From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id EMvdI4FYjWNSQwAAbAwnHQ (envelope-from ) for ; Mon, 05 Dec 2022 03:33:37 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id AG/RI4FYjWMzcQEA9RJhRA (envelope-from ) for ; Mon, 05 Dec 2022 03:33:37 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 154AF129C6 for ; Mon, 5 Dec 2022 03:33:36 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1p21I2-0007GB-4i; Sun, 04 Dec 2022 21:33:06 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p21Hx-0007Ft-Eh for guix-devel@gnu.org; Sun, 04 Dec 2022 21:33:01 -0500 Received: from mail-40134.protonmail.ch ([185.70.40.134]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p21Ht-0000KH-Eq for guix-devel@gnu.org; Sun, 04 Dec 2022 21:33:00 -0500 Date: Mon, 05 Dec 2022 02:32:40 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1670207566; x=1670466766; bh=BhtN1QuuDcfs9FKl2hRYqG68PheB92AYyDpi9MLKUhg=; h=Date:To:From:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=B/t9fKc7YD1j8n3xpusFT1uTE53NoD5HuBmqn1YmqRAe08C9qWrTHISsmMlX2il6F uURnBGcRbPjFKue9hLwDH4jRNN51fXu6OihgZEFgdHisj+Bwv1Qo8XZOiktT4AW8SX m/OpLA5BR/PoHCpciMXBc8tYSzAy/15owxzKxNzJpckVA4xY9HHk8h3Usz9MAo9+yh FPbmjR1WW4rFmYKYwsxd84wpnayXwwoY/6dWUAG2auBeII+s10ZZi7h6EtOTbNWgBE qb7jxOSecEN7uDpTC50J+G+ezyCq/t38zyER8fqXnCoeqpkNyJDUVPpvNd3rPnxlrJ NUwlAftXogTRw== To: Guix Devel , help-guix@gnu.org From: John Kehayias Subject: Drafting a Guix blog post on the FHS container Message-ID: <87pmcy4m2j.fsf@protonmail.com> Feedback-ID: 7805494:user:proton MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=185.70.40.134; envelope-from=john.kehayias@protonmail.com; helo=mail-40134.protonmail.ch X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1670207617; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=BhtN1QuuDcfs9FKl2hRYqG68PheB92AYyDpi9MLKUhg=; b=NlCdwkhihlTlnxgNcAeBRz4rKLW3fMz8Mvaq4GGE1C3KqQe9lgKR80EZUUqzZ8X04hOgPB B61NFMHp6aQpf3UmMwbjXfovG4m7H7HlurqNuESwQePJcoxcKTUhGH9fOqB13Rg86usr9f Z8vKoGGFraHTiyo3jsKXtZlUfwVgcKa4F3aogNUt5gpSoU/swQhdEsQZU5PrTwEmFnYj5j 9xPA/ZoAVO111yt2E3KbNOKlFiLHVMEMNhgz2bv6YNgUHotZILK1DWPlQyP6wRwhQNSHWg 743gDojozIkrl78Daf9EFDL68DM/zRRRaUchiW6dpFxrLCHDaXsmcThYrfgQdQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1670207617; a=rsa-sha256; cv=none; b=LlpwzHlY9b2Lo/xLPAqSUpEAfgN1S18k6AtSKJSVbkekv/wrTPrmpp9LvnyL/xhBfZsSaJ 96NFjiJFtsCYBse1jrTLBlHiNrPspeTa/y7PGPiWhGTrWdJOEbXNLJ7ia+91I/dmvtNpOG J5cn028lL7WbAbxup3BDvRkdnS+ssYM0hmv1dGbEPLByipGHS9c1yYACw3+EDV/DulnKp6 sTb6ktNETbSa/9O2Re2t4tITTzqu8g++H++mFVm7UBcVFXyQqD0Zn8GSqKLw7+L7dlwN7E T29ZVmhHXhs/Sfckr+JPOqwhyuP/cbREoUduk546EmsqXiYP/AValfSsJ+3q8Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=protonmail.com header.s=protonmail3 header.b="B/t9fKc7"; dmarc=pass (policy=quarantine) header.from=protonmail.com; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.96 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=protonmail.com header.s=protonmail3 header.b="B/t9fKc7"; dmarc=pass (policy=quarantine) header.from=protonmail.com; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 154AF129C6 X-Spam-Score: -3.96 X-Migadu-Scanner: scn1.migadu.com X-TUID: rD/6LQ/GdKQb Hi Guixers! I've started working on a little blog post about our new --emulate-fhs opti= on for Guix containers. In short, this sets up an FHS-like (Filesystem Hier= archy Standard) container which has things like /lib and /bin. I would like to get some suggestions on good examples to include. More gene= ral feedback, questions, and other comments are also welcome! I've included= a rough draft of the beginning of the post, leading up to showing some exa= mples. (I've sent this to the devel and help list as I think input from different = types of users will be helpful given the feature being discussed. I'm not c= urrently subscribed to the help list, so please cc the devel list or me dir= ectly.) One question: what is appropriate or recommended for examples concerning th= ings like pre-built binaries? As an example, I had tested the FHS container= by running the Siril appimage, which has since been packaged for Guix (nic= e work!). There are ones that I don't see that happening for anytime soon, = like an Electron-based app. Something like VSCodium is very popular, free (= as in freedom and I believe the FSDG sense), but just not something you can= package fully from source due to JavaScript as I understand it. It runs in= the FHS container. Examples I was thinking of including: using rustup (uses pre-build rust bin= aries) and building a package that depends on newer (nightly) rust, like ew= w This builds and nicely is screenshot-abl= e with pretty looking desktop widgets. What would be useful examples? What is the right line to toe regarding bina= ries? I don't want to necessarily advocate for that, yet sometimes we may f= eel we have no other choice or want to be able to test something. I was thi= nking to keep it to what we do have packaged in Guix yet may want to run in= a different way, or something that would fit if the language ecosystem was= n't so at odds with the Guix approach (and reproducibility more generally). Appreciative of any and all thoughts! John Here is a current (rough!) draft. For the ease of plain text email I've exp= orted from the org source to text with some light edits: ______________________________ FHS COMES TO GUIX CONTAINERS John Kehayias ______________________________ GNU Guix is different from most other GNU/Linux distributions and perhaps nowhere is that more obvious than the organization of the filesystem: Guix does not conform to the [File Hierarchy Standard] (FHS). In practical terms, this means there is no global `/lib' containing libraries, `/bin' containing binaries[1], and so on. This is very much at the core of how Guix works and some of the convenient features, like per-user installation of programs (different versions, for instance) and a declarative system configuration where the system is determined from a configuration file. However, this also leads to a difference in how many pieces of software expect their world to look like, relying on finding a library in `/lib' or an external tool in `/bin'. When these are hard coded and not overcome with appropriate build options, we patch code to refer to absolute paths in the store, like `/gnu/store/hrgqa7m498wfavq4awai3xz86ifkjxdr-grep-3.6/bin/grep', to keep everything consistently contained within the store. It all works great and is thanks to the hard work of everyone that has contributed to Guix. But what if we need a more FHS-like environment for developing, testing, or running a piece of software? To that end, we've [recently added] a new option for Guix containers, `--emulate-fhs' (or `-F'). This will set up an environment in the container that follows FHS expectations, so that libraries are visible in `/lib' in the container, as an example. Additionally, for the more technically-minded, the [`glibc' used in this container] will read from a global cache in `/etc/ld.so.cache' contrary to the behavior in [Guix otherwise]. Here is a very simple example: ,---- guix shell --container --emulate-fhs coreutils -- ls /bin `---- [ b2sum base32 base64 basename basenc cat catchsegv chcon chgrp chmod ... Contrast that with `/bin' on a Guix system: ,---- ls /bin -la `---- lrwxrwxrwx 1 root root 61 Dec 3 16:37 sh -> /gnu/store/d99ykvj3a= xzzidygsmdmzxah4lvxd6hw-bash-5.1.8/bin/sh There are several uses that spring to mind for such a container in Guix. For developers, or those aspiring to hack on a project, this is a helpful tool when needing to emulate a different (non-Guix) environment. For example, one could use this to more easily follow build instructions meant for a general distribution, say when a Guix package is not (yet) available or easy to write immediately. Another usage is to be able to use tools that don't really fit into Guix's model, like ones that use pre-built binaries. There are many reasons why this is not ideal and Guix strives to replace or supplement such tools, but practically speaking they can be hard to avoid entirely. The FHS container helps bridge this gap, providing an isolated and reproducible environment as needed. Users not interested in development will also find the FHS container useful. For example, there may be software that is free and conforms to the FSDG Guix follows, yet is not feasible to be [packaged] by our standards. JavaScript and particularly Electron applications are not yet packaged for Guix due to the [difficulties] of a properly source-based and bootstrapable approach in this ecosystem. [File Hierarchy Standard] [recently added] [`glibc' used in this container] [Guix otherwise] [packaged] [difficulties] Footnotes _________ [1] Other than a symlink for `sh' from the `bash' package, for compatibility reasons.