From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id INQFM4phNWYYEwAAe85BDQ:P1 (envelope-from ) for ; Sat, 04 May 2024 00:13:31 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id INQFM4phNWYYEwAAe85BDQ (envelope-from ) for ; Sat, 04 May 2024 00:13:30 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=autistici.org header.s=stigmate header.b="XReK/9sv"; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1714774410; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=uSPDQeyoMmWjrm+wlpvtf+0KB72qQd7O83h3OB7mS5k=; b=VY396XvAegtbAG6Ay3PYo8gjEOMdyenVPKA07gDTHq6fwGcXT0ABLbz2owhUv0JKn9ytZk /bU7ivA6wfKd7M2iqpMbBZ4vcrJshMP/EVK/pxddBKHcGcxoz5ySXnOFC1Ih0mrnVsmPIy ZdbtiOjZgLMkdDIQXc7NhtzAq0tu45WiRq1fWsKYFnlsv45IIrgA4LhoO1eCyBwHrbuhNQ cmbG59SvvGVK4TM3ZRxXm8E6cE/BqyVSDNJx3Vo7W0LCPRnyjU2zWGbwloxBDUsW7AXkXc zkasSkM5MtGUn+jCgMbuhpsFbmgbNlXfrZX44uFv+5AT1pA8cgZwiXGewm22Tw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1714774410; a=rsa-sha256; cv=none; b=NKKq/gir+95wfeT7D0mjD2ifJXeBNswBRbT348NrwVwXC77LzyeTRbvjd14p5dZOD+9ZAH 5nIVysg8GwR7p2p5MvCyhBbDxAWY8GLdDlyH1YI9qmD/T0xZ6rd3eiroZutgh4vjKlpjpp L7hKbfWVwSV0dYq7HwIWFR4JyOSbqwNOzsIliWmVb3Qw9MToa3BlvrEH1l0hgV9pQe83SC AsoegomsmKdlTjAAmtufaShH0+hjPneQ6C4YnJePBNyFQGpf6oOlijGG1lNnwiQXFHsLzS wM6vTPK03zDViZfQPAAmURcrWE8261VwWqq2MQH/fn7bisQ87tnWHa2Isaq3Xg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=autistici.org header.s=stigmate header.b="XReK/9sv"; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 5892BE7F7 for ; Sat, 04 May 2024 00:13:30 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1s319c-0007ox-Hd; Fri, 03 May 2024 18:13:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1s318z-0007bp-Hb for guix-patches@gnu.org; Fri, 03 May 2024 18:12:41 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1s318z-0006h6-8Q for guix-patches@gnu.org; Fri, 03 May 2024 18:12:41 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1s319L-0005az-RR for guix-patches@gnu.org; Fri, 03 May 2024 18:13:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#67613] [PATCH v3 1/5] gnu: docker: Provide escape hatch in oci-container-configuration. References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@autistici.org> In-Reply-To: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@autistici.org> Resent-From: Giacomo Leidi Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 03 May 2024 22:13:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 67613@debbugs.gnu.org Cc: Giacomo Leidi Received: via spool by 67613-submit@debbugs.gnu.org id=B67613.171477432921462 (code B ref 67613); Fri, 03 May 2024 22:13:03 +0000 Received: (at 67613) by debbugs.gnu.org; 3 May 2024 22:12:09 +0000 Received: from localhost ([127.0.0.1]:49157 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s318S-0005a1-JL for submit@debbugs.gnu.org; Fri, 03 May 2024 18:12:09 -0400 Received: from confino.investici.org ([2a11:7980:1::2:0]:44617) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1s318L-0005Yl-0X for 67613@debbugs.gnu.org; Fri, 03 May 2024 18:12:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1714774297; bh=uSPDQeyoMmWjrm+wlpvtf+0KB72qQd7O83h3OB7mS5k=; h=From:To:Cc:Subject:Date:From; b=XReK/9sv+QlDPhl1nMB0IOcnVuqCWGpL8JSHcIIpt9VC7hIhG+DhmCTW6DPb53rpO HLvqwqByiAc2rj6WYoH6sN60kXKFyQWBz9UtmftIOdu80GieI9cuBvEIgthhk524d6 qWsN15QIQD7QE/Go/y2rHy6K1rQsxYiCXDsYNLic= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4VWQ4n5ysXz11Bg; Fri, 3 May 2024 22:11:37 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4VWQ4n5TTxz11BS; Fri, 3 May 2024 22:11:37 +0000 (UTC) Date: Sat, 4 May 2024 00:11:13 +0200 Message-ID: <306393d4c3b28f242fb735d793ef127427f3d072.1714774276.git.goodoldpaul@autistici.org> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Giacomo Leidi X-ACL-Warn: , Giacomo Leidi via Guix-patches From: Giacomo Leidi via Guix-patches via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -3.59 X-Spam-Score: -3.59 X-Migadu-Queue-Id: 5892BE7F7 X-Migadu-Scanner: mx11.migadu.com X-TUID: 4LSQBpxmGeKr * gnu/services/docker.scm (exports): Add missing procedures; (oci-container-service-type)[description]: Docker and OCI images should mean the same thing; (oci-container-configuration): clarify field types; [extra-arguments]: new field; (oci-sanitize-extra-arguments): sanitize it; (oci-container-shepherd-service): use it. * doc/guix.texi: Document it. Change-Id: I64e9d82c8ae538d59d1c482f23070a880156ddf7 --- doc/guix.texi | 21 ++++++++++++------- gnu/services/docker.scm | 46 +++++++++++++++++++++++++++++++++-------- 2 files changed, 51 insertions(+), 16 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 3f5d4e7f0d..19b7563916 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -40430,13 +40430,13 @@ Miscellaneous Services @item @code{group} (default: @code{"docker"}) (type: string) The group under whose authority docker commands will be run. -@item @code{command} (default: @code{()}) (type: list-of-strings) +@item @code{command} (default: @code{'()}) (type: list-of-strings) Overwrite the default command (@code{CMD}) of the image. @item @code{entrypoint} (default: @code{""}) (type: string) Overwrite the default entrypoint (@code{ENTRYPOINT}) of the image. -@item @code{environment} (default: @code{()}) (type: list) +@item @code{environment} (default: @code{'()}) (type: list) Set environment variables. This can be a list of pairs or strings, even mixed: @lisp @@ -40444,7 +40444,8 @@ Miscellaneous Services "JAVA_HOME=/opt/java") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. +Strings are passed directly to the Docker CLI. You can refer to the @uref{https://docs.docker.com/engine/reference/commandline/run/#env,upstream} documentation for semantics. @@ -40459,7 +40460,7 @@ Miscellaneous Services @item @code{network} (default: @code{""}) (type: string) Set a Docker network for the spawned container. -@item @code{ports} (default: @code{()}) (type: list) +@item @code{ports} (default: @code{'()}) (type: list) Set the port or port ranges to expose from the spawned container. This can be a list of pairs or strings, even mixed: @@ -40468,11 +40469,12 @@ Miscellaneous Services "10443:443") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. +Strings are passed directly to the Docker CLI. You can refer to the @uref{https://docs.docker.com/engine/reference/commandline/run/#publish,upstream} documentation for semantics. -@item @code{volumes} (default: @code{()}) (type: list) +@item @code{volumes} (default: @code{'()}) (type: list) Set volume mappings for the spawned container. This can be a list of pairs or strings, even mixed: @@ -40481,7 +40483,8 @@ Miscellaneous Services "/gnu/store:/gnu/store") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. +Strings are passed directly to the Docker CLI. You can refer to the @uref{https://docs.docker.com/engine/reference/commandline/run/#volume,upstream} documentation for semantics. @@ -40496,6 +40499,10 @@ Miscellaneous Services @url{https://docs.docker.com/engine/reference/run/#workdir,upstream} documentation for semantics. +@item @code{extra-arguments} (default: @code{'()}) (type: list) +A list of strings, gexps or file-like objects that will be directly +passed to the @command{docker run} invokation. + @end table @end deftp diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index 4d32b96847..824c4ecbe6 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -58,6 +58,9 @@ (define-module (gnu services docker) oci-container-configuration-network oci-container-configuration-ports oci-container-configuration-volumes + oci-container-configuration-container-user + oci-container-configuration-workdir + oci-container-configuration-extra-arguments oci-container-service-type oci-container-shepherd-service)) @@ -297,6 +300,21 @@ (define (oci-sanitize-volumes value) ;; '(("/mnt/dir" . "/dir") "/run/current-system/profile:/java") (oci-sanitize-mixed-list "volumes" value ":")) +(define (oci-sanitize-extra-arguments value) + (define (valid? member) + (or (string? member) + (gexp? member) + (file-like? member))) + (map + (lambda (el) + (if (valid? el) + el + (raise + (formatted-message + (G_ "extra arguments may only be strings, gexps or file-like objects +but ~a was found") el)))) + value)) + (define-maybe/no-serialization string) (define-configuration/no-serialization oci-container-configuration @@ -314,15 +332,16 @@ (define-configuration/no-serialization oci-container-configuration "Overwrite the default entrypoint (@code{ENTRYPOINT}) of the image.") (environment (list '()) - "Set environment variables. This can be a list of pairs or strings, even -mixed: + "Set environment variables inside the container. This can be a list of pairs +or strings, even mixed: @lisp (list '(\"LANGUAGE\" . \"eo:ca:eu\") \"JAVA_HOME=/opt/java\") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. Strings are passed +directly to the Docker CLI. You can refer to the @url{https://docs.docker.com/engine/reference/commandline/run/#env,upstream} documentation for semantics." (sanitizer oci-sanitize-environment)) @@ -347,7 +366,8 @@ (define-configuration/no-serialization oci-container-configuration \"10443:443\") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. Strings are passed +directly to the Docker CLI. You can refer to the @url{https://docs.docker.com/engine/reference/commandline/run/#publish,upstream} documentation for semantics." (sanitizer oci-sanitize-ports)) @@ -361,7 +381,8 @@ (define-configuration/no-serialization oci-container-configuration \"/gnu/store:/gnu/store\") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. Strings are passed +directly to the Docker CLI. You can refer to the @url{https://docs.docker.com/engine/reference/commandline/run/#volume,upstream} documentation for semantics." (sanitizer oci-sanitize-volumes)) @@ -375,7 +396,12 @@ (define-configuration/no-serialization oci-container-configuration "Set the current working for the spawned Shepherd service. You can refer to the @url{https://docs.docker.com/engine/reference/run/#workdir,upstream} -documentation for semantics.")) +documentation for semantics.") + (extra-arguments + (list '()) + "A list of strings, gexps or file-like objects that will be directly passed +to the @command{docker run} invokation." + (sanitizer oci-sanitize-extra-arguments))) (define oci-container-configuration->options (lambda (config) @@ -428,7 +454,9 @@ (define (oci-container-shepherd-service config) (provision (oci-container-configuration-provision config)) (image (oci-container-configuration-image config)) (options (oci-container-configuration->options config)) - (name (guess-name provision image))) + (name (guess-name provision image)) + (extra-arguments + (oci-container-configuration-extra-arguments config))) (shepherd-service (provision `(,(string->symbol name))) (requirement '(dockerd user-processes)) @@ -441,7 +469,7 @@ (define (oci-container-shepherd-service config) ;; docker run [OPTIONS] IMAGE [COMMAND] [ARG...] (list #$docker-command "run" "--rm" "--name" #$name - #$@options #$image #$@command) + #$@options #$@extra-arguments #$image #$@command) #:user #$user #:group #$group)) (stop @@ -482,5 +510,5 @@ (define oci-container-service-type (extend append) (compose concatenate) (description - "This service allows the management of Docker and OCI + "This service allows the management of OCI containers as Shepherd services."))) base-commit: 7d4ae2fca723114fb1df56de33b82177fbc4d0a6 -- 2.41.0