unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
* guix pull: error: getting status of /var/guix/gcroots
@ 2020-01-30 13:10 Jimmy Thrasibule
  2020-02-06 10:29 ` mlell
  2020-02-06 14:02 ` zimoun
  0 siblings, 2 replies; 5+ messages in thread
From: Jimmy Thrasibule @ 2020-01-30 13:10 UTC (permalink / raw)
  To: help-guix

Hi,

I'm building a Docker image in order to get a GuixSD by using the ``guix
system docker-image`` command. See the Dokerfile at:
https://bitbucket.org/x237net/guixsd/src/master/src/Dockerfile.

The process is working great and I can successfully get to the final result
on my local systems.

However, when I push the container to hub.docker.com it fails to build the
image with the following error message:


    guix pull: error: getting status of /var/guix/gcroots: Operation not
permitted


Again, I successfully built the image on different local systems and my
other container [x237net/alpine-guix] which builds successfully on their
platform also calls ``guix pull``.

I guess they are reducing the capabilities allowed to their build platform
but I can really tell what operation is guix pull attempting in this
particular case.

Regards,
Jimmy

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: guix pull: error: getting status of /var/guix/gcroots
  2020-01-30 13:10 guix pull: error: getting status of /var/guix/gcroots Jimmy Thrasibule
@ 2020-02-06 10:29 ` mlell
  2020-02-06 14:02 ` zimoun
  1 sibling, 0 replies; 5+ messages in thread
From: mlell @ 2020-02-06 10:29 UTC (permalink / raw)
  To: jimmy; +Cc: Help-Guix, help-guix

Hi Jimmy!


> I guess they are reducing the capabilities allowed to their build 
> platform
> but I can really tell what operation is guix pull attempting in this
> particular case.
> 

Do you have any possibility to run guix pull with strace? strace is a 
program that logs all the system calls [1] of another program,
so you might see what operation is failing.

But for this, you must modify the startup file of guix-daemon! Because 
`guix pull` only forwards requests to `guix-daemon`, which
does all the work! I don't know how to do it in docker, but, for my Arch 
Linux system, there is a `guix-daemon` service file at
  /etc/systemd/system/guix-daemon.service.

There, you can find a line starting with "ExecStart=". This is the 
command to run the daemon. Prepend `strace -o 
/tmp/guix-daemon.strace.log` to the command to log all the system calls 
to the file /tmp/guix-daemon.stace.log

Hope that helps,
Moritz

[1]: 
https://en.wikipedia.org/wiki/System_call#Categories_of_system_calls

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: guix pull: error: getting status of /var/guix/gcroots
  2020-01-30 13:10 guix pull: error: getting status of /var/guix/gcroots Jimmy Thrasibule
  2020-02-06 10:29 ` mlell
@ 2020-02-06 14:02 ` zimoun
  2020-02-06 21:19   ` Jimmy Thrasibule
  1 sibling, 1 reply; 5+ messages in thread
From: zimoun @ 2020-02-06 14:02 UTC (permalink / raw)
  To: jimmy; +Cc: help-guix

Hi,

On Thu, 30 Jan 2020 at 14:11, Jimmy Thrasibule
<jimmy.thrasibule@gmail.com> wrote:

> I'm building a Docker image in order to get a GuixSD by using the ``guix
> system docker-image`` command. See the Dokerfile at:
> https://bitbucket.org/x237net/guixsd/src/master/src/Dockerfile.

Instead, the issue should come from this file:

https://bitbucket.org/x237net/alpine-guix/src/master/src/Dockerfile


>     guix pull: error: getting status of /var/guix/gcroots: Operation not
> permitted

I do not have carefully look to your files, but the issue should be:
 - wrong permission
 - /var/guix is not exposed



> Again, I successfully built the image on different local systems and my
> other container [x237net/alpine-guix] which builds successfully on their
> platform also calls ``guix pull``.

My intuition is that your issue comes from this other container.
And it builds, pulls etc because your are inside. However, if
something is wrong then the command "FROM x237net/alpine-guix" does
not do what you expect.

I mean, if the container x237net/alpine-guix is correct, you should be
able to just run this simple Dockerfile:

FROM x237net/alpine-guix:latest
RUN guix pull

(modulo set the correct paths and maybe start the daemon)


> I guess they are reducing the capabilities allowed to their build platform
> but I can really tell what operation is guix pull attempting in this
> particular case.

Last, aside the "Operation not permitted", check if the network is
correctly setup.


Hope that helps.

All the best,
simon

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: guix pull: error: getting status of /var/guix/gcroots
  2020-02-06 14:02 ` zimoun
@ 2020-02-06 21:19   ` Jimmy Thrasibule
  2020-02-07 12:16     ` zimoun
  0 siblings, 1 reply; 5+ messages in thread
From: Jimmy Thrasibule @ 2020-02-06 21:19 UTC (permalink / raw)
  To: help-guix

> Do you have any possibility to run guix pull with strace?

Unfortunately containers are not given PTRACE privileges during the
build phase so I cannot call strace.

> I do not have carefully look to your files, but the issue should be:
>  - wrong permission
>  - /var/guix is not exposed

Well the folder exists and is owned by root.

> My intuition is that your issue comes from this other container.
> And it builds, pulls etc because your are inside. However, if
> something is wrong then the command "FROM x237net/alpine-guix" does
> not do what you expect.

The x237net/guixsd container builds successfully on my work stations
and others. Only hub.docker.com CI's platform seems to fail building
the image. I actually pushed to the hub an image that I successfully
built.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: guix pull: error: getting status of /var/guix/gcroots
  2020-02-06 21:19   ` Jimmy Thrasibule
@ 2020-02-07 12:16     ` zimoun
  0 siblings, 0 replies; 5+ messages in thread
From: zimoun @ 2020-02-07 12:16 UTC (permalink / raw)
  To: jimmy; +Cc: help-guix

On Thu, 6 Feb 2020 at 22:20, Jimmy Thrasibule
<jimmy.thrasibule@gmail.com> wrote:

> > I do not have carefully look to your files, but the issue should be:
> >  - wrong permission
> >  - /var/guix is not exposed
>
> Well the folder exists and is owned by root.

Where does it exist?
On your local machine running Guix?
Have you tried to build a Dockerfile containing:
    FROM x237net/alpine-guix
    RUN guix pull
on any other machine not running Guix?

I suspect it will fail because "x237net/alpine-guix" is not build the
way you expect.


> > My intuition is that your issue comes from this other container.
> > And it builds, pulls etc because your are inside. However, if
> > something is wrong then the command "FROM x237net/alpine-guix" does
> > not do what you expect.
>
> The x237net/guixsd container builds successfully on my work stations
> and others.

If it is what I am thinking of, the 'x237net/guixsd ' container works
on any machine running Guix.
But, it will fail otherwise.


>Only hub.docker.com CI's platform seems to fail building
> the image. I actually pushed to the hub an image that I successfully
> built.

I suspect that this image you successfully built will not work on any
machine not running Guix.


Hope that helps,
simon

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2020-02-07 12:16 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-01-30 13:10 guix pull: error: getting status of /var/guix/gcroots Jimmy Thrasibule
2020-02-06 10:29 ` mlell
2020-02-06 14:02 ` zimoun
2020-02-06 21:19   ` Jimmy Thrasibule
2020-02-07 12:16     ` zimoun

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).