From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Thompson, David" <dthompson2@worcester.edu>
Subject: Re: Using 'system*' instead of 'system' in 'guix environment'
Date: Thu, 8 Oct 2015 08:41:17 -0400
Message-ID: <CAJ=RwfaGBKB1K+kukEXGQTA5eBH_Rov3qJL0esgBu=U0scjyDQ@mail.gmail.com>
References: <87io6iqhbt.fsf@izanagi.i-did-not-set--mail-host-address--so-tickle-me>
	<87ziztyext.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:58274)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dthompson2@worcester.edu>) id 1ZkAVe-0004PV-08
	for guix-devel@gnu.org; Thu, 08 Oct 2015 08:41:23 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <dthompson2@worcester.edu>) id 1ZkAVa-0002Py-Py
	for guix-devel@gnu.org; Thu, 08 Oct 2015 08:41:21 -0400
Received: from mail-yk0-f170.google.com ([209.85.160.170]:36641)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dthompson2@worcester.edu>) id 1ZkAVa-0002Po-Kl
	for guix-devel@gnu.org; Thu, 08 Oct 2015 08:41:18 -0400
Received: by ykba192 with SMTP id a192so43051738ykb.3
	for <guix-devel@gnu.org>; Thu, 08 Oct 2015 05:41:18 -0700 (PDT)
In-Reply-To: <87ziztyext.fsf@gnu.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
Cc: guix-devel <guix-devel@gnu.org>

On Thu, Oct 8, 2015 at 3:53 AM, Ludovic Court=C3=A8s <ludo@gnu.org> wrote:
> Hi!
>
> David Thompson <dthompson2@worcester.edu> skribis:
>
>> In an effort to finish up a patch to add a --container flag to 'guix
>> environment', I've encountered a serious problem.  The --exec flag
>> allows the user to pass an arbitrary command to be run using 'system'.
>> Unlike 'system*', 'system' spawns a command interpreter first and passes
>> the command string in.  This is very problematic when using a container,
>> because there's a very good chance that the command interpreter of the
>> running Guile process is not mounted inside the container.
>
> Oooh, good catch!
>
> How about using something like:
>
>   (system* (or (the-container-shell) (getenv "SHELL") "/bin/sh")
>            "-c" the-string)

Yes, that could work.  I've tried that but I don't love it.  More
about that below.

>> If the above explanation is confusing, the 'sudo' program provides a
>> good example of the UI I'm after:
>>
>>     sudo guile -c '(do-root-things)'
>
> Or similarly: =E2=80=9Cssh HOST some command and arguments=E2=80=9D.
>
>> But for now we're stuck with this:
>>
>>     guix environment --ad-hoc guile -E "guile -c '(do-root-things)'"
>>
>> Now, we can't actually do exactly what 'sudo' does because 'guix
>> environment' already recognizes operands as package names, not program
>> arguments.  Perhaps we can use '--' to separate the package list from
>> the command to run:
>>
>>     guix environment --ad-hoc guile -- guile -c '(do-root-things)'
>>
>> Does that look okay?  Any other ideas?
>
> I really like the UI that you propose; using -- to separate the
> arguments sounds good.
>
> I think it=E2=80=99s orthogonal to the question of whether to use =E2=80=
=98system=E2=80=99 or
> not though.
>
> Currently one can do things like:
>
>   guix environment foo -E 'cd /bar ; frob'
>
> and I think we should keep this capability, which means running the
> command via /bin/sh -c (which is what =E2=80=98system=E2=80=99 does, but =
we can use
> =E2=80=98system*=E2=80=99 the way I wrote above to achieve that.)
>
> So I think the new UI should essentially =E2=80=98string-join=E2=80=99 ev=
erything that
> comes after --, and pass that to the procedure that invokes sh -c.

I disagree, and here's why.  Going back to the sudo/ssh example, it's
not possible to do 'cd /bar; frob' naively because this...

    sudo cd /bar; frob

...is two commands.  And this doesn't work either because it's not a
valid string for exec:

    sudo 'cd /bar; frob'

However, we can just do the 'sh -c' trick!

    sudo sh -c 'cd /bar; frob'

This is essentially what you propose having built-in, but I think it
would be best to leave it out.  That way we can simply use 'system*'
and users that want to execute an inline Bash script can do so using
the method they most likely already know about from tools like sudo
and ssh.

    guix environment --ad-hoc guile -- guile -c '(frob)'

    guix environment --ad-hoc guile -- sh -c "cd bar/; guile -c '(frob)'"

This has the additional advantage that the first process created
inside containers will be PID 1, not 2.

Does this counter-proposal sound OK?

- Dave