed. >=20 > Users not interested in development will also find the FHS container > useful. For example, there may be software that is free and conforms to > the FSDG Guix follows, yet is not feasible to be [packaged] by our > standards. JavaScript and particularly Electron applications are not yet > packaged for Guix due to the [difficulties] of a properly source-based > and bootstrapable approach in this ecosystem. >=20 >=20 > [File Hierarchy Standard] > >=20 > [recently added] > >=20 > [`glibc' used in this container] > >=20 > [Guix otherwise] > >=20 > [packaged] >=20 > [difficulties] > >=20 >=20 >=20 > Footnotes > _________ >=20 > [1] Other than a symlink for `sh' from the `bash' package, for > compatibility reasons. >=20 >=20 --Sig_/BpM+_auMx9FZ1++9QY_iKns Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQTpcnBg48VjfIpPS0JLxSIcWnn9GgUCY42U+gAKCRBLxSIcWnn9 GvlUAP9Dl4RyHciP+zbsDyHQ52qSra4VFBnKZxt0gZ2M86MFNAEA6+EcR80HyNd/ aZxtgAp7Tj4Zy7ydYMUhfmadkMvTdA8= =BuJo -----END PGP SIGNATURE----- --Sig_/BpM+_auMx9FZ1++9QY_iKns--