From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id SNHiK/1lNWJZcgAAgWs5BA (envelope-from ) for ; Sat, 19 Mar 2022 06:11:25 +0100 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id uL6WJP1lNWJAfAEAG6o9tA (envelope-from ) for ; Sat, 19 Mar 2022 06:11:25 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 064C92D9E1 for ; Sat, 19 Mar 2022 06:11:24 +0100 (CET) Received: from localhost ([::1]:34716 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nVRN5-0002Ze-5k for larch@yhetil.org; Sat, 19 Mar 2022 01:11:23 -0400 Received: from eggs.gnu.org ([209.51.188.92]:34084) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nVRMk-0002ZS-U9 for guix-patches@gnu.org; Sat, 19 Mar 2022 01:11:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:36737) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nVRMk-0004BV-4v for guix-patches@gnu.org; Sat, 19 Mar 2022 01:11:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1nVRMj-0002ms-Qh for guix-patches@gnu.org; Sat, 19 Mar 2022 01:11:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54377] [PATCH 3/3] guix home: Add 'container' command. Resent-From: Andrew Tropin Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 19 Mar 2022 05:11:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54377 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 54377@debbugs.gnu.org Received: via spool by 54377-submit@debbugs.gnu.org id=B54377.164766661210648 (code B ref 54377); Sat, 19 Mar 2022 05:11:01 +0000 Received: (at 54377) by debbugs.gnu.org; 19 Mar 2022 05:10:12 +0000 Received: from localhost ([127.0.0.1]:58867 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nVRLw-0002lg-1x for submit@debbugs.gnu.org; Sat, 19 Mar 2022 01:10:12 -0400 Received: from mail-lj1-f175.google.com ([209.85.208.175]:37747) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nVRLu-0002lM-H2 for 54377@debbugs.gnu.org; Sat, 19 Mar 2022 01:10:11 -0400 Received: by mail-lj1-f175.google.com with SMTP id r22so13642688ljd.4 for <54377@debbugs.gnu.org>; Fri, 18 Mar 2022 22:10:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=trop-in.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version; bh=JY9bniycizL41DJp7PaQqjjKSWgVdaAs6FjGXYTMJzU=; b=c4smzdI6DPVGTivpWoNmolFoJYzapb4mQ0Twk2vVN6KytJqVzVprpbhvLe8S5XgujQ kU9lAScECclqXUENl4KUsBpqaRVlyNVeoJMhyhWOeRaPEKBff6hpEfGPfW22xz5S/BpK XsoySH5b4l2Gc19yCVO+dWJpCOLD0mfDsTJZxQ7DLFsmet4GoDey2ulPhcq+CcjOpH/u SMqinReCcDYfAx/Tgy0csAQqW+WylM8y/oz8PDLR6T+odKGA6BxD6JxCsQN5i0ouha1m 6Di/A++nnvpNWUwuPZ7TUy/gkXL44w7b2vUxl+CBxrQua9lKov1aieIxaX7R93GpvkM6 sZtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=JY9bniycizL41DJp7PaQqjjKSWgVdaAs6FjGXYTMJzU=; b=kj66XAtR8XOTj245rUMCp1e5/gEnjZBPd+9gWwVaSR87MFSyAW/H5z6zL7FUELw3I+ 0XAG9u3Cl5qNsZiIeZtDsijZui0QvcXXoEHsMt8bl/6qIS8Htfl1AAZWxn8CCtWPNdkt iksMjGfy+MV7ZbzyYenCBiZcHWH6RxG4DnfpdjYHizWj946nu2z+Nw4mjAkhRiFOitOG AYj125IuqJYOx1Kz8M8DFIm4AEuJ/6AzXBsJNgXpyfOwtejZU4fP+ngoaRj/Z2rlr1Vl EuvY1UaDkkA8fSRTD/ZH29skTU1KdKSYiPl9K3l0HBqc0M1BbVe6tYL4JYCSB1yz/pxG yr9A== X-Gm-Message-State: AOAM530+epYLK1KiNcJdO9uK33LVeMm6JLU3nlRbAyqCtlNFiZS7qIj0 2jqdmL7j+kb1vF6wSitFcCmObYugSNOK0ETg X-Google-Smtp-Source: ABdhPJwA75Olv9PI7Kl5/sc1C9h2VT/lC6dMu6l/TFaU4DJAbLKzgW4E5yqiKjYdiDdWLrXH6180OA== X-Received: by 2002:a05:651c:2118:b0:249:20cb:a42 with SMTP id a24-20020a05651c211800b0024920cb0a42mr8339913ljq.157.1647666604000; Fri, 18 Mar 2022 22:10:04 -0700 (PDT) Received: from localhost (109-252-132-136.dynamic.spd-mgts.ru. [109.252.132.136]) by smtp.gmail.com with ESMTPSA id h23-20020a2ea497000000b002460e565ed6sm1338912lji.62.2022.03.18.22.10.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 18 Mar 2022 22:10:03 -0700 (PDT) From: Andrew Tropin In-Reply-To: <87v8wbqto9.fsf@gnu.org> References: <20220313215454.9576-1-ludo@gnu.org> <20220313215454.9576-3-ludo@gnu.org> <87y219hzau.fsf@trop.in> <87v8wbqto9.fsf@gnu.org> Date: Sat, 19 Mar 2022 08:09:59 +0300 Message-ID: <87y216h6jc.fsf@trop.in> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1647666685; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=JY9bniycizL41DJp7PaQqjjKSWgVdaAs6FjGXYTMJzU=; b=c0TABNa68gatZhwT/DtFEBXaqOjgEM5aTPX7YWGdO6SeI/QTBIKJO0+/zUFXCB5ckl1y39 yFQTLP63naOwkkMjQ0z0AtKWUseZlcQM31//4STCI5FfZBrujJakODSYOgxhPet2XSAWZA h1ZaivbvRIVizIWkJ7sY7UjclnfmVsLw5hIIAkPy5ocjilmxZKXjTt1WGwgMAkrIf/CVOr cSzXFGROwKUhzrHMYwpxx05IxoyBq+hbJptf+yxuMJWbqSSU3OHDFuN06bKJqtZvWpd+Za DvyLlba4p5V5Nz3N5imGTZ4NZczmoDKZ4Vb/2kBAj3xZ1NhFc13dXcBkgD0Ljg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1647666685; a=rsa-sha256; cv=none; b=Z9lhO8nBg4b+6yAL7G+NZxLlZ1ZRAGu+mKy0QMIotQ8lwOqI/aaC3qGpxvPXHeuD0454iY j0AbHSJvHSsNBxaU/h9nnWbQLZzzKr9toj97hVMyAFfp76aRTJjoV4nJJQwAl2OPA2PQ9c xslYZ7w95JiEkpbzkRAmxZaM5iAl30UYfuOaSFKER+/8rkwtALEMvTv1AO//IMpL9JWNO0 sW1HPglS55k4PVALeaWrQ2Y/wjbQ8EDHAFl3p7264znbZV5exHamW9sCzzlGfuHbzkTaVM /Nl9xBOxn7A9zQCQnxf0eEKp4I8+O6f0QPKSteob1tqkVUZqDo7Rqev669uo7Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=trop-in.20210112.gappssmtp.com header.s=20210112 header.b=c4smzdI6; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -2.14 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=trop-in.20210112.gappssmtp.com header.s=20210112 header.b=c4smzdI6; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 064C92D9E1 X-Spam-Score: -2.14 X-Migadu-Scanner: scn0.migadu.com X-TUID: zVvTZ4jrj7h7 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2022-03-18 14:25, Ludovic Court=C3=A8s wrote: > Hi Andrew, > > Andrew Tropin skribis: > >>> +For example, this is how you would start an interactive shell in a >> >> s/interactive/login ? >> >> or interactive login shell > > Yeah. I thought that as a user, what matters is that it=E2=80=99s intera= ctive; > the fact that it=E2=80=99s a =E2=80=9Clogin shell=E2=80=9D is more of an = implementation detail, > and too few people understand what that means anyway. :-) > > [...] > >>> +Additionally, you can run a command in that container, instead of >>> +spawning an interactive shell. For instance, here is how you would >> >> In fact the sentence is correct, but gives a feeling that the shell >> won't be executed at all. Don't know if we need to change it somehow. > > I agree that the sentence is an approximation of how it does things, but > hopefully it gives a good idea of what it. > >>> + (display (G_ " >>> + -N, --network allow containers to access the network")) >> >> Is plural form intended? > > (Copied from environment.scm.) I think it=E2=80=99s grammatically OK. > >>> +(define (user-shell) >>> + (match (and=3D> (or (getenv "SHELL") >> >> Be aware that in some cases $SHELL can differ from the value in >> /etc/passwd. For example I set SHELL to the full path to zsh and all >> interactive non-login shells are zsh for me, but my login shell is bash. > > Agreed, that=E2=80=99s why I thought $SHELL should take precedence. (I u= sed > =E2=80=9CSHELL=3Dzsh guix home container =E2=80=A6=E2=80=9D and similar t= o test other shells.) > IIRC, $SHELL must contain a full path https://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap08.html If we want to control a shell type inside container it probably should be a different variable, like GUIX_CONTAINER_SHELL=3Dzsh. >>> + (passwd:shell (getpwuid (getuid)))) >>> + basename) >>> + ("zsh" (file-append zsh "/bin/zsh")) >>> + ("fish" (file-append fish "/bin/fish")) >>> + ("gash" (file-append gash "/bin/gash")) >>> + (_ (file-append bash "/bin/bash")))) >> >> Why we use hardcoded shell packages? > > For reproducibility. > > Initially I thought about using the actual $SHELL (as long as it=E2=80=99= s in > the store). However, that would make =E2=80=98guix home container=E2=80= =99 stateful: > it=E2=80=99d provide different results depending on the environment. > > I thought we=E2=80=99d rather avoid that. > What I meant by previous comment: to match a real state of the things it's better to use a shell from /etc/passwd, because it will be launched on user login and will read env vars and run all the following processes, but to make it more reproducible and independent from system state I think we always have to use hardcoded bash and inside the container inspect the value of $SHELL set by login shell (hardcoded bash) and spawn new shell if $SHELL is NOT empty. >> 1. The will be built in case user use a zsh-patched for example. > > That=E2=80=99s the downside, yes. > > I don=E2=80=99t have a good answer to that. I guess I value reproducibil= ity > more than customization in this case. > > Perhaps we could eventually add a =E2=80=98--shell=E2=80=99 option or sim= ilar if that > helps, though. WDYT? > I don't think we need such customization. User can spawn nested shell himself from home profile by `-- zsh` or if we inspect $SHELL and use it value inside container it will be spawned automatically. >>> + (when term >>> + ;; Preserve TERM for proper interactive use. >>> + (setenv "TERM" term)) >> >> Just a note: the shell can missbehave if terminfo files for current TERM >> isn't present in the container (for example terminal package was removed >> from home profile). Idk how to properly cover this, but just letting >> you know. We can use TERM=3Ddumb, but I'm not sure if it worth it. > > Good point. In my tests preserving TERM was good enough for > Bash/Readline, Zsh, and less (all from an xterm). I suppose problems > could happen with fancy curses apps and the like. > >> Very cool feature! Looking forward to add it to my workflow.=20 > > Glad you like it! It makes it easier to test new features or services, > much like using =E2=80=98guix system vm=E2=80=99 when testing Guix System= changes. > > Thanks for taking the time to review! Sure!) =2D-=20 Best regards, Andrew Tropin --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJDBAEBCgAtFiEEKEGaxlA4dEDH6S/6IgjSCVjB3rAFAmI1ZagPHGFuZHJld0B0 cm9wLmluAAoJECII0glYwd6w07UQAItt0NuJH4CeAfpfd3GgUKgXmP2MtyIO/JxG 6S1GAlC4SqvVXlujmgl+2BUSfKGcxtYiWVROWoxbYXOMoTZtm3lK0+HDPbocmELD pvUV7m1eCCsIzRsp4hfDng4k0zNQHcXJXGq4fJhgJ/mD5sWaiGb4+uYPyXJ6o1a/ 1kjX5DhmB+kPm78pagoMUW4s3xAHATXg9mdjSVUgke2Vn7F2REAdPoA79AoV9Uir 7dWQ0FzpHeIiA/+Fmb23cRkmIieBjR3YpgPlE1dM1h+tZum2MqzIS36UK3Vh64zS Ucv7qKUAHnBvVG/875xe2+4x/6eWVZweRKWCUf34XsIeJYMXE4mldiRtL5hCG8t7 qBdIXvWWVCgH/ZEQ2JI02BuRnjwtgppSFxSetttx646RhBaaydcLLg0NQRJsJp4W gYihYc+EEiMpxjAgehvZTbftl4yv7s7TssdZtXA7ENSQXKS1A4lD8X8uXtrQ0FAz cMy6Ee7R334Fsw7xdgol6QiK0KR5Q0VdMuyoY09YcmYYNpYq78dk46C++lznuCj/ /nh0uoZPghcmZjQtZsLrZuaaJ7L8WvNhdHZWNHuSCAHo8w9ihkbt7uRxb9bg4dbF q/FqOoL4Z5G6/5DcKOxmIP3dpM2+HusMJ63+urXZmOdd+/fgUzQGUjEcLS958Dma 4H3i0goe =ZcaE -----END PGP SIGNATURE----- --=-=-=--