unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed
* Fast `guix environment --container' switch
@ 2020-12-09  9:40 Pierre Neidhardt
  2020-12-09 10:07 ` zimoun
  2020-12-17 21:52 ` Ludovic Courtès
  0 siblings, 2 replies; 10+ messages in thread
From: Pierre Neidhardt @ 2020-12-09  9:40 UTC (permalink / raw)
  To: help-guix

[-- Attachment #1: Type: text/plain, Size: 500 bytes --]

Hi Guix!

`guix environment --container ... -- my-foo-program` is great but a bit
slow to start.

Is there a way to speed this up?

I know that without --container, one can use --root to create a link and
source the etc/profile from there.

Is it possible to switch to such a root in a container?

Alternatively, how do you load a etc/profile purely, i.e. without
inheriting from the parent environment, just like --pure does?

Cheers!

-- 
Pierre Neidhardt
https://ambrevar.xyz/

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 511 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Fast `guix environment --container' switch
  2020-12-09  9:40 Fast `guix environment --container' switch Pierre Neidhardt
@ 2020-12-09 10:07 ` zimoun
  2020-12-09 10:13   ` Pierre Neidhardt
  2020-12-17 21:52 ` Ludovic Courtès
  1 sibling, 1 reply; 10+ messages in thread
From: zimoun @ 2020-12-09 10:07 UTC (permalink / raw)
  To: Pierre Neidhardt, help-guix

Hi Pierre,

On Wed, 09 Dec 2020 at 10:40, Pierre Neidhardt <mail@ambrevar.xyz> wrote:

> `guix environment --container ... -- my-foo-program` is great but a bit
> slow to start.
>
> Is there a way to speed this up?

I get, cold cache:

--8<---------------cut here---------------start------------->8---
$ sudo sh -c 'echo 3 > /proc/sys/vm/drop_caches'
$ time guix environment --container --ad-hoc hello -- hello
Hello, world!

real    0m2.815s
user    0m1.852s
sys     0m0.238s

$ sudo sh -c 'echo 3 > /proc/sys/vm/drop_caches'
$ time guix environment --pure --ad-hoc hello -- hello
Hello, world!

real    0m2.656s
user    0m1.733s
sys     0m0.240s
--8<---------------cut here---------------end--------------->8---

and warm cache:

--8<---------------cut here---------------start------------->8---
$ time guix environment --container --ad-hoc hello -- hello
Hello, world!

real    0m1.399s
user    0m1.544s
sys     0m0.104s

$ time guix environment --pure --ad-hoc hello -- hello
Hello, world!

real    0m1.250s
user    0m1.492s
sys     0m0.094s
--8<---------------cut here---------------end--------------->8---


Do you have examples where the difference is significant?


All the best,
simon


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Fast `guix environment --container' switch
  2020-12-09 10:07 ` zimoun
@ 2020-12-09 10:13   ` Pierre Neidhardt
  2020-12-09 10:37     ` zimoun
  0 siblings, 1 reply; 10+ messages in thread
From: Pierre Neidhardt @ 2020-12-09 10:13 UTC (permalink / raw)
  To: zimoun, help-guix

[-- Attachment #1: Type: text/plain, Size: 249 bytes --]

Hi Simon,

Maybe a misunderstanding, the question is not about --pure.  I'd like a
`containerized hello' to start about as fast as non-containerized
`hello', without the 1 s overhead.

Cheers!

-- 
Pierre Neidhardt
https://ambrevar.xyz/

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 511 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Fast `guix environment --container' switch
  2020-12-09 10:13   ` Pierre Neidhardt
@ 2020-12-09 10:37     ` zimoun
  2020-12-09 10:55       ` Pierre Neidhardt
  0 siblings, 1 reply; 10+ messages in thread
From: zimoun @ 2020-12-09 10:37 UTC (permalink / raw)
  To: Pierre Neidhardt, help-guix

Hi,

On Wed, 09 Dec 2020 at 11:13, Pierre Neidhardt <mail@ambrevar.xyz> wrote:

> Maybe a misunderstanding, the question is not about --pure.  I'd like a
> `containerized hello' to start about as fast as non-containerized
> `hello', without the 1 s overhead.

Which 1s overhead?

The overhead between --pure and --container is 0.2s in both cases, which
is linux namespace creation and co.

Thereofore, on my machine, «“containerized hello” starts as fast as
“non-containerized hello”», with a 0.2s overhead.  So I am missing what
you are asking. :-)

I guess, in some case, this overhead is bigger.  That’s why I asked if
you have examples.


Cheers,
simon


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Fast `guix environment --container' switch
  2020-12-09 10:37     ` zimoun
@ 2020-12-09 10:55       ` Pierre Neidhardt
  2020-12-09 11:47         ` zimoun
  0 siblings, 1 reply; 10+ messages in thread
From: Pierre Neidhardt @ 2020-12-09 10:55 UTC (permalink / raw)
  To: zimoun, help-guix

[-- Attachment #1: Type: text/plain, Size: 1144 bytes --]

`guix environment` incurs an overhead:

--8<---------------cut here---------------start------------->8---
time /gnu/store/a462kby1q51ndvxdv3b6p0rsixxrgx1h-hello-2.10/bin/hello
Hello, world!

real	0m0.002s
user	0m0.002s
sys	0m0.000s
--8<---------------cut here---------------end--------------->8---

--8<---------------cut here---------------start------------->8---
$ time guix environment --ad-hoc hello -- hello
Hello, world!

real	0m0.921s
user	0m1.003s
sys	0m0.091s
--8<---------------cut here---------------end--------------->8---

It's possible to bypass this overhead by using --root:

--8<---------------cut here---------------start------------->8---
$ guix environment --ad-hoc hello --root=foo
[env]$ exit

$ source foo/etc/profile && time hello
Hello, world!

real	0m0.003s
user	0m0.003s
sys	0m0.000s
--8<---------------cut here---------------end--------------->8---

The above `source' is of course not containerized.

So is it possible to use a similar trick to run something containerized
"instantly", i.e.  with less than, say, 100ms overhead?

-- 
Pierre Neidhardt
https://ambrevar.xyz/

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 511 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Fast `guix environment --container' switch
  2020-12-09 10:55       ` Pierre Neidhardt
@ 2020-12-09 11:47         ` zimoun
  2020-12-09 12:02           ` Pierre Neidhardt
  0 siblings, 1 reply; 10+ messages in thread
From: zimoun @ 2020-12-09 11:47 UTC (permalink / raw)
  To: Pierre Neidhardt, help-guix

On Wed, 09 Dec 2020 at 11:55, Pierre Neidhardt <mail@ambrevar.xyz> wrote:
> `guix environment` incurs an overhead:
>
> --8<---------------cut here---------------start------------->8---
> time /gnu/store/a462kby1q51ndvxdv3b6p0rsixxrgx1h-hello-2.10/bin/hello
> Hello, world!
>
> real	0m0.002s
> user	0m0.002s
> sys	0m0.000s
> --8<---------------cut here---------------end--------------->8---
>
> --8<---------------cut here---------------start------------->8---
> $ time guix environment --ad-hoc hello -- hello
> Hello, world!
>
> real	0m0.921s
> user	0m1.003s
> sys	0m0.091s
> --8<---------------cut here---------------end--------------->8---
>
> It's possible to bypass this overhead by using --root:

It by-passes the computations of derivations and profiles.  Somehow,
using --root is using a precomputed profile. IIUC.

> So is it possible to use a similar trick to run something containerized
> "instantly", i.e.  with less than, say, 100ms overhead?

I see, you would like to be able to run a profile in container, right?
Somehow, it is similar to the wanted [1], IIUC.

1: <https://yhetil.org/guix-devel/877dvn10ro.fsf@dustycloud.org>


Cheers,
simon


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Fast `guix environment --container' switch
  2020-12-09 11:47         ` zimoun
@ 2020-12-09 12:02           ` Pierre Neidhardt
  0 siblings, 0 replies; 10+ messages in thread
From: Pierre Neidhardt @ 2020-12-09 12:02 UTC (permalink / raw)
  To: zimoun, help-guix

[-- Attachment #1: Type: text/plain, Size: 583 bytes --]

zimoun <zimon.toutoune@gmail.com> writes:

> It by-passes the computations of derivations and profiles.  Somehow,
> using --root is using a precomputed profile. IIUC.

Exactly!

>> So is it possible to use a similar trick to run something containerized
>> "instantly", i.e.  with less than, say, 100ms overhead?
>
> I see, you would like to be able to run a profile in container, right?
> Somehow, it is similar to the wanted [1], IIUC.
>
> 1: <https://yhetil.org/guix-devel/877dvn10ro.fsf@dustycloud.org>

Exactly! :)

-- 
Pierre Neidhardt
https://ambrevar.xyz/

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 511 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Fast `guix environment --container' switch
  2020-12-09  9:40 Fast `guix environment --container' switch Pierre Neidhardt
  2020-12-09 10:07 ` zimoun
@ 2020-12-17 21:52 ` Ludovic Courtès
  2020-12-29 21:47   ` Pierre Neidhardt
  2021-01-05 22:50   ` Christopher Lemmer Webber
  1 sibling, 2 replies; 10+ messages in thread
From: Ludovic Courtès @ 2020-12-17 21:52 UTC (permalink / raw)
  To: Pierre Neidhardt; +Cc: help-guix

[-- Attachment #1: Type: text/plain, Size: 585 bytes --]

Hi!

Pierre Neidhardt <mail@ambrevar.xyz> skribis:

> `guix environment --container ... -- my-foo-program` is great but a bit
> slow to start.
>
> Is there a way to speed this up?

The attached program (based on an experiment from 2018¹ with exciting
yet to date mythical prospects) picks a program from $PATH (typically
from your profile) and runs it in a container.  As in:

  guix run inkscape

It has less work to do compared to ‘guix environment’ so it is faster.

HTH!

Ludo’.

¹ https://lists.gnu.org/archive/html/help-guix/2018-01/msg00117.html


[-- Attachment #2: run.scm --]
[-- Type: text/plain, Size: 6433 bytes --]

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (guix scripts run)
  #:use-module (guix ui)
  #:use-module (guix utils)
  #:use-module (guix scripts)
  #:use-module (guix store)
  #:use-module (guix packages)
  #:use-module (guix derivations)
  #:use-module ((guix build utils) #:select (which mkdir-p))
  #:use-module (gnu build linux-container)
  #:use-module (gnu system file-systems)
  #:use-module (gnu packages)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-9 gnu)
  #:use-module (srfi srfi-11)
  #:use-module (srfi srfi-26)
  #:use-module (srfi srfi-37)
  #:use-module (ice-9 match)
  #:export (guix-run))

(define %options
  (list (option '(#\h "help") #f #f
                (lambda args
                  (show-help)
                  (exit 0)))
        (option '(#\V "version") #f #f
                (lambda args
                  (show-version-and-exit "guix run")))))

(define (show-help)
  (display (G_ "Usage: guix run PACKAGE COMMAND...
Run COMMAND from PACKAGE in a container.\n"))
  (newline)
  (display (G_ "
  -h, --help             display this help and exit"))
  (display (G_ "
  -V, --version          display version information and exit"))
  (newline)
  (show-bug-report-information))

\f

(define (bind-mount-spec/ro item)
  (and (file-exists? item)
       (file-system
         (device item)
         (mount-point item)
         (type "none")
         (flags '(bind-mount read-only))
         (check? #f))))

(define (bind-mount-spec/rw item)
  (and (file-exists? item)
       (file-system
         (inherit (bind-mount-spec/ro item))
         (flags '(bind-mount)))))

;; Safe in which applications run.
(define-immutable-record-type <safe>
  (safe namespaces mappings)
  safe?
  (namespaces  safe-namespaces)
  (mappings    safe-mappings))

(define (application-safe items)
  "Return safe corresponding to the application whose dependencies are listed
in ITEMS."
  (define packages
    (map (compose (cut package-name->name+version <> #\-)
                  store-path-package-name)
         items))

  (define x11? (member "libx11" packages))
  (define dbus? (member "dbus" packages))
  (define alsa? (member "alsa-lib" packages))
  (define pulseaudio? (member "pulseaudio" packages))

  (define mappings
    (let-syntax ((if (syntax-rules ()
                       ((_ condition body)
                        (if condition
                            (or (and=> body list) '())
                            '()))))
                 (ro (identifier-syntax bind-mount-spec/ro))
                 (rw (identifier-syntax bind-mount-spec/rw)))
      `(,(rw "/var/run/nscd/socket")
        ,@(if x11? (rw (string-append (getenv "HOME") "/.Xauthority")))
        ,@(if x11? (rw "/tmp/.X11-unix"))
        ,@(if x11? (rw (string-append "/run/user/"
                                      (number->string (getuid)))))
        ,@(if dbus? (ro "/etc/machine-id"))
        ,@(if alsa? (rw "/dev/snd"))
        ,@(if pulseaudio? (rw (string-append (getenv "HOME") "/.pulse"))))))

  (define namespaces
    ;; X11 applications need to run in the same IPC namespace as
    ;; the server.
    (if x11?
        (fold delq %namespaces '(ipc net))
        %namespaces))

  (safe namespaces mappings))

(define %not-colon
  (char-set-complement (char-set #\:)))

(define (guix-run . args)
  (define (parse-options)
    ;; Return the alist of option values.  With this hack, the first
    ;; non-option argument is considered to be the beginning of the command.
    (let-values (((args command) (span (cut string-prefix? "-" <>) args)))
      (args-fold* args %options
                  (lambda (opt name arg result)
                    (leave (G_ "~A: unrecognized option~%") name))
                  (lambda (arg result)
                    (pk 'arg arg)
                    (alist-cons 'argument arg result))
                  '())
      command))

  (with-error-handling
    (match (parse-options)
      ((command args ...)
       (with-store store
         (let* ((full     (search-path (string-tokenize (getenv "PATH") %not-colon)
                                       command))
                (resolved (and=> full readlink*))
                (prefix   (and=> resolved (lambda (file)
                                            (and (store-path? file)
                                                 (direct-store-path file))))))
           (unless full
             (leave (G_ "command '~a' not found~%") command))
           (unless prefix
             (leave (G_ "command '~a' is not in '~a'~%")
                    command (%store-prefix)))

           (let* ((items (requisites store (list prefix)))
                  (safe  (application-safe items))
                  (env   (environ))
                  (cwd   (getcwd)))

             (call-with-container
                 (append (map bind-mount-spec/ro items)
                         (safe-mappings safe)
                         (list (bind-mount-spec/ro cwd))) ;XXX: avoid that?
               (lambda ()
                 (environ env)                    ;TODO: filter ENV
                 (mkdir-p (getenv "HOME"))
                 (chdir cwd)

                 (newline)
                 (catch #t
                   (lambda ()
                     (apply execl resolved command args))
                   (lambda (key . args)
                     (print-exception (current-error-port) #f key args)
                     (exit 1))))

               #:namespaces (safe-namespaces safe)))))))))

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Fast `guix environment --container' switch
  2020-12-17 21:52 ` Ludovic Courtès
@ 2020-12-29 21:47   ` Pierre Neidhardt
  2021-01-05 22:50   ` Christopher Lemmer Webber
  1 sibling, 0 replies; 10+ messages in thread
From: Pierre Neidhardt @ 2020-12-29 21:47 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: help-guix

[-- Attachment #1: Type: text/plain, Size: 165 bytes --]

Hi Ludo,

thanks for the snippet, this looks very useful indeed!  I'll check it
out later and report.

Thanks!

-- 
Pierre Neidhardt
https://ambrevar.xyz/

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 511 bytes --]

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: Fast `guix environment --container' switch
  2020-12-17 21:52 ` Ludovic Courtès
  2020-12-29 21:47   ` Pierre Neidhardt
@ 2021-01-05 22:50   ` Christopher Lemmer Webber
  1 sibling, 0 replies; 10+ messages in thread
From: Christopher Lemmer Webber @ 2021-01-05 22:50 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: help-guix

This is very cool.  We need something like this!

I'm replying partly to make a note that here's where some of this
conversation is... but I'm going to try to write an email over the next
couple of weeks of how to lead the way for making users safe through
Guix.  This is a useful reference starting point.

 - Chris


Ludovic Courtès writes:

> Hi!
>
> Pierre Neidhardt <mail@ambrevar.xyz> skribis:
>
>> `guix environment --container ... -- my-foo-program` is great but a bit
>> slow to start.
>>
>> Is there a way to speed this up?
>
> The attached program (based on an experiment from 2018¹ with exciting
> yet to date mythical prospects) picks a program from $PATH (typically
> from your profile) and runs it in a container.  As in:
>
>   guix run inkscape
>
> It has less work to do compared to ‘guix environment’ so it is faster.
>
> HTH!
>
> Ludo’.
>
> ¹ https://lists.gnu.org/archive/html/help-guix/2018-01/msg00117.html
>
> ;;; GNU Guix --- Functional package management for GNU
> ;;; Copyright © 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
> ;;;
> ;;; This file is part of GNU Guix.
> ;;;
> ;;; GNU Guix is free software; you can redistribute it and/or modify it
> ;;; under the terms of the GNU General Public License as published by
> ;;; the Free Software Foundation; either version 3 of the License, or (at
> ;;; your option) any later version.
> ;;;
> ;;; GNU Guix is distributed in the hope that it will be useful, but
> ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
> ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> ;;; GNU General Public License for more details.
> ;;;
> ;;; You should have received a copy of the GNU General Public License
> ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
>
> (define-module (guix scripts run)
>   #:use-module (guix ui)
>   #:use-module (guix utils)
>   #:use-module (guix scripts)
>   #:use-module (guix store)
>   #:use-module (guix packages)
>   #:use-module (guix derivations)
>   #:use-module ((guix build utils) #:select (which mkdir-p))
>   #:use-module (gnu build linux-container)
>   #:use-module (gnu system file-systems)
>   #:use-module (gnu packages)
>   #:use-module (srfi srfi-1)
>   #:use-module (srfi srfi-9 gnu)
>   #:use-module (srfi srfi-11)
>   #:use-module (srfi srfi-26)
>   #:use-module (srfi srfi-37)
>   #:use-module (ice-9 match)
>   #:export (guix-run))
>
> (define %options
>   (list (option '(#\h "help") #f #f
>                 (lambda args
>                   (show-help)
>                   (exit 0)))
>         (option '(#\V "version") #f #f
>                 (lambda args
>                   (show-version-and-exit "guix run")))))
>
> (define (show-help)
>   (display (G_ "Usage: guix run PACKAGE COMMAND...
> Run COMMAND from PACKAGE in a container.\n"))
>   (newline)
>   (display (G_ "
>   -h, --help             display this help and exit"))
>   (display (G_ "
>   -V, --version          display version information and exit"))
>   (newline)
>   (show-bug-report-information))
>
> \f
>
> (define (bind-mount-spec/ro item)
>   (and (file-exists? item)
>        (file-system
>          (device item)
>          (mount-point item)
>          (type "none")
>          (flags '(bind-mount read-only))
>          (check? #f))))
>
> (define (bind-mount-spec/rw item)
>   (and (file-exists? item)
>        (file-system
>          (inherit (bind-mount-spec/ro item))
>          (flags '(bind-mount)))))
>
> ;; Safe in which applications run.
> (define-immutable-record-type <safe>
>   (safe namespaces mappings)
>   safe?
>   (namespaces  safe-namespaces)
>   (mappings    safe-mappings))
>
> (define (application-safe items)
>   "Return safe corresponding to the application whose dependencies are listed
> in ITEMS."
>   (define packages
>     (map (compose (cut package-name->name+version <> #\-)
>                   store-path-package-name)
>          items))
>
>   (define x11? (member "libx11" packages))
>   (define dbus? (member "dbus" packages))
>   (define alsa? (member "alsa-lib" packages))
>   (define pulseaudio? (member "pulseaudio" packages))
>
>   (define mappings
>     (let-syntax ((if (syntax-rules ()
>                        ((_ condition body)
>                         (if condition
>                             (or (and=> body list) '())
>                             '()))))
>                  (ro (identifier-syntax bind-mount-spec/ro))
>                  (rw (identifier-syntax bind-mount-spec/rw)))
>       `(,(rw "/var/run/nscd/socket")
>         ,@(if x11? (rw (string-append (getenv "HOME") "/.Xauthority")))
>         ,@(if x11? (rw "/tmp/.X11-unix"))
>         ,@(if x11? (rw (string-append "/run/user/"
>                                       (number->string (getuid)))))
>         ,@(if dbus? (ro "/etc/machine-id"))
>         ,@(if alsa? (rw "/dev/snd"))
>         ,@(if pulseaudio? (rw (string-append (getenv "HOME") "/.pulse"))))))
>
>   (define namespaces
>     ;; X11 applications need to run in the same IPC namespace as
>     ;; the server.
>     (if x11?
>         (fold delq %namespaces '(ipc net))
>         %namespaces))
>
>   (safe namespaces mappings))
>
> (define %not-colon
>   (char-set-complement (char-set #\:)))
>
> (define (guix-run . args)
>   (define (parse-options)
>     ;; Return the alist of option values.  With this hack, the first
>     ;; non-option argument is considered to be the beginning of the command.
>     (let-values (((args command) (span (cut string-prefix? "-" <>) args)))
>       (args-fold* args %options
>                   (lambda (opt name arg result)
>                     (leave (G_ "~A: unrecognized option~%") name))
>                   (lambda (arg result)
>                     (pk 'arg arg)
>                     (alist-cons 'argument arg result))
>                   '())
>       command))
>
>   (with-error-handling
>     (match (parse-options)
>       ((command args ...)
>        (with-store store
>          (let* ((full     (search-path (string-tokenize (getenv "PATH") %not-colon)
>                                        command))
>                 (resolved (and=> full readlink*))
>                 (prefix   (and=> resolved (lambda (file)
>                                             (and (store-path? file)
>                                                  (direct-store-path file))))))
>            (unless full
>              (leave (G_ "command '~a' not found~%") command))
>            (unless prefix
>              (leave (G_ "command '~a' is not in '~a'~%")
>                     command (%store-prefix)))
>
>            (let* ((items (requisites store (list prefix)))
>                   (safe  (application-safe items))
>                   (env   (environ))
>                   (cwd   (getcwd)))
>
>              (call-with-container
>                  (append (map bind-mount-spec/ro items)
>                          (safe-mappings safe)
>                          (list (bind-mount-spec/ro cwd))) ;XXX: avoid that?
>                (lambda ()
>                  (environ env)                    ;TODO: filter ENV
>                  (mkdir-p (getenv "HOME"))
>                  (chdir cwd)
>
>                  (newline)
>                  (catch #t
>                    (lambda ()
>                      (apply execl resolved command args))
>                    (lambda (key . args)
>                      (print-exception (current-error-port) #f key args)
>                      (exit 1))))
>
>                #:namespaces (safe-namespaces safe)))))))))



^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2021-01-05 22:50 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-09  9:40 Fast `guix environment --container' switch Pierre Neidhardt
2020-12-09 10:07 ` zimoun
2020-12-09 10:13   ` Pierre Neidhardt
2020-12-09 10:37     ` zimoun
2020-12-09 10:55       ` Pierre Neidhardt
2020-12-09 11:47         ` zimoun
2020-12-09 12:02           ` Pierre Neidhardt
2020-12-17 21:52 ` Ludovic Courtès
2020-12-29 21:47   ` Pierre Neidhardt
2021-01-05 22:50   ` Christopher Lemmer Webber

unofficial mirror of help-guix@gnu.org 

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://yhetil.org/guix-user/0 guix-user/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 guix-user guix-user/ https://yhetil.org/guix-user \
		help-guix@gnu.org
	public-inbox-index guix-user

Example config snippet for mirrors.
Newsgroups are available over NNTP:
	nntp://news.yhetil.org/yhetil.gnu.guix.user
	nntp://news.gmane.io/gmane.comp.gnu.guix.user


AGPL code for this site: git clone http://ou63pmih66umazou.onion/public-inbox.git