From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-patches-bounces+larch=yhetil.org@gnu.org>
Received: from mp0 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id AO3sGzGGuV4cSQAA0tVLHw
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 11 May 2020 17:06:57 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp0 with LMTPS
	id YPijHD+GuV68KwAA1q6Kng
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Mon, 11 May 2020 17:07:11 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 07B06940414
	for <larch@yhetil.org>; Mon, 11 May 2020 17:07:09 +0000 (UTC)
Received: from localhost ([::1]:51726 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces+larch=yhetil.org@gnu.org>)
	id 1jYBtV-0001Fa-Rc
	for larch@yhetil.org; Mon, 11 May 2020 13:07:09 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:59680)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1jYBtO-0001EU-BU
 for guix-patches@gnu.org; Mon, 11 May 2020 13:07:02 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:41577)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1jYBtO-0000gv-1z
 for guix-patches@gnu.org; Mon, 11 May 2020 13:07:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1jYBtN-0001VX-TG
 for guix-patches@gnu.org; Mon, 11 May 2020 13:07:01 -0400
X-Loop: help-debbugs@gnu.org
Subject: [bug#41189] [PATCH 0/3] Add Fakechroot engine for 'guix pack -RR'
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Mon, 11 May 2020 17:07:01 +0000
Resent-Message-ID: <handler.41189.B.15892167715734@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 41189
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 41189@debbugs.gnu.org
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.15892167715734
 (code B ref -1); Mon, 11 May 2020 17:07:01 +0000
Received: (at submit) by debbugs.gnu.org; 11 May 2020 17:06:11 +0000
Received: from localhost ([127.0.0.1]:53123 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1jYBsY-0001UO-2m
 for submit@debbugs.gnu.org; Mon, 11 May 2020 13:06:11 -0400
Received: from lists.gnu.org ([209.51.188.17]:55082)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1jYBsT-0001UD-Qd
 for submit@debbugs.gnu.org; Mon, 11 May 2020 13:06:09 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:59572)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>) id 1jYBsT-0000KH-LC
 for guix-patches@gnu.org; Mon, 11 May 2020 13:06:05 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:41485)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>)
 id 1jYBsT-0000a1-BV; Mon, 11 May 2020 13:06:05 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38072 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@gnu.org>)
 id 1jYBsP-0004hL-0l; Mon, 11 May 2020 13:06:04 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Date: Mon, 11 May 2020 19:05:54 +0200
Message-Id: <20200511170554.22916-1-ludo@gnu.org>
X-Mailer: git-send-email 2.26.2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-Spam-Score: -3.3 (---)
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+larch=yhetil.org@gnu.org>
X-Scanner: scn0
X-Spam-Score: -0.01
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org
X-Scan-Result: default: False [-0.01 / 13.00];
	 RCVD_VIA_SMTP_AUTH(0.00)[];
	 GENERIC_REPUTATION(0.00)[-0.54014189894997];
	 TO_DN_SOME(0.00)[];
	 R_SPF_ALLOW(-0.20)[+ip4:209.51.188.0/24:c];
	 IP_REPUTATION_HAM(0.00)[asn: 22989(0.07), country: US(-0.00), ip: 209.51.188.17(-0.54)];
	 DWL_DNSWL_FAIL(0.00)[209.51.188.17:server fail];
	 MX_GOOD(-0.50)[cached: eggs.gnu.org];
	 RCPT_COUNT_TWO(0.00)[2];
	 MAILLIST(-0.20)[mailman];
	 FORGED_RECIPIENTS_MAILLIST(0.00)[];
	 RCVD_TLS_LAST(0.00)[];
	 MIME_TRACE(0.00)[0:+];
	 ASN(0.00)[asn:22989, ipnet:209.51.188.0/24, country:US];
	 FROM_NEQ_ENVFROM(0.00)[ludo@gnu.org,guix-patches-bounces@gnu.org];
	 TAGGED_FROM(0.00)[larch=yhetil.org];
	 ARC_NA(0.00)[];
	 URIBL_BLOCKED(0.00)[ld.so:url];
	 FROM_HAS_DN(0.00)[];
	 MIME_GOOD(-0.10)[text/plain];
	 R_DKIM_NA(0.00)[];
	 DMARC_NA(0.00)[gnu.org];
	 HAS_LIST_UNSUB(-0.01)[];
	 DNSWL_BLOCKED(0.00)[209.51.188.17:from];
	 MID_CONTAINS_FROM(1.00)[];
	 RWL_MAILSPIKE_POSSIBLE(0.00)[209.51.188.17:from];
	 RCVD_COUNT_SEVEN(0.00)[10];
	 FORGED_SENDER_MAILLIST(0.00)[]
X-TUID: 2XKiyQ/7wkRj

Hello Guix!

‘guix pack -RR’ is wonderful, as we know ;-), because it produces
binaries that work everywhere.

However, the overhead of PRoot is sometimes inappropriate, in
particular for those who want to run packed software on
high-performance computers, the very kind of machine that lacks
Guix and unprivileged user namespaces.

This patch series adds an optional “execution engine” to wrappers
that uses ld.so and fakechroot LD_PRELOAD trickery.  Since it’s
just LD_PRELOAD, there’s very little overhead, unlike PRoot.
On the flip side, it doesn’t work as well as PRoot, because it’s
“just” LD_PRELOAD.

For example, some of the ‘open’ calls made in libc are not
intercepted; on such call is in ‘__gconv_load_cache’, which makes
it fail, and in turn makes Guile fail to start in its first
‘scm_to_locale_string’ call.  Things that work well include Bash
and Python 3.  Let me know how well it works for your favorite
application!

The execution engine can now be chosen at run time by setting the
‘GUIX_EXECUTION_ENGINE’.

For the record, tools like udocker support a similar range of
execution engines: <https://github.com/indigo-dc/udocker/>.

Feedback welcome!

Thanks,
Ludo’.

Ludovic Courtès (3):
  pack: Wrapper honors 'GUIX_EXECUTION_ENGINE' environment variable.
  gnu: Add fakechroot.
  pack: Add relocation via ld.so and fakechroot.

 doc/guix.texi                             |  43 +++-
 gnu/packages/aux-files/run-in-namespace.c | 250 ++++++++++++++++++++--
 gnu/packages/linux.scm                    |  30 +++
 guix/scripts/pack.scm                     |  65 +++++-
 tests/guix-pack-relocatable.sh            |  23 ++
 5 files changed, 376 insertions(+), 35 deletions(-)

-- 
2.26.2