From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id 4PBJJgAzYWfilwAA62LTzQ:P1 (envelope-from ) for ; Tue, 17 Dec 2024 08:14:56 +0000 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id 4PBJJgAzYWfilwAA62LTzQ (envelope-from ) for ; Tue, 17 Dec 2024 09:14:56 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers eddsa verify failed") header.d=josefsson.org header.s=ed2303 header.b=tominlq3; dkim=fail ("headers rsa verify failed") header.d=josefsson.org header.s=rsa2303 header.b=MYGUGsck; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1734423296; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature:openpgp:openpgp; bh=lXYGM8HwDGtSXharNGqSVtBiHHZk9r4PesNJ33V8jBc=; b=FQj3aQtjUmZXQGccVPdHNh3fmgtDY9NWsOzaWyQ9GKZzzaSXPyLAQgpMqKFd/yhm51ZqVp 7PzClVkvAEktgZ0zESprUinib8mmfk3xO2YU2tfGb0nSDPrfRkBBWaqiFk2nfkr5m2aq4m 9r+JRr24uvkEA5hKTsyqyX1t05YfjjphkWjXFD6FjIH7nW0IQMPZeN1AYxt7+g9AibBhI4 NjGJdXIQNCCzByzrl7ZrgekuBUzLPsy8FZzP6dmr+J2/6HxQNaPe95Jh576/NEhN0/4aAY AQBiaIKLE7A+/cmbcO3i0cZ1N+BuqQ1GNyJdhKZ1M7Wy4Xu5hec/UaZ7v4Qh2w== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers eddsa verify failed") header.d=josefsson.org header.s=ed2303 header.b=tominlq3; dkim=fail ("headers rsa verify failed") header.d=josefsson.org header.s=rsa2303 header.b=MYGUGsck; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Seal: i=1; s=key1; d=yhetil.org; t=1734423296; a=rsa-sha256; cv=none; b=iCwtaQee3J3XBfpeKPCgxaMTXDEmjlMYkAwO+iv7TtVoYNkb651vNw4PMT0/GMb6LCCKvU ucQDxY82inaSo1tAj44jXiyoYnv2AfiuLUgy4E1KIUNOo3nQJuXYOPF1G9OhpQwmPLB/y0 qrV6g/GTQKOSs8nEnb4h1CS/Vk0Iq1gUU/+IYMm/X58/DIAkk25bTWQzwEA0BLVGBSdfDn InLIjzFMKj0ui9FRk2oFxZVCSHf2j+qxSgJQLvcmMKd+sGmdeW+KaRiH/y2tduDVxfgbyY NYY/zKnxJybk876IbxFapWPU5l/41AFp9ZxIb70b+X4hOYYtJLyaJb0exPDqGw== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 5527255078 for ; Tue, 17 Dec 2024 09:14:55 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tNSid-0005yz-1z; Tue, 17 Dec 2024 03:14:15 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tNSiU-0005yX-Af for help-guix@gnu.org; Tue, 17 Dec 2024 03:14:08 -0500 Received: from uggla.sjd.se ([2001:9b1:8633::107]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tNSiQ-0001Z9-Hm for help-guix@gnu.org; Tue, 17 Dec 2024 03:14:06 -0500 DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2303; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding :Content-ID:Content-Description; bh=lXYGM8HwDGtSXharNGqSVtBiHHZk9r4PesNJ33V8jBc=; t=1734423232; x=1735632832; b=tominlq3TKFHHjZ8PlJ7vioZcJZBQorVHFoV4BaK3NKub5IaeNWaj8SVavhkKtvIzaMZzdO2b6h 9uJdzghMcBQ==; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2303; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=lXYGM8HwDGtSXharNGqSVtBiHHZk9r4PesNJ33V8jBc=; t=1734423232; x=1735632832; b=MYGUGscknfzDJ8LehaByKC/t0yzmnnNtEDbRGyV0uUoxmwM5N/5aQzoputWjfWHtenHfPxjm58K GhecikrXEti4UUtjPHdXE8ywTSTTM1ADIENzkyttj8DC6I4jkMtAfbvGLR+mHF1/W9FNWi7N0zWuG HzvZbcX/XpiGdnrkWtbk+QJJuedj0eRqgy1W9kP8qsLlJGtxKuDOPD2aDMGLdXKqmT/VoBFSdBTsS q5o7uQohssQnsgi4+EBE7Ssj4cd5DyhcEdU1v32dtF1p3fu0T63IoW23EQaVvGwaR+PBB179yGg90 C8j4XyM6Gq1jPFjFbU0uP7r2p1m2Lxefp1zLEl1nFXYnHRI1hhOSiUlDC5gbPIU+rsPbgp68WYiJZ PoH5ar8ZiapZLjHc/A53c3V+ar9unkxNCdR5iQeI+s6Y/9iL8S5WSnuh9rpm2RLEXsx/NI+aV; Received: from h-178-174-130-130.a498.priv.bahnhof.se ([178.174.130.130]:44950 helo=kaka) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tNSi6-00AJxG-H4; Tue, 17 Dec 2024 08:13:42 +0000 To: Ludovic =?iso-8859-1?Q?Court=E8s?= Cc: help-guix@gnu.org, suhail@bayesians.ca, Cayetano Santos Subject: Re: Building a Docker image for GitLab-CI References: <87ttb4d5c8.fsf@inventati.org> <87a5cwd4bn.fsf@inventati.org> <87ed27oqn9.fsf@kaka.sjd.se> <87zfkurbja.fsf@inria.fr> OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt X-Hashcash: 1:23:241217:help-guix@gnu.org::vpqa/nYNS2bebAnM:3mVV X-Hashcash: 1:23:241217:suhail@bayesians.ca::r/KQXxj5aZ51Ijkk:hVzE X-Hashcash: 1:23:241217:ludovic.courtes@inria.fr::+mJBLti0AI6xOEtG:a+xe X-Hashcash: 1:23:241217:csantosb@inventati.org::+CkfjRuocYHJEKY9:0Gtcy Date: Tue, 17 Dec 2024 09:07:28 +0100 In-Reply-To: <87zfkurbja.fsf@inria.fr> ("Ludovic =?iso-8859-1?Q?Court=E8s?= =?iso-8859-1?Q?=22's?= message of "Tue, 17 Dec 2024 08:52:57 +0100") Message-ID: <87zfkulolb.fsf@kaka.sjd.se> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Received-SPF: pass client-ip=2001:9b1:8633::107; envelope-from=simon@josefsson.org; helo=uggla.sjd.se X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Simon Josefsson From: Simon Josefsson via Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Queue-Id: 5527255078 X-Migadu-Scanner: mx13.migadu.com X-Migadu-Spam-Score: -8.03 X-Spam-Score: -8.03 X-TUID: FdXUEytUYCYO --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s writes: >> What is really weird is this root directory: >> >> Using docker image >> sha256:57160f1c13ce56799d6e3e83dd97da4c929993ac008404ac38c67317cded25d1 >> for registry.gitlab.com/debdistutils/guix/container:pack with digest >> registry.gitlab.com/debdistutils/guix/container@sha256:be1ad3a7af69669cf= 3d138c6ec2b1201a64294aad33320246212c6689a1e5c9d >> ... >> ... >> $ ls -la /etc >> total 20 >> drwxr-xr-x 2 0 0 4096 Dec 16 10:15 . >> drwxr-xr-x 1 0 0 4096 Dec 16 10:15 .. >> -rw-r--r-- 1 0 0 46 Dec 16 10:15 hostname >> -rw-r--r-- 1 0 0 283 Dec 16 10:15 hosts >> lrwxrwxrwx 1 0 0 12 Dec 16 10:15 mtab -> /proc/mounts >> -rw-r--r-- 1 0 0 841 Dec 16 10:15 resolv.conf >> >> There is no /etc/protocols! No wonder things doesn't work. > > And that=E2=80=99s in spite of you running =E2=80=98guix pack =E2=80=A6 n= et-base -S /etc=3Detc=E2=80=99. > > Could it be that something in podman/Docker/GitLab-CI overrides /etc, or > overrides it specifically because it=E2=80=99s a symlink? I=E2=80=99m no= t sure where to > look for that. Yes it seems like a GitLab/docker-specific problem since I don't get the same /etc when running the generated image locally. There is this interesting entry in /proc/mounts: https://gitlab.com/debdistutils/guix/container/-/jobs/8652014833#L343 overlay / overlay rw,relatime,lowerdir=3Dl/ZPVAK6UICUAWUUE4GUD6AYFCEM:l/HI6= HL2SJWTZDQHPTA3SGR4PWNE:l/OAJJQ5NKJAJLIAOEWBNLI6WRNC:l/MRDSZ2V6PLTEQGMEDSOP= X6FKEY:l/FG4SISAU6TZNHB6CQR5X5GNEJB:l/EZGDP6A5CMVPA5O6IKOOKPDMBE:l/DA5NZCY6= NVIGU2X6U5XQQXV54M:l/P4MIVQ3I7VCYFTQ3AG6RCXZVW5:l/FGPCINKKCYRDHZI5BAAU7HEET= W:l/MUYJFZRJLR4Z3BNBFRBRTGP4S5:l/UPGZHVDAILBRLLEH6T5RKWIFG7:l/YNTBNOTPU7QRK= 5K6RD63VSXG5Q:l/XUPHFGGN36OPHNU334M3V7HDXP:l/PVA2QRQE4D5MAKI6BMGVPETNZN:l/V= TGADKUDL4KA4HPA2YCCQ2JQNI:l/WZHWY243PTUZTQIZJM26PVSYG4:l/7YLLGUSIRSUFPXIFI5= 7F2UQSFQ:l/ZEOCYJR44JGRBRKGEM4AMWUHQE:l/YXFWBRXLFSBMYDDCTNODGJWWUV:l/NQK5YT= 5BWDWSTKFRB3KOGVGYLC:l/6CC2D5S3LSZOOKLULC2JJ5BUHG:l/OMQ7M7FSULZ2WHTQPIOIYP7= HYQ:l/VRGMNYJNRPOBPP5IZCJR3YV7FP:l/5L2O6RAVRTGGTB7I2YKS6RMX64:l/57QINIJWW7E= CMX3DKLCDL5UMUS:l/HTIS4VRXRVO24AWC6AYPQ4LPRG:l/DOTULUURRI6Z4XR2B4LPQTP33T:l= /LZYLE6JUKQFJBIAEMBQMQIWZEE:l/2WEGBKQG6D3VAWLXJ5NCZPFGNP:l/QYVPGN6K2A3Y4VVV= PKYLR5JVL7:l/IPS4YGXCRZ47O4AOKMZ4TYD2N3:l/2MZU46ZBHYS5IQI4NAVFD3PNYR:l/HW6B= 6GDN33YB7GBY3LEOW2XXB4:l/FRINUFWGYICMVPLOJULIHQ3XKV:l/HSHVRY3DQIT5LUS3EONQQ= CKNL3:l/CRUDGYNQRSSDKB4TYALBBVFIL3:l/QJRZZB6NOMXWO46YCAJ4U53VSH:l/BZPO5MYEY= X3YFX5NXYR32E6VRM:l/FDWSYXJR7RNKG42AMXGSC6NUQE:l/Z6BTLASGE6ZXGQZUFIHG4QXQLU= :l/DWTG7Y6N4DNP5AZLI6MIDZEBHQ:l/TY4DSPRKETTLFE5WB7KFBO2VSM:l/SAE7PNZP6FFK2N= VDOQQTZMO2BV:l/ZCL7CRORSVNYVFKNW2WT7TMGFZ:l/KVH3MQTKJ6SH46B2FEHW7UCYGK:l/XM= DKZU7KD755BFINQOBKPLKMZQ:l/MFKZPIVLWDKG5PIVI3UQUU3ILT:l/I24GPDX2SRV3Y4YSJDY= VKEBDQE:l/W6OZHVZW2NCSQOJEGMP45P2D6W:l/ZD4RI6B4WQ65QO7EMDQZSCZFHS:l/ZS7D35L= TVLE6NSGCCY4SQQANE5:l/2ZIJ6PAUHDPBOXR72A6HGU6L4B:l/ZL5XOQ6XMF6ZYQSXVAK7744S= X7:l/A3WXIZD22NL62JYHBZVL5K36IK:l/KUDHAVWVBDXKHHQQVF33KDPHF4:l/6O5OF37ORZTE= UV2JXNOPO3WNTQ:l/YVGTC6PVMDS2GVOF57TJWCN5DM:l/VYM3JKFOWAY7UIYGU6TPJTZVD5:l/= 2BT7MWUS2JMZMQXQ3MRLO5AH6I:l/CNZTAOCVMGIFCNP4IF77OQ5MU6:l/KQCUQ7H6EY7U423TW= BX6N6QNU7:l/VNZNN2P4U26XHEDRSNIQ656GRE:l/7YG6BVIVDJYCCGLISSU4APAR4S:l/ELR3M= 2R3NLUI4U2YCKYKG6MWUV:l/PK34AGBR7JY4PUJIVEAO4J7UAK:l/ELIDWT3IMYDRR5L5VTA3RE= N3LH:l/DK7VEQCTNIWW4BOYCOVXZX2GQY:l/6BCYXFR5B6S3EYCMVCXKQPEP3M:l/GAF6PUKMPK= ABSXDZCMVE3NM2K5:l/ASVMZMXSKHAVGH5UFXXRFE7TUX:l/25QORLMIGZEEIBQGTV6UBNZEAH:= l/FH5SA2MBXXRRAMDYI72FPK7RXU:l/77IRT3TXX3H7XH66YGR7O5AIYK:l/FIQQSP7XQLUH3IW= BXF4DZXWTFN:l/NG6ZAASCTOH6SQVUBR2FR6YE4T:l/QAHEWNHBILTWWWJ4QMX4ISWIT4:l/VCS= GZSH4SQRVHK4EWSLGFECG2S:l/7FAMLBB6DJW7VWYEOIN6FLBI2E:l/C4ZXSOLVY36PYMTRL2E2= YIKTKY:l/NVH5IIZJ5SO422GGMFGNTFCAOA:l/E6EE3L3EB2B36E5A5PL5KF32FL:l/RPXH632C= D3Y54UYAMMULLEZOE4:l/662KE3GHNLWZEUTFCRZXOKVA3P:l/3ZDSIX7ZFSLT2FIEYD6TB6GA7= R:l/ZS7SJOXF7XF6OFTLVHYMRYZANK:l/F3CEOKDDPOK72QLUWGKHDIJTPG:l/65CFVU5ZFM4XV= STLDO2WGQE3GU:l/3C2OJ5ZVICH5QP733HTS2DHPJM:l/B37PUETDZKC3MUZZX6CT3M6ZEC:l/L= TVIXAHIS7O45NFIVNPDVGYMR4:l/GGBS4BWCAD6UMV3755MJ3BQRI5:l/4XGXVIO5QQ2ARZTTG7= 4M4UDK4V:l/X673P4Q5TGPWBLQIXOQ5JXKG2C:l/3K2Q6NGZ5EEIKCFBRMEWWZFWQK:l/ALTG2Q= I6YZVKXIP4UCRDMQWS5Q:l/P4AE6X6G5GK66GHHRBZ27BTBF3:l/2UEJWLKTB2GNGT2G6UWFZVD= FRN:l/OCTYS4BHPFX4HC3OXJJVGABEPX:l/M766VP6Y5QL2OGI6EYO5OEB6H4:l/DNITYWJFFEV= GWQPFQ37S57EIB5:l/PQE5T2ER2OKPNC2YNHZEJXVIY6,upperdir=3D98dac307f50ae5da4c8= f2cc5fdf024465f63600e30fc3bb434fca31191e2efdc/diff,workdir=3D98dac307f50ae5= da4c8f2cc5fdf024465f63600e30fc3bb434fca31191e2efdc/work 0 0 Could those entries correspond to blobs generated by 'guix pack'? Compare https://gitlab.com/debdistutils/guix/container/-/jobs/8649183646#L130 $ podman load -i /gnu/store/*-docker-pack.tar.gz Getting image source signatures Copying blob sha256:26c7e7107d11a712095a4bf12ff26c8f39fb86c347af15ad50bec4d= 9536a4144 Copying blob sha256:3c21466d0d8255e7a1dfcbc206c891fdf6cdd6241f461cdb038ca6e= f7b508bce ... Copying blob sha256:b6ead463213fb7ec39911848da3b34e404ed184ee48373737c8b2eb= 2abd0730a Copying blob sha256:72ca44ded2f166add396cc6a890a5e8a19c182603e4528a9bfef301= 2ab59b6b5 Copying blob sha256:092becdd45260f6b3d07626b2a39a738cc0a2d5a1c9f4a000cd61e7= 62da8fe1b Copying blob sha256:5397467e8b6a3b911d0e61f722622b995850be0721121a8e36b26ca= 7037b2622 Copying blob sha256:e3646d587f1665642b0077dc27a60b3dfed78dc21aa99eca4391b56= c754f4aa7 Copying blob sha256:bff8143cb75389795d58b8a9ddbb572496e2e2ea1369a7f025a6b6e= 15b3a8074 Copying config sha256:57160f1c13ce56799d6e3e83dd97da4c929993ac008404ac38c67= 317cded25d1 Writing manifest to image destination Loaded image: localhost/guix-bash-minimal-coreutils-minimal-git:latest Notice that there are many more 'Copying blob' lines than overlay mounts above. Are we just seeing overlayfs mount truncation here? Is it possible to make 'guix pack' create a merged container instead of all these layers? I'll experiment a bit more... /Simon --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIoEARYIADIWIQSjzJyHC50xCrrUzy9RcisI/kdFogUCZ2ExQBQcc2ltb25Aam9z ZWZzc29uLm9yZwAKCRBRcisI/kdFoshmAQCOaQEUYr4sPzdkCB5cfMDWK/eMLfFc LvZXkKmNPvt2gQD+OKLPWr8wfcC49oFeBUCTaGEBE8g+EREEQoGPyn8y+wU= =BEyM -----END PGP SIGNATURE----- --=-=-=--