From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id RgdXOTQWeWQpcgEASxT56A (envelope-from ) for ; Fri, 02 Jun 2023 00:05:41 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id 4B59ODQWeWRzawEA9RJhRA (envelope-from ) for ; Fri, 02 Jun 2023 00:05:40 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 91C84A992 for ; Fri, 2 Jun 2023 00:05:40 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1q4qPX-0001Uw-RH; Thu, 01 Jun 2023 18:04:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q4qPW-0001Sy-JR for Help-Guix@gnu.org; Thu, 01 Jun 2023 18:04:46 -0400 Received: from wolfsden.cz ([37.205.8.62]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1q4qPT-0004eL-QJ for Help-Guix@gnu.org; Thu, 01 Jun 2023 18:04:46 -0400 Received: by wolfsden.cz (Postfix, from userid 104) id 5C6821EB642; Thu, 1 Jun 2023 22:04:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1685657078; bh=cpxiCdLrSoDw2sGp9nux567uXa2FDaEj8qFkUM77ZqU=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=SDpfHCFZ235a5IigOfTukDUV2yoiqx4MXtWyS22FDOTVjfeaUfwdU6svMw13psjMX Uq9hVuKIo/nrjDiNcHdQd9Frt2NiMPmmLlHLPh+TcGvoWXZfhI9NtXQJ6EugZlr5Mb BeOm+ugo9whNF98tYYY0uGXerWztyVJsf2WaLBFDz08lYNW/LZpGxKcHxDwKKPSAy5 FAuhQWC6Ptrxv5lhD9qU/gry9zzi5Y0QR+NJwXnBm8Uvr1k+cR2jjfRRnpbvk21xDQ 1a5d4y5q1fEXL8qiyZjHa5k/5E6ezyI2UwSujNCa8UEaqsia3EAjQ4LhQHPZOxTCbr MvGn/0OTllVhNjQT3VQdgBLqkFHUFVPVMxTuGtUP7tuGSsDhlXWhfr6uDkLhdVnAY+ HS7KYdjfL+c+68XMwi0R+6lboAMvPn6bUv4FMq2DW/g0vrStnYl35UtLlaOqf3VJZC kx9NXkiTxvy35MjSUtr+seoqsSmftvpVJWDudoYZT6jItAypt7/bZHyWVlvGFSfgms JGuum7DrJX94ueJwwCKycJ2gA8T5y2eJ98BQvaLzUieF/taKDLVhvmfZHF6j/CFPi3 xmmeElsuUKJyUz1wvC7TVqS6GPvp3537cMkoRIXt/Z8D7XaYjprPAHSPYzDq3e/fBh cy8x8pC/dWgwBy6G+m8VooKY= Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id AC2E41EA1CB; Thu, 1 Jun 2023 22:04:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1685657076; bh=cpxiCdLrSoDw2sGp9nux567uXa2FDaEj8qFkUM77ZqU=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=ZuzuZPdBEZ5AJH9I8ZLiMCGDBCOr4CZwoEmnwAITLBQewpiwVtC24UdB0nhlGV89j c/wLKmO33jR8U0I/L7GhZm+KVXGO7OFVI5hZE4hhBzD7G7sSNXR28qE8n2dlHXu4V5 XX/zvJDAhaFe9hJJ/4W3epmsR+0iT0AupMMg5rGRWdpgixZtSC5+RBY/erqZMGm0sE jBJHqIVNdhU3sUDxPytuAelnqKQ4POs+DWlyg3eB9LLmmmK60wyTTHJF2AqPmuMHkV kjBcAxdk4TFOI99u7hawdQkqsAF+EeQCKSDOwbVhi4RzlEPcsxXolHMDfAL55bsWD3 OmzqRgbXp77JPFy/vUzymRdJfLyMvfKhkpxj6t0I4pJD/2DyFR7lEmzDoplcKaK+q8 SjW4MlCZMUQG2lnM86KJRAmun7q6jIj0om8o4QPK9lndonGdRrL1oggqqwE+u/H4lk HZ+4w2pGK9ByOxBz5qEAsvccxGb3BddrAHS5DwcXQmqbprOnI1YHYrdwQQNiQl/Kiy Ul7WZ2P6tZoDpzuaTkoGF+fbh5fH77/PPQlfxm/1NhvX4qEvUudkPVesjnjE6rTW93 yCf7M+ocRDlIluJ9h14E6EsEM/p9WFYRRAn0/aRbCRBmBFar5sbIifXg5GZAqwRAl9 RNaCzmk9T8Jt3u/JbGJT2UYQ= Received: from localhost (localhost [local]) by localhost (OpenSMTPD) with ESMTPA id 0903e9df; Thu, 1 Jun 2023 22:04:35 +0000 (UTC) Date: Fri, 2 Jun 2023 00:04:35 +0200 From: wolf To: Graham Addis Cc: Help-Guix@gnu.org Subject: Re: guix docker on gitlab-ci Message-ID: Mail-Followup-To: Graham Addis , Help-Guix@gnu.org References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="15uYeovIrODIrcnS" Content-Disposition: inline In-Reply-To: Received-SPF: none client-ip=37.205.8.62; envelope-from=ws@wolfsnet.cz; helo=wolfsden.cz X-Spam_score_int: -17 X-Spam_score: -1.8 X-Spam_bar: - X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, SPF_HELO_PASS=-0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN ARC-Seal: i=1; s=key1; d=yhetil.org; t=1685657140; a=rsa-sha256; cv=none; b=Wz8ZxQO7UFiFbndBqj2ztxOQs+8U9IGY+owBdkR6GWJ6MjlS0jDpQKcvSf1GXZ8Wpyo5L/ FcGfHOysuGB10y/tpVzHNPykJrcpLzieeHpIHkZg2zz1TnzCjX7S9cDfwrmwk+jRGzd7Qg VUsg07dEfbuNAsdR+OHCuongLtdvFPxA+QMNUyU14eJ3cC9Cc2IP2RlDFdqjwBv6qJkMJ0 bdgMK4uT0E1yPANc2AOeJa96HslGrnvtGuENmefqt+RLTvtVSYk3a4xUAx/XE/RFZwqrdO A+D0tIAoNdwl4TrzzJOpbRZMZOTXUPR2WNZ193Sr/rN3eWguxT73a/vY1UdoNA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=wolfsden.cz header.s=mail header.b=SDpfHCFZ; dkim=pass header.d=wolfsden.cz header.s=mail header.b=ZuzuZPdB; dmarc=pass (policy=none) header.from=wolfsden.cz; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1685657140; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=5Xx2D2GFQ3io5kcro4u+fCbNI8GMOMSjCMF2/NlzdUU=; b=Rh/TY98qzhQGvgwkXA2mlCkRWegD0FCXkouBl3Fl5yaHWALEQrmUSW+ypq0F/bwmkNuSis Dt3gBh466KqiAI7VoLbUV6sWZpuI1WBKwy55HZsDaD+rw1AgLOiMr52ch7yfQbFvduSPOn fkxomJTPOzdKwA/8Slt5mbteAu2oK28fbHLk/yeBtPTSLrd0QjW1dMh4N8a4ELCNTHcJl7 /Wm+tj9RMSHZr0sU3dI6I6vVARpo7UqHELKQD3/DfKq20kNfhn6C1AYQxM36YBP5DHaJuj FH6mH+U++uyX9qhMCpF8lLHQXdSwGkx84vH7+qFTIIos7uHEvYE8e2RP7KGG1g== Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=wolfsden.cz header.s=mail header.b=SDpfHCFZ; dkim=pass header.d=wolfsden.cz header.s=mail header.b=ZuzuZPdB; dmarc=pass (policy=none) header.from=wolfsden.cz; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Scanner: scn0.migadu.com X-Migadu-Spam-Score: -9.91 X-Spam-Score: -9.91 X-Migadu-Queue-Id: 91C84A992 X-TUID: oiNorZYw/tJV --15uYeovIrODIrcnS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2023-05-30 07:52:57 +0100, Graham Addis wrote: > Hi Worf, >=20 > Thanks for the response, see below. >=20 > On Mon, 29 May 2023 at 20:41, wolf wrote: > > > > On 2023-05-24 18:04:47 +0100, Graham Addis wrote: > > > Dear people, > > > > > > I tried to create a docker image to use in a gitlab-ci instance but it > > > failed because I couldn't use --entry-point=3D"bin/sh -l -c" or > > > equivalent, basically the gitlab-runner complains that it can't run > > > binaries. > > > > Would this be better using just bin/sh for the entry point and passing = the -l > > and -c as an arguments? >=20 > Probably, but I don't think that's an option in gitlab ci and anyway > it would be nice to support the docker options. >=20 > > > I've managed to get it working by making some changes to guix/scripts= /pack.scm > > > > > > Adding a fn in docker-image, just before the call to > > > build-docker-image, to create a list from the string passed in from > > > --entry-point=3D"bin/sh -l -c" > > > > > > (define (make-docker-exec-form prefix value) > > > (cond > > > ((equal? value '()) > > > '()) > > > ((equal? prefix '()) > > > (string-split value #\space)) > > > (else > > > (let ((values (string-split value #\space))) > > > (cons > > > (string-append prefix "/" (car values)) > > > (cdr values)))))) > > > > If I read this right (sorry, still somewhat new to guile), you basicall= y split > > the --entry-point argument on spaces and use those parts as separate va= lues to > > invoke, is that correct? If so, how would you pass a binary that has s= pace in > > the name (joke example: `/bin/ba sh') into the entry-point? >=20 > Basically, yes, and you are right about the problem. >=20 > I looked through all the guix documentation I could find and the only > other place I saw that a list was passed in an option was for URLs and > they were separated by spaces. >=20 > > > And replacing the setting of entry-point in the build-docker-image ca= ll to: > > > > > > #:entry-point (make-docker-exec-form > > > #$profile #$entry-point) > > > > > > The call to build-docker-image takes a list for entry-point, and it > > > all works fine as far as I can tell. > > > > > > Before I send in a patch, some questions: > > > > > > Am I missing something? > > > > > > Am I on the right track? > > > > In my opinion (which you are free to disagree with :) ), I think it wou= ld be > > better to either have /bin/sh as an entry-point (and pass -l -c as argu= ments > > when starting the container, if required) or create a wrapper script /b= in/shlc > > that would exec /bin/sh with correct arguments. >=20 > Yep, lots of possible workarounds, but it seems to me that it would be > better spending the time adjusting the pack command to fit the spec. >=20 > > Few random ideas: Maybe the same format Containerfiles use for cmd and > > entrypoint directives could be used? Maybe the --entry-point could als= o (in > > addition to a string) accept a list of strings (LISP list)? >=20 > Sounds good to me. Do you have a reference for the json for this? (Not > a big deal as I think I've worked it out from the code, but it's > always nice to have the specs...) >=20 > From the Dockerfile reference for ENTRYPOINT > https://docs.docker.com/engine/reference/builder/#entrypoint there are > two fomrs: >=20 > ENTRYPOINT ["executable", "param1", "param2"] # The exec form, which > is the preferred form: >=20 > ENTRYPOINT command param1 param2 # The shell form: >=20 > To implement the shell form I'd need to update build-docker-image in > guix/docker.scm > https://git.savannah.gnu.org/cgit/guix.git/tree/guix/docker.scm#n139 > to take a string instead of/ as well as the list it currently takes. > Then update docker-image in guix/scripts/pack.scm > https://git.savannah.gnu.org/cgit/guix.git/tree/guix/scripts/pack.scm#n592 >=20 > Invocation would then simply be --entry-point=3D"command param1 param2" >=20 > To implement the exec form (preferred according to docker) I wouldn't > need to touch guix/docker.scm, but I would probably need to change the > parsing for --entry-point as well as updating docker-iimge. I did not know Guix does not currently support the shell form. In that lig= ht I think it should not be implemented, since once your idea (arguments for ent= ry point) is implemented, it will be trivial for end-user to emulate it if so desired. >=20 > I prefer the second option, for which all I need is some guidance on > the option syntax >=20 > .e.g. --entry-point=3D["command", "param1", "param2"] >=20 > Suggestions please. :) >=20 > I could implement both and test for a string or a list and choose > between the shell and exec forms from there, but to be consistent with > the existing implementation. >=20 > Once I'm clear about the best approach for this, I could add the CMD > too, if that would be useful. > https://docs.docker.com/engine/reference/builder/#cmd >=20 > One strange thing, I couldn't see the need for prefixing the profile > to the ENTRYPOINT command: > https://git.savannah.gnu.org/cgit/guix.git/tree/guix/scripts/pack.scm#n670 > I took it out and everything seems to work, so I'm not sure what > problem it is fixing. Anybody any idea? Wild guess, but it might depend on your container runtime (whether it uses = execv or execvp). Absolute path feels somewhat more robust. >=20 > Thanks, >=20 > Graham > W. --=20 There are only two hard things in Computer Science: cache invalidation, naming things and off-by-one errors. --15uYeovIrODIrcnS Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmR5FfMACgkQL7/ufbZ/ wal4Qw/+LTg/gAxnut1FG5uBR589ya68W7tkC1kSvi2DBpKjRNLfTRi6yVnRCKMO GeJPvwaqcnc8MSKQ0bM3kGbXPkYHBdJILFEcC95eDh6pGuBV0dX7CxcyDF+9x/+t BZixWlPJRTJ+ocPHmXSmN7H/DNy2/JM+ogHygKwuFYZ4Mi8BU4KVqKO3OxnAUMIp HwIoxOajJzbExjfh0PMe+BaqBTABR9m6nU8K6hlVET3aPVC4Fq/V2S5vuW894NpP A9cx6auhRXz2OWwVeY6hOuvF6XVLHO1Mwbw9Fh673GExUFNjCFiPFGFPULjI84PB cvxahPJ8SXD2z7fBiG6N/16CyNvnyXDVnD3blT4oHvucTVJMKE1amU056M+rpRnA ARos1g/g9O2/S+HmkmQHwrFbM2Ky6RpJLfBbZTD9iltn4n6vsFycJRCcX7fEuVZv fqn1FHQ6ck53NxzFby1V4u2HsNkMnfvhDSoUeYONcVH3RwImJkJyLEB82uO8tgZC OH4yEjgfnReU/wARwcgf3Qi1t/BRym0K6s/yPLBOqbD5Oa186Y9/Y0GVJ9PfLWZj TRZ+ACvnvcTQXciDr/Y59+8SLmtBGkkNs+Pe1XwOztjPsukMCzpSrD8LuwA+hTId ddS04KKxBNKIGJ9cK9bUry9cMqUVMpeMkQ0UCAJZwjVEkNTilTA= =kKPE -----END PGP SIGNATURE----- --15uYeovIrODIrcnS--