From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id whEgLvtTq148MwAA0tVLHw (envelope-from ) for ; Thu, 30 Apr 2020 22:40:59 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id CM43JARUq16+FQAA1q6Kng (envelope-from ) for ; Thu, 30 Apr 2020 22:41:08 +0000 Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:470:142::17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id E47839432C2 for ; Thu, 30 Apr 2020 22:41:07 +0000 (UTC) Received: from localhost ([::1]:50382 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jUHrg-0004sC-2g for larch@yhetil.org; Thu, 30 Apr 2020 18:41:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40882) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jUHr3-0004ny-1B for guix-devel@gnu.org; Thu, 30 Apr 2020 18:40:47 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.90_1) (envelope-from ) id 1jUHqj-0008R3-G2 for guix-devel@gnu.org; Thu, 30 Apr 2020 18:40:27 -0400 Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:34224) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jUHqh-0007z1-E3 for guix-devel@gnu.org; Thu, 30 Apr 2020 18:40:07 -0400 X-IronPort-AV: E=Sophos;i="5.73,337,1583190000"; d="scan'208";a="347437769" Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 01 May 2020 00:40:01 +0200 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: guix-devel Subject: Network services in =?utf-8?Q?=E2=80=98guix?= system =?utf-8?Q?do?= =?utf-8?Q?cker-image=E2=80=99=3F?= X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 13 =?utf-8?Q?Flor=C3=A9al?= an 228 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Fri, 01 May 2020 00:40:00 +0200 Message-ID: <87y2qck37j.fsf@inria.fr> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Received-SPF: pass client-ip=192.134.164.104; envelope-from=ludovic.courtes@inria.fr; helo=mail3-relais-sop.national.inria.fr X-detected-operating-system: by eggs.gnu.org: First seen = 2020/04/30 18:40:01 X-ACL-Warn: Detected OS = ??? X-Received-From: 192.134.164.104 X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Scanner: scn0 X-Spam-Score: 0.55 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 2001:470:142::17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Scan-Result: default: False [0.55 / 13.00]; GENERIC_REPUTATION(0.00)[-0.49481693694025]; DWL_DNSWL_FAIL(0.00)[2001:470:142::17:server fail]; R_SPF_ALLOW(-0.20)[+ip6:2001:470:142::/48:c]; IP_REPUTATION_HAM(0.00)[asn: 22989(0.17), country: US(-0.00), ip: 2001:470:142::17(-0.49)]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.50)[cached: eggs.gnu.org]; MAILLIST(-0.20)[mailman]; FORGED_RECIPIENTS_MAILLIST(0.00)[]; RCVD_IN_DNSWL_FAIL(0.00)[2001:470:142::17:server fail]; MIME_TRACE(0.00)[0:+,1:+,2:+]; R_MIXED_CHARSET(0.56)[subject]; ASN(0.00)[asn:22989, ipnet:2001:470:142::/48, country:US]; R_DKIM_NA(0.00)[]; TAGGED_FROM(0.00)[larch=yhetil.org]; ARC_NA(0.00)[]; RCVD_COUNT_FIVE(0.00)[6]; FROM_NEQ_ENVFROM(0.00)[ludovic.courtes@inria.fr,guix-devel-bounces@gnu.org]; FROM_HAS_DN(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; MIME_GOOD(-0.10)[multipart/mixed,text/plain,text/x-patch]; SUBJECT_ENDS_QUESTION(1.00)[]; DMARC_NA(0.00)[inria.fr]; HAS_LIST_UNSUB(-0.01)[]; RCPT_COUNT_ONE(0.00)[1]; RCVD_TLS_LAST(0.00)[]; FORGED_SENDER_MAILLIST(0.00)[] X-TUID: 2p3RjHVudtKZ --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello! Does it make any sense at all to have things like a DHCP client and nscd inside a Docker image produced by =E2=80=98guix system docker-image=E2=80= =99? I was going to apply the patch below to allow users to get rid of these services by running =E2=80=98guix system docker-image --network=E2=80=99. = But now, I=E2=80=99m wondering if there=E2=80=99s a use case to have them at all. Thoughts? Ludo=E2=80=99. --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/doc/guix.texi b/doc/guix.texi index d0592220a7..fd3d8b1e52 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -26934,6 +26934,10 @@ example, if you intend to build software using Guix inside of the Docker container, you may need to pass the @option{--privileged} option to @code{docker create}. +Last, the @code{--network} option applies to @command{guix system +docker-image}: it produces an image where network is supposedly shared +with the host, and thus without services like nscd or NetworkManager. + @item container Return a script to run the operating system declared in @var{file} within a container. Containers are a set of lightweight isolation diff --git a/gnu/system/vm.scm b/gnu/system/vm.scm index 6f81ac16ff..082133407a 100644 --- a/gnu/system/vm.scm +++ b/gnu/system/vm.scm @@ -508,13 +508,17 @@ system." (define* (system-docker-image os #:key (name "guix-docker-image") - (register-closures? (has-guix-service-type? os))) + (register-closures? (has-guix-service-type? os)) + shared-network?) "Build a docker image. OS is the desired . NAME is the -base name to use for the output file. When REGISTER-CLOSURES? is true, -register the closure of OS with Guix in the resulting Docker image. By -default, REGISTER-CLOSURES? is set to true only if a service of type -GUIX-SERVICE-TYPE is present in the services definition of the operating -system." +base name to use for the output file. When SHARED-NETWORK? is true, assume +that the container will share network with the host and thus doesn't need a +DHCP client, nscd, and so on. + +When REGISTER-CLOSURES? is true, register the closure of OS with Guix in the +resulting Docker image. By default, REGISTER-CLOSURES? is set to true only if +a service of type GUIX-SERVICE-TYPE is present in the services definition of +the operating system." (define schema (and register-closures? (local-file (search-path %load-path @@ -531,7 +535,9 @@ system." (let ((os (operating-system-with-gc-roots - (containerized-operating-system os '()) + (containerized-operating-system os '() + #:shared-network? + shared-network?) (list boot-program))) (name (string-append name ".tar.gz")) (graph "system-graph")) diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm index 2664c66a30..664ecac9e6 100644 --- a/guix/scripts/system.scm +++ b/guix/scripts/system.scm @@ -699,7 +699,7 @@ checking this by themselves in their 'check' procedure." #:disk-image-size image-size #:file-system-type file-system-type)) ((docker-image) - (system-docker-image os)))) + (system-docker-image os #:shared-network? container-shared-network?)))) (define (maybe-suggest-running-guix-pull) "Suggest running 'guix pull' if this has never been done before." --=-=-=--