From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id EHzRAey2dWQYNAEASxT56A (envelope-from ) for ; Tue, 30 May 2023 10:42:20 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id AHLnAOy2dWT9swAAG6o9tA (envelope-from ) for ; Tue, 30 May 2023 10:42:20 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 867569484 for ; Tue, 30 May 2023 10:42:19 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q3uvF-0002Ju-0S; Tue, 30 May 2023 04:41:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q3tEF-0004OC-VN for Help-Guix@gnu.org; Tue, 30 May 2023 02:53:14 -0400 Received: from mail-ua1-x929.google.com ([2607:f8b0:4864:20::929]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1q3tEE-0004uO-2Q for Help-Guix@gnu.org; Tue, 30 May 2023 02:53:11 -0400 Received: by mail-ua1-x929.google.com with SMTP id a1e0cc1a2514c-786d74c317eso1140623241.0 for ; Mon, 29 May 2023 23:53:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1685429589; x=1688021589; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=8W88sB8qCU4oOuJJP/WmTAjyYtLVDpPS5RIr9lxqWgI=; b=WFRArohX0IrzOm12sZHWbQwKSW0D84k+5zKC5Ds9PFFnEYQvQl7qwlj9KcRItPK0TW 1TM1YnvT1dXnBJ6tdcz6B9FNIkoaOFjnANmTQGF3t2y3zgUZL8+8YJySjzGnWnE8f9vE zrtjSNJtSS09Mxt8GP5dE5nX+pDDave0EJSzcwH6XuHa113WqTz2mpqUhOfVP7AaQ1d0 HQwduyi6idiQ0D5SL7HLpDIYA9tHLoSZj3gCFXKXq9KrqXHVVzsg1oBGS+sPr1a3I8B+ SdHz1Tumqm/Uw3hysz6LjVwLmltSHtBWFghpFFqocAxdLkBTbEXrKNgu8IcsasPYOwuM 9mjA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1685429589; x=1688021589; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=8W88sB8qCU4oOuJJP/WmTAjyYtLVDpPS5RIr9lxqWgI=; b=KqAc8zrlAQ1QeURF7GaGih/fl6RZxOZw0aYOLercoY+H83HTVd/D1P7n38tnvTOjvJ wG0VQlkyLJKgMoaj7tzHY8fLBR+MWYw9dw6CeAdc7VdMN78zyYA+xIVpJtmhGoWL+FGZ ni0PR8F97FlKOtCrW0NURyYjxyDhzPYJ29G4JcpaGyt+2ym6slMNhxHkcik/zitGL6HJ ryDRpqgxMaRjmS7WDHTAy0GBNsBwVhDLo/tnJwNES/GQzhTBYoYE0pOfEb2fp0g39dmJ YJxUWu4yiRbzBukyE3sMHd4s0kmTTuwE0PsxRID7Zyf8lT3ufuPXJwVef2J/evzGYXl/ SSTQ== X-Gm-Message-State: AC+VfDz0THEvIlFK8jqp7gevdzKWfAIhIzw+WOmA9tOG6zgZTmS84bZA WzGDUAz+S3Pcc3+1g+9IJzXj81JLtbJz+ja3ELA= X-Google-Smtp-Source: ACHHUZ4c7alCfGelQ08Hv2z3vbnKSKDlJXSixbhRpf3fTG0minUZ4+Nlk3CsgeXmdEaExhnK/nOv+pJlmGj/trup0Sc= X-Received: by 2002:a67:ee48:0:b0:439:35d4:1aa1 with SMTP id g8-20020a67ee48000000b0043935d41aa1mr332588vsp.30.1685429588923; Mon, 29 May 2023 23:53:08 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Graham Addis Date: Tue, 30 May 2023 07:52:57 +0100 Message-ID: Subject: Re: guix docker on gitlab-ci To: Graham Addis , Help-Guix@gnu.org Content-Type: text/plain; charset="UTF-8" Received-SPF: pass client-ip=2607:f8b0:4864:20::929; envelope-from=grahamjamesaddis@gmail.com; helo=mail-ua1-x929.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Tue, 30 May 2023 04:41:39 -0400 X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1685436139; a=rsa-sha256; cv=none; b=fGL6nuC15D9RdOoWJ7Frm4l6uTpCsMxE+B81Pqgqq/21BAmbdv0Z38T/V+0FLEt1JFWMGH MuDR3uLqUH5cHAQG0EmhksqQaIICQvhBkOQO7MfnZYk2rzEe+fJCx+phmyf4i2DawXJcy+ hoDvuBsyCvbdW0ZUAZ5AV/hrNxMpaoItDAsQjMdEqVCl3rzi8ydn1Zh15KqIrbcB1XYm2t FAXk00Hmc71JfLcmPmI2HJ2j5CXRYlFqzTvGskHsdrppWrpzt2G7FQgY930h9QcNYq2NaD FQIEUnABGp8R4N/R9DML0Lge1y9zVL1g/ZajwGhzKg6cOtzE8NtiM4qeI5CvEQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20221208 header.b=WFRArohX; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1685436139; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=8W88sB8qCU4oOuJJP/WmTAjyYtLVDpPS5RIr9lxqWgI=; b=a9gCfh3OQKYPyX847rwKXtCq51Ic/Yo59UEwThppYJBEg7htS4YWy7vZzeJnHhkePpwOjc 4SGPx+cLlTJGW0oX4krQ3mn/uGUhO1wSuSqaN0JbNRG1lLksvLdOEYNgvuAblpggsp6ukE cb3hctV29ogZludTYWb+aS3YmBttlEZVUNsOKIzbKJfEcYXy6iYjtmbQcSkoH7Sql/yaW7 8gt9szd1kC8Y/d3UG+DF43sGYuEoCdNsSIkvZiS/u+IhqCscVb7v0Jn2P4wblQDA7PyKBE maWBC0UZXtGiNSbidf5Cwv851UHPhGSuIL6CUAHB0QUOExvrQrenA3xn9n/NMw== X-Migadu-Spam-Score: -8.07 X-Spam-Score: -8.07 X-Migadu-Queue-Id: 867569484 X-Migadu-Scanner: scn0.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20221208 header.b=WFRArohX; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-TUID: WFDfCzdkl+nK Hi Worf, Thanks for the response, see below. On Mon, 29 May 2023 at 20:41, wolf wrote: > > On 2023-05-24 18:04:47 +0100, Graham Addis wrote: > > Dear people, > > > > I tried to create a docker image to use in a gitlab-ci instance but it > > failed because I couldn't use --entry-point="bin/sh -l -c" or > > equivalent, basically the gitlab-runner complains that it can't run > > binaries. > > Would this be better using just bin/sh for the entry point and passing the -l > and -c as an arguments? Probably, but I don't think that's an option in gitlab ci and anyway it would be nice to support the docker options. > > I've managed to get it working by making some changes to guix/scripts/pack.scm > > > > Adding a fn in docker-image, just before the call to > > build-docker-image, to create a list from the string passed in from > > --entry-point="bin/sh -l -c" > > > > (define (make-docker-exec-form prefix value) > > (cond > > ((equal? value '()) > > '()) > > ((equal? prefix '()) > > (string-split value #\space)) > > (else > > (let ((values (string-split value #\space))) > > (cons > > (string-append prefix "/" (car values)) > > (cdr values)))))) > > If I read this right (sorry, still somewhat new to guile), you basically split > the --entry-point argument on spaces and use those parts as separate values to > invoke, is that correct? If so, how would you pass a binary that has space in > the name (joke example: `/bin/ba sh') into the entry-point? Basically, yes, and you are right about the problem. I looked through all the guix documentation I could find and the only other place I saw that a list was passed in an option was for URLs and they were separated by spaces. > > And replacing the setting of entry-point in the build-docker-image call to: > > > > #:entry-point (make-docker-exec-form > > #$profile #$entry-point) > > > > The call to build-docker-image takes a list for entry-point, and it > > all works fine as far as I can tell. > > > > Before I send in a patch, some questions: > > > > Am I missing something? > > > > Am I on the right track? > > In my opinion (which you are free to disagree with :) ), I think it would be > better to either have /bin/sh as an entry-point (and pass -l -c as arguments > when starting the container, if required) or create a wrapper script /bin/shlc > that would exec /bin/sh with correct arguments. Yep, lots of possible workarounds, but it seems to me that it would be better spending the time adjusting the pack command to fit the spec. > Few random ideas: Maybe the same format Containerfiles use for cmd and > entrypoint directives could be used? Maybe the --entry-point could also (in > addition to a string) accept a list of strings (LISP list)? Sounds good to me. Do you have a reference for the json for this? (Not a big deal as I think I've worked it out from the code, but it's always nice to have the specs...) >From the Dockerfile reference for ENTRYPOINT https://docs.docker.com/engine/reference/builder/#entrypoint there are two fomrs: ENTRYPOINT ["executable", "param1", "param2"] # The exec form, which is the preferred form: ENTRYPOINT command param1 param2 # The shell form: To implement the shell form I'd need to update build-docker-image in guix/docker.scm https://git.savannah.gnu.org/cgit/guix.git/tree/guix/docker.scm#n139 to take a string instead of/ as well as the list it currently takes. Then update docker-image in guix/scripts/pack.scm https://git.savannah.gnu.org/cgit/guix.git/tree/guix/scripts/pack.scm#n592 Invocation would then simply be --entry-point="command param1 param2" To implement the exec form (preferred according to docker) I wouldn't need to touch guix/docker.scm, but I would probably need to change the parsing for --entry-point as well as updating docker-iimge. I prefer the second option, for which all I need is some guidance on the option syntax .e.g. --entry-point=["command", "param1", "param2"] Suggestions please. :) I could implement both and test for a string or a list and choose between the shell and exec forms from there, but to be consistent with the existing implementation. Once I'm clear about the best approach for this, I could add the CMD too, if that would be useful. https://docs.docker.com/engine/reference/builder/#cmd One strange thing, I couldn't see the need for prefixing the profile to the ENTRYPOINT command: https://git.savannah.gnu.org/cgit/guix.git/tree/guix/scripts/pack.scm#n670 I took it out and everything seems to work, so I'm not sure what problem it is fixing. Anybody any idea? Thanks, Graham