From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id cPZaEX1j3GWYvQAA62LTzQ:P1 (envelope-from ) for ; Mon, 26 Feb 2024 11:10:05 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id cPZaEX1j3GWYvQAA62LTzQ (envelope-from ) for ; Mon, 26 Feb 2024 11:10:05 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=abesis.fr header.s=mail header.b=U8mFVUdL; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1708942205; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=iotKqhvAmVM7anZeFc5BZwsWp7lxHZS3zevIgHKCF1I=; b=pe3Gvfp4cmz/wkfk90WfnZw4vvn2YQ76q2iPe86tvzxMMzz7YKlYKPlyeMW9VgzKG945MR SM5bMAAywf7g9qtvdRy18vzLj0M0SNQzp9K4+Pbu/S4yGAXtdwWSbHVYet9zNReEMM0m3S lRs83S7jS29Pt2rK0/+Hwn5F8X6UxeFxLcqK/DsqiaykYyMb9Ybsb1m6CfWamAXnXr7VVp rLfad7ChAO5UO4vWJtYxiwzDP8t5ZAFxVpt/F358sq5XIJiEUHCrMkPdyBmIGxbW/j/7gI gqmfGKrRK9mlk2QWVmM92/a1nOtUQY6PGRkhF3c+7Ozyh87c1g62NIOk7aCEBA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=abesis.fr header.s=mail header.b=U8mFVUdL; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=none ARC-Seal: i=1; s=key1; d=yhetil.org; t=1708942205; a=rsa-sha256; cv=none; b=oUyb+V8mX2kHMKq7VoCtG0E03S5Qcch3Da7aJx4a2JaycFLsvdB7FLRV2WeWLwr3wOcToX 15V1DzROuCvCegInpurUJfVdG0KnPqcBgDgWrViWcvg0WDRouXE3auZaLxtf16x0ikWz3b fv9nbZEsCxiF9RVf0KKzKn/rO7omwq/As4+JhF1cR2enkZZTwGqQ5cRp4/hxVY6AJoCL7n jX5hWwyVu9tiJxI7dIjSMDQLoLHOvENM7x+NmW0i5gOUkAutGT5Hc8Z7Ydp7hMkjqbjhd4 k5EahpPWyjsYaVWBQdnpRagpraeWiQ0pQa2zi3iavsBNv7RDJxjcReY32sUeyA== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C9D46404BF for ; Mon, 26 Feb 2024 11:10:02 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1reXvX-0006Gm-W7; Mon, 26 Feb 2024 05:09:41 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1reXvV-0006G9-1F for guix-devel@gnu.org; Mon, 26 Feb 2024 05:09:37 -0500 Received: from kordia.abesis.fr ([37.187.96.121]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1reXvP-0005Ys-Ka for guix-devel@gnu.org; Mon, 26 Feb 2024 05:09:34 -0500 From: Antoine Eiche DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=abesis.fr; s=mail; t=1708942165; bh=iotKqhvAmVM7anZeFc5BZwsWp7lxHZS3zevIgHKCF1I=; h=From:To:Cc:Subject:In-Reply-To:References:Date; b=U8mFVUdLHCZv3IpNaBa+2q1uNMxxt1zK+Yo15txDvBUnm90enhKYE42Uf5smXKAHp 80QVpOIZmM6dLb99if8pahAxKFf+R2Lw7bsfkUUeKXW2LMljwoGIBNn5yCfALXDZ6m I4ovE99cnC9mA96n6mDmcU1Zi4pvZnJ8d4eTFB54= To: Ricardo Wurmus Cc: guix-devel@gnu.org Subject: Re: Building container images with nix2container In-Reply-To: <87wmqszwif.fsf@elephly.net> References: <8734tijjpy.fsf@tilia> <87wmqszwif.fsf@elephly.net> Date: Mon, 26 Feb 2024 11:09:21 +0100 Message-ID: <87plwjilke.fsf@tilia> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=37.187.96.121; envelope-from=lewo@abesis.fr; helo=kordia.abesis.fr X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -5.74 X-Spam-Score: -5.74 X-Migadu-Queue-Id: C9D46404BF X-Migadu-Scanner: mx11.migadu.com X-TUID: 7QpOmpOQK+TN Ricardo Wurmus writes: > We have "guix pack" as part of Guix. It builds Docker or squashfs > images as well as various other formats. What does nix2container offer > beyond what we have? I acutally don't know how you currently build Docker images. But if nix2container brings something, i think it would mainly be optimizations (time and space). Does your built images contains several layers? nix2container uses an heuristic to group store paths into layers. The goal is to share common layers between images and to avoid full image rebuild when only a storepath differs. Do you write the image tarball into your store when you build an image? nix2container is able to build layers on the fly from the Nix store. The goal is to reduce IOs and storage. Instead of writing an image tarball into the store, it generates a script which stream layers from store paths to the destination (a Docker registry, the Docker deamon, Podman or a file). nix2container also has more advanced features allowing to control the layers that are rebuilt. For instance, if you work on a Python application, nix2container would allow to isolate your application and the Python libraries into dedicated layers. When you change something in your application, the layers containing the Python libraries won't have to be rebuilt and pushed to a registry. lewo.