* guix pull: error: getting status of /var/guix/gcroots
@ 2020-01-30 13:10 Jimmy Thrasibule
2020-02-06 10:29 ` mlell
2020-02-06 14:02 ` zimoun
0 siblings, 2 replies; 5+ messages in thread
From: Jimmy Thrasibule @ 2020-01-30 13:10 UTC (permalink / raw)
To: help-guix
Hi,
I'm building a Docker image in order to get a GuixSD by using the ``guix
system docker-image`` command. See the Dokerfile at:
https://bitbucket.org/x237net/guixsd/src/master/src/Dockerfile.
The process is working great and I can successfully get to the final result
on my local systems.
However, when I push the container to hub.docker.com it fails to build the
image with the following error message:
guix pull: error: getting status of /var/guix/gcroots: Operation not
permitted
Again, I successfully built the image on different local systems and my
other container [x237net/alpine-guix] which builds successfully on their
platform also calls ``guix pull``.
I guess they are reducing the capabilities allowed to their build platform
but I can really tell what operation is guix pull attempting in this
particular case.
Regards,
Jimmy
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: guix pull: error: getting status of /var/guix/gcroots
2020-01-30 13:10 guix pull: error: getting status of /var/guix/gcroots Jimmy Thrasibule
@ 2020-02-06 10:29 ` mlell
2020-02-06 14:02 ` zimoun
1 sibling, 0 replies; 5+ messages in thread
From: mlell @ 2020-02-06 10:29 UTC (permalink / raw)
To: jimmy; +Cc: Help-Guix, help-guix
Hi Jimmy!
> I guess they are reducing the capabilities allowed to their build
> platform
> but I can really tell what operation is guix pull attempting in this
> particular case.
>
Do you have any possibility to run guix pull with strace? strace is a
program that logs all the system calls [1] of another program,
so you might see what operation is failing.
But for this, you must modify the startup file of guix-daemon! Because
`guix pull` only forwards requests to `guix-daemon`, which
does all the work! I don't know how to do it in docker, but, for my Arch
Linux system, there is a `guix-daemon` service file at
/etc/systemd/system/guix-daemon.service.
There, you can find a line starting with "ExecStart=". This is the
command to run the daemon. Prepend `strace -o
/tmp/guix-daemon.strace.log` to the command to log all the system calls
to the file /tmp/guix-daemon.stace.log
Hope that helps,
Moritz
[1]:
https://en.wikipedia.org/wiki/System_call#Categories_of_system_calls
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: guix pull: error: getting status of /var/guix/gcroots
2020-01-30 13:10 guix pull: error: getting status of /var/guix/gcroots Jimmy Thrasibule
2020-02-06 10:29 ` mlell
@ 2020-02-06 14:02 ` zimoun
2020-02-06 21:19 ` Jimmy Thrasibule
1 sibling, 1 reply; 5+ messages in thread
From: zimoun @ 2020-02-06 14:02 UTC (permalink / raw)
To: jimmy; +Cc: help-guix
Hi,
On Thu, 30 Jan 2020 at 14:11, Jimmy Thrasibule
<jimmy.thrasibule@gmail.com> wrote:
> I'm building a Docker image in order to get a GuixSD by using the ``guix
> system docker-image`` command. See the Dokerfile at:
> https://bitbucket.org/x237net/guixsd/src/master/src/Dockerfile.
Instead, the issue should come from this file:
https://bitbucket.org/x237net/alpine-guix/src/master/src/Dockerfile
> guix pull: error: getting status of /var/guix/gcroots: Operation not
> permitted
I do not have carefully look to your files, but the issue should be:
- wrong permission
- /var/guix is not exposed
> Again, I successfully built the image on different local systems and my
> other container [x237net/alpine-guix] which builds successfully on their
> platform also calls ``guix pull``.
My intuition is that your issue comes from this other container.
And it builds, pulls etc because your are inside. However, if
something is wrong then the command "FROM x237net/alpine-guix" does
not do what you expect.
I mean, if the container x237net/alpine-guix is correct, you should be
able to just run this simple Dockerfile:
FROM x237net/alpine-guix:latest
RUN guix pull
(modulo set the correct paths and maybe start the daemon)
> I guess they are reducing the capabilities allowed to their build platform
> but I can really tell what operation is guix pull attempting in this
> particular case.
Last, aside the "Operation not permitted", check if the network is
correctly setup.
Hope that helps.
All the best,
simon
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: guix pull: error: getting status of /var/guix/gcroots
2020-02-06 14:02 ` zimoun
@ 2020-02-06 21:19 ` Jimmy Thrasibule
2020-02-07 12:16 ` zimoun
0 siblings, 1 reply; 5+ messages in thread
From: Jimmy Thrasibule @ 2020-02-06 21:19 UTC (permalink / raw)
To: help-guix
> Do you have any possibility to run guix pull with strace?
Unfortunately containers are not given PTRACE privileges during the
build phase so I cannot call strace.
> I do not have carefully look to your files, but the issue should be:
> - wrong permission
> - /var/guix is not exposed
Well the folder exists and is owned by root.
> My intuition is that your issue comes from this other container.
> And it builds, pulls etc because your are inside. However, if
> something is wrong then the command "FROM x237net/alpine-guix" does
> not do what you expect.
The x237net/guixsd container builds successfully on my work stations
and others. Only hub.docker.com CI's platform seems to fail building
the image. I actually pushed to the hub an image that I successfully
built.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: guix pull: error: getting status of /var/guix/gcroots
2020-02-06 21:19 ` Jimmy Thrasibule
@ 2020-02-07 12:16 ` zimoun
0 siblings, 0 replies; 5+ messages in thread
From: zimoun @ 2020-02-07 12:16 UTC (permalink / raw)
To: jimmy; +Cc: help-guix
On Thu, 6 Feb 2020 at 22:20, Jimmy Thrasibule
<jimmy.thrasibule@gmail.com> wrote:
> > I do not have carefully look to your files, but the issue should be:
> > - wrong permission
> > - /var/guix is not exposed
>
> Well the folder exists and is owned by root.
Where does it exist?
On your local machine running Guix?
Have you tried to build a Dockerfile containing:
FROM x237net/alpine-guix
RUN guix pull
on any other machine not running Guix?
I suspect it will fail because "x237net/alpine-guix" is not build the
way you expect.
> > My intuition is that your issue comes from this other container.
> > And it builds, pulls etc because your are inside. However, if
> > something is wrong then the command "FROM x237net/alpine-guix" does
> > not do what you expect.
>
> The x237net/guixsd container builds successfully on my work stations
> and others.
If it is what I am thinking of, the 'x237net/guixsd ' container works
on any machine running Guix.
But, it will fail otherwise.
>Only hub.docker.com CI's platform seems to fail building
> the image. I actually pushed to the hub an image that I successfully
> built.
I suspect that this image you successfully built will not work on any
machine not running Guix.
Hope that helps,
simon
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-02-07 12:16 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-01-30 13:10 guix pull: error: getting status of /var/guix/gcroots Jimmy Thrasibule
2020-02-06 10:29 ` mlell
2020-02-06 14:02 ` zimoun
2020-02-06 21:19 ` Jimmy Thrasibule
2020-02-07 12:16 ` zimoun
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).