From mboxrd@z Thu Jan  1 00:00:00 1970
From: Vagrant Cascadian <vagrant@debian.org>
Subject: bug#36117: qemu-binfmt with non-native chroot
Date: Fri, 07 Jun 2019 23:03:00 -0700
Message-ID: <87zhmsy5pn.fsf@yucca>
References: <87r286zjhu.fsf@yucca> <87blz9ft3j.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:36721)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hZUSR-0007ww-Gz
 for bug-guix@gnu.org; Sat, 08 Jun 2019 02:04:05 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hZUSQ-0008HS-8f
 for bug-guix@gnu.org; Sat, 08 Jun 2019 02:04:03 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:39197)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1hZUSP-0008H8-Sb
 for bug-guix@gnu.org; Sat, 08 Jun 2019 02:04:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hZUSP-0002ho-L6
 for bug-guix@gnu.org; Sat, 08 Jun 2019 02:04:01 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.36117.B36117.155997379410345@debbugs.gnu.org>
In-Reply-To: <87blz9ft3j.fsf@gnu.org>
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Cc: 36117@debbugs.gnu.org

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 2019-06-07, Ludovic Court=C3=A8s wrote:
> Vagrant Cascadian <vagrant@debian.org> skribis:
>> On Guix there are no flags set, and the binary used is a dynamically
>> linked executable:
>>
>>   $ cat /proc/sys/fs/binfmt_misc/qemu-aarch64
>>   enabled
>>   interpreter
>>   /gnu/store/sw2rrqmjij73wcy3ajd47ypvmzh12yz6-qemu-3.1.0/bin/qemu-aarch64
>>   flags:
>>   offset 0
>>   magic 7f454c460201010000000000000000000200b700
>>   mask ffffffffffffff00fffffffffffffffffeffffff
>>
>>
>> So there are (at least) two things needed to make this work on Guix:
>>
>> * A way to set the flags on qemu-binfmt-service-type.
>>
>> * A static build of qemu-user targets
>>
>> * A way to set which qemu to use for qemu-binfmt-service-type.
>>
>> The *three* things are...
>>
>>
>> With this working correctly foreign-architecture chroots would become
>> trivial:
>>
>>   # on an amd64 host:
>>   $ debootstrap --arch=3Darm64 buster buster-chroot http://deb.debian.or=
g/debian
>>   ...
>>   $ chroot buster-chroot /bin/bash
>>
>>
>> Enabling qemu-binfmt-service-type to operate in this way would obviate
>> the need for the "guix-support?" qemu-binfmt-configuration option, as
>> you could simply assemble the build environment without having to
>> include all of qemu's dependencies in the container.
>>
>> It's a pretty magical feature.
>
> True!  Though adding all the dependencies of QEMU in the chroot the way
> =E2=80=98guix-support?=E2=80=99 does it turns out to be pretty magical to=
o ;-), because
> we can precisely list those dependencies and include nothing but these
> dependencies in the chroot=E2=80=94something that cannot be done on an FHS
> system.

Indeed!


> As an quick workaround, perhaps you could bind-mount all the entries of:
>
>   guix gc -R $(guix build qemu)
>
> in your Debian chroot?

I tried an even lazier experiment, bind-mounting all of /gnu into the
new chroot directory before running debootstrap, and it worked!


That said, it's still a manual step (mounting /gnu or /gnu/store/qemu*)
required to do something that could otherwise be handled transparently
with a static build of qemu and adjusting the binfmt_misc flags... so if
permitted to dream, I still think that would be a nice option to have
available. :)


Another interesting angle is that including qemu and all of qemu's
dependencies in a guix build environment is that qemu or one of it's
dependencies might actually get used during the build... even if not
explicitly included in one of the inputs or one of the build systems. So
maybe the case can be made that the qemu-static build from executed from
the host system is cleaner than copying all of qemu and dependencies
into the build environment...


> (Speaking of which=E2=80=A6 it would be great to have a Debian API in Gui=
x, where
> you could write, say:
>
>   (debian-build #~(system (string-append "/bin/uname > "
>                                          #$output)))
>
> Food for thought=E2=80=A6)

Not quite sure of what you're going for, but perhaps best to have that
conversation elsewhere.


live well,
  vagrant

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCXPtPlQAKCRDcUY/If5cW
qn5XAP9vawKbpFGZ7nQebyNRJAEii1KsHrCQiX0Igxm0OFSQPgEAq8tC5bzbmerU
EVf/BVGnkypsbR67QuBLPgw5VHpeEwI=
=7eK6
-----END PGP SIGNATURE-----
--=-=-=--