[bug#30572] [PATCH 6/7] system: Add "guix system docker-image" command.

[ludo@gnu.org (Ludovic Courtès)]

Hello Chris,

Chris Marusich <cmmarusich@gmail.com> skribis:

> * gnu/system/vm.scm (system-docker-image): New procedure.
> * guix/scripts/system.scm (system-derivation-for-action): Add a case for
>   docker-image, and in that case, call system-docker-image.
>   (show-help): Document docker-image.
>   (guix-system): Parse arguments for docker-image.
> * doc/guix.texi (Invoking guix system): Document "guix system
>   docker-image".
> * gnu/system/examples/docker-image.tmpl: New file.

Neat!

> +When using @code{docker-image}, a Docker image is produced.  Guix builds
> +the image from scratch, not from a pre-existing Docker base image.  As a
> +result, it contains @emph{exactly} what you define in the operating
> +system configuration file.  You can then load the image and launch a
> +Docker container using commands like the following:
> +
> +@example
> +image_id="$(docker load < guixsd-docker-image.tar.gz)"
> +docker run -e GUIX_NEW_SYSTEM=/var/guix/profiles/system \\
> +    --entrypoint /var/guix/profiles/system/profile/bin/guile \\
> +    $image_id /var/guix/profiles/system/boot
> +@end example
> +
> +This command starts a new Docker container from the specified image.  It
> +will boot the GuixSD system in the usual manner, which means it will
> +start any services you have defined in the operating system
> +configuration.  Depending on what you run in the Docker container, it
> +may be necessary to give the container additional permissions.  For
> +example, if you intend to build software using Guix inside of the Docker
> +container, you may need to pass the @option{--privileged} option to
> +@code{docker run}.

Awesome.

> +  (define json
> +    ;; Pick the guile-json package that corresponds to the Guile used to build
> +    ;; derivations.
> +    (if (string-prefix? "2.0" (package-version (default-guile)))
> +        guile2.0-json
> +        guile-json))

I think we can use ‘guile-json’ unconditionally here.

> +              (mkdir root-directory)
> +              (initialize root-directory)
> +              (build-docker-image
> +               (string-append "/xchg/" #$name) ;; The output file.
> +               (cons* root-directory
> +                      (call-with-input-file (string-append "/xchg/" #$graph)
> +                        read-reference-graph))
> +               #$os-drv
> +               #:compressor '(#+(file-append gzip "/bin/gzip") "-9n")
> +               #:creation-time (make-time time-utc 0 1)
> +               #:transformations `((,root-directory -> "")))))))

Am I right that the whole point of passing several file names to
‘build-docker-image’ is that here we don’t need to copy the whole store
to ‘root-directory’, right?

I liked the simplicity of accepting a single file name in
‘build-docker-image’ (no need for #:transformations in that case), but I
reckon that copying everything around just to meet this requirement is
inefficient.

Otherwise LGTM, thanks!

Ludo’.