From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:700:3204::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id ADgwLsMUgmViJgAAkFu2QA (envelope-from ) for ; Tue, 19 Dec 2023 23:10:11 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id MC/mKMMUgmW4VgAAe85BDQ (envelope-from ) for ; Tue, 19 Dec 2023 23:10:11 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=rdklein.fr header.s=zoho header.b=P833H76c; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=none; arc=pass ("zohomail.eu:s=zohoarc:i=1") ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1703023811; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=gz7BxC1BzP1cxfBbaAtDijhThOc42P1HRiQMflQiATE=; b=Xn60DQIVXkfEsiOs16xkc2fFz3zADynFYaXdYkZySEXbTu/X0OS6BMYRp2gOMbBGeTHZfU MLt523G6C2fEhycPr/4LHgVrvh1SyUjvNI/sKj+IQkstq0zoAJ4L6ZX52jwFZrozVCrRmG SB2HZ5WD2FO+Yv1ZhwysM5uNOSQ4BmkQqS7Aao7f7YCikOUIyjBfzjgeBkKyXUD5OzAQVn nproVQ47E3W35xA81WnBDgx8738ptiXXT3vTc3gpKWsPKhT7SBO1lYzbrA4+pjzEATJqtw 1wVWiDc0XbqGTmW3/SWc5kJbsOqn4K9x4m2yNmLKf2Rd9q7kRnSLgYC6faYHpg== ARC-Seal: i=2; s=key1; d=yhetil.org; t=1703023811; a=rsa-sha256; cv=pass; b=DDf7trpgPdMx+1I8H7Ihm61fgKEEQnFVdH/hsDV07NMXa1AvXgtcyA0wS4YxC3M9ahadcN hoBGkQsZO6QHn+yRpKraA2Fc0nb3QoHCRixDxSm/Mts9uGYFnLjtcAhG/yw1P65oIsI0Kj EIeMMmqYBj1SZDfOGCBDQRedRd+ArEMlOR9ZxksBvGjscZdcPfGPS8YzLoZkeMRCmgStN8 B49xpeVlDCKa4g+RPHln6iJTFdMFVdLmXcczYwf5NmKUWQEtsFbaTmkoBZSpCkVaiIE/io CmJeNIubAv28yRcJj8us0njTn6MFfrRcNDGgEcHHiH4PQyxBuQ7RNyy5DYZ2NQ== ARC-Authentication-Results: i=2; aspmx1.migadu.com; dkim=pass header.d=rdklein.fr header.s=zoho header.b=P833H76c; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=none; arc=pass ("zohomail.eu:s=zohoarc:i=1") Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 3C3FD63AA3 for ; Tue, 19 Dec 2023 23:10:11 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rFiHP-0000Hq-K5; Tue, 19 Dec 2023 17:09:35 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rFiHN-0000HI-04 for help-guix@gnu.org; Tue, 19 Dec 2023 17:09:33 -0500 Received: from sender11-op-o11.zoho.eu ([31.186.226.225]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rFiHK-00077f-BU for help-guix@gnu.org; Tue, 19 Dec 2023 17:09:32 -0500 ARC-Seal: i=1; a=rsa-sha256; t=1703023765; cv=none; d=zohomail.eu; s=zohoarc; b=Ktib09nc4DrD8TShEOz/E0RQronxPUwHvVpzGioo+4IG1FHnz8eaWDvKn2NaxnCPyB1By04CLJ+SMZie1a0g1z8sSq5txXv5dHduXdCnL8Nw5WtIBAEPfFXlAlbGbu6l4tctdNVowgymR0Hc0LIQfnqu/dJoYi/OsrIZBOLnbn0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.eu; s=zohoarc; t=1703023765; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=gz7BxC1BzP1cxfBbaAtDijhThOc42P1HRiQMflQiATE=; b=ESEi6MTgt3h36+GA5qM2tOMONQc+tRz6aRfmqQxSqiBVnIq1ez31Te6mbQhkyNPhOH93jWLQ1qISNZ77TPb3DJRiIu/x+Y/7Zb/6jZZ01qzcbGNOw1m4vxwqXMB4kL9vOEjsF9UgbvN842AiVeAkL447woaMj0JW0KYdqcVCiWo= ARC-Authentication-Results: i=1; mx.zohomail.eu; dkim=pass header.i=rdklein.fr; spf=pass smtp.mailfrom=edou@rdklein.fr; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1703023765; s=zoho; d=rdklein.fr; i=edou@rdklein.fr; h=References:From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:In-reply-to:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-Id:Reply-To; bh=gz7BxC1BzP1cxfBbaAtDijhThOc42P1HRiQMflQiATE=; b=P833H76cgDySl2rfS806Ynpc4v5X1/sX4WDvSPFf4F+wpVOxEKgb7WiXh1crbu80 1hn3Zk+BUgt5JXYHKkZHS33ps0oMhuicfIRr3TFnGD345Dfi2lkAeZLm2KQQfyd79p0 rUEf0YLlEhIQX/jho7FcIDM5pscruAwgJ3l6uTeMOicqC3jZ8EMeAafBwBpXSI+YyTi HKa+UKPa/91+bdx/AUs636pMXmr9YtjfLgF9QV7Ug6yUzTejh2jzJqoIMLeZw2Cnc/S BJOxWaMXJJOk7CcJV90wa0iF178HCCACN5nQPBAWWEqXp+PNgFiGlrNBmprxawUZkNf FyoT2fREaQ== Received: from schwarzy (lfbn-idf3-1-667-244.w86-252.abo.wanadoo.fr [86.252.237.244]) by mx.zoho.eu with SMTPS id 1703023763300758.8309967880992; Tue, 19 Dec 2023 23:09:23 +0100 (CET) References: <4b3e279c-fd6e-fe50-6fb0-e253d2946679@bluehome.net> <20231127230912.04447c38.koszko@koszko.org> <875y1ftnrr.fsf@rdklein.fr> User-agent: mu4e 1.10.2; emacs 28.2 From: Edouard Klein To: Edouard Klein Cc: Wojtek Kosior , Caleb Herbert , help-guix@gnu.org Subject: Re: Installing software inside containers Date: Tue, 19 Dec 2023 22:59:11 +0100 In-reply-to: <875y1ftnrr.fsf@rdklein.fr> Message-ID: <87v88tsv3x.fsf@rdklein.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-ZohoMailClient: External Received-SPF: pass client-ip=31.186.226.225; envelope-from=edou@rdklein.fr; helo=sender11-op-o11.zoho.eu X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -7.92 X-Spam-Score: -7.92 X-Migadu-Queue-Id: 3C3FD63AA3 X-Migadu-Scanner: mx12.migadu.com X-TUID: ALR/j/1cGTu2 Wojtek, Caleb, I found the solution :) !!! So, if you share /var/guix with a guix system container, you'll have two guix daemons trying to mess with the socket, and that's not good (it even breaks the host's daemon, which has to be restarted). It works for guix shell --container, because it does not spawn a guix daemo= n. So for this to work in a guix system container, you need to: - remove guix-service-type from the %base-services, - add guix as a package otherwise the guix command won't be there, - share /var/guix with the host (whose daemon will actually do the job). Here is the code, using beaverlabs' channel functional syntax (otherwise it's a matter of modify-services 'delete etc.): ------------mwe.scm----- (use-modules (beaver system) (beaver functional-services) (gnu services base) (gnu packages version-control)) (define very-minimal-container (-> minimal-container (remove-service guix) (package guix))) very-minimal-container ---------------------- Then run: sudo $(guix system container --network --share=3D/var/guix mwe.scm) And in the shell you're dropped into, you can run guix shell or guix install hello, for example. I hope this solves your problem. It solved mine: I had a quite complex OS configuration to try out before deploying it on a VPS, and running VMs is cumbersome a requires a lot of disk space. The OS configuration I want to try implies running containers inside of containers, now it is possible :) Cheers, Edouard. Edouard Klein writes: > Hi ! > > If you create you containers with guix shell, you can use the --nesting > option, or alternatively, use: > > guix shell --container --network --expose=3D/gnu/ --share=3D/var/guix/ gu= ix > > Maybe similar options with a 'guix system'-generated container would > work. > > Alternatively, if your own guix has a non standard configuration, you > can create a profile from outside the container: > > guix install --profile=3D/whatevs some-software > > and then, from inside the container, use guix shell --profile=3D/whatevs > > it will make the software available, even if the container's guix has no > knowledge of it. > > Cheers, > > Edouard. > > > Wojtek Kosior via writes: > >> [[PGP Signed Part:Undecided]] >> Hi Caleb, nice to meet folks from Trisquel forum here :) >> >>> Also, how do I map arbitrary directories? With Podman, I would do >>> >>> /home/$USER/.container/home/user:/home/user >> >> You can pass `--share=3D"/home/$USER/.container/home/user"=3D/home/user`= :) >> >> I can't help much with nesting Guix in a system container, tho =E2=80=94= I'd >> myself like to know if it is supported. I merely recall it's possible >> with `guix shell -C` container. But a simple shell won't do in all >> cases, I know >> >> Wojtek >> >> -- (sig_start) >> website: https://koszko.org/koszko.html >> fingerprint: E972 7060 E3C5 637C 8A4F 4B42 4BC5 221C 5A79 FD1A >> follow me on Fediverse: https://friendica.me/profile/koszko/profile >> >> =E2=99=A5 R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ=3D=3D | =C3=B7 c2luIHNlcGFy= YXRlZCBtZSBmcm9tIEhpbQ=3D=3D >> =E2=9C=9D YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ=3D=3D | ? U2hhbGwgSSBiZWNvb= WUgSGlzIGZyaWVuZD8=3D >> -- (sig_end) >> >> >> On Sun, 26 Nov 2023 15:42:28 -0600 Caleb Herbert wrot= e: >> >>> Hi Guix, >>> >>> I can't install software inside a Guix System container. I need this to >>> use Guix Home inside a container. >>> >>> $ guix install hello >>> guix install: error: remounting /gnu/store writable: Operation not perm= itted >>> >>> Do I need to --share=3D/gnu/store? >>> >>> I tried sharing a blank ./gnu directory, but it complained that there >>> were no programs to run the system. >>> >>> (Is sharing the host's /gnu/store with a container safe?) >>> >>> I created the container with >>> >>> guix system container --network --share=3Dhome container.scm >>> >>> Also, how do I map arbitrary directories? With Podman, I would do >>> >>> /home/$USER/.container/home/user:/home/user >>> >>> Thanks, >>> >>> Caleb >>> >> >> [[End of PGP Signed Part]]