From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: make packagers life easier
Date: Tue, 17 Mar 2015 17:12:59 +0100
Message-ID: <87k2yfmwl0.fsf@gnu.org>
References: <20150315170032.GA14849@venom> <550817B3.8010305@totakura.in>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41957)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1YXu7B-0000Ur-KU
	for guix-devel@gnu.org; Tue, 17 Mar 2015 12:13:10 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1YXu76-0004Yr-Op
	for guix-devel@gnu.org; Tue, 17 Mar 2015 12:13:09 -0400
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:49757)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
	id 1YXu76-0004Ym-Le
	for guix-devel@gnu.org; Tue, 17 Mar 2015 12:13:04 -0400
In-Reply-To: <550817B3.8010305@totakura.in> (Sree Harsha Totakura's message of
	"Tue, 17 Mar 2015 13:01:55 +0100")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Sree Harsha Totakura <sreeharsha@totakura.in>
Cc: guix-devel@gnu.org, "Grothoff, Christian" <christian@grothoff.org>

Sree Harsha Totakura <sreeharsha@totakura.in> skribis:

> I have a similar feature request.  Long time ago when I was packaging
> gnunet and curl, I had to spend a lot of time trying to understand why
> `make check` phase fails in the build environment.  More often than not,
> I had to extensively study the test cases and the testing mechanism
> being used to understand and then resolve the failures, much to my
> chagrin, by trail-and-error as I did not have access to the build
> environment.
>
> Sure, `guix build -K` helped to some extent but there were some
> hard-to-debug cases which only failed in the build environment due to
> separate network and filesystem namespaces.

On GuixSD, there are few differences between the build environment and
the =E2=80=9Creal=E2=80=9D environment, which makes =E2=80=98guix build -K=
=E2=80=99 probably more
useful.  Notable differences are that the real environment has network
access and /bin/sh.

The /bin/sh thing is usually easily fixed.  Problems related to separate
network name spaces can be more difficult as you noticed, although it=E2=80=
=99s
also always possible to run =E2=80=98strace=E2=80=99 in the build process o=
r some Guile
snippet to get a better understanding of what=E2=80=99s going on.

However, when using Guix on another distro, then of course, in addition
to /bin/sh and networking, you get an FHS tree, which makes a
significant difference compared to the build environment.

> I discussed this with Christian and his suggestion was to implement a
> debug shell which the guix builder will bail out to when a phase fails.
>  The packager can then examine the environment right at the moment where
> the failure happens.
>
> I know that since the build happens in a separate namespace this can be
> hard to implement, but one idea is to configure the build environments
> network namespace to accept connections from localhost and spawn sshd
> when the build fails.
>
> WDYT?

I think it=E2=80=99s a nice idea, but it=E2=80=99s easier said than done.  =
:-)

An option would be to make do without the daemon=E2=80=99s help.  But then,=
 do
we add lsh/OpenSSH as a dependency of every build?  And more
importantly, can we actually open connections available from the
outside?

The other option is to handle it within the daemon, which would do all
the container-with-ssh-daemon setup by itself when needed.  That seems a
bit heavyweight to do there, and perhaps more investment than desirable
in this C++ code base.

If container support was librarified, akin to what David suggested for
GSoC=C2=B9, it would be easy for users to start a container that is really
comparable to that created by guix-daemon.  Then that would make this
sort of debugging much easier, among other benefits.

My 2=C2=A2,
Ludo=E2=80=99.

=C2=B9 http://www.gnu.org/software/soc-projects/ideas-2015.html#guix