From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id GD65CRBH1WLsowAAbAwnHQ (envelope-from ) for ; Mon, 18 Jul 2022 13:42:08 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id 2KmNCRBH1WL87AAA9RJhRA (envelope-from ) for ; Mon, 18 Jul 2022 13:42:08 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id CB73DC98D for ; Mon, 18 Jul 2022 13:42:07 +0200 (CEST) Received: from localhost ([::1]:60972 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oDP8Y-000886-Vj for larch@yhetil.org; Mon, 18 Jul 2022 07:42:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41766) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oDP70-00079p-Pv for guix-devel@gnu.org; Mon, 18 Jul 2022 07:40:32 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:34078) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oDP70-0003o1-DQ; Mon, 18 Jul 2022 07:40:30 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=ucIzfhE3poSupRkskpUBmF1e+pOZHC1SWYNvE1sKZYo=; b=ix3lCporIiWDP/KiCr// Qy4XKgZpArPVyt1BxBzRzeoAkoSBeyxWq2V9niBO2/ivV6TTVxRSmcBefqUljWz5c1bs/tzQRHPsV X+Br06QAYaCYiUeAls4+M7LBSvwf3TF5JlFks5dkbyAW31GJx+jUOXaQWZN8gfIYH1jIxNeAIfrtv uAqXbcoxijzFJoe9MMCxP9sTpscUsdZwtHsnrh9Fy+8BjrDnE8kqarQuNjYFqEVQr9oi/ipiSqT+u 9t1sg7s30GdE1y9WPzV66m5ljvrAn+5bKv2G+No9Chno1Ki9+Ra6DjRkpE4BUgpZQu9YlI5sueClH gvJX9ffVQR5DsA==; Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=44268 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oDP6y-0006FX-Ad; Mon, 18 Jul 2022 07:40:30 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: John Kehayias Cc: "guix-devel@gnu.org" Subject: Re: [WIP Patch] Adding an FHS container to guix shell References: X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: =?utf-8?Q?D=C3=A9cadi?= 30 Messidor an 230 de la =?utf-8?Q?R=C3=A9volution=2C?= jour de la =?utf-8?Q?Chal=C3=A9mie?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 18 Jul 2022 13:40:24 +0200 In-Reply-To: (John Kehayias's message of "Tue, 12 Jul 2022 15:59:14 +0000") Message-ID: <875yju1wev.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1658144527; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=ucIzfhE3poSupRkskpUBmF1e+pOZHC1SWYNvE1sKZYo=; b=L9du69lHEFJYNr2HuPcG5E5Uj8Fk7GFR9m0Oaj4BezDWsl8ci/yErD//Xuo0fTa2nB66Ld u0sc5nRnt47WR/0RsNlsaEOvECXzNVbX4+Pt38zvm50Xuoj9w4SyRIQmRlQNLlCKS5/ji4 uGiK9USb+u/KXDW8Im6WlqO0ZqEX9tsq+PmJapF+5D/wvdbxu2SNVBo6Ke88wp4gu7Ao7J oFQfnpP5bdnEISRxihaXwIwc4EAp1qc0GXYJH6grKE9PlCGwjC0GPW5QxqskJV3Pp5OM5B SbIZ9ArPL3Ah8elMhZd+ancASoGZZolswUGy/w7pBPdr+ZL/cieR+1R8kXKFAw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1658144527; a=rsa-sha256; cv=none; b=TWHW0+v7hQneuex+NTVTQ+z6wyqYHDgjzOMEzj9kqyislZGshFOU/EqAqeNdtg6CUKMx8k 6BNUo1tvnDvwlsDNxTQTdgTfdNUzpQEJLFAQoRL+baDRkcKDwqnUJn9uuUMW56nk8yeP41 8LkVu87ljdPg4rmaVcSFXm+HoHOIAPyMhREymZ3Y83O9S71/UvC1glHnjAKkVHwLuPSrlQ qUdB3ubDB5bx08tjcZZN8Z3FoncyHmglPYsyOfuxnv/ASkV/Fm+O8g9Q1rQBxsL1vkJusl 8UTq7emqz4EqqE/X9F0UQqNe82HgBRH69vdSFPUo5WMhp5JhjLbxceapfdb7hA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gnu.org header.s=fencepost-gnu-org header.b=ix3lCpor; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -6.93 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gnu.org header.s=fencepost-gnu-org header.b=ix3lCpor; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: CB73DC98D X-Spam-Score: -6.93 X-Migadu-Scanner: scn0.migadu.com X-TUID: H4NuL/z/4vdC Hello! John Kehayias skribis: > 2. Typically binaries will expect the ld loader to use > /etc/ld.so.cache for finding libraries. Not necessarily. /etc/ld.so.cache is an optimization, but it=E2=80=99s ent= irely possible to opt out: if that file is missing, things will work fine, but libc will =E2=80=98stat=E2=80=99 more to find files. That would make glibc= -for-fhs unnecessary. > +(define* (launch-environment/container #:key command bash fhs-container?= user > + user-mappings profile manifest > + link-profile? network? map-cwd? > + (white-list '())) > "Run COMMAND within a container that features the software in PROFILE. > Environment variables are set according to the search paths of MANIFEST. > The global shell is BASH, a file name for a GNU Bash binary in the > @@ -709,6 +718,49 @@ (define* (launch-environment/container #:key command= bash user user-mappings > (mkdir-p home-dir) > (setenv "HOME" home-dir) >=20=20 > + ;; Set up an FHS container. > + (when fhs-container? > + ;; Set up the expected bin and library directories as syml= inks to > + ;; the profile lib directory. Note that this is assuming = a 64bit > + ;; architecture. > + (let ((lib-dir (string-append profile "/lib"))) > + (symlink lib-dir "/lib64") > + (symlink lib-dir "/lib") > + (mkdir-p "/usr") > + (symlink lib-dir "/usr/lib")) Instead of adding code here, maybe you could do in a more declarative fashion, like: (define fhs-mappings (list (file-system-mapping (source (string-append profile "/bin")) (target "/bin")) =E2=80=A6)) and append that to the =E2=80=98mappings=E2=80=99 variable there. It=E2=80= =99s not necessarily more compact, but maybe marginally easier to read? > + ;; Define an entry script to start the container: generate > + ;; ld.so.cache, supplement $PATH, and include command. I=E2=80=99d leave ld.so.cache generation out. > + (call-with-output-file "/tmp/fhs.sh" > + (lambda (port) > + (display "ldconfig -X -f /tmp/ld.so.conf" port) > + (newline port) > + (display "export PATH=3D/bin:/usr/bin:/sbin:/usr/sbin:= $PATH" port) I think the default value of PATH in our libc is the FHS one: --8<---------------cut here---------------start------------->8--- $ env -i $(type -P strace) -e execve -f $(type -P guile) -c '(system* "what= ever")' execve("/gnu/store/lpcjxka7hx3ypv4nz47g08k4m2syqwlj-profile/bin/guile", ["/= gnu/store/lpcjxka7hx3ypv4nz47g0"..., "-c", "(system* \"whatever\")"], 0x7ff= ede27ad38 /* 0 vars */) =3D 0 /home/ludo/.guix-home/profile/bin/strace: Process 9727 attached /home/ludo/.guix-home/profile/bin/strace: Process 9728 attached /home/ludo/.guix-home/profile/bin/strace: Process 9729 attached /home/ludo/.guix-home/profile/bin/strace: Process 9730 attached /home/ludo/.guix-home/profile/bin/strace: Process 9731 attached /home/ludo/.guix-home/profile/bin/strace: Process 9732 attached [pid 9732] execve("/bin/whatever", ["whatever"], 0x7ffed6d967c8 /* 0 vars = */) =3D -1 ENOENT (No such file or directory) [pid 9732] execve("/usr/bin/whatever", ["whatever"], 0x7ffed6d967c8 /* 0 v= ars */) =3D -1 ENOENT (No such file or directory) In execvp of whatever: No such file or directory --8<---------------cut here---------------end--------------->8--- So you could leave it undefined, but =E2=80=98load-profile=E2=80=99 in =E2=80=98launch-environment=E2=80=99 will define it. Instead of the wrapper script, maybe you could extend =E2=80=98launch-environment=E2=80=99 so the caller can make it override cer= tain variables? I would find it a bit clearer. Thanks, Ludo=E2=80=99.