Hi Chris, Chris Marusich <cmmarus...@gmail.com> skribis:
> Run GuixSD in Docker > ==================== > > The attached patch makes it possible to build a GuixSD Docker image from > an operating system configuration file. For some reason, I had overlooked this message, but it’s awesome! > Pretty neat! Yup! > Problems I Noticed > ================== [...] > Second, I noticed the following error in the Guix daemon's logs. It > might be benign, since package installation worked fine, but I'm not > sure what it means or how to debug it: > > error in finalization thread: Bad file descriptor I’ve noticed this since we use Shepherd on Guile 2.2, but I haven’t checked where that comes from; it doesn’t seem to be a serious issue. ;-) Anyway, it’s not related to your experiment. > Third, I noticed that the shepherd failed to start syslogd and nscd (and > user-homes, although I wasn't as concerned about that because the home > directory for alice did in fact get created). [...] > I thought maybe syslogd wasn't working because /dev/log hadn't been > created in the Docker image, so I tried creating it manually. However, > that didn't help; the Shepherd still couldn't start syslogd. Hmm, I would have thought /dev/log was the issue. Any other hints? > Fourth, I wasn't able to run GuixSD in a Docker container without > supplying the "--privileged" option. GuixSD writes to sysfs during boot > (I don't know why, but the details are apparently in > guix/gnu/build/activation.scm), so the only way to get GuixSD to start > is to run the container in privileged mode. This is unfortunate, > because privileged mode sounds quite dangerous for a lot of reasons. I don’t think so: there’s a special case for when one creates a container with ‘guix system container’ that disables this kind of thing. I guess we should use it here. It’s mostly about passing #:container? #f somewhere. > From 25d5527b14302fc835af5c338bf37cf621c63a4e Mon Sep 17 00:00:00 2001 > From: Chris Marusich <cmmarus...@gmail.com> > Date: Sat, 21 Oct 2017 14:40:58 -0700 > Subject: [PATCH] Make it possible to build GuixSD docker images > > --- > gnu/build/linux-boot.scm | 5 +- > gnu/build/vm.scm | 14 ++-- > gnu/system/linux-initrd.scm | 12 ++-- > gnu/system/vm.scm | 169 > ++++++++++++++++++++++++++++++++++++++------ > guix/docker.scm | 23 ++++-- > guix/scripts/pack.scm | 5 +- > guix/scripts/system.scm | 3 +- > 7 files changed, 191 insertions(+), 40 deletions(-) [...] > + (cond ((string=? "iso9660" file-system-type) > + (iso9660-image #:name name > + #:file-system-label root-label > + #:file-system-uuid root-uuid > + #:os-drv os-drv > + #:register-closures? #t > + #:bootcfg-drv bootcfg > + #:bootloader (bootloader-configuration-bootloader > + (operating-system-bootloader os)) > + #:inputs `(("system" ,os-drv) > + ("bootcfg" ,bootcfg)))) > + ((string=? "docker" file-system-type) > + (display "made it to docker image part\n") > + (os-docker-image #:name name > + #:os-drv os-drv > + #:register-closures? #t)) I’m not sure this is the right place for it since “docker” is not a file system type. Perhaps we need a separate procedure instead? > @@ -106,7 +107,9 @@ return \"a\"." > #:key closure compressor > (symlinks '()) > (system (utsname:machine (uname))) > - (creation-time (current-time time-utc))) > + (creation-time (current-time time-utc)) > + (tmpdir "/tmp") > + extra-items-dir) > "Write to IMAGE a Docker image archive from the given store PATH. The > image > contains the closure of PATH, as specified in CLOSURE (a file produced by > #:references-graphs). SYMLINKS must be a list of (SOURCE -> TARGET) tuples > @@ -116,7 +119,7 @@ binaries at PATH are for; it is used to produce metadata > in the image. > > Use COMPRESSOR, a command such as '(\"gzip\" \"-9n\"), to compress IMAGE. > Use > CREATION-TIME, a SRFI-19 time-utc object, as the creation time in metadata." > - (let ((directory "/tmp/docker-image") ;temporary working > directory > + (let ((directory (string-append tmpdir "/docker-image")) ;temporary > working directory Why do we need that? Would it be enough to honor $TMPDIR? > --- a/guix/scripts/system.scm > +++ b/guix/scripts/system.scm > @@ -638,8 +638,9 @@ any, are available. Raise an error if they're not." > #:mappings mappings)) > ((disk-image) > (system-disk-image os > - #:name (match file-system-type > + #:name (match (pk file-system-type) > ("iso9660" "image.iso") > + ("docker" "docker-image") > (_ "disk-image")) > #:disk-image-size image-size > #:file-system-type file-system-type)))) Perhaps we could have a separate ‘guix system docker-image’ command? Or ‘guix system container -f docker’? WDYT? Once we’ve sorted out these minor issues, it would be great if you could send polished patches. This is something we should add! Thank you, Ludo’.