Installing software inside containers

Installing software inside containers

[Caleb Herbert]

Hi Guix,

I can't install software inside a Guix System container.  I need this to 
use Guix Home inside a container.

$ guix install hello
guix install: error: remounting /gnu/store writable: Operation not permitted

Do I need to --share=/gnu/store?

I tried sharing a blank ./gnu directory, but it complained that there 
were no programs to run the system.

(Is sharing the host's /gnu/store with a container safe?)

I created the container with

         guix system container --network --share=home container.scm

Also, how do I map arbitrary directories?  With Podman, I would do

	/home/$USER/.container/home/user:/home/user

Thanks,

Caleb

Re: Installing software inside containers

[Wojtek Kosior via]

[-- Attachment #1: Type: text/plain, Size: 1682 bytes --]

Hi Caleb, nice to meet folks from Trisquel forum here :)

> Also, how do I map arbitrary directories?  With Podman, I would do
> 
> 	/home/$USER/.container/home/user:/home/user

You can pass `--share="/home/$USER/.container/home/user"=/home/user` :)

I can't help much with nesting Guix in a system container, tho — I'd
myself like to know if it is supported. I merely recall it's possible
with `guix shell -C` container. But a simple shell won't do in all
cases, I know

Wojtek

-- (sig_start)
website: https://koszko.org/koszko.html
fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A
follow me on Fediverse: https://friendica.me/profile/koszko/profile

♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
-- (sig_end)


On Sun, 26 Nov 2023 15:42:28 -0600 Caleb Herbert <csh@bluehome.net> wrote:

> Hi Guix,
> 
> I can't install software inside a Guix System container.  I need this to 
> use Guix Home inside a container.
> 
> $ guix install hello
> guix install: error: remounting /gnu/store writable: Operation not permitted
> 
> Do I need to --share=/gnu/store?
> 
> I tried sharing a blank ./gnu directory, but it complained that there 
> were no programs to run the system.
> 
> (Is sharing the host's /gnu/store with a container safe?)
> 
> I created the container with
> 
>          guix system container --network --share=home container.scm
> 
> Also, how do I map arbitrary directories?  With Podman, I would do
> 
> 	/home/$USER/.container/home/user:/home/user
> 
> Thanks,
> 
> Caleb
> 

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 228 bytes --]

Re: Installing software inside containers

[Edouard Klein]

Hi !

If you create you containers with guix shell, you can use the --nesting
option, or alternatively, use:

guix shell --container --network --expose=/gnu/ --share=/var/guix/ guix

Maybe similar options with a 'guix system'-generated container would
work.

Alternatively, if your own guix has a non standard configuration, you
can create a profile from outside the container:

guix install --profile=/whatevs some-software

and then, from inside the container, use guix shell --profile=/whatevs

it will make the software available, even if the container's guix has no
knowledge of it.

Cheers,

Edouard.


Wojtek Kosior via <help-guix@gnu.org> writes:

> [[PGP Signed Part:Undecided]]
> Hi Caleb, nice to meet folks from Trisquel forum here :)
>
>> Also, how do I map arbitrary directories?  With Podman, I would do
>>
>> 	/home/$USER/.container/home/user:/home/user
>
> You can pass `--share="/home/$USER/.container/home/user"=/home/user` :)
>
> I can't help much with nesting Guix in a system container, tho — I'd
> myself like to know if it is supported. I merely recall it's possible
> with `guix shell -C` container. But a simple shell won't do in all
> cases, I know
>
> Wojtek
>
> -- (sig_start)
> website: https://koszko.org/koszko.html
> fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A
> follow me on Fediverse: https://friendica.me/profile/koszko/profile
>
> ♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
> ✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
> -- (sig_end)
>
>
> On Sun, 26 Nov 2023 15:42:28 -0600 Caleb Herbert <csh@bluehome.net> wrote:
>
>> Hi Guix,
>>
>> I can't install software inside a Guix System container.  I need this to
>> use Guix Home inside a container.
>>
>> $ guix install hello
>> guix install: error: remounting /gnu/store writable: Operation not permitted
>>
>> Do I need to --share=/gnu/store?
>>
>> I tried sharing a blank ./gnu directory, but it complained that there
>> were no programs to run the system.
>>
>> (Is sharing the host's /gnu/store with a container safe?)
>>
>> I created the container with
>>
>>          guix system container --network --share=home container.scm
>>
>> Also, how do I map arbitrary directories?  With Podman, I would do
>>
>> 	/home/$USER/.container/home/user:/home/user
>>
>> Thanks,
>>
>> Caleb
>>
>
> [[End of PGP Signed Part]]

Re: Installing software inside containers

[Edouard Klein]

Wojtek, Caleb, I found the solution :) !!!

So, if you share /var/guix with a guix system container, you'll have two
guix daemons trying to mess with the socket, and that's not good (it
even breaks the host's daemon, which has to be restarted).

It works for guix shell --container, because it does not spawn a guix daemon.

So for this to work in a guix system container, you need to:
- remove guix-service-type from the %base-services,
- add guix as a package otherwise the guix command won't be there,
- share /var/guix with the host (whose daemon will actually do the job).

Here is the code, using beaverlabs' channel functional syntax (otherwise
it's a matter of modify-services 'delete etc.):

------------mwe.scm-----
(use-modules
 (beaver system)
 (beaver functional-services)
 (gnu services base)
 (gnu packages version-control))

(define very-minimal-container
  (-> minimal-container
      (remove-service guix)
      (package guix)))

very-minimal-container

----------------------


Then run:
sudo $(guix system container --network --share=/var/guix mwe.scm)

And in the shell you're dropped into, you can run guix shell or guix
install hello, for example.

I hope this solves your problem. It solved mine: I had a quite complex
OS configuration to try out before deploying it on a VPS, and running
VMs is cumbersome a requires a lot of disk space. The OS configuration I
want to try implies running containers inside of containers, now it is
possible :)

Cheers,

Edouard.


Edouard Klein <edou@rdklein.fr> writes:

> Hi !
>
> If you create you containers with guix shell, you can use the --nesting
> option, or alternatively, use:
>
> guix shell --container --network --expose=/gnu/ --share=/var/guix/ guix
>
> Maybe similar options with a 'guix system'-generated container would
> work.
>
> Alternatively, if your own guix has a non standard configuration, you
> can create a profile from outside the container:
>
> guix install --profile=/whatevs some-software
>
> and then, from inside the container, use guix shell --profile=/whatevs
>
> it will make the software available, even if the container's guix has no
> knowledge of it.
>
> Cheers,
>
> Edouard.
>
>
> Wojtek Kosior via <help-guix@gnu.org> writes:
>
>> [[PGP Signed Part:Undecided]]
>> Hi Caleb, nice to meet folks from Trisquel forum here :)
>>
>>> Also, how do I map arbitrary directories?  With Podman, I would do
>>>
>>> 	/home/$USER/.container/home/user:/home/user
>>
>> You can pass `--share="/home/$USER/.container/home/user"=/home/user` :)
>>
>> I can't help much with nesting Guix in a system container, tho — I'd
>> myself like to know if it is supported. I merely recall it's possible
>> with `guix shell -C` container. But a simple shell won't do in all
>> cases, I know
>>
>> Wojtek
>>
>> -- (sig_start)
>> website: https://koszko.org/koszko.html
>> fingerprint: E972 7060 E3C5 637C 8A4F  4B42 4BC5 221C 5A79 FD1A
>> follow me on Fediverse: https://friendica.me/profile/koszko/profile
>>
>> ♥ R29kIGlzIHRoZXJlIGFuZCBsb3ZlcyBtZQ== | ÷ c2luIHNlcGFyYXRlZCBtZSBmcm9tIEhpbQ==
>> ✝ YnV0IEplc3VzIGRpZWQgdG8gc2F2ZSBtZQ== | ? U2hhbGwgSSBiZWNvbWUgSGlzIGZyaWVuZD8=
>> -- (sig_end)
>>
>>
>> On Sun, 26 Nov 2023 15:42:28 -0600 Caleb Herbert <csh@bluehome.net> wrote:
>>
>>> Hi Guix,
>>>
>>> I can't install software inside a Guix System container.  I need this to
>>> use Guix Home inside a container.
>>>
>>> $ guix install hello
>>> guix install: error: remounting /gnu/store writable: Operation not permitted
>>>
>>> Do I need to --share=/gnu/store?
>>>
>>> I tried sharing a blank ./gnu directory, but it complained that there
>>> were no programs to run the system.
>>>
>>> (Is sharing the host's /gnu/store with a container safe?)
>>>
>>> I created the container with
>>>
>>>          guix system container --network --share=home container.scm
>>>
>>> Also, how do I map arbitrary directories?  With Podman, I would do
>>>
>>> 	/home/$USER/.container/home/user:/home/user
>>>
>>> Thanks,
>>>
>>> Caleb
>>>
>>
>> [[End of PGP Signed Part]]

Re: Installing software inside containers

[Caleb Herbert]

[-- Attachment #1: Type: text/plain, Size: 291 bytes --]

Edouard Klein <edou@rdklein.fr> writes:

> Wojtek, Caleb, I found the solution :) !!!

Merci beaucoup! :D 

-- 
Caleb Herbert
https://bluehome.net/csh/
OpenPGP fingerprint: 631C C434 A56B 5CBD FF21  2346 9764 3795 FA3E 4BCE
What's a fingerprint? https://emailselfdefense.fsf.org/

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 682 bytes --]