Re: Installing software inside containers

[Edouard Klein <edou@rdklein.fr>]

Wojtek, Caleb, I found the solution :) !!!

So, if you share /var/guix with a guix system container, you'll have two
guix daemons trying to mess with the socket, and that's not good (it
even breaks the host's daemon, which has to be restarted).

It works for guix shell --container, because it does not spawn a guix daemon.

So for this to work in a guix system container, you need to:
- remove guix-service-type from the %base-services,
- add guix as a package otherwise the guix command won't be there,
- share /var/guix with the host (whose daemon will actually do the job).

Here is the code, using beaverlabs' channel functional syntax (otherwise
it's a matter of modify-services 'delete etc.):

------------mwe.scm-----
(use-modules
 (beaver system)
 (beaver functional-services)
 (gnu services base)
 (gnu packages version-control))

(define very-minimal-container
  (-> minimal-container
      (remove-service guix)
      (package guix)))

very-minimal-container

----------------------


Then run:
sudo $(guix system container --network --share=/var/guix mwe.scm)

And in the shell you're dropped into, you can run guix shell or guix
install hello, for example.

I hope this solves your problem. It solved mine: I had a quite complex
OS configuration to try out before deploying it on a VPS, and running
VMs is cumbersome a requires a lot of disk space. The OS configuration I
want to try implies running containers inside of containers, now it is
possible :)

Cheers,

Edouard.


Edouard Klein <edou@rdklein.fr> writes:

> Hi !
>
> If you create you containers with guix shell, you can use the --nesting
> option, or alternatively, use:
>
> guix shell --container --network --expose=/gnu/ --share=/var/guix/ guix
>
> Maybe similar options with a 'guix system'-generated container would
> work.
>
> Alternatively, if your own guix has a non standard configuration, you
> can create a profile from outside the container:
>
> guix install --profile=/whatevs some-software
>
> and then, from inside the container, use guix shell --profile=/whatevs
>
> it will make the software available, even if the container's guix has no
> knowledge of it.
>
> Cheers,
>
> Edouard.
>
>
> Wojtek Kosior via <help-guix@gnu.org> writes:
>
>> [[PGP Signed Part:Undecided]]
>> Hi Caleb, nice to meet folks from Trisquel forum here :)
>>
>>> Also, how do I map arbitrary directories?  With Podman, I would do
>>>
>>> 	/home/$USER/.container/home/user:/home/user
>>
>> You can pass `--share="/home/$USER/.container/home/user"=/home/user` :)
>>
>> I can't help much with nesting Guix in a system container, tho — I'd
>> myself like to know if it is supported. I merely recall it's possible
>> with `guix shell -C` container. But a simple shell won't do in all
>> cases, I know
>>
>> Wojtek
>>
>> -- (sig_start)
>> website: https://koszko.org/koszko.html
>> fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A
>> follow me on Fediverse: https://friendica.me/profile/koszko/profile
>>
>> ♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
>> ✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
>> -- (sig_end)
>>
>>
>> On Sun, 26 Nov 2023 15:42:28 -0600 Caleb Herbert <csh@bluehome.net> wrote:
>>
>>> Hi Guix,
>>>
>>> I can't install software inside a Guix System container.  I need this to
>>> use Guix Home inside a container.
>>>
>>> $ guix install hello
>>> guix install: error: remounting /gnu/store writable: Operation not permitted
>>>
>>> Do I need to --share=/gnu/store?
>>>
>>> I tried sharing a blank ./gnu directory, but it complained that there
>>> were no programs to run the system.
>>>
>>> (Is sharing the host's /gnu/store with a container safe?)
>>>
>>> I created the container with
>>>
>>>          guix system container --network --share=home container.scm
>>>
>>> Also, how do I map arbitrary directories?  With Podman, I would do
>>>
>>> 	/home/$USER/.container/home/user:/home/user
>>>
>>> Thanks,
>>>
>>> Caleb
>>>
>>
>> [[End of PGP Signed Part]]