X-Loop: help-debbugs@HIDDEN
Subject: [bug#67613] Introduce unit tests for oci-container-service-type.
Resent-From: paul <goodoldpaul@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 03 Dec 2023 21:55:02 +0000
Resent-Message-ID: <handler.67613.B.17016404651877 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 67613
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: 67613 <at> debbugs.gnu.org
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
X-Debbugs-Original-To: guix-patches@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.17016404651877
(code B ref -1); Sun, 03 Dec 2023 21:55:02 +0000
Received: (at submit) by debbugs.gnu.org; 3 Dec 2023 21:54:25 +0000
Received: from localhost ([127.0.0.1]:32898 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1r9uPx-0000UD-26
for submit <at> debbugs.gnu.org; Sun, 03 Dec 2023 16:54:25 -0500
Received: from lists.gnu.org ([2001:470:142::17]:51564)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <goodoldpaul@HIDDEN>) id 1r9uPu-0000Ty-2g
for submit <at> debbugs.gnu.org; Sun, 03 Dec 2023 16:54:23 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <goodoldpaul@HIDDEN>)
id 1r9uPa-0002eL-Fw
for guix-patches@HIDDEN; Sun, 03 Dec 2023 16:54:03 -0500
Received: from confino.investici.org ([2a11:7980:1::2:0])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <goodoldpaul@HIDDEN>)
id 1r9uPX-0000gP-Vg; Sun, 03 Dec 2023 16:54:02 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org;
s=stigmate; t=1701640431;
bh=hxJtt+cPE2tO1SUtvX7itSPVYgmlqLo4wlkfIM0MtHQ=;
h=Date:To:Cc:From:Subject:From;
b=W/TzPOD6fk/hjcRz2IkgJcCLdgK2/imgK7da2AGg7yLzCk9fIiIWtVynqhf55cs+V
w2H9RRvVRFQ6w256pV5oJyIWzxhJ05Zm0A+mlC9bG/qLat13iArtjuYz1OLXeOxXK+
TFZ/+cqzmJkkpbMq+DiPb7+amrkJ9zWGf2ZdTaGY=
Received: from mx1.investici.org (unknown [127.0.0.1])
by confino.investici.org (Postfix) with ESMTP id 4Sk0tR1csJz11Jw;
Sun, 3 Dec 2023 21:53:51 +0000 (UTC)
Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19])
(Authenticated sender: goodoldpaul@HIDDEN) by localhost (Postfix) with
ESMTPSA id 4Sk0tR0SWlz11Jt; Sun, 3 Dec 2023 21:53:50 +0000 (UTC)
Message-ID: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@HIDDEN>
Date: Sun, 3 Dec 2023 22:53:50 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.15.0
Content-Language: en-US
From: paul <goodoldpaul@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2a11:7980:1::2:0;
envelope-from=goodoldpaul@HIDDEN; helo=confino.investici.org
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.9 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.1 (/)
Hi,
as discussed in issue #66160 and #67574 I'm sending a follow up with
some unit tests for most of the internals of oci-container-service-type.
These tests depend on the hotfix from #67574 since #66160 was merged
with a blocking bug due to a last minute feature I added during the
review process :( Hence if this gets merged before #67574 tests will fail .
Thank you for your help and apologies for the noise,
giacomo
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: paul <goodoldpaul@HIDDEN> Subject: bug#67613: Acknowledgement (Introduce unit tests for oci-container-service-type.) Message-ID: <handler.67613.B.17016404651877.ack <at> debbugs.gnu.org> References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@HIDDEN> X-Gnu-PR-Message: ack 67613 X-Gnu-PR-Package: guix-patches Reply-To: 67613 <at> debbugs.gnu.org Date: Sun, 03 Dec 2023 21:55:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): guix-patches@HIDDEN If you wish to submit further information on this problem, please send it to 67613 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 67613: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D67613 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
X-Loop: help-debbugs@HIDDEN
Subject: [bug#67613] [PATCH] tests: Add oci-container-service-type unit tests.
References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@HIDDEN>
In-Reply-To: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@HIDDEN>
Resent-From: Giacomo Leidi <goodoldpaul@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 03 Dec 2023 21:57:01 +0000
Resent-Message-ID: <handler.67613.B67613.17016406142123 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 67613
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: 67613 <at> debbugs.gnu.org
Cc: Giacomo Leidi <goodoldpaul@HIDDEN>
Received: via spool by 67613-submit <at> debbugs.gnu.org id=B67613.17016406142123
(code B ref 67613); Sun, 03 Dec 2023 21:57:01 +0000
Received: (at 67613) by debbugs.gnu.org; 3 Dec 2023 21:56:54 +0000
Received: from localhost ([127.0.0.1]:32903 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1r9uSL-0000YA-Lz
for submit <at> debbugs.gnu.org; Sun, 03 Dec 2023 16:56:54 -0500
Received: from confino.investici.org ([93.190.126.19]:39489)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <goodoldpaul@HIDDEN>) id 1r9uSJ-0000Xz-PO
for 67613 <at> debbugs.gnu.org; Sun, 03 Dec 2023 16:56:52 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org;
s=stigmate; t=1701640600;
bh=+c+LP5Pl+Jam/PArkvV5F/+9iVUrD5pHIyKiEYyu8dg=;
h=From:To:Cc:Subject:Date:From;
b=C+OW7s7wRgtpPmFJp6wGxNSZJ2haTRYCvEssSuwpJvd41bQEKfEN74oknHnIV5yr9
LTzD+mOEQ7Sg5BYV6Vzx0T7NEFcil6fmeL/Wgv9WmsEvoQmFP0u2cjFgaMwNHgrd90
Q3myBD5WP1kDfwimAGVEMzpJPc5XfdnliRZ9a8f0=
Received: from mx1.investici.org (unknown [127.0.0.1])
by confino.investici.org (Postfix) with ESMTP id 4Sk0xh2MrCz11Cc;
Sun, 3 Dec 2023 21:56:40 +0000 (UTC)
Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19])
(Authenticated sender: goodoldpaul@HIDDEN) by localhost (Postfix) with
ESMTPSA id 4Sk0xh13fdz11CX; Sun, 3 Dec 2023 21:56:40 +0000 (UTC)
From: Giacomo Leidi <goodoldpaul@HIDDEN>
Date: Sun, 3 Dec 2023 22:56:28 +0100
Message-ID: <20231203215630.28144-1-goodoldpaul@HIDDEN>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
This patch is a followup to issue #66160 and issue #67574. It introduces
unit tests for the oci-container-service-type. 8 out 11 tests depend on
issue #67574 being merged since issue #66160 was merged with a blocking
bug from the beginning.
* gnu/services/docker.scm: Export
oci-container-configuration-container-user and
oci-container-configuration-workdir.
* tests/services/docker.scm: New file.
* Makefile.am (SCM_TESTS): Register it.
Change-Id: I47ed0fe36060ba84dd50b548a66f36e3df8a3710
---
Makefile.am | 1 +
gnu/services/docker.scm | 2 +
tests/services/docker.scm | 187 ++++++++++++++++++++++++++++++++++++++
3 files changed, 190 insertions(+)
create mode 100644 tests/services/docker.scm
diff --git a/Makefile.am b/Makefile.am
index cbc3191dfc..91f7a77a94 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -564,6 +564,7 @@ SCM_TESTS = \
tests/services.scm \
tests/services/file-sharing.scm \
tests/services/configuration.scm \
+ tests/services/docker.scm \
tests/services/lightdm.scm \
tests/services/linux.scm \
tests/services/pam-mount.scm \
diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm
index ebea0a473a..263cb41df3 100644
--- a/gnu/services/docker.scm
+++ b/gnu/services/docker.scm
@@ -58,6 +58,8 @@ (define-module (gnu services docker)
oci-container-configuration-network
oci-container-configuration-ports
oci-container-configuration-volumes
+ oci-container-configuration-container-user
+ oci-container-configuration-workdir
oci-container-service-type
oci-container-shepherd-service))
diff --git a/tests/services/docker.scm b/tests/services/docker.scm
new file mode 100644
index 0000000000..fad28a228c
--- /dev/null
+++ b/tests/services/docker.scm
@@ -0,0 +1,187 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2023 Giacomo Leidi <goodoldpaul@HIDDEN>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (tests services docker)
+ #:use-module (gnu packages docker)
+ #:use-module (gnu services docker)
+ #:use-module (guix derivations)
+ #:use-module (guix gexp)
+ #:use-module (guix monads)
+ #:use-module (guix packages)
+ #:use-module (guix store)
+ #:use-module (guix tests)
+ #:use-module (ice-9 match)
+ #:use-module (srfi srfi-1)
+ #:use-module (srfi srfi-64))
+
+
+;;; Commentary:
+;;;
+;;; Unit tests for the (gnu services docker) module.
+;;;
+;;; Code:
+
+
+;;;
+;;; Unit tests for the oci-container-service-type.
+;;;
+
+
+;;; Access some internals for whitebox testing.
+(define %store
+ (open-connection-for-tests))
+(define (gexp->sexp . x)
+ (apply (@@ (guix gexp) gexp->sexp) x))
+(define* (gexp->sexp* exp #:optional target)
+ (run-with-store %store (gexp->sexp exp (%current-system) target)
+ #:guile-for-build (%guile-for-build)))
+(define (list->sexp-list* lst)
+ (map (lambda (el)
+ (if (gexp? el)
+ (gexp->sexp* el)
+ el))
+ lst))
+(define oci-sanitize-mixed-list
+ (@@ (gnu services docker) oci-sanitize-mixed-list))
+(define (oci-container-configuration->options config)
+ (list->sexp-list*
+ ((@@ (gnu services docker) oci-container-configuration->options) config)))
+
+(test-begin "oci-containers-service")
+
+(test-group "oci-sanitize-mixed-list"
+ (define delimiter "=")
+ (define file-like-key
+ (plain-file "oci-tests-file-like-key" "some-content"))
+ (define mixed-list
+ `("any kind of string"
+ ("KEY" . "VALUE")
+ (,#~(string-append "COMPUTED" "_KEY") . "VALUE")
+ (,file-like-key . "VALUE")))
+
+ (test-assertm "successfully lower mixed values"
+ (mlet* %store-monad ((ml -> (oci-sanitize-mixed-list "field-name" mixed-list delimiter))
+ (actual -> (list->sexp-list* ml))
+ (file-like-item (lower-object file-like-key))
+ (expected -> `("any kind of string"
+ (string-append "KEY" "=" "VALUE")
+ (string-append (string-append "COMPUTED" "_KEY") "=" "VALUE")
+ (string-append ,file-like-item "=" "VALUE"))))
+ (mbegin %store-monad
+ (return
+ (every (lambda (pair)
+ (apply (if (string? (first pair))
+ string=?
+ equal?)
+ pair))
+ (zip expected actual))))))
+
+ (test-error
+ "illegal list values" #t
+ (oci-sanitize-mixed-list "field-name" '(("KEY" . "VALUE") #f) delimiter))
+
+ (test-error
+ "illegal pair member values" #t
+ (oci-sanitize-mixed-list "field-name" '(("KEY" . 1)) delimiter)))
+
+(test-group "oci-container-configuration->options"
+ (define config
+ (oci-container-configuration
+ (image "guix/guix:latest")))
+
+ (test-equal "entrypoint"
+ (list "--entrypoint" "entrypoint")
+ (oci-container-configuration->options
+ (oci-container-configuration
+ (inherit config)
+ (entrypoint "entrypoint"))))
+
+ (test-equal "environment"
+ (list "--env" '(string-append "key" "=" "value")
+ "--env" '(string-append "environment" "=" "variable"))
+ (oci-container-configuration->options
+ (oci-container-configuration
+ (inherit config)
+ (environment
+ '(("key" . "value")
+ ("environment" . "variable"))))))
+
+ (test-equal "network"
+ (list "--network" "host")
+ (oci-container-configuration->options
+ (oci-container-configuration
+ (inherit config)
+ (network "host"))))
+
+ (test-equal "container-user"
+ (list "--user" "service-account")
+ (oci-container-configuration->options
+ (oci-container-configuration
+ (inherit config)
+ (container-user "service-account"))))
+
+ (test-equal "workdir"
+ (list "--workdir" "/srv/http")
+ (oci-container-configuration->options
+ (oci-container-configuration
+ (inherit config)
+ (workdir "/srv/http"))))
+
+ (test-equal "ports"
+ (list "-p" '(string-append "10443" ":" "443")
+ "-p" '(string-append "9022" ":" "22"))
+ (oci-container-configuration->options
+ (oci-container-configuration
+ (inherit config)
+ (ports
+ '(("10443" . "443")
+ ("9022" . "22"))))))
+
+ (test-equal "volumes"
+ (list "-v" '(string-append "/gnu/store" ":" "/gnu/store")
+ "-v" '(string-append "/var/lib/guix" ":" "/var/lib/guix"))
+ (oci-container-configuration->options
+ (oci-container-configuration
+ (inherit config)
+ (volumes
+ '(("/gnu/store" . "/gnu/store")
+ ("/var/lib/guix" . "/var/lib/guix"))))))
+
+ (test-equal "complete configuration"
+ (list "--entrypoint" "entrypoint"
+ "--env" '(string-append "key" "=" "value")
+ "--network" "host"
+ "--user" "service-account"
+ "--workdir" "/srv/http"
+ "-p" '(string-append "10443" ":" "443")
+ "-v" '(string-append "/gnu/store" ":" "/gnu/store"))
+ (oci-container-configuration->options
+ (oci-container-configuration
+ (inherit config)
+ (entrypoint "entrypoint")
+ (environment
+ '(("key" . "value")))
+ (network "host")
+ (container-user "service-account")
+ (workdir "/srv/http")
+ (ports
+ '(("10443" . "443")))
+ (volumes
+ '(("/gnu/store" . "/gnu/store")))))))
+
+(test-end "oci-containers-service")
base-commit: 2c9ac9ab20c76abe570ff83f8746fa089fea3047
--
2.41.0
X-Loop: help-debbugs@HIDDEN
Subject: [bug#67613] Introduce unit tests for oci-container-service-type.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 10 Dec 2023 21:48:02 +0000
Resent-Message-ID: <handler.67613.B67613.170224485124270 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 67613
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: Giacomo Leidi <goodoldpaul@HIDDEN>
Cc: 67613 <at> debbugs.gnu.org
Received: via spool by 67613-submit <at> debbugs.gnu.org id=B67613.170224485124270
(code B ref 67613); Sun, 10 Dec 2023 21:48:02 +0000
Received: (at 67613) by debbugs.gnu.org; 10 Dec 2023 21:47:31 +0000
Received: from localhost ([127.0.0.1]:51879 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1rCRe6-0006JO-Nr
for submit <at> debbugs.gnu.org; Sun, 10 Dec 2023 16:47:31 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:42308)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1rCRe3-0006JA-Oz
for 67613 <at> debbugs.gnu.org; Sun, 10 Dec 2023 16:47:29 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1rCRdh-0007M6-NK; Sun, 10 Dec 2023 16:47:07 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
From; bh=/MwSfBM5VhpwskLIbe90gupBswZCeAAwnP1ZrxvBnro=; b=DQqvcavaLihGv6Ej4bFR
MSfCnT+syKjAWBrLgE56MOo7+tIa8KpO/eGLmUK9sR/pyZMcte6IO3OoJA6iwa+82FlYasrHFGwoA
RWF53wJHN1cz/iHPn9nv7/EOcVuoQbTQF5PHb6IJm8eOgU3jytN/R6vcjTDFy0KroNrlJgJ5v7eR3
4S6xLPnoklqW/inShp5xo87V1gOHSKrq7MjJYg8PSMa1U67ReTseNMnFXEXqO82fyRJSkkMwfR32h
Xdh9Xyhi61VYciBo/1wyPfFAMJK3Zxb+Gfzd1LlSGeaztChJcguCUFefTyKab3WP0S/NX2CE9duCP
IWXe3eEi98kasQ==;
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
In-Reply-To: <20231203215630.28144-1-goodoldpaul@HIDDEN> (Giacomo
Leidi's message of "Sun, 3 Dec 2023 22:56:28 +0100")
References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@HIDDEN>
<20231203215630.28144-1-goodoldpaul@HIDDEN>
Date: Sun, 10 Dec 2023 22:47:01 +0100
Message-ID: <87lea13f3e.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hello,
Giacomo Leidi <goodoldpaul@HIDDEN> skribis:
> This patch is a followup to issue #66160 and issue #67574. It introduces
> unit tests for the oci-container-service-type. 8 out 11 tests depend on
> issue #67574 being merged since issue #66160 was merged with a blocking
> bug from the beginning.
>
> * gnu/services/docker.scm: Export
> oci-container-configuration-container-user and
> oci-container-configuration-workdir.
> * tests/services/docker.scm: New file.
> * Makefile.am (SCM_TESTS): Register it.
>
> Change-Id: I47ed0fe36060ba84dd50b548a66f36e3df8a3710
Thanks for working on this!
To me, what=E2=80=99s really helpful is a system test: a test that spins up=
a VM
running an OCI service and makes sure said service is functional.
Apologies if I wasn=E2=80=99t clear!
Unit tests can be interesting too, but only if their =E2=80=9Cbug-finding
performance=E2=80=9D is good. The tests below, for instance, are likely to=
be
mirroring the implementation too closely to be really able to find bugs:
> + (test-equal "environment"
> + (list "--env" '(string-append "key" "=3D" "value")
> + "--env" '(string-append "environment" "=3D" "variable"))
> + (oci-container-configuration->options
> + (oci-container-configuration
> + (inherit config)
> + (environment
> + '(("key" . "value")
> + ("environment" . "variable"))))))
> +
> + (test-equal "network"
> + (list "--network" "host")
> + (oci-container-configuration->options
> + (oci-container-configuration
> + (inherit config)
> + (network "host"))))
> +
> + (test-equal "container-user"
> + (list "--user" "service-account")
> + (oci-container-configuration->options
> + (oci-container-configuration
> + (inherit config)
> + (container-user "service-account"))))
Thus my suggestion would be to instead focus on a system test, like
those in (gnu tests docker).
Does that make sense? WDYT?
Ludo=E2=80=99.
X-Loop: help-debbugs@HIDDEN
Subject: [bug#67613] Introduce unit tests for oci-container-service-type.
Resent-From: paul <goodoldpaul@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 10 Dec 2023 22:12:01 +0000
Resent-Message-ID: <handler.67613.B67613.170224626726882 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 67613
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Cc: 67613 <at> debbugs.gnu.org
Received: via spool by 67613-submit <at> debbugs.gnu.org id=B67613.170224626726882
(code B ref 67613); Sun, 10 Dec 2023 22:12:01 +0000
Received: (at 67613) by debbugs.gnu.org; 10 Dec 2023 22:11:07 +0000
Received: from localhost ([127.0.0.1]:51910 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1rCS0w-0006zV-Ff
for submit <at> debbugs.gnu.org; Sun, 10 Dec 2023 17:11:06 -0500
Received: from confino.investici.org ([2a11:7980:1::2:0]:26059)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <goodoldpaul@HIDDEN>) id 1rCS0q-0006yz-JG
for 67613 <at> debbugs.gnu.org; Sun, 10 Dec 2023 17:11:05 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org;
s=stigmate; t=1702246243;
bh=M+F4RlbkwcQChvxocRRMmefa3QAQdBYKU4g1vaw3vP8=;
h=Date:Subject:To:Cc:References:From:In-Reply-To:From;
b=ZcnQP+AnY8xm2+gcxWHLWYF+MlTp7XCQd4+NBHE10Z5M/PKwSa08krYSN61L0GSzA
r+P4KZ75Bqd7UoLEVArhCcCsjWGm5aXnBg5C275xiws9POhQVdqiSRH1BmjnBBsF8J
xJnje310C7UzkXToy/pCHA+/VG8hpYK2LzbrkaFs=
Received: from mx1.investici.org (unknown [127.0.0.1])
by confino.investici.org (Postfix) with ESMTP id 4SpJwg06mtz11KS;
Sun, 10 Dec 2023 22:10:43 +0000 (UTC)
Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19])
(Authenticated sender: goodoldpaul@HIDDEN) by localhost (Postfix) with
ESMTPSA id 4SpJwf5kG7z11Js; Sun, 10 Dec 2023 22:10:42 +0000 (UTC)
Content-Type: multipart/alternative;
boundary="------------02IP0j4d1R0Zg52ZIAropfkD"
Message-ID: <cb50582a-b886-e6c8-59a0-d71285058e43@HIDDEN>
Date: Sun, 10 Dec 2023 23:10:42 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.15.0
Content-Language: en-US
References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@HIDDEN>
<20231203215630.28144-1-goodoldpaul@HIDDEN>
<87lea13f3e.fsf_-_@HIDDEN>
From: paul <goodoldpaul@HIDDEN>
In-Reply-To: <87lea13f3e.fsf_-_@HIDDEN>
X-Spam-Score: -2.2 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.2 (---)
This is a multi-part message in MIME format.
--------------02IP0j4d1R0Zg52ZIAropfkD
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Hi Ludo’,
On 12/10/23 22:47, Ludovic Courtès wrote:
> Thus my suggestion would be to instead focus on a system test, like
> those in (gnu tests docker).
>
> Does that make sense? WDYT?
I definitely misunderstood, I'll work also on system tests like those
you pointed out. Thank you, I was not aware of them, I was wondering how
do I run them?
guix shell --pure -D guix -- make check TESTS=gnu/tests/docker.scm
gives me
============================================================================
Testsuite summary for GNU Guix 1.3.0.50882-34e1c
============================================================================
# TOTAL: 0
# PASS: 0
# SKIP: 0
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 0
============================================================================
Thank you,
giacomo
--------------02IP0j4d1R0Zg52ZIAropfkD
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi Ludo’,<br>
</p>
<div class="moz-cite-prefix">On 12/10/23 22:47, Ludovic Courtès
wrote:<br>
</div>
<blockquote type="cite" cite="mid:87lea13f3e.fsf_-_@HIDDEN">
<pre class="moz-quote-pre" wrap="">Thus my suggestion would be to instead focus on a system test, like
those in (gnu tests docker).
Does that make sense? WDYT?
</pre>
</blockquote>
<p>I definitely misunderstood, I'll work also on system tests like
those you pointed out. Thank you, I was not aware of them, I was
wondering how do I run them?<br>
</p>
<pre>guix shell --pure -D guix -- make check TESTS=gnu/tests/docker.scm</pre>
<p>gives me<br>
</p>
<pre>============================================================================
Testsuite summary for GNU Guix 1.3.0.50882-34e1c
============================================================================
# TOTAL: 0
# PASS: 0
# SKIP: 0
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 0
============================================================================
</pre>
<p>Thank you,</p>
<p>giacomo<br>
</p>
<p></p>
</body>
</html>
--------------02IP0j4d1R0Zg52ZIAropfkD--
X-Loop: help-debbugs@HIDDEN
Subject: [bug#67613] Introduce unit tests for oci-container-service-type.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Thu, 14 Dec 2023 18:36:02 +0000
Resent-Message-ID: <handler.67613.B67613.170257891032656 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 67613
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: paul <goodoldpaul@HIDDEN>
Cc: 67613 <at> debbugs.gnu.org
Received: via spool by 67613-submit <at> debbugs.gnu.org id=B67613.170257891032656
(code B ref 67613); Thu, 14 Dec 2023 18:36:02 +0000
Received: (at 67613) by debbugs.gnu.org; 14 Dec 2023 18:35:10 +0000
Received: from localhost ([127.0.0.1]:50906 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1rDqY9-0008Ue-G6
for submit <at> debbugs.gnu.org; Thu, 14 Dec 2023 13:35:09 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:50290)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1rDqY7-0008UL-E7
for 67613 <at> debbugs.gnu.org; Thu, 14 Dec 2023 13:35:08 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1rDqY1-0005Lg-UX; Thu, 14 Dec 2023 13:35:01 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
From; bh=T08gi4YvAPwo/lffJUkiGAyLx7Di3Pa0mCFNZ4kFrYY=; b=e56mbeoqtK9ytZ803dXF
J2sTA0r9+cnxNAvqK/u0gOwMVdftYXvEJGtbmVULoiL7XXzCtBI7AYcPjONRRYZsN5Xq/l27z1kkR
bp5fJEoO76jzhgIiLI8h5DHiyeZbNIKDnmxXLtiJDGqCUn6COezVwYy6GFU8a8MWrVYw/3MVzdUg1
Zn1omqloYxKaLo5ElldzB51oQse1bGSIIwMInB7LJ/vffeKT3+/MtoHarfdhZ450usGuxR0zX3idL
E7RZp9O7qR/rPX0wA8YOfs+DrPAZ6hPR96fpeLGqyiyhMWq7/HaQf3cAfkI7YM0OF537L4fAMU7i4
slDLfCjuJZsESw==;
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
In-Reply-To: <cb50582a-b886-e6c8-59a0-d71285058e43@HIDDEN> (paul's
message of "Sun, 10 Dec 2023 23:10:42 +0100")
References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@HIDDEN>
<20231203215630.28144-1-goodoldpaul@HIDDEN>
<87lea13f3e.fsf_-_@HIDDEN>
<cb50582a-b886-e6c8-59a0-d71285058e43@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: Quartidi 24 Frimaire an 232 de la =?UTF-8?Q?R=C3=A9volution,?= jour de l'Oseille
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Thu, 14 Dec 2023 19:34:59 +0100
Message-ID: <87wmtgtyy4.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hi,
paul <goodoldpaul@HIDDEN> skribis:
> I definitely misunderstood, I'll work also on system tests like those
> you pointed out. Thank you, I was not aware of them, I was wondering
> how do I run them?
With =E2=80=98make check-system TESTS=3D=E2=80=A6=E2=80=99:
https://guix.gnu.org/manual/devel/en/html_node/Running-the-Test-Suite.html
Apologies for the miscommunication!
Ludo=E2=80=99.
X-Loop: help-debbugs@HIDDEN
Subject: [bug#67613] Introduce unit tests for oci-container-service-type.
Resent-From: paul <goodoldpaul@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Thu, 11 Jan 2024 20:40:01 +0000
Resent-Message-ID: <handler.67613.B67613.170500555210356 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 67613
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Cc: 67613 <at> debbugs.gnu.org
Received: via spool by 67613-submit <at> debbugs.gnu.org id=B67613.170500555210356
(code B ref 67613); Thu, 11 Jan 2024 20:40:01 +0000
Received: (at 67613) by debbugs.gnu.org; 11 Jan 2024 20:39:12 +0000
Received: from localhost ([127.0.0.1]:34032 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1rO1pY-0002gy-86
for submit <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:39:12 -0500
Received: from confino.investici.org ([93.190.126.19]:36917)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <goodoldpaul@HIDDEN>) id 1rO1pU-0002gm-OI
for 67613 <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:39:10 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org;
s=stigmate; t=1705005549;
bh=suYstArobkyqS5pXH0Hb7rUuKE/QeXEAMbCmEwuTWrw=;
h=Date:Subject:To:Cc:References:From:In-Reply-To:From;
b=PSFH6qAV+KSBinoeHMP6gr0sFM4CzJFvTfLkrt9K7hWw8PaSS1z0YZp9sTDoWUFO7
sFnyOuzoTIsBn7TQUlBorFAaf5WRi7fz0jsOHu1LCVtBjKc1+zH5eLEaHRWKlgLlpd
ghgkP8OrG+cDi8ynb+D8LnBfI1TQLSVtheVm94Ns=
Received: from mx1.investici.org (unknown [127.0.0.1])
by confino.investici.org (Postfix) with ESMTP id 4T9xNF1MLyz112x;
Thu, 11 Jan 2024 20:39:09 +0000 (UTC)
Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19])
(Authenticated sender: goodoldpaul@HIDDEN) by localhost (Postfix) with
ESMTPSA id 4T9xNF0lCYz10w5; Thu, 11 Jan 2024 20:39:09 +0000 (UTC)
Message-ID: <05d4f2f7-01ff-65d1-107f-f71b8e103de0@HIDDEN>
Date: Thu, 11 Jan 2024 21:39:08 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.15.0
Content-Language: en-US
References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@HIDDEN>
<20231203215630.28144-1-goodoldpaul@HIDDEN>
<87lea13f3e.fsf_-_@HIDDEN>
<cb50582a-b886-e6c8-59a0-d71285058e43@HIDDEN> <87wmtgtyy4.fsf@HIDDEN>
From: paul <goodoldpaul@HIDDEN>
In-Reply-To: <87wmtgtyy4.fsf@HIDDEN>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spam-Score: -3.8 (---)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -4.8 (----)
Hi Ludo’ ,
I should have created a suitable system test for the
oci-container-service-type. Thanks to a nice input from
@graywolf@HIDDEN on mastodon, and actually to be able to run the test
since the vm doesn't have internet access and can't pull OCI images, I
implemented a new oci-image record that can be given some lowerable
value that can be lowered to an OCI tarballed image and passed to the
image field of the oci-container-configuration record. I'd like to point
out two things:
- It's the first time I use Guix internal API to build derivations, I
took most of my implementation from other places around Guix and I hope
is sound but I may have missed something. I'd like your feedback about it.
- I was tempted to make the image field of the
oci-container-configuration record directly only accept oci-image
records (hence making the value field of oci-image optional) but that
would break existing configurations. I'm not sure about the contract we
have for configuration records API, should I wait 1.5.0 for this change?
I'm sending an updated patchset, thank you for all your help and efforts.
giacomo
X-Loop: help-debbugs@HIDDEN
Subject: [bug#67613] [PATCH v2 2/5] gnu: docker: Allow setting host environment variables in oci-container-configuration.
Resent-From: Giacomo Leidi <goodoldpaul@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Thu, 11 Jan 2024 20:41:02 +0000
Resent-Message-ID: <handler.67613.B67613.170500561610524 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 67613
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: 67613 <at> debbugs.gnu.org
Cc: Giacomo Leidi <goodoldpaul@HIDDEN>
Received: via spool by 67613-submit <at> debbugs.gnu.org id=B67613.170500561610524
(code B ref 67613); Thu, 11 Jan 2024 20:41:02 +0000
Received: (at 67613) by debbugs.gnu.org; 11 Jan 2024 20:40:16 +0000
Received: from localhost ([127.0.0.1]:34042 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1rO1qZ-0002jX-MV
for submit <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:40:16 -0500
Received: from confino.investici.org ([2a11:7980:1::2:0]:54837)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <goodoldpaul@HIDDEN>) id 1rO1qX-0002j2-4L
for 67613 <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:40:14 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org;
s=stigmate; t=1705005614;
bh=mOOk2Rl7z1ZR1MtttF94Yl37JZ7ppTLvHQS+nvfnC40=;
h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
b=jklp8KjoINmvUElFMxOgyVt8NLknAkXMIZQkbWAozs2HP8+oy/PIbycg8PDhvacRS
7SOlkjwqNlH8GNemvFaddewxEPxSBWbX0aQZOaM2G74U1pe2lP8VYrelT+deqG3U10
y/JgQlEVXgxC3bgShcfViLo5Ticuh1htXh0wVIvc=
Received: from mx1.investici.org (unknown [127.0.0.1])
by confino.investici.org (Postfix) with ESMTP id 4T9xPV6Z7Bz112y;
Thu, 11 Jan 2024 20:40:14 +0000 (UTC)
Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19])
(Authenticated sender: goodoldpaul@HIDDEN) by localhost (Postfix) with
ESMTPSA id 4T9xPV5kPXz10w5; Thu, 11 Jan 2024 20:40:14 +0000 (UTC)
From: Giacomo Leidi <goodoldpaul@HIDDEN>
Date: Thu, 11 Jan 2024 21:39:50 +0100
Message-ID: <20240111203954.29335-2-goodoldpaul@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20240111203954.29335-1-goodoldpaul@HIDDEN>
References: <20240111203954.29335-1-goodoldpaul@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
* gnu/services/docker.scm (oci-container-configuration)
[host-environment]: New field;
(oci-sanitize-host-environment): sanitize it;
(oci-container-shepherd-service): use it.
Change-Id: I4d54d37736cf09f042a71cb0b6e673abc0948d9c
---
gnu/services/docker.scm | 31 +++++++++++++++++++++++++++++--
1 file changed, 29 insertions(+), 2 deletions(-)
diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm
index b4fd94d1fd..7706b4a29a 100644
--- a/gnu/services/docker.scm
+++ b/gnu/services/docker.scm
@@ -5,7 +5,7 @@
;;; Copyright © 2020 Efraim Flashner <efraim@HIDDEN>
;;; Copyright © 2020 Jesse Dowell <jessedowell@HIDDEN>
;;; Copyright © 2021 Brice Waegeneire <brice@HIDDEN>
-;;; Copyright © 2023 Giacomo Leidi <goodoldpaul@HIDDEN>
+;;; Copyright © 2023, 2024 Giacomo Leidi <goodoldpaul@HIDDEN>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -285,6 +285,11 @@ (define (oci-sanitize-mixed-list name value delimiter)
name el)))))
value))
+(define (oci-sanitize-host-environment value)
+ ;; Expected spec format:
+ ;; '(("HOME" . "/home/nobody") "JAVA_HOME=/java")
+ (oci-sanitize-mixed-list "host-environment" value "="))
+
(define (oci-sanitize-environment value)
;; Expected spec format:
;; '(("HOME" . "/home/nobody") "JAVA_HOME=/java")
@@ -330,6 +335,24 @@ (define-configuration/no-serialization oci-container-configuration
(entrypoint
(maybe-string)
"Overwrite the default entrypoint (@code{ENTRYPOINT}) of the image.")
+ (host-environment
+ (list '())
+ "Set environment variables in the host environment where @command{docker run}
+is invoked. This is especially useful to pass secrets from the host to the
+container without having them on the @command{docker run}'s command line: by
+setting the @{MYSQL_PASSWORD} on the host and by passing
+@code{--env MYSQL_PASSWORD} through the @code{extra-arguments} field, it is
+possible to securely set values in the container environment. This field's
+value can be a list of pairs or strings, even mixed:
+
+@lisp
+(list '(\"LANGUAGE\" . \"eo:ca:eu\")
+ \"JAVA_HOME=/opt/java\")
+@end lisp
+
+Pair members can be strings, gexps or file-like objects. Strings are passed
+directly to @code{make-forkexec-constructor}."
+ (sanitizer oci-sanitize-host-environment))
(environment
(list '())
"Set environment variables. This can be a list of pairs or strings, even
@@ -450,6 +473,8 @@ (define (guess-name name image)
(let* ((docker-command (file-append docker-cli "/bin/docker"))
(user (oci-container-configuration-user config))
(group (oci-container-configuration-group config))
+ (host-environment
+ (oci-container-configuration-host-environment config))
(command (oci-container-configuration-command config))
(provision (oci-container-configuration-provision config))
(image (oci-container-configuration-image config))
@@ -471,7 +496,9 @@ (define (guess-name name image)
"--name" #$name
#$@options #$@extra-arguments #$image #$@command)
#:user #$user
- #:group #$group))
+ #:group #$group
+ #:environment-variables
+ (list #$@host-environment)))
(stop
#~(lambda _
(invoke #$docker-command "rm" "-f" #$name)))
--
2.41.0
X-Loop: help-debbugs@HIDDEN
Subject: [bug#67613] [PATCH v2 1/5] gnu: docker: Provide escape hatch in oci-container-configuration.
References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@HIDDEN>
In-Reply-To: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@HIDDEN>
Resent-From: Giacomo Leidi <goodoldpaul@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Thu, 11 Jan 2024 20:41:03 +0000
Resent-Message-ID: <handler.67613.B67613.170500561710531 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 67613
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: 67613 <at> debbugs.gnu.org
Cc: Giacomo Leidi <goodoldpaul@HIDDEN>
Received: via spool by 67613-submit <at> debbugs.gnu.org id=B67613.170500561710531
(code B ref 67613); Thu, 11 Jan 2024 20:41:03 +0000
Received: (at 67613) by debbugs.gnu.org; 11 Jan 2024 20:40:17 +0000
Received: from localhost ([127.0.0.1]:34044 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1rO1qa-0002jh-DX
for submit <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:40:17 -0500
Received: from confino.investici.org ([93.190.126.19]:45877)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <goodoldpaul@HIDDEN>) id 1rO1qX-0002j1-1B
for 67613 <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:40:14 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org;
s=stigmate; t=1705005614;
bh=XWMm9aw5xTxGJSFe/HmCEMWJtNwk9h+dQ0nFyKudE2U=;
h=From:To:Cc:Subject:Date:From;
b=B2quKg7pzfri8ER+3yh9ZD0TZWgI2vgJv//pr++iAPwHSBsrA/jGt0pzwynowTKsT
SUmqqGWYOBeJDU1H6bNj4Sr2qJ0wxTm8SlnH7F2PYTOX8DcP0BrW0TFNER+gyhwYOA
onW4JXk8o5pweuRbkt9/ZBNBQ91AJs55lDpqF4dw=
Received: from mx1.investici.org (unknown [127.0.0.1])
by confino.investici.org (Postfix) with ESMTP id 4T9xPV5N4jz112x;
Thu, 11 Jan 2024 20:40:14 +0000 (UTC)
Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19])
(Authenticated sender: goodoldpaul@HIDDEN) by localhost (Postfix) with
ESMTPSA id 4T9xPV4QQRz10w5; Thu, 11 Jan 2024 20:40:14 +0000 (UTC)
From: Giacomo Leidi <goodoldpaul@HIDDEN>
Date: Thu, 11 Jan 2024 21:39:49 +0100
Message-ID: <20240111203954.29335-1-goodoldpaul@HIDDEN>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
* gnu/services/docker.scm (oci-container-configuration)
[extra-arguments]: New field;
(oci-sanitize-extra-arguments): sanitize it;
(oci-container-shepherd-service): use it;
* doc/guix.texi: document it.
Change-Id: I54c74ac2fe0f5ca65ca5a1d0d7f3fb55ff428063
---
doc/guix.texi | 13 ++++++++++---
gnu/services/docker.scm | 42 ++++++++++++++++++++++++++++++++++-------
2 files changed, 45 insertions(+), 10 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 395545bed7..ce239c603d 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -39844,7 +39844,8 @@ Set environment variables. This can be a list of pairs or strings, even mixed:
"JAVA_HOME=/opt/java")
@end lisp
-String are passed directly to the Docker CLI. You can refer to the
+Pair members can be strings, gexps or file-like objects.
+Strings are passed directly to the Docker CLI. You can refer to the
@uref{https://docs.docker.com/engine/reference/commandline/run/#env,upstream}
documentation for semantics.
@@ -39868,7 +39869,8 @@ list of pairs or strings, even mixed:
"10443:443")
@end lisp
-String are passed directly to the Docker CLI. You can refer to the
+Pair members can be strings, gexps or file-like objects.
+Strings are passed directly to the Docker CLI. You can refer to the
@uref{https://docs.docker.com/engine/reference/commandline/run/#publish,upstream}
documentation for semantics.
@@ -39881,7 +39883,8 @@ list of pairs or strings, even mixed:
"/gnu/store:/gnu/store")
@end lisp
-String are passed directly to the Docker CLI. You can refer to the
+Pair members can be strings, gexps or file-like objects.
+Strings are passed directly to the Docker CLI. You can refer to the
@uref{https://docs.docker.com/engine/reference/commandline/run/#volume,upstream}
documentation for semantics.
@@ -39896,6 +39899,10 @@ You can refer to the
@url{https://docs.docker.com/engine/reference/run/#workdir,upstream}
documentation for semantics.
+@item @code{extra-arguments} (default: @code{()}) (type: list)
+A list of strings, gexps or file-like objects that will be directly
+passed to the @command{docker run} invokation.
+
@end table
@end deftp
diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm
index 4d32b96847..b4fd94d1fd 100644
--- a/gnu/services/docker.scm
+++ b/gnu/services/docker.scm
@@ -58,6 +58,9 @@ (define-module (gnu services docker)
oci-container-configuration-network
oci-container-configuration-ports
oci-container-configuration-volumes
+ oci-container-configuration-container-user
+ oci-container-configuration-workdir
+ oci-container-configuration-extra-arguments
oci-container-service-type
oci-container-shepherd-service))
@@ -297,6 +300,21 @@ (define (oci-sanitize-volumes value)
;; '(("/mnt/dir" . "/dir") "/run/current-system/profile:/java")
(oci-sanitize-mixed-list "volumes" value ":"))
+(define (oci-sanitize-extra-arguments value)
+ (define (valid? member)
+ (or (string? member)
+ (gexp? member)
+ (file-like? member)))
+ (map
+ (lambda (el)
+ (if (valid? el)
+ el
+ (raise
+ (formatted-message
+ (G_ "extra arguments may only be strings, gexps or file-like objects
+but ~a was found") el))))
+ value))
+
(define-maybe/no-serialization string)
(define-configuration/no-serialization oci-container-configuration
@@ -322,7 +340,8 @@ (define-configuration/no-serialization oci-container-configuration
\"JAVA_HOME=/opt/java\")
@end lisp
-String are passed directly to the Docker CLI. You can refer to the
+Pair members can be strings, gexps or file-like objects. Strings are passed
+directly to the Docker CLI. You can refer to the
@url{https://docs.docker.com/engine/reference/commandline/run/#env,upstream}
documentation for semantics."
(sanitizer oci-sanitize-environment))
@@ -347,7 +366,8 @@ (define-configuration/no-serialization oci-container-configuration
\"10443:443\")
@end lisp
-String are passed directly to the Docker CLI. You can refer to the
+Pair members can be strings, gexps or file-like objects. Strings are passed
+directly to the Docker CLI. You can refer to the
@url{https://docs.docker.com/engine/reference/commandline/run/#publish,upstream}
documentation for semantics."
(sanitizer oci-sanitize-ports))
@@ -361,7 +381,8 @@ (define-configuration/no-serialization oci-container-configuration
\"/gnu/store:/gnu/store\")
@end lisp
-String are passed directly to the Docker CLI. You can refer to the
+Pair members can be strings, gexps or file-like objects. Strings are passed
+directly to the Docker CLI. You can refer to the
@url{https://docs.docker.com/engine/reference/commandline/run/#volume,upstream}
documentation for semantics."
(sanitizer oci-sanitize-volumes))
@@ -375,7 +396,12 @@ (define-configuration/no-serialization oci-container-configuration
"Set the current working for the spawned Shepherd service.
You can refer to the
@url{https://docs.docker.com/engine/reference/run/#workdir,upstream}
-documentation for semantics."))
+documentation for semantics.")
+ (extra-arguments
+ (list '())
+ "A list of strings, gexps or file-like objects that will be directly passed
+to the @command{docker run} invokation."
+ (sanitizer oci-sanitize-extra-arguments)))
(define oci-container-configuration->options
(lambda (config)
@@ -428,7 +454,9 @@ (define (guess-name name image)
(provision (oci-container-configuration-provision config))
(image (oci-container-configuration-image config))
(options (oci-container-configuration->options config))
- (name (guess-name provision image)))
+ (name (guess-name provision image))
+ (extra-arguments
+ (oci-container-configuration-extra-arguments config)))
(shepherd-service (provision `(,(string->symbol name)))
(requirement '(dockerd user-processes))
@@ -441,7 +469,7 @@ (define (guess-name name image)
;; docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
(list #$docker-command "run" "--rm"
"--name" #$name
- #$@options #$image #$@command)
+ #$@options #$@extra-arguments #$image #$@command)
#:user #$user
#:group #$group))
(stop
@@ -482,5 +510,5 @@ (define oci-container-service-type
(extend append)
(compose concatenate)
(description
- "This service allows the management of Docker and OCI
+ "This service allows the management of OCI
containers as Shepherd services.")))
base-commit: 637b72e2b83a6332849218ef1f193124fa8239eb
--
2.41.0
X-Loop: help-debbugs@HIDDEN
Subject: [bug#67613] [PATCH v2 3/5] gnu: docker: Allow setting Shepherd dependencies in oci-container-configuration.
Resent-From: Giacomo Leidi <goodoldpaul@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Thu, 11 Jan 2024 20:41:03 +0000
Resent-Message-ID: <handler.67613.B67613.170500561710538 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 67613
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: 67613 <at> debbugs.gnu.org
Cc: Giacomo Leidi <goodoldpaul@HIDDEN>
Received: via spool by 67613-submit <at> debbugs.gnu.org id=B67613.170500561710538
(code B ref 67613); Thu, 11 Jan 2024 20:41:03 +0000
Received: (at 67613) by debbugs.gnu.org; 11 Jan 2024 20:40:17 +0000
Received: from localhost ([127.0.0.1]:34046 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1rO1qb-0002jo-2x
for submit <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:40:17 -0500
Received: from confino.investici.org ([2a11:7980:1::2:0]:33833)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <goodoldpaul@HIDDEN>) id 1rO1qX-0002j5-C6
for 67613 <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:40:14 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org;
s=stigmate; t=1705005615;
bh=yrJSM07unALGLurAQx4P+SyGutdFXugjekWvX0puvs0=;
h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
b=JAkXkhAhzCSqFOXDyfng/wBDftVvT7SGGV+Ih+B+OfdBKlv9t6GKpbV2epDqrCjjI
IKtwD4ItGB9lSOsz4aQlylPPnsXNQSkzz4Qu5oMBlr5baatbotnBYbz9G7Sdo7/ZoK
kfQpwLcvujcwk4F9z0tF8IIIFyvw0X/BjIV5U21M=
Received: from mx1.investici.org (unknown [127.0.0.1])
by confino.investici.org (Postfix) with ESMTP id 4T9xPW1pMlz1132;
Thu, 11 Jan 2024 20:40:15 +0000 (UTC)
Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19])
(Authenticated sender: goodoldpaul@HIDDEN) by localhost (Postfix) with
ESMTPSA id 4T9xPV6xLjz10w5; Thu, 11 Jan 2024 20:40:14 +0000 (UTC)
From: Giacomo Leidi <goodoldpaul@HIDDEN>
Date: Thu, 11 Jan 2024 21:39:51 +0100
Message-ID: <20240111203954.29335-3-goodoldpaul@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20240111203954.29335-1-goodoldpaul@HIDDEN>
References: <20240111203954.29335-1-goodoldpaul@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
* gnu/services/docker.scm (oci-container-configuration)
[requirement]: New field;
(list-of-symbols): sanitize it;
(oci-container-shepherd-service): use it.
Change-Id: Ic0ba336a2257d6ef7c658cfc6cd630116661f581
---
gnu/services/docker.scm | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm
index 7706b4a29a..43ffb71901 100644
--- a/gnu/services/docker.scm
+++ b/gnu/services/docker.scm
@@ -320,6 +320,9 @@ (define (valid? member)
but ~a was found") el))))
value))
+(define list-of-symbols?
+ (list-of symbol?))
+
(define-maybe/no-serialization string)
(define-configuration/no-serialization oci-container-configuration
@@ -376,6 +379,10 @@ (define-configuration/no-serialization oci-container-configuration
(provision
(maybe-string)
"Set the name of the provisioned Shepherd service.")
+ (requirement
+ (list-of-symbols '())
+ "Set additional Shepherd services dependencies to the provisioned Shepherd
+service.")
(network
(maybe-string)
"Set a Docker network for the spawned container.")
@@ -477,6 +484,7 @@ (define (guess-name name image)
(oci-container-configuration-host-environment config))
(command (oci-container-configuration-command config))
(provision (oci-container-configuration-provision config))
+ (requirement (oci-container-configuration-requirement config))
(image (oci-container-configuration-image config))
(options (oci-container-configuration->options config))
(name (guess-name provision image))
@@ -484,7 +492,7 @@ (define (guess-name name image)
(oci-container-configuration-extra-arguments config)))
(shepherd-service (provision `(,(string->symbol name)))
- (requirement '(dockerd user-processes))
+ (requirement `(dockerd user-processes ,@requirement))
(respawn? #f)
(documentation
(string-append
--
2.41.0
X-Loop: help-debbugs@HIDDEN
Subject: [bug#67613] [PATCH v2 5/5] gnu: Add tests and documentation for oci-container-service-type.
Resent-From: Giacomo Leidi <goodoldpaul@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Thu, 11 Jan 2024 20:41:04 +0000
Resent-Message-ID: <handler.67613.B67613.170500562210550 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 67613
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: 67613 <at> debbugs.gnu.org
Cc: Giacomo Leidi <goodoldpaul@HIDDEN>
Received: via spool by 67613-submit <at> debbugs.gnu.org id=B67613.170500562210550
(code B ref 67613); Thu, 11 Jan 2024 20:41:04 +0000
Received: (at 67613) by debbugs.gnu.org; 11 Jan 2024 20:40:22 +0000
Received: from localhost ([127.0.0.1]:34048 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1rO1qf-0002k4-KO
for submit <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:40:22 -0500
Received: from confino.investici.org ([2a11:7980:1::2:0]:42745)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <goodoldpaul@HIDDEN>) id 1rO1qY-0002j8-7o
for 67613 <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:40:15 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org;
s=stigmate; t=1705005616;
bh=6boZOwO4I0ZIE1UTL8wcix2bNKAFfYQcrb52wh6MITQ=;
h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
b=e99uyPf8aVlccV9GJ4FpZWqzFTk9z6L9SNVhDUznE7e7URQ98i2YlyptKi92L83Hm
k8Fr2zJNHbonfq1o0WKZZWvUp7NjBu++pO+W9lma9YEwS2924IQ9OuI68Vac9fgFcD
F1PSIsH6cr7jf/3q1bm+YwOtfsenY8XnPtMuenkk=
Received: from mx1.investici.org (unknown [127.0.0.1])
by confino.investici.org (Postfix) with ESMTP id 4T9xPX04msz1135;
Thu, 11 Jan 2024 20:40:16 +0000 (UTC)
Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19])
(Authenticated sender: goodoldpaul@HIDDEN) by localhost (Postfix) with
ESMTPSA id 4T9xPW3n5Dz10w5; Thu, 11 Jan 2024 20:40:15 +0000 (UTC)
From: Giacomo Leidi <goodoldpaul@HIDDEN>
Date: Thu, 11 Jan 2024 21:39:53 +0100
Message-ID: <20240111203954.29335-5-goodoldpaul@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20240111203954.29335-1-goodoldpaul@HIDDEN>
References: <20240111203954.29335-1-goodoldpaul@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
* doc/guix.texi: Add documentation for the oci-image record and update
the oci-container-configuration documentation.
* gnu/tests/docker.scm (run-oci-container-test): New variable;
(%test-oci-container): new variable.
Change-Id: Id8f4f5454aa3b88d8aa3fa47de823e921acece05
---
doc/guix.texi | 91 +++++++++++++++++++++++++++-
gnu/services/docker.scm | 6 +-
gnu/tests/docker.scm | 131 +++++++++++++++++++++++++++++++++++++++-
3 files changed, 221 insertions(+), 7 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index ce239c603d..1916a00412 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -39790,6 +39790,17 @@ processes as Shepherd Services.
@lisp
(service oci-container-service-type
(list
+ (oci-container-configuration
+ (image
+ (oci-image
+ (repository "guile")
+ (tag "3")
+ (value (specifications->manifest '("guile")))
+ (pack-options '(#:symlinks (("/bin/guile" -> "bin/guile"))
+ #:max-layers 2))))
+ (entrypoint "/bin/guile")
+ (command
+ '("-c" "(display \"hello!\n\")")))
(oci-container-configuration
(image "prom/prometheus")
(network "host")
@@ -39836,6 +39847,23 @@ Overwrite the default command (@code{CMD}) of the image.
@item @code{entrypoint} (default: @code{""}) (type: string)
Overwrite the default entrypoint (@code{ENTRYPOINT}) of the image.
+@item @code{host-environment} (default: @code{()}) (type: list)
+Set environment variables in the host environment where @command{docker
+run} is invoked. This is especially useful to pass secrets from the
+host to the container without having them on the @command{docker run}'s
+command line: by setting the @code{MYSQL_PASSWORD} on the host and by passing
+@code{--env MYSQL_PASSWORD} through the @code{extra-arguments} field, it is
+possible to securely set values in the container environment. This field's
+value can be a list of pairs or strings, even mixed:
+
+@lisp
+(list '(\"LANGUAGE\" . \"eo:ca:eu\")
+ \"JAVA_HOME=/opt/java\")
+@end lisp
+
+Pair members can be strings, gexps or file-like objects. Strings are passed
+directly to @code{make-forkexec-constructor}.
+
@item @code{environment} (default: @code{()}) (type: list)
Set environment variables. This can be a list of pairs or strings, even mixed:
@@ -39849,14 +39877,19 @@ Strings are passed directly to the Docker CLI. You can refer to the
@uref{https://docs.docker.com/engine/reference/commandline/run/#env,upstream}
documentation for semantics.
-@item @code{image} (type: string)
-The image used to build the container. Images are resolved by the
-Docker Engine, and follow the usual format
+@item @code{image} (type: string-or-oci-image)
+The image used to build the container. It can be a string or an
+@code{oci-image} record. Strings are resolved by the Docker Engine, and
+follow the usual format
@code{myregistry.local:5000/testing/test-image:tag}.
@item @code{provision} (default: @code{""}) (type: string)
Set the name of the provisioned Shepherd service.
+@item @code{requirement} (default: @code{()}) (type: list-of-symbols)
+Set additional Shepherd services dependencies to the provisioned
+Shepherd service.
+
@item @code{network} (default: @code{""}) (type: string)
Set a Docker network for the spawned container.
@@ -39908,6 +39941,58 @@ passed to the @command{docker run} invokation.
@end deftp
+@c %end of fragment
+
+@c %start of fragment
+
+@deftp {Data Type} oci-image
+Available @code{oci-image} fields are:
+
+@table @asis
+@item @code{repository} (type: string)
+A string like @code{myregistry.local:5000/testing/test-image} that names
+the OCI image.
+
+@item @code{tag} (default: @code{"latest"}) (type: string)
+A string representing the OCI image tag. Defaults to @code{latest}.
+
+@item @code{value} (type: oci-lowerable-image)
+A @code{manifest} or @code{operating-system} record that will be lowered
+into an OCI compatible tarball. Otherwise this field's value can be a
+gexp or a file-like object that evaluates to an OCI compatible tarball.
+
+@item @code{pack-options} (default: @code{()}) (type: list)
+An optional set of keyword arguments that will be passed to the
+@code{docker-image} procedure from @code{guix scripts pack}. They can
+be used to replicate @command{guix pack} behavior:
+
+@lisp
+(oci-image
+ (repository "guile")
+ (tag "3")
+ (value
+ (specifications->manifest '("guile")))
+ (pack-options '(#:symlinks (("/bin/guile" -> "bin/guile"))
+ #:max-layers 2)))
+@end lisp
+
+If the @code{value} field is an @code{operating-system} record, this field's
+value will be ignored.
+
+@item @code{system} (default: @code{""}) (type: string)
+Attempt to build for a given system, e.g. "i686-linux"
+
+@item @code{target} (default: @code{""}) (type: string)
+Attempt to cross-build for a given triple, e.g. "aarch64-linux-gnu"
+
+@item @code{grafts?} (default: @code{#f}) (type: boolean)
+Whether to allow grafting or not in the pack build.
+
+@end table
+
+@end deftp
+
+
@c %end of fragment
@cindex Audit
diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm
index 58a725737c..7aff8dcc5f 100644
--- a/gnu/services/docker.scm
+++ b/gnu/services/docker.scm
@@ -420,7 +420,7 @@ (define-configuration/no-serialization oci-container-configuration
"Set environment variables in the host environment where @command{docker run}
is invoked. This is especially useful to pass secrets from the host to the
container without having them on the @command{docker run}'s command line: by
-setting the @{MYSQL_PASSWORD} on the host and by passing
+setting the @code{MYSQL_PASSWORD} on the host and by passing
@code{--env MYSQL_PASSWORD} through the @code{extra-arguments} field, it is
possible to securely set values in the container environment. This field's
value can be a list of pairs or strings, even mixed:
@@ -435,8 +435,8 @@ (define-configuration/no-serialization oci-container-configuration
(sanitizer oci-sanitize-host-environment))
(environment
(list '())
- "Set environment variables. This can be a list of pairs or strings, even
-mixed:
+ "Set environment variables inside the container. This can be a list of pairs
+or strings, even mixed:
@lisp
(list '(\"LANGUAGE\" . \"eo:ca:eu\")
diff --git a/gnu/tests/docker.scm b/gnu/tests/docker.scm
index 9e9d2e2d07..d550136b4a 100644
--- a/gnu/tests/docker.scm
+++ b/gnu/tests/docker.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2019 Danny Milosavljevic <dannym@HIDDEN>
;;; Copyright © 2019-2023 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2024 Giacomo Leidi <goodoldpaul@HIDDEN>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -29,6 +30,7 @@ (define-module (gnu tests docker)
#:use-module (gnu services networking)
#:use-module (gnu services docker)
#:use-module (gnu services desktop)
+ #:use-module (gnu packages)
#:use-module ((gnu packages base) #:select (glibc))
#:use-module (gnu packages guile)
#:use-module (gnu packages docker)
@@ -43,7 +45,8 @@ (define-module (gnu tests docker)
#:use-module (guix build-system trivial)
#:use-module ((guix licenses) #:prefix license:)
#:export (%test-docker
- %test-docker-system))
+ %test-docker-system
+ %test-oci-container))
(define %docker-os
(simple-operating-system
@@ -316,3 +319,129 @@ (define %test-docker-system
(locale-libcs (list glibc)))
#:type docker-image-type)))
run-docker-system-test)))))
+
+
+(define %oci-os
+ (simple-operating-system
+ (service dhcp-client-service-type)
+ (service dbus-root-service-type)
+ (service polkit-service-type)
+ (service elogind-service-type)
+ (service docker-service-type)
+ (extra-special-file "/shared.txt"
+ (plain-file "shared.txt" "hello"))
+ (service oci-container-service-type
+ (list
+ (oci-container-configuration
+ (image
+ (oci-image
+ (repository "guile")
+ (value
+ (specifications->manifest '("guile")))
+ (pack-options
+ '(#:symlinks (("/bin" -> "bin"))))))
+ (entrypoint
+ "/bin/guile")
+ (command
+ '("-c" "(let l ((c 300))(display c)(sleep 1)(when(positive? c)(l (- c 1))))"))
+ (host-environment
+ '(("VARIABLE" . "value")))
+ (volumes
+ '(("/shared.txt" . "/shared.txt:ro")))
+ (extra-arguments
+ '("--env" "VARIABLE")))))))
+
+(define (run-oci-container-test)
+ "Run IMAGE as an OCI backed Shepherd service, inside OS."
+
+ (define os
+ (marionette-operating-system
+ (operating-system-with-gc-roots
+ %oci-os
+ (list))
+ #:imported-modules '((gnu services herd)
+ (guix combinators))))
+
+ (define vm
+ (virtual-machine
+ (operating-system os)
+ (volatile? #f)
+ (memory-size 1024)
+ (disk-image-size (* 3000 (expt 2 20)))
+ (port-forwardings '())))
+
+ (define test
+ (with-imported-modules '((gnu build marionette))
+ #~(begin
+ (use-modules (srfi srfi-11) (srfi srfi-64)
+ (gnu build marionette))
+
+ (define marionette
+ ;; Relax timeout to accommodate older systems and
+ ;; allow for pulling the image.
+ (make-marionette (list #$vm) #:timeout 60))
+
+ (test-runner-current (system-test-runner #$output))
+ (test-begin "oci-container")
+
+ (test-assert "dockerd running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (match (start-service 'dockerd)
+ (#f #f)
+ (('service response-parts ...)
+ (match (assq-ref response-parts 'running)
+ ((pid) (number? pid))))))
+ marionette))
+
+ (sleep 10) ; let service start
+
+ (test-assert "docker-guile running"
+ (marionette-eval
+ '(begin
+ (use-modules (gnu services herd))
+ (match (start-service 'docker-guile)
+ (#f #f)
+ (('service response-parts ...)
+ (match (assq-ref response-parts 'running)
+ ((pid) (number? pid))))))
+ marionette))
+
+ (test-equal "passing host environment variables and volumes"
+ '("value" "hello")
+ (marionette-eval
+ `(begin
+ (use-modules (ice-9 popen)
+ (ice-9 rdelim))
+
+ (define slurp
+ (lambda args
+ (let* ((port (apply open-pipe* OPEN_READ args))
+ (output (let ((line (read-line port)))
+ (if (eof-object? line)
+ ""
+ line)))
+ (status (close-pipe port)))
+ output)))
+ (let* ((response1 (slurp
+ ,(string-append #$docker-cli "/bin/docker")
+ "exec" "docker-guile"
+ "/bin/guile" "-c" "(display (getenv \"VARIABLE\"))"))
+ (response2 (slurp
+ ,(string-append #$docker-cli "/bin/docker")
+ "exec" "docker-guile"
+ "/bin/guile" "-c" "(begin (use-modules (ice-9 popen) (ice-9 rdelim))
+(display (call-with-input-file \"/shared.txt\" read-line)))")))
+ (list response1 response2)))
+ marionette))
+
+ (test-end))))
+
+ (gexp->derivation "oci-container-test" test))
+
+(define %test-oci-container
+ (system-test
+ (name "oci-container")
+ (description "Test OCI backed Shepherd service.")
+ (value (run-oci-container-test))))
--
2.41.0
X-Loop: help-debbugs@HIDDEN
Subject: [bug#67613] [PATCH v2 4/5] gnu: docker: Allow passing tarballs for images in oci-container-configuration.
Resent-From: Giacomo Leidi <goodoldpaul@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Thu, 11 Jan 2024 20:41:04 +0000
Resent-Message-ID: <handler.67613.B67613.170500562310558 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 67613
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: 67613 <at> debbugs.gnu.org
Cc: Giacomo Leidi <goodoldpaul@HIDDEN>
Received: via spool by 67613-submit <at> debbugs.gnu.org id=B67613.170500562310558
(code B ref 67613); Thu, 11 Jan 2024 20:41:04 +0000
Received: (at 67613) by debbugs.gnu.org; 11 Jan 2024 20:40:23 +0000
Received: from localhost ([127.0.0.1]:34050 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1rO1qg-0002k7-GU
for submit <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:40:23 -0500
Received: from confino.investici.org ([93.190.126.19]:29449)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <goodoldpaul@HIDDEN>) id 1rO1qX-0002j7-QF
for 67613 <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:40:15 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org;
s=stigmate; t=1705005615;
bh=lU7r01dxDSSIwNeQf2hhzS1UJbikwB2UpRWsBi3HYfw=;
h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
b=u1eCDMAOzwKXIM67h44DUgf8n+QEFAJhMHDa0ftfyyipy8dWp10nBaMIzJH7MEH2U
rF63UIEWPghWbt9GeA4Fla58QtInaJKJ9b1nQ4sFBhS3dqc17IEsSxa5tOtXxit9d7
0C4yhfXGFux0k7sev9QrxZ4r9h8H1oSby3PHPdeI=
Received: from mx1.investici.org (unknown [127.0.0.1])
by confino.investici.org (Postfix) with ESMTP id 4T9xPW3P7Pz1134;
Thu, 11 Jan 2024 20:40:15 +0000 (UTC)
Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19])
(Authenticated sender: goodoldpaul@HIDDEN) by localhost (Postfix) with
ESMTPSA id 4T9xPW2C6gz10w5; Thu, 11 Jan 2024 20:40:15 +0000 (UTC)
From: Giacomo Leidi <goodoldpaul@HIDDEN>
Date: Thu, 11 Jan 2024 21:39:52 +0100
Message-ID: <20240111203954.29335-4-goodoldpaul@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20240111203954.29335-1-goodoldpaul@HIDDEN>
References: <20240111203954.29335-1-goodoldpaul@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
This commit allows for loading an OCI image tarball before running an
OCI backed Shepherd service. It does so by adding a one shot Shepherd
service to the dependencies of the OCI backed service that at boot runs
docker load on the tarball.
* gnu/services/docker.scm (oci-image): New record;
(lower-oci-image): new variable, lower it;
(string-or-oci-image?): sanitize it;
(oci-container-configuration)[image]: allow also for oci-image records;
(oci-container-shepherd-service): use it;
(%oci-image-loader): new variable.
Change-Id: Ie504f479ea0d47f74b0ec5df9085673ffd3f639d
---
gnu/services/docker.scm | 244 ++++++++++++++++++++++++++++++++++++----
1 file changed, 219 insertions(+), 25 deletions(-)
diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm
index 43ffb71901..58a725737c 100644
--- a/gnu/services/docker.scm
+++ b/gnu/services/docker.scm
@@ -23,11 +23,14 @@
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu services docker)
+ #:use-module (gnu image)
#:use-module (gnu services)
#:use-module (gnu services configuration)
#:use-module (gnu services base)
#:use-module (gnu services dbus)
#:use-module (gnu services shepherd)
+ #:use-module (gnu system)
+ #:use-module (gnu system image)
#:use-module (gnu system setuid)
#:use-module (gnu system shadow)
#:use-module (gnu packages admin) ;shadow
@@ -37,7 +40,11 @@ (define-module (gnu services docker)
#:use-module (guix diagnostics)
#:use-module (guix gexp)
#:use-module (guix i18n)
+ #:use-module (guix monads)
#:use-module (guix packages)
+ #:use-module (guix profiles)
+ #:use-module ((guix scripts pack) #:prefix pack:)
+ #:use-module (guix store)
#:use-module (srfi srfi-1)
#:use-module (ice-9 format)
#:use-module (ice-9 match)
@@ -45,6 +52,16 @@ (define-module (gnu services docker)
#:export (docker-configuration
docker-service-type
singularity-service-type
+ oci-image
+ oci-image?
+ oci-image-fields
+ oci-image-repository
+ oci-image-tag
+ oci-image-value
+ oci-image-pack-options
+ oci-image-target
+ oci-image-system
+ oci-image-grafts?
oci-container-configuration
oci-container-configuration?
oci-container-configuration-fields
@@ -52,9 +69,11 @@ (define-module (gnu services docker)
oci-container-configuration-group
oci-container-configuration-command
oci-container-configuration-entrypoint
+ oci-container-configuration-host-environment
oci-container-configuration-environment
oci-container-configuration-image
oci-container-configuration-provision
+ oci-container-configuration-requirement
oci-container-configuration-network
oci-container-configuration-ports
oci-container-configuration-volumes
@@ -62,7 +81,8 @@ (define-module (gnu services docker)
oci-container-configuration-workdir
oci-container-configuration-extra-arguments
oci-container-service-type
- oci-container-shepherd-service))
+ oci-container-shepherd-service
+ %oci-container-accounts))
(define-maybe file-like)
@@ -320,11 +340,68 @@ (define (valid? member)
but ~a was found") el))))
value))
+(define (oci-image-reference image)
+ (if (string? image)
+ image
+ (string-append (oci-image-repository image)
+ ":" (oci-image-tag image))))
+
+(define (oci-lowerable-image? image)
+ (or (manifest? image)
+ (operating-system? image)
+ (gexp? image)
+ (file-like? image)))
+
+(define (string-or-oci-image? image)
+ (or (string? image)
+ (oci-image? image)))
+
(define list-of-symbols?
(list-of symbol?))
(define-maybe/no-serialization string)
+(define-configuration/no-serialization oci-image
+ (repository
+ (string)
+ "A string like @code{myregistry.local:5000/testing/test-image} that names
+the OCI image.")
+ (tag
+ (string "latest")
+ "A string representing the OCI image tag. Defaults to @code{latest}.")
+ (value
+ (oci-lowerable-image)
+ "A @code{manifest} or @code{operating-system} record that will be lowered
+into an OCI compatible tarball. Otherwise this field's value can be a gexp
+or a file-like object that evaluates to an OCI compatible tarball.")
+ (pack-options
+ (list '())
+ "An optional set of keyword arguments that will be passed to the
+@code{docker-image} procedure from @code{guix scripts pack}. They can be used
+to replicate @command{guix pack} behavior:
+
+@lisp
+(oci-image
+ (repository \"guile\")
+ (tag \"3\")
+ (manifest (specifications->manifest '(\"guile\")))
+ (pack-options
+ '(#:symlinks ((\"/bin/guile\" -> \"bin/guile\"))
+ #:max-layers 2)))
+@end lisp
+
+If the @code{value} field is an @code{operating-system} record, this field's
+value will be ignored.")
+ (system
+ (maybe-string)
+ "Attempt to build for a given system, e.g. \"i686-linux\"")
+ (target
+ (maybe-string)
+ "Attempt to cross-build for a given triple, e.g. \"aarch64-linux-gnu\"")
+ (grafts?
+ (boolean #f)
+ "Whether to allow grafting or not in the pack build."))
+
(define-configuration/no-serialization oci-container-configuration
(user
(string "oci-container")
@@ -372,8 +449,9 @@ (define-configuration/no-serialization oci-container-configuration
documentation for semantics."
(sanitizer oci-sanitize-environment))
(image
- (string)
- "The image used to build the container. Images are resolved by the Docker
+ (string-or-oci-image)
+ "The image used to build the container. It can be a string or an
+@code{oci-image} record. Strings are resolved by the Docker
Engine, and follow the usual format
@code{myregistry.local:5000/testing/test-image:tag}.")
(provision
@@ -470,14 +548,122 @@ (define oci-container-configuration->options
(list "-v" spec))
(oci-container-configuration-volumes config))))))))
+(define* (get-keyword-value args keyword #:key (default #f))
+ (let ((kv (memq keyword args)))
+ (if (and kv (>= (length kv) 2))
+ (cadr kv)
+ default)))
+
+(define (lower-operating-system os target system)
+ (mlet* %store-monad
+ ((tarball
+ (lower-object
+ (system-image (os->image os #:type docker-image-type))
+ system
+ #:target target)))
+ (return tarball)))
+
+(define (lower-manifest name image target system)
+ (define value (oci-image-value image))
+ (define options (oci-image-pack-options image))
+ (define image-reference
+ (oci-image-reference image))
+ (define image-tag
+ (let* ((extra-options
+ (get-keyword-value options #:extra-options))
+ (image-tag-option
+ (and extra-options
+ (get-keyword-value extra-options #:image-tag))))
+ (if image-tag-option
+ '()
+ `(#:extra-options (#:image-tag ,image-reference)))))
+
+ (mlet* %store-monad
+ ((_ (set-grafting
+ (oci-image-grafts? image)))
+ (guile (set-guile-for-build (default-guile)))
+ (profile
+ (profile-derivation value
+ #:target target
+ #:system system
+ #:hooks '()
+ #:locales? #f))
+ (tarball (apply pack:docker-image
+ `(,name ,profile
+ ,@options
+ ,@image-tag
+ #:localstatedir? #t))))
+ (return tarball)))
+
+(define (lower-oci-image name image)
+ (define value (oci-image-value image))
+ (define image-target (oci-image-target image))
+ (define image-system (oci-image-system image))
+ (define target
+ (if (maybe-value-set? image-target)
+ image-target
+ (%current-target-system)))
+ (define system
+ (if (maybe-value-set? image-system)
+ image-system
+ (%current-system)))
+ (with-store store
+ (run-with-store store
+ (match value
+ ((? manifest? value)
+ (lower-manifest name image target system))
+ ((? operating-system? value)
+ (lower-operating-system value target system))
+ ((or (? gexp? value)
+ (? file-like? value))
+ value)
+ (_
+ (raise
+ (formatted-message
+ (G_ "oci-image value must contain only manifest,
+operating-system, gexp or file-like records but ~a was found")
+ value))))
+ #:target target
+ #:system system)))
+
+(define (%oci-image-loader name image tag)
+ (let ((docker (file-append docker-cli "/bin/docker"))
+ (tarball (lower-oci-image name image)))
+ (with-imported-modules '((guix build utils))
+ (program-file (format #f "~a-image-loader" name)
+ #~(begin
+ (use-modules (guix build utils)
+ (ice-9 popen)
+ (ice-9 rdelim))
+
+ (format #t "Loading image for ~a from ~a...~%" #$name #$tarball)
+ (define line
+ (read-line
+ (open-input-pipe
+ (string-append #$docker " load -i " #$tarball))))
+
+ (unless (or (eof-object? line)
+ (string-null? line))
+ (format #t "~a~%" line)
+ (let ((repository&tag
+ (string-drop line
+ (string-length
+ "Loaded image: "))))
+
+ (invoke #$docker "tag" repository&tag #$tag)
+ (format #t "Tagged ~a with ~a...~%" #$tarball #$tag))))))))
+
(define (oci-container-shepherd-service config)
(define (guess-name name image)
(if (maybe-value-set? name)
name
(string-append "docker-"
- (basename (car (string-split image #\:))))))
+ (basename
+ (if (string? image)
+ (first (string-split image #\:))
+ (oci-image-repository image))))))
- (let* ((docker-command (file-append docker-cli "/bin/docker"))
+ (let* ((docker (file-append docker-cli "/bin/docker"))
(user (oci-container-configuration-user config))
(group (oci-container-configuration-group config))
(host-environment
@@ -486,6 +672,7 @@ (define (guess-name name image)
(provision (oci-container-configuration-provision config))
(requirement (oci-container-configuration-requirement config))
(image (oci-container-configuration-image config))
+ (image-reference (oci-image-reference image))
(options (oci-container-configuration->options config))
(name (guess-name provision image))
(extra-arguments
@@ -496,30 +683,37 @@ (define (guess-name name image)
(respawn? #f)
(documentation
(string-append
- "Docker backed Shepherd service for image: " image))
+ "Docker backed Shepherd service for "
+ (if (oci-image? image) name image) "."))
(start
- #~(make-forkexec-constructor
- ;; docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
- (list #$docker-command "run" "--rm"
- "--name" #$name
- #$@options #$@extra-arguments #$image #$@command)
- #:user #$user
- #:group #$group
- #:environment-variables
- (list #$@host-environment)))
+ #~(lambda ()
+ (when #$(oci-image? image)
+ (invoke #$(%oci-image-loader
+ name image image-reference)))
+ (fork+exec-command
+ ;; docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
+ (list #$docker "run" "--rm" "--name" #$name
+ #$@options #$@extra-arguments
+ #$image-reference #$@command)
+ #:user #$user
+ #:group #$group
+ #:environment-variables
+ (list #$@host-environment))))
(stop
#~(lambda _
- (invoke #$docker-command "rm" "-f" #$name)))
+ (invoke #$docker "rm" "-f" #$name)))
(actions
- (list
- (shepherd-action
- (name 'pull)
- (documentation
- (format #f "Pull ~a's image (~a)."
- name image))
- (procedure
- #~(lambda _
- (invoke #$docker-command "pull" #$image)))))))))
+ (if (oci-image? image)
+ '()
+ (list
+ (shepherd-action
+ (name 'pull)
+ (documentation
+ (format #f "Pull ~a's image (~a)."
+ name image))
+ (procedure
+ #~(lambda _
+ (invoke #$docker "pull" #$image))))))))))
(define %oci-container-accounts
(list (user-account
--
2.41.0
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.