From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
To: "Ludovic Courtès" <ludovic.courtes@inria.fr>
Cc: bug-Guix@gnu.org
Subject: bug#37162: ‘guix pack -f docker’ creates an image without /etc/passwd
Date: Mon, 26 Aug 2019 06:32:41 +0900 [thread overview]
Message-ID: <87a7bxexs6.fsf@gmail.com> (raw)
In-Reply-To: <87r25c3p0e.fsf@inria.fr> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22\?\= \=\?utf-8\?Q\?'s\?\= message of "Fri, 23 Aug 2019 17:00:49 +0200")
Hi Ludovic,
Ludovic Courtès <ludovic.courtes@inria.fr> writes:
> ‘guix pack -f docker’ currently creates an image without
> /etc/{passwd,group,shadow}.
>
> It’s OK most of the time, but again it looks like a gratuitous annoyance
> for those cases where having them around matters (that’s also the reason
> why guix-daemon creates them.)
Would that include the files required for PAM authentication to work
correctly? I remember struggling with this use case: using the Docker
image with CQFD wrapper, which must be able to create a user and
sudo'ing (or 'su') to it in the docker container. I had started
populating base files such as shadow, passwd, etc. but when confronted
with the PAM configuration (which sudo was complaining about), it
appeared intimidating. I then decided to modify my operating system
declaration so that it'd contain the required Shepherd services that
populate /etc, and devise a hack to call
'/var/guix/profiles/system/boot' when the container would start.
The minimal system configuration (+ python stuff, which was the
requirement) I came up with was:
--8<---------------cut here---------------end--------------->8---
;; This is an operating system configuration template for a bare-bone,
;; containerization-friendly setup, with no X11 display server and
;; no Guix daemon / client.
(use-modules (gnu)
(gnu packages bash)
(gnu packages python)
(gnu packages python-xyz)
(gnu packages xml)
(guix packages))
(operating-system
(host-name "robot-framework")
(timezone "America/Montreal")
;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the
;; target hard disk, and "my-root" is the label of the target
;; root file system.
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(target "/dev/sda")))
(file-systems (cons (file-system
(device (file-system-label "my-root"))
(mount-point "/")
(type "ext4"))
%base-file-systems))
(users (cons (user-account
(name "builder")
(group "users")
(supplementary-groups '("wheel"))
(home-directory "/home/builder"))
%base-user-accounts))
;; Globally-installed packages.
(packages (cons* python-wrapper
(list python "tk")
python-robotframework
python-robotframework-sshlibrary
python-robotframework-lint
python-xmltodict
%base-packages))
(services (list
;; Enable #!/bin/sh and #!/bin/bash shebangs.
(service special-files-service-type
`(("/bin/bash" ,(file-append (canonical-package bash)
"/bin/bash"))))
(service special-files-service-type
`(("/bin/sh" ,(file-append (canonical-package bash)
"/bin/sh"))))
;; The following is a very small subset extracted of
;; %base-services.
(service login-service-type)
(service udev-service-type (udev-configuration))
(syslog-service)))
;; When using sudo, by default some environment variables such as
;; PYTHONPATH are dropped. Make it so that any environment
;; variables are honored. This is important so that the Guix system
;; profile can work correctly for any user.
(sudoers-file (plain-file "sudoers" "\
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
Defaults !env_reset,!env_delete\n")))
--8<---------------cut here---------------end--------------->8---
Maxim
next prev parent reply other threads:[~2019-08-25 12:34 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-23 15:00 bug#37162: ‘guix pack -f docker’ creates an image without /etc/passwd Ludovic Courtès
2019-08-23 20:16 ` Ricardo Wurmus
2019-08-25 21:32 ` Maxim Cournoyer [this message]
2019-08-25 16:28 ` Ricardo Wurmus
2019-08-26 9:19 ` Maxim Cournoyer
2019-08-26 7:37 ` Ludovic Courtès
2019-08-26 11:39 ` Ricardo Wurmus
2019-08-31 15:02 ` Maxim Cournoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a7bxexs6.fsf@gmail.com \
--to=maxim.cournoyer@gmail.com \
--cc=bug-Guix@gnu.org \
--cc=ludovic.courtes@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.