From: John Kehayias <john.kehayias@protonmail.com>
To: Liliana Marie Prikler <liliana.prikler@gmail.com>
Cc: "guix-devel@gnu.org" <guix-devel@gnu.org>
Subject: Re: [WIP Patch] Adding an FHS container to guix shell
Date: Fri, 15 Jul 2022 16:00:05 +0000 [thread overview]
Message-ID: <zLR0gstJkvh_a50L3IHWsG2wgWSgvOfvQqBvQXawIi-hT-wTm6E8kQfe11rSytXkqXOthtBDYYqCGG5mJ_Z_UHcNpdtF-abZDIDiFjhZNmw=@protonmail.com> (raw)
In-Reply-To: <47c56b0d58dbcf4d48b5a4a6bc70d9955cb86a91.camel@gmail.com>
Hi Liliana,
On Thursday, July 14th, 2022 at 10:59 AM, Liliana Marie Prikler wrote:
>
>
> Hi John,
>
> Am Dienstag, dem 12.07.2022 um 15:59 +0000 schrieb John Kehayias:
>
(snip)
> > 2. Typically binaries will expect the ld loader to use
> > /etc/ld.so.cache for finding libraries. So, I made a glibc package
> > that removes our dl cache patch to restore this behavior. It seems
> > enough to add this as a default package to the container, though I
> > commented out an option to automatically graft everything with this
> > glibc. Both worked for me, but grafting didn't seem necessary.
>
> Would it make sense to keep our libc, but also symlink the cache to its
> FHS place? Or do we need to patch our libc so that this cache is tried
> if a Guix-specific one isn't found?
>
I think it may be possible, but I wasn't able to do this exactly in my efforts for a certain non-free package. So I don't remember the details exactly, but roughly I think it is that our libc will look based on $ORIGIN into a /gnu/store/.... location for an ld cache. I tried to make this happen with some symlinking in the container, but it didn't work for me (maybe just due to the complexity of the binary I was trying this with?). The general issue might just be making this adaptable if it could work. But admittedly I was doing a lot of guessing and learning, so maybe I just wasn't approaching this correctly. And then removing one patch was just too easy :)
As for patching libc so that it falls back to something like /etc/ld.so.cache, I would worry about undesired behavior on a foreign distro. Though we could have it look at some other location that wouldn't conflict (some special directory for Guix?). Still, this sounds like it would add complexity and difficult to diagnose behavior. Seems cleaner to me to distinguish the libc in the FHS container explicitly.
Still, I'm open to hear how this could work, just saying I wasn't able to figure it out using this approach before.
WDYT?
(snip)
> > What about other uses for this container, like providing an isolated
> > environment to build and run software we can't do fully with
> > bootstrap and sources (like JS)? Could this become some stop-gap to
> > allow people to work with these ecosystems in a more controlled way
> > within Guix? Or an alternative build environment? Not entirely sure
> > what this could mean, just thinking out loud.
>
> I don't think we should rely on FHS containers in the build system.
> It's nice to have such a feature as a user, who really needs
> $ELECTRON_APP and doesn't care about the fact that it's a packaging
> nightmare, but on a system level, we ought to provide abstractions that
> are meaningful and helpful to everyone, and FHS containers increase
> both the complexity and the failure potential. See also antioxidant-
> build-system as an example for making Rust packaging sane (we'll likely
> need a similar effort for JS).
>
Sure, I agree the main goal here is definitely for the end-user rather than building. Perhaps there are some applications in some building, but yeah, didn't have anything in mind.
> > [...]
>
> > +;;; Copyright © 2021 John Kehayias john.kehayias@protonmail.com
>
> Is this the right year?
>
[checks calendar] it is not. In fact, we're closer to 2023 than 2021 at this point.
Thanks for spotting!
> > + -F, --fhs-container run command within an isolated FHS
> > container"))
>
> Rather than adding "--fhs-container" as an alternative to --container,
> I'd like something like "--emulate-fhs", which as the "--networking"
> option is to be combined with -C. This makes the interface more
> symmetric.
>
Ah, this is a good idea. Then we would enforce that --container is also included when using the --emulate-fhs option. And the little code I figured out to hijack setting the container option without the user specifying it could be dropped to make it all more explicit from the command interface as well. I'll do that.
> > + (symlink lib-dir "/lib64")
> > + (symlink lib-dir "/lib")
>
> You'll probably want to split 32-bit libraries (if any) and 64-bit ones
> here. Also, bear in mind that certain architectures are 32-bit only.
>
Yes, thanks, I was sort of following what Arch does as my test case. But as pointed out by Maxim as well, we should keep a generic following of the standard. I would like some testing to know if some less standard links are widely used though, standards being one thing and what distros do in practice another. I'll also leave multiple arch setups for a followup, keeping this first attempt generic.
Thanks for the helpful comments!
John
next prev parent reply other threads:[~2022-07-15 16:02 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-12 15:59 [WIP Patch] Adding an FHS container to guix shell John Kehayias
2022-07-12 17:34 ` Vagrant Cascadian
2022-07-15 15:41 ` John Kehayias
2022-07-13 2:11 ` Dominic Martinez
2022-07-13 23:27 ` Blake Shaw
2022-07-15 15:44 ` John Kehayias
2022-07-14 10:01 ` zimoun
2022-07-15 15:46 ` John Kehayias
2022-07-14 14:59 ` Liliana Marie Prikler
2022-07-15 16:00 ` John Kehayias [this message]
2022-07-15 13:43 ` Maxim Cournoyer
2022-07-15 16:35 ` John Kehayias
2022-07-15 13:45 ` Maxim Cournoyer
2022-07-18 11:40 ` Ludovic Courtès
2022-07-20 21:22 ` John Kehayias
2022-07-20 23:49 ` Maxime Devos
2022-07-21 3:15 ` John Kehayias
2022-07-21 0:20 ` debbugs irritation Was: " Csepp
2022-07-21 4:18 ` John Kehayias
2022-07-21 16:45 ` zimoun
2022-07-21 20:22 ` Csepp
2022-08-18 10:55 ` zimoun
2022-08-19 22:13 ` jbranso
2022-07-21 4:25 ` John Kehayias
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='zLR0gstJkvh_a50L3IHWsG2wgWSgvOfvQqBvQXawIi-hT-wTm6E8kQfe11rSytXkqXOthtBDYYqCGG5mJ_Z_UHcNpdtF-abZDIDiFjhZNmw=@protonmail.com' \
--to=john.kehayias@protonmail.com \
--cc=guix-devel@gnu.org \
--cc=liliana.prikler@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).