From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id kA2nMy1Fy2Ve2QAAqHPOHw:P1 (envelope-from ) for ; Tue, 13 Feb 2024 11:32:14 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id kA2nMy1Fy2Ve2QAAqHPOHw (envelope-from ) for ; Tue, 13 Feb 2024 11:32:13 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=inria.fr header.s=dc header.b=YFNu0buw; dmarc=pass (policy=none) header.from=inria.fr; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1707820333; a=rsa-sha256; cv=none; b=X45YEXAwm7WtdZRJdCtWZRjXWN4BcsQuz/R/tLi45MGxqmBtjbEbVCBYA5t16v1Tf+p8+h 0DN1JRPnd5Vr3lYInz+0yXUN6JAtElWdKQBs/GaFxNWm+mvIOZiVCwvx3ooekDmqm4G46I MxkGt/dBSFDs7mhSAQvCu1NY4yE8HpTDbQ5Gfdo367oVS6vQuklLNNQAOliP5hNqCclFeu gsbkany5js8SMZd+QZk/+vi6EuUBf2650uwXQ4LNCQUf3+NVRCzdhixGK/gsOJ/a+B/SYr uX3poAEY3WEt1rrw+R+Glquv9tSUA4Gm7M7yid9m6pQ0iI/Byizc6RyWS1A7Dg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=inria.fr header.s=dc header.b=YFNu0buw; dmarc=pass (policy=none) header.from=inria.fr; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1707820333; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=h5TAENON7YhZpnWdbEgiDBox5gyHnXJz3K34zoVbqps=; b=s0SPoVPmVgaWJb+ENsSnaX9fADG2udT9Bnb0Cj3GmjiY0se+7L0/IeRS6pmCtfKoxfy+07 d2J/fKu6qfBcvJmCr0qoFT+2/twkGcM8IhlfGplce+bw7ZmfkHFIIH4nvCWVZ4FpYf1J0V T5yN/gF7wnDfiPESUFCYSRDSwDLv/TUKkQ2UuccdvtDYqZupxAc7QLHVjepgsrxfxfF+v3 iZhYlH+EN5AI+E0gG+OtNR/UroqnyUAB1RskUrp0NuzpFhZPm5b1/BOaWzwuBB0NGv7dvR 4YoJ1paD9n8fO1vaCihhYR1ReN7TgxCEx/ZQK1xjK+76u0HPxge48XAE7s3vEA== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C0B79778A9 for ; Tue, 13 Feb 2024 11:32:13 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rZq4g-0000sZ-Qh; Tue, 13 Feb 2024 05:31:38 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rZq4e-0000sD-Hc for help-guix@gnu.org; Tue, 13 Feb 2024 05:31:37 -0500 Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rZq4b-0000e3-WA for help-guix@gnu.org; Tue, 13 Feb 2024 05:31:36 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc; h=from:to:subject:date:message-id:mime-version: content-transfer-encoding; bh=h5TAENON7YhZpnWdbEgiDBox5gyHnXJz3K34zoVbqps=; b=YFNu0buwEx59xfqhzfkaT5RgsXTwV99sZujjXig+4ee1k1WMe6cS2o3W z66XOXmG8oKfqqnvxZqiWppspsYPO0Hjw3xw0RNsQMxgBK4R9lsYA+O9q ijnpq8Iu6xVMSA736FY4Ox4ydQ1YZ+LTVRpgA2rRvEvGskKmQAPKr2nhw 0=; X-IronPort-AV: E=Sophos;i="6.06,156,1705359600"; d="scan'208";a="79470184" Received: from unknown (HELO ribbon) ([193.50.110.205]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 13 Feb 2024 11:31:28 +0100 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: help-guix@gnu.org Subject: Building a Docker image for GitLab-CI X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Quintidi 25 =?utf-8?Q?Pluvi=C3=B4se?= an 232 de la =?utf-8?Q?R=C3=A9volution=2C?= jour du =?utf-8?Q?Li=C3=A8vre?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Tue, 13 Feb 2024 11:31:28 +0100 Message-ID: <87bk8kbqpr.fsf@inria.fr> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=192.134.164.104; envelope-from=ludovic.courtes@inria.fr; helo=mail3-relais-sop.national.inria.fr X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Scanner: mx10.migadu.com X-Spam-Score: -9.47 X-Migadu-Queue-Id: C0B79778A9 X-Migadu-Spam-Score: -9.47 X-TUID: DKjBFM4znPGT Hello Guix! Has anyone succeeded in building a Docker image suitable for use in GitLab-CI? I haven=E2=80=99t. Here=E2=80=99s what I tried. Initially, I built an image with =E2=80=98guix system image -t docker =E2= =80=A6=E2=80=99 but that doesn=E2=80=99t work because then the image=E2=80=99s =E2=80=9Centry p= oint=E2=80=9D is shepherd, but shepherd never returns. Thus, GitLab-CI would spawn the image and eventually time out. So I tried this instead: guix pack guix bash-minimal coreutils-minimal grep net-base \ --save-provenance -S /bin=3Dbin -S /share=3Dshare -S /etc=3Detc \ -f docker --max-layers=3D100 =E2=80=A6 with =E2=80=98.gitlab-ci.yml=E2=80=99 doing something like this: --8<---------------cut here---------------start------------->8--- build: image: registry.gitlab.inria.fr/=E2=80=A6 tags: ["ci.inria.fr", "linux"] before_script: - echo "nameserver 10.0.2.3 # XXX" > /etc/resolv.conf - guix archive --authorize < /share/guix/ci.guix.gnu.org.pub - guix archive --authorize < /share/guix/bordeaux.guix.gnu.org.pub - guix-daemon --disable-chroot & script: - guix shell -m manifest.scm -- rubber --pdf article.tex artifacts: paths: - article.pdf --8<---------------cut here---------------end--------------->8--- Problem is, name resolution appears to fail in the container image; the =E2=80=98resolv.conf=E2=80=99 trick was a crude attempt to work around it, = but it failed. I guess the problem is that I don=E2=80=99t know how GitLab-CI or Docker is supposed to set up networking inside those containers. Thoughts? Neat tip to upload your Guix-built image to a registry: use Skopeo. guix shell skopeo -- skopeo login registry.gitlab.inria.fr guix shell skopeo -- skopeo copy \ docker-archive:///gnu/store/=E2=80=A6-docker-image.tar.gz \ docker://registry.gitlab.inria.fr/=E2=80=A6 \ --insecure-policy (=E2=80=9CInsecure policy=E2=80=9D, what could possibly go wrong?) Ludo=E2=80=99.