From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id sP07Am/LlmPjUQAAbAwnHQ (envelope-from ) for ; Mon, 12 Dec 2022 07:34:23 +0100 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id KLJ0AW/LlmMKdQAAG6o9tA (envelope-from ) for ; Mon, 12 Dec 2022 07:34:23 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 7E13F1EA75 for ; Mon, 12 Dec 2022 07:34:22 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1p4cNp-00068y-FY; Mon, 12 Dec 2022 01:33:49 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p4cNm-00066x-AV for help-guix@gnu.org; Mon, 12 Dec 2022 01:33:47 -0500 Received: from mail-4316.protonmail.ch ([185.70.43.16]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p4cNk-0002GQ-2B; Mon, 12 Dec 2022 01:33:46 -0500 Date: Mon, 12 Dec 2022 06:33:35 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1670826819; x=1671086019; bh=9Bigg4SxMZx9nOKuFVSJUPODjpDwutc+Dtn4Hlo94Vs=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=vWMXTHzZkeXPPzrd8tRvQx5e/oWxpIEvy8ZV6oimEw31we/nkmhxGqkcO8r8arPU6 /paY43nJiYqUHs0NgryrNuJAhptVVOwTwINoZTor9HWUMMTSRqIoWdWxjUgaNaXTYl 32WQfA9RhMQ7Q4iAUukRQB78nruCnrCnKObOMWPKNujXGNS5XtXroB7YEwYa74Ra0e xxuL04oHwF1cT77bICzjip+5Hoc58T7RBtIbMHH8cNn/7qE5WhpqLJT5h3kRuPK1K9 aD2iXLYhCh9gk5mLNQJAHSrvV5YL0FNH3BGFH9m+Nk05vm4F3jA0pmRvxL5rVoSpAS S8nnREeBvX2WA== To: =?utf-8?Q?Ludovic_Court=C3=A8s?= From: John Kehayias Cc: Guix Devel , help-guix@gnu.org Subject: Re: Drafting a Guix blog post on the FHS container Message-ID: <87ilihp1vn.fsf@protonmail.com> In-Reply-To: <87v8molsqm.fsf@gnu.org> References: <87pmcy4m2j.fsf@protonmail.com> <87v8molsqm.fsf@gnu.org> Feedback-ID: 7805494:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=185.70.43.16; envelope-from=john.kehayias@protonmail.com; helo=mail-4316.protonmail.ch X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1670826862; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=9Bigg4SxMZx9nOKuFVSJUPODjpDwutc+Dtn4Hlo94Vs=; b=ukUnx3ONk/C4nhU4BVMyYQMSUqyJbES4lFr80LOijpEiUer91BmUPIKdrOW3+TunEiz+rd 8j+TXuCxTR5YDZbXjHwvTWWIkn6mFgJ4d3Wc82qNDfEtRgeuelhewGYwXKUqFs1masUsF8 1p82eV76jrzo6FQU6aD19ziaoxpMS50HyWL31RqPnCodwBnO2DKnjKQpu1NWiPs/42PqGo G752/Nc3+eAiyntTnyvHWAoM5vVTRJv82uXY8nxd2yZxwNcfpG3+Q1gtdSe1x8R9tHWtu8 n5rlteOJ4VP7e51HZhW3f/8HEf4kOayYUSvT8YAflmkKzFxatjbmltq7w8fcTg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=protonmail.com header.s=protonmail3 header.b=vWMXTHzZ; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=quarantine) header.from=protonmail.com ARC-Seal: i=1; s=key1; d=yhetil.org; t=1670826862; a=rsa-sha256; cv=none; b=mgTAp/VFWnj2yfkUqDWrbyhpetXXGx5VssuS+pMHIxrsAcR5+xc9+J6/68HxSEYOFd5HXO O2Tt+pyR2LUWr5T8LhIg8JtttEu/HntUTLUO/sKToMzPtBfuo/JuH0ZHCDb1wr1a7zxNAO rJxgUqx3mauqzo1nS2yE0zcbgKBBqiuKik7nuaesV4HbBLoA8VOT4oYgne3Bk0s+3jge/A qQQtKejlX76BaeG9d3ga+1cVPISx2n/RKfZTs39NGtdkYj47I36/kuM4iPENku9s7VHa3Y sPedLLNH4aCoVxaf1k9HKflj06gSGOysLXeim4SWSF57NriFd2yw6w0/0PVJZw== X-Migadu-Spam-Score: -6.00 X-Spam-Score: -6.00 X-Migadu-Queue-Id: 7E13F1EA75 X-Migadu-Scanner: scn1.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=protonmail.com header.s=protonmail3 header.b=vWMXTHzZ; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=quarantine) header.from=protonmail.com X-TUID: O8F1VgUpCrFF Hi Ludo=E2=80=99 and Guixers, Before I get to some quick responses, I wanted to share some FHS container = examples I've been testing. I hope others can try as I did get a response o= n IRC that one didn't work as expected. I think it might be when needing to= expose some of the host for things like hardware access. First, let's dive right into a big one: the popular VSCodium editor. This i= s a freely licensed build of VS Code: This comes in AppImage format. Downloading it and making it executable (wit= h a 'chmod +x') I can run it in a container as --8<---------------cut here---------------start------------->8--- guix shell -CNF -D ungoogled-chromium gcc:lib \ --preserve=3D'^DISPLAY$' --preserve=3D'^XAUTHORITY$' --share=3D$XAUTHO= RITY \ --preserve=3D'^DBUS_' --expose=3D/var/run/dbus \ --expose=3D/sys/dev --expose=3D/sys/devices --expose=3D/dev/dri \ -- ./VSCodium-1.74.0.22342.glibc2.17-x86_64.AppImage --appimage-extrac= t-and-run --8<---------------cut here---------------end--------------->8--- where the first line is a cheat I like to get lots of libraries often neede= d for graphical applications (development inputs of ungoogled-chromium) tho= ugh it is a bit overkill if the AppImage does actually bundle everything (t= hey don't!). Next line is for display on the host's X server, the one after= for DBus communication, and lastly exposing some of the host hardware for = rendering (perhaps can be disabled in VSCodium somehow?). This is what may = need some tweaking for others, but I'm not sure. Note that we can't run an AppImage with out the 'appimage-extract-and-run' = as it will want to use fuse to mount the image which we can't do from the c= ontainer. I have some more details on this and actually did get this to mou= nt, though it wasn't visible from the container, in the coming blog post dr= aft. Another example is to get the latest nightly builds of Rust, via --8<---------------cut here---------------start------------->8--- $ mkdir ~/temphome $ guix shell -NCF bash coreutils curl grep nss-certs gcc:lib gcc-toolchain = pkg-config glib cairo atk pango@1.48.10 gdk-pixbuf gtk+ git --share=3D$HOME= /temphome=3D$HOME ~/temphome [env]$ curl --proto '=3Dhttps' --tlsv1.2 -sSf | sh --8<---------------cut here---------------end--------------->8--- where I first created a '~/temphome' directory to use as $HOME in the conta= iner and included a bunch of libraries for the next example. Finally, we can build a Rust project of desktop widgets, , following their directions = Ultimately this uses just 'cargo build --release' and this builds after do= wnloading all the needed libraries. It needs similar stuff from the host as= the VSCodium example to get things to run and display, which I'll detail i= n the blog post. Happy to try other examples and to hear feedback on these! Now, back to the rest of the email. On Tue, Dec 06, 2022 at 11:41 AM, Ludovic Court=C3=A8s wrote: > Hello! > > John Kehayias skribis: > >> One question: what is appropriate or recommended for examples concerning= things like >> pre-built binaries? As an example, I had tested the FHS container by run= ning the Siril >> appimage, which has since been packaged for Guix (nice work!). There are= ones that I >> don't see that happening for anytime soon, like an Electron-based app. S= omething like >> VSCodium is very popular, free (as in freedom and I believe the FSDG sen= se), but just >> not something you can package fully from source due to JavaScript as I u= nderstand it. It >> runs in the FHS container. > > A good example might be a free application not currently packaged in > Guix, for example due to being full of JavaScript, or nightly builds as > you wrote provided by an upstream project. > I used VSCodium above, though honestly I've only seen that it opens and see= ms to work fine. Open to other suggestions but that one will probably get s= ome attention :) >> Here is a current (rough!) draft. For the ease of plain text email I've = exported from >> the org source to text with some light edits: > > Note that the blog takes Markdown=C2=B9, but hopefully the Org-to-markdow= n > export works well. > > =C2=B9 > Thanks, and I saw simon's email about this as well. I may have to tweak the= Markdown a little, but should work easily enough. > The post looks great to me! I have minor suggestions below: > Thank you! >> GNU Guix is different from most other GNU/Linux distributions and >> perhaps nowhere is that more obvious than the organization of the >> filesystem: Guix does not conform to the [File Hierarchy Standard] >> (FHS). In practical terms, this means there is no global `/lib' > > It=E2=80=99s =E2=80=9CFilesystem Hierarchy Standard=E2=80=9D. > >> To that end, we've [recently added] a new option for Guix containers, >> `--emulate-fhs' (or `-F'). This will set up an environment in the > > Perhaps s/Guix containers/`guix shell`/ and add a few words about what > =E2=80=98guix shell --container=E2=80=99 does (you can link to the manual= or blog post). > >> container that follows FHS expectations, so that libraries are visible >> in `/lib' in the container, as an example. Additionally, for the more >> technically-minded, the [`glibc' used in this container] will read from >> a global cache in `/etc/ld.so.cache' contrary to the behavior in [Guix >> otherwise]. > > Since the ld.so.cache issue is more involved (compared to simply having > /lib and /bin), maybe you can move it after the =E2=80=9Cls /bin=E2=80= =9D example? > >> Contrast that with `/bin' on a Guix system: >> ,---- >> ls /bin -la >> `---- >> >> lrwxrwxrwx 1 root root 61 Dec 3 16:37 sh -> >> /gnu/store/d99ykvj3axzzidygsmdmzxah4lvxd6hw-bash-5.1.8/bin/sh > > You can show =E2=80=98ls /lib=E2=80=99 too. :-) > Thanks for all these corrections and tips! Sadly(?) no matter how many time= s I've written out FHS I still get it wrong sometimes. > Actually you can use or get inspiration from this animated GIF if you > like: > > > Either I forgot to save this or wasn't able to access it before, and can't = access it now. >> useful. For example, there may be software that is free and conforms to >> the FSDG Guix follows, yet is not feasible to be [packaged] by our > > s/FSDG/Free System Distribution Guidelines (FSDG)/ > Thanks! John