GNU bug report logs - #58123
[PATCH] gnu: services: docker: Add docker-container-service-type

Message received at 58123 <at> debbugs.gnu.org:

Received: (at 58123) by debbugs.gnu.org; 1 Dec 2022 15:59:34 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Dec 01 10:59:34 2022
Received: from localhost ([127.0.0.1]:40487 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1p0lyI-0000bC-3R
	for submit <at> debbugs.gnu.org; Thu, 01 Dec 2022 10:59:34 -0500
Received: from eggs.gnu.org ([209.51.188.92]:54078)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1p0lyG-0000b6-8R
 for 58123 <at> debbugs.gnu.org; Thu, 01 Dec 2022 10:59:32 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1p0ly9-0004Nw-Dx; Thu, 01 Dec 2022 10:59:25 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=0NzDH75PQA6iSp1FK+MSOGBB+TByIg3lfUCDUAa5op8=; b=P+gIriUOF9ZqhpWFlvPR
 jSHz0KuQ3gvpGxZ3ngeKpCZfmfTkLS91HlJs25V1XBbPT0Jl10eULoaNo9Z7ayCVItbli7TZqxGTU
 phBD8jXXrgbvi8khn0pwJPdBQgDeMyIpgCeYMafOmnn1VSsYNh/Ges5YyePdAUWrh/cD3vYlRvalh
 MkON+e7kCCOIZ9/CgLGDJQCjSBYpqMOMNcmQ10kqFjB6bSrBRsZ5bbNTbtIPakGz69LnZjzrYmV4z
 gGfY7jebpXOM8vNkERP25+jqpqdxveG5AlbvjoFc9cimrz8wgHNY2ZPHoNXNtYiROHD42OY0h/22V
 TFXUWtpC8xan0A==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201] helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1p0ly8-0005AZ-UJ; Thu, 01 Dec 2022 10:59:25 -0500
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: =?utf-8?B?TcOhamEgVG9tw6HFoWVr?= <maya.tomasek@HIDDEN>
Subject: Re: bug#58123: [PATCH] gnu: services: docker: Add
 docker-container-service-type
References: <87czaygrt8.fsf@HIDDEN> <87k053ri04.fsf@HIDDEN>
Date: Thu, 01 Dec 2022 16:59:22 +0100
In-Reply-To: <87k053ri04.fsf@HIDDEN> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?=
 =?utf-8?Q?s?= message of "Thu, 13 Oct 2022 15:05:31 +0200")
Message-ID: <87a647yv1h.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 58123
Cc: maximedevos@HIDDEN, 58123 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi M=C3=A1ja,

Did you have a chance to look into this?

  https://issues.guix.gnu.org/58123

Thanks in advance,
Ludo=E2=80=99.

Ludovic Court=C3=A8s <ludo@HIDDEN> skribis:

> Hello,
>
> M=C3=A1ja Tom=C3=A1=C5=A1ek <maya.tomasek@HIDDEN> skribis:
>
>>> I would have two more asks:
>>>
>>>   1. Could you update doc/guix.texi to document the new service?  You
>>>      can mostly use =E2=80=98generate-documentation=E2=80=99 to produce=
 the reference of
>>>      the configuration record, and then add a paragraph giving some
>>>      context and a documented example.
>>
>> Is that a command from make? I'm sorry I have never used it, I can
>> update it if I can generate it :)
>
> =E2=80=98generate-documentation=E2=80=99 is a procedure in (gnu services =
configuration):
>
>   https://guix.gnu.org/manual/devel/en/html_node/Complex-Configurations.h=
tml#index-generate_002ddocumentation
>
>>>   2. Could you add a test under (gnu tests *)?  That would ensure the
>>>      service does not bitrot going forward.
>>
>> I'm not exactly sure what would that mean. Test that creates a container
>> and then runs it or...?
>
> I guess the test would start the Shepherd service, ensure it=E2=80=99s ru=
nning,
> and attempt to talk to the running container one way or another.
>
> Does that make sense?
>
> Thanks,
> Ludo=E2=80=99.

Message received at 58123 <at> debbugs.gnu.org:

Received: (at 58123) by debbugs.gnu.org; 13 Oct 2022 13:05:45 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Oct 13 09:05:45 2022
Received: from localhost ([127.0.0.1]:59903 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1oixuD-00044V-3q
	for submit <at> debbugs.gnu.org; Thu, 13 Oct 2022 09:05:45 -0400
Received: from eggs.gnu.org ([209.51.188.92]:58990)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1oixu9-00044H-CW
 for 58123 <at> debbugs.gnu.org; Thu, 13 Oct 2022 09:05:43 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:52124)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1oixu2-0001Gp-S7; Thu, 13 Oct 2022 09:05:34 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=/HIS88EQU1cZYLjBW5r+2O9iPXM0evy4sSbILX6KDTA=; b=OCNPmJA++eP8uLMIMwRY
 POMd7vgU/Q6FUydrm6OWFsaBnXY6+jaBNB8op8Ome7ij0nNcPROC2C+D/QTSFqcgfHJqQ/27E1Etr
 H0G4h3koM3FD8q+VMfYYMK0Xd+fikFog5c4zVP/LLgF2IwmFsExxgtPdTG/IL7Ml+vVpXaciRfUuK
 ctrXKF2NdchsduiMJLmVK1MSbHWNhhcsKylOnWlnhYn0lWs+9RhFbGr30CMiVyv2AzuHABrqwuFl5
 Jh5DUTyMkYEqyNhRLrENquUV0WXwDz+7zn1L33xnUuIBuBXBjv9XEgnoaDn/Feyij9XruBuoa+XHc
 SpWZX0L+srmouQ==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:50860
 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1oixu1-0003ML-6g; Thu, 13 Oct 2022 09:05:33 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: =?utf-8?B?TcOhamEgVG9tw6HFoWVr?= <maya.tomasek@HIDDEN>
Subject: Re: bug#58123: [PATCH] gnu: services: docker: Add
 docker-container-service-type
References: <87czaygrt8.fsf@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: Duodi 22 =?utf-8?Q?Vend=C3=A9miaire?= an 231 de la
 =?utf-8?Q?R=C3=A9volution=2C?= jour de
 la =?utf-8?Q?P=C3=AAche?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Thu, 13 Oct 2022 15:05:31 +0200
In-Reply-To: <87czaygrt8.fsf@HIDDEN> (=?utf-8?B?Ik3DoWphIFRvbcOhxaFl?=
 =?utf-8?B?ayIncw==?= message of "Tue, 11 Oct 2022 20:04:35 +0200")
Message-ID: <87k053ri04.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 58123
Cc: maximedevos@HIDDEN, 58123 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hello,

M=C3=A1ja Tom=C3=A1=C5=A1ek <maya.tomasek@HIDDEN> skribis:

>> I would have two more asks:
>>
>>   1. Could you update doc/guix.texi to document the new service?  You
>>      can mostly use =E2=80=98generate-documentation=E2=80=99 to produce =
the reference of
>>      the configuration record, and then add a paragraph giving some
>>      context and a documented example.
>
> Is that a command from make? I'm sorry I have never used it, I can
> update it if I can generate it :)

=E2=80=98generate-documentation=E2=80=99 is a procedure in (gnu services co=
nfiguration):

  https://guix.gnu.org/manual/devel/en/html_node/Complex-Configurations.htm=
l#index-generate_002ddocumentation

>>   2. Could you add a test under (gnu tests *)?  That would ensure the
>>      service does not bitrot going forward.
>
> I'm not exactly sure what would that mean. Test that creates a container
> and then runs it or...?

I guess the test would start the Shepherd service, ensure it=E2=80=99s runn=
ing,
and attempt to talk to the running container one way or another.

Does that make sense?

Thanks,
Ludo=E2=80=99.

Message received at 58123 <at> debbugs.gnu.org:

Received: (at 58123) by debbugs.gnu.org; 11 Oct 2022 18:06:45 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Oct 11 14:06:45 2022
Received: from localhost ([127.0.0.1]:54772 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1oiJeP-0004Hp-H4
	for submit <at> debbugs.gnu.org; Tue, 11 Oct 2022 14:06:45 -0400
Received: from knopi.disroot.org ([178.21.23.139]:38854)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maya.tomasek@HIDDEN>) id 1oiJeN-0004He-4v
 for 58123 <at> debbugs.gnu.org; Tue, 11 Oct 2022 14:06:44 -0400
Received: from localhost (localhost [127.0.0.1])
 by disroot.org (Postfix) with ESMTP id D30A24DB29;
 Tue, 11 Oct 2022 20:06:41 +0200 (CEST)
X-Virus-Scanned: SPAM Filter at disroot.org
X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "To"
Received: from knopi.disroot.org ([127.0.0.1])
 by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024)
 with UTF8SMTP id HX-LSC0RSobA; Tue, 11 Oct 2022 20:06:40 +0200 (CEST)
From: =?utf-8?B?TcOhamEgVG9tw6HFoWVr?= <maya.tomasek@HIDDEN>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail;
 t=1665511477; bh=Up3gKktlcb4OvV0QlrxMENwoNiXIQosNbYeD99aKU7c=;
 h=From:To:To:Cc:Subject:Date;
 b=S77qtc8ftkz+IZIWOfajIO2e1rrEDmaSaFsYZJLE2q/yxhDmIKOTVCMQoGc52byNS
 qsyGPbsXlKkdcE2oB8KQerotb2xHG9AfFHLLkbR31HktzK+0Xo1RB+WLkEIqN5OQtf
 ugu9sL/pCnFZs2NF0puclDeQQGR0Tki+/7/m4vNwwY7nAsSi47R5OPBd+K7jirvT9j
 Rd2nicukpgwbk9ZgDGSjuPe2ozCJd8PdJyfjaRJV2ISwFH05CI9wPJVcRhBASvIKGf
 BVwCRv4cCAEl0VfA7rsFudGKnWPGNeJaDAFG0HzV8XZVLQYywirIPZ4TldkclYrp58
 dTfKXREYCs9Hw==
To: 
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Subject: Re: bug#58123: [PATCH] gnu: services: docker: Add
 docker-container-service-type
Date: Tue, 11 Oct 2022 20:04:35 +0200
Message-ID: <87czaygrt8.fsf@HIDDEN>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 58123
Cc: maximedevos@HIDDEN, 58123 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


Hi Ludo',

>> I have applied the changes as you suggested. Thank you for your (as you
>> said) "superficial comments", they were really helpful! And I am happy
>> that you made them, as I'm sometimes too happy that I have made a
>> contribution and I forget that I don't write only for myself, but for
>> others.
>
> Thanks for the nice and useful service!
>
> It looks pretty good already (in part thanks to Maxime=E2=80=99s guidance=
 :-)).
> I would have two more asks:
>
>   1. Could you update doc/guix.texi to document the new service?  You
>      can mostly use =E2=80=98generate-documentation=E2=80=99 to produce t=
he reference of
>      the configuration record, and then add a paragraph giving some
>      context and a documented example.

Is that a command from make? I'm sorry I have never used it, I can
update it if I can generate it :)

>   2. Could you add a test under (gnu tests *)?  That would ensure the
>      service does not bitrot going forward.

I'm not exactly sure what would that mean. Test that creates a container
and then runs it or...?

> Let us know if you need guidance on these things.  When you=E2=80=99re do=
ne,
> please send an updated patch with those changes here.

Will do!

Maya

Message received at 58123 <at> debbugs.gnu.org:

Received: (at 58123) by debbugs.gnu.org; 9 Oct 2022 20:31:38 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Oct 09 16:31:37 2022
Received: from localhost ([127.0.0.1]:45002 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1ohcxV-0005Tp-Hr
	for submit <at> debbugs.gnu.org; Sun, 09 Oct 2022 16:31:37 -0400
Received: from eggs.gnu.org ([209.51.188.92]:45032)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1ohcxU-0005Tb-8V
 for 58123 <at> debbugs.gnu.org; Sun, 09 Oct 2022 16:31:36 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:48328)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1ohcxO-0002Tt-OT; Sun, 09 Oct 2022 16:31:30 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=OGHX91I8IIXGg4rCQ9gPmL/1XmPaRorT2nPtPSsQ6fs=; b=Svs+lhltCyxpMIpR4Lar
 8ODr7K3RVEDzN7OJnqIwcsZDNSJ1t38zULxchboGdC7Cio4UIiWO7HDzTsBsDw1kkkTC9BlDf30s6
 7BCnNTXYF5R3oDspz/bx++VXOypkCJjnqHD0mc07vwTq4gfEV4PR2+1+OqZ/mUh0YpBQOvctn89OJ
 Sq6z45i3AeEdXRwyrLbhWJ51Yn7gIS86RD8MqLwuPpDR726AUuXCmdPV8q5srVHkq92JfGp283gax
 9aj8nkfJAxr20WsM0nvMASVau/DQWEGFZK6UhOBnye8eroLWAA3cBnL8JLpzA4iCyRUuQTkCNIFe+
 KdG+2i2G+UmF2Q==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:59572
 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1ohcxN-0005lk-D9; Sun, 09 Oct 2022 16:31:30 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: =?utf-8?B?TcOhamEgVG9tw6HFoWVr?= <maya.tomasek@HIDDEN>
Subject: Re: bug#58123: [PATCH] gnu: services: docker: Add
 docker-container-service-type
References: <87r0zwr9dv.fsf@HIDDEN> <87mtae9d0t.fsf@HIDDEN>
Date: Sun, 09 Oct 2022 22:31:27 +0200
In-Reply-To: <87mtae9d0t.fsf@HIDDEN> (=?utf-8?B?Ik3DoWphIFRvbcOhxaFl?=
 =?utf-8?B?ayIncw==?= message of "Sun, 02 Oct 2022 22:38:42 +0200")
Message-ID: <874jwc4u3k.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 58123
Cc: maximedevos@HIDDEN, 58123 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi M=C3=A1ja,

M=C3=A1ja Tom=C3=A1=C5=A1ek <maya.tomasek@HIDDEN> skribis:

> I have applied the changes as you suggested. Thank you for your (as you
> said) "superficial comments", they were really helpful! And I am happy
> that you made them, as I'm sometimes too happy that I have made a
> contribution and I forget that I don't write only for myself, but for
> others.

Thanks for the nice and useful service!

It looks pretty good already (in part thanks to Maxime=E2=80=99s guidance :=
-)).
I would have two more asks:

  1. Could you update doc/guix.texi to document the new service?  You
     can mostly use =E2=80=98generate-documentation=E2=80=99 to produce the=
 reference of
     the configuration record, and then add a paragraph giving some
     context and a documented example.

  2. Could you add a test under (gnu tests *)?  That would ensure the
     service does not bitrot going forward.

Let us know if you need guidance on these things.  When you=E2=80=99re done,
please send an updated patch with those changes here.

Thank you!

Ludo=E2=80=99.

Message received at 58123 <at> debbugs.gnu.org:

Received: (at 58123) by debbugs.gnu.org; 2 Oct 2022 20:44:49 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Oct 02 16:44:49 2022
Received: from localhost ([127.0.0.1]:48180 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1of5pQ-0005cw-1x
	for submit <at> debbugs.gnu.org; Sun, 02 Oct 2022 16:44:48 -0400
Received: from knopi.disroot.org ([178.21.23.139]:44264)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maya.tomasek@HIDDEN>) id 1of5pN-0005cl-A4
 for 58123 <at> debbugs.gnu.org; Sun, 02 Oct 2022 16:44:46 -0400
Received: from localhost (localhost [127.0.0.1])
 by disroot.org (Postfix) with ESMTP id C36594C529;
 Sun,  2 Oct 2022 22:44:42 +0200 (CEST)
X-Virus-Scanned: SPAM Filter at disroot.org
Received: from knopi.disroot.org ([127.0.0.1])
 by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024)
 with UTF8SMTP id OXBn0_OTqyEp; Sun,  2 Oct 2022 22:44:41 +0200 (CEST)
From: =?utf-8?B?TcOhamEgVG9tw6HFoWVr?= <maya.tomasek@HIDDEN>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail;
 t=1664743124; bh=eRe6fGFEEf1LV038jTKA0V/XsxLZt7bqH1kcdjcY9Ys=;
 h=From:To:Subject:Date;
 b=AiK0TtvewpbDhlQ1HFA1pKkrFdVeOQmvdigSgPYwFa5NAV1gk6Jfau8xvcA9YzP9k
 DL8fIRPsL6uN31HP/7r+x+enDh29mVFjNkhZohJ2X33Y1/QFuhuqnmzzUTgi8gjfGq
 HsqlcupjE9B3DNmvO0LSNVnxBlEBd8z9N6eGGhPiedeVu6nDxuEuG/7BqHSn0vA0pb
 tlPSKv9f4n2WVpF2YIuKVOixorV3f2o7xIn9cwpyKq6Pt/e0E23CHN6esw5ka1mNCL
 DupfBos6iPU0Chhqlq89kDTSCn6PtLq/Siit4ubWdzYuXi9QIPFNTr2FZqvSrF5hPD
 XR35HZaTDuK/A==
To: 58123 <at> debbugs.gnu.org, maximedevos@HIDDEN
Subject: 
Date: Sun, 02 Oct 2022 22:38:42 +0200
Message-ID: <87mtae9d0t.fsf@HIDDEN>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: 2.0 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  I have applied the changes as you suggested. Thank you for
 your (as you said) "superficial comments", they were really helpful! And
 I am happy that you made them, as I'm sometimes too happy that I hav [...]
 Content analysis details:   (2.0 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 2.0 BLANK_SUBJECT          Subject is present but empty
X-Debbugs-Envelope-To: 58123
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.0 (+)

--=-=-=
Content-Type: text/plain

I have applied the changes as you suggested. Thank you for your (as you
said) "superficial comments", they were really helpful! And I am happy
that you made them, as I'm sometimes too happy that I have made a
contribution and I forget that I don't write only for myself, but for
others.


--=-=-=
Content-Type: text/x-patch; charset=utf-8
Content-Disposition: attachment;
 filename=0001-Add-docker-container-management-with-shepherd.patch
Content-Transfer-Encoding: quoted-printable

---
 gnu/services/docker.scm | 240 +++++++++++++++++++++++++++++++++++++---
 1 file changed, 222 insertions(+), 18 deletions(-)

diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm
index 741bab5a8c..f3a347981f 100644
--- a/gnu/services/docker.scm
+++ b/gnu/services/docker.scm
@@ -5,6 +5,7 @@
 ;;; Copyright =C2=A9 2020 Efraim Flashner <efraim@HIDDEN>
 ;;; Copyright =C2=A9 2020 Jesse Dowell <jessedowell@HIDDEN>
 ;;; Copyright =C2=A9 2021 Brice Waegeneire <brice@HIDDEN>
+;;; Copyright =C2=A9 2022 Maya Tomasek <maya.omase@HIDDEN>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -21,7 +22,9 @@
 ;;; You should have received a copy of the GNU General Public License
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
=20
-(define-module (gnu services docker)
+(define-module (magi system docker)
+  #:use-module (srfi srfi-1)
+  #:use-module (ice-9 format)
   #:use-module (gnu services)
   #:use-module (gnu services configuration)
   #:use-module (gnu services base)
@@ -36,9 +39,191 @@ (define-module (gnu services docker)
   #:use-module (guix packages)
=20
   #:export (docker-configuration
+            docker-container
             docker-service-type
             singularity-service-type))
=20
+(define (pair-of-strings? val)
+  (and (pair? val)
+       (string? (car val))
+       (string? (cdr val))))
+
+(define (list-of-pair-of-strings? val)
+  (list-of pair-of-strings?))
+
+(define-configuration/no-serialization docker-container
+  (name
+   (symbol '())
+   "Name of the docker container. Will be used to denote service to Shephe=
rd and must be unique!
+We recommend, that the name of the container is prefixed with @code{docker=
-}.")
+  (documentation
+   (string "")
+   "Documentation on the docker container (optional). It will be used for =
the shepherd service.")
+  (image-name
+   (string #f)
+   "A name of the image that will be used. (Note that the existence of the=
 image
+is not guaranteed by this daemon.)")
+  (volumes
+   (list-of-pair-of-strings '())
+   "A list of volume bindings. In (HOST-PATH CONTAINER-PATH) format.")
+  (ports
+   (list-of-pair-of-strings '())
+   "A list of port bindings. In (HOST-PORT CONTAINER-PORT) or (HOST-PORT C=
ONTAINER-PORT OPTIONS) format.
+For example, both port bindings are valid:
+
+@lisp
+(ports '((\"2222\" \"22\") (\"21\" \"21\" \"tcp\")))
+@end lisp")
+  (environments
+   (list-of-pair-of-strings '())
+   "A list of environment variables, inside the container environment, in =
(VARIABLE VALUE) format.")
+  (network
+   (string "none")
+   "Network type.
+
+Available types are:
+@table @code
+@c Copied from https://docs.docker.com/network/
+
+@item none
+
+The default option. For this container, disable all networking. Usually us=
ed in
+conjunction with a custom network driver. none is not available for swarm =
services.
+
+@item bridge
+
+Bridge networks are usually used when your applications run in standalone
+containers that need to communicate.
+
+@item host
+
+For standalone containers, remove network isolation between the container =
and the Docker host,=20
+and use the host=E2=80=99s networking directly.
+
+@item overlay
+
+Overlay networks connect multiple Docker daemons together and enable swarm=
 services to
+communicate with each other. You can also use overlay networks to facilita=
te
+communication between a swarm service and a standalone container, or betwe=
en
+two standalone containers on different Docker daemons. This strategy remov=
es
+the need to do OS-level routing between these containers.
+
+@item ipvlan
+
+IPvlan networks give users total control over both IPv4 and IPv6 addressin=
g.
+The VLAN driver builds on top of that in giving operators complete control=
 of
+layer 2 VLAN tagging and even IPvlan L3 routing for users interested in un=
derlay
+network integration.
+
+@item macvlan
+
+Macvlan networks allow you to assign a MAC address to a container, making =
it appear
+as a physical device on your network. The Docker daemon routes traffic to =
containers
+by their MAC addresses. Using the macvlan driver is sometimes the best cho=
ice when
+dealing with legacy applications that expect to be directly connected to t=
he physical
+network, rather than routed through the Docker host=E2=80=99s network stac=
k.
+
+@end table")
+  (additional-arguments
+   (list-of-strings '())
+   "Additional arguments to the docker command line interface.")
+  (container-command
+   (list-of-strings '())
+   "Command to send into the container.")
+  (pid-file-timeout
+   (number 5)
+   "If the docker container does not show up in @code{docker ps} as @code{=
running} in less than pid-file-timeout seconds, the container is considered=
 as failing to start.
+
+Note that some containers take a really long time to start, so you should =
adjust it accordingly."))
+
+(define (serialize-volumes config)
+  "Serialize list of pairs into flat list of @code{(\"-v\" \"HOST_PATH:CON=
TAINER_PATH\" ...)}"
+  (append-map
+   (lambda (volume-bind)
+     (list "-v" (apply format #f "~a:~a~^:~a" volume-bind)))
+   (docker-container-volumes config)))
+
+(define (serialize-ports config)
+  "Serialize list of either pairs, or lists into flat list of
+@code{(\"-p\" \"NUMBER:NUMBER\" \"-p\" \"NUMBER:NUMBER/PROTOCOL\" ...)}"
+  (append-map
+   (lambda (port-bind)
+     (list "-p" (apply format #f "~a:~a~^/~a" port-bind)))
+   (docker-container-ports config)))
+
+(define (serialize-environments config)
+  "Serialize list of pairs into flat list of @code{(\"-e\" \"VAR=3Dval\" \=
"-e\" \"VAR=3Dval\" ...)}."
+  (append-map
+   (lambda (env-bind)
+     (list "-e" (apply format #f "~a=3D~a" env-bind)))
+   (docker-container-environments config)))
+
+(define (docker-container-startup-script docker-cli container-name cid-fil=
e config)
+  "Return a program file, that executes the startup sequence of the @code{=
docker-container-shepherd-service}."
+  (let* ((image-name (docker-container-image-name config))
+         (volumes (serialize-volumes config))
+         (ports (serialize-ports config))
+         (envs (serialize-environments config))
+         (network (docker-container-network config))
+         (additional-arguments (docker-container-additional-arguments conf=
ig))
+         (container-command (docker-container-container-command config)))
+    (with-imported-modules
+     '((guix build utils))
+     (program-file
+      (string-append "start-" container-name "-container")
+      #~(let ((docker (string-append #$docker-cli "/bin/docker")))
+          (use-modules (guix build utils))
+          ;; These two commands should fail
+          ;; they are there as a failsafe to
+          ;; prevent contamination from unremoved containers
+          (system* docker "stop" #$container-name)
+          (system* docker "rm" #$container-name)
+          (apply invoke `(,docker
+                           "run"
+                           ,(string-append "--name=3D" #$container-name)
+                           ;; Automatically remove the container when stop=
ping
+                           ;; If you want persistent data, you need to use
+                           ;; volume binds or other methods.
+                           "--rm"
+                           ,(string-append "--network=3D" #$network)
+                           ;; Write to a cid file the container id, this a=
llows
+                           ;; for shepherd to manage container even when t=
he process
+                           ;; itself gets detached from the container
+                           "--cidfile" #$cid-file
+                           #$@volumes
+                           #$@ports
+                           #$@envs
+                           #$@additional-arguments
+                           ,#$image-name
+                           #$@container-command)))))))
+
+(define (docker-container-shepherd-service docker-cli config)
+  "Return a shepherd-service that runs CONTAINER."
+  (let* ((container-name (symbol->string (docker-container-name config)))
+         (cid-file (string-append "/var/run/docker/" container-name ".pid"=
))
+         (pid-file-timeout (docker-container-pid-file-timeout config)))
+    (shepherd-service
+     (provision (list (docker-container-name config)))
+     (requirement `(dockerd))
+     (documentation (docker-container-documentation config))
+     (start #~(apply make-forkexec-constructor
+                     `(,(list #$(docker-container-startup-script docker-cl=
i container-name cid-file config))
+                       ;; Watch the cid-file instead of the docker run com=
mand, as the daemon can
+                       ;; still be running even when the command terminates
+                       #:pid-file #$cid-file
+                       #:pid-file-timeout #$pid-file-timeout)))
+     (stop #~(lambda _
+               (invoke
+                (string-append #$docker-cli "/bin/docker")
+                "stop"
+                #$container-name)
+               ;; Shepherd expects the stop command to return #f if it suc=
ceeds
+               ;; docker stop should always succeed
+               #f)))))
+
+(define (list-of-docker-containers? val)
+  (list-of docker-container?))
+
 (define-configuration docker-configuration
   (docker
    (file-like docker)
@@ -65,8 +250,21 @@ (define-configuration docker-configuration
   (environment-variables
    (list '())
    "Environment variables to set for dockerd")
+  (containers
+   (list-of-docker-containers '())
+   "List of docker containers to run as shepherd services.")
   (no-serialization))
=20
+(define (docker-container-shepherd-services config)
+  "Return shepherd services for all containers inside config."
+  (let ((docker-cli (docker-configuration-docker-cli config)))
+    (map
+     (lambda (container)
+       (docker-container-shepherd-service
+        docker-cli
+        container))
+     (docker-configuration-containers config))))
+
 (define %docker-accounts
   (list (user-group (name "docker") (system? #t))))
=20
@@ -88,20 +286,20 @@ (define (containerd-shepherd-service config)
          (debug? (docker-configuration-debug? config))
          (containerd (docker-configuration-containerd config)))
     (shepherd-service
-           (documentation "containerd daemon.")
-           (provision '(containerd))
-           (start #~(make-forkexec-constructor
-                     (list (string-append #$package "/bin/containerd")
-                           #$@(if debug?
-                                  '("--log-level=3Ddebug")
-                                  '()))
-                     ;; For finding containerd-shim binary.
-                     #:environment-variables
-                     (list (string-append "PATH=3D" #$containerd "/bin"))
-                     #:pid-file "/run/containerd/containerd.pid"
-                     #:pid-file-timeout 300
-                     #:log-file "/var/log/containerd.log"))
-           (stop #~(make-kill-destructor)))))
+     (documentation "containerd daemon.")
+     (provision '(containerd))
+     (start #~(make-forkexec-constructor
+               (list (string-append #$package "/bin/containerd")
+                     #$@(if debug?
+                            '("--log-level=3Ddebug")
+                            '()))
+               ;; For finding containerd-shim binary.
+               #:environment-variables
+               (list (string-append "PATH=3D" #$containerd "/bin"))
+               #:pid-file "/run/containerd/containerd.pid"
+               #:pid-file-timeout 300
+               #:log-file "/var/log/containerd.log"))
+     (stop #~(make-kill-destructor)))))
=20
 (define (docker-shepherd-service config)
   (let* ((docker (docker-configuration-docker config))
@@ -148,7 +346,7 @@ (define (docker-shepherd-service config)
 (define docker-service-type
   (service-type (name 'docker)
                 (description "Provide capability to run Docker application
-bundles in Docker containers.")
+bundles in Docker containers and optionally wrap those containers in sheph=
erd services.")
                 (extensions
                  (list
                   ;; Make sure the 'docker' command is available.
@@ -158,10 +356,16 @@ (define docker-service-type
                                      %docker-activation)
                   (service-extension shepherd-root-service-type
                                      (lambda (config)
-                                       (list (containerd-shepherd-service =
config)
-                                             (docker-shepherd-service conf=
ig))))
+                                       (cons* (containerd-shepherd-service=
 config)
+                                              (docker-shepherd-service con=
fig)
+                                              (docker-container-shepherd-s=
ervices config))))
                   (service-extension account-service-type
                                      (const %docker-accounts))))
+                (compose concatenate)
+                (extend (lambda (config containers)
+                          (docker-configuration
+                           (inherit config)
+                           (containers (append containers (docker-configur=
ation-containers config))))))
                 (default-value (docker-configuration))))
=20
 
--=20
2.37.3


--=-=-=--

Message received at 58123 <at> debbugs.gnu.org:

Received: (at 58123) by debbugs.gnu.org; 30 Sep 2022 18:48:56 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 30 14:48:56 2022
Received: from localhost ([127.0.0.1]:42951 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1oeL4C-0007c5-Bi
	for submit <at> debbugs.gnu.org; Fri, 30 Sep 2022 14:48:56 -0400
Received: from baptiste.telenet-ops.be ([195.130.132.51]:40386)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@HIDDEN>) id 1oeL4A-0007bw-Qs
 for 58123 <at> debbugs.gnu.org; Fri, 30 Sep 2022 14:48:55 -0400
Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]
 ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16])
 by baptiste.telenet-ops.be with bizsmtp
 id SJou2800120ykKC01Jourv; Fri, 30 Sep 2022 20:48:54 +0200
Message-ID: <6c9813c0-ea43-3238-2b6d-376307017e9c@HIDDEN>
Date: Fri, 30 Sep 2022 20:48:53 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.12.0
Subject: Re: [bug#58123] [PATCH] gnu: services: docker: Add
 docker-container-service-type
Content-Language: en-US
To: =?UTF-8?B?TcOhamEgVG9tw6HFoWVr?= <maya.tomasek@HIDDEN>,
 58123 <at> debbugs.gnu.org
References: <87r0zwr9dv.fsf@HIDDEN>
 <dd0d0076-39e1-5934-4304-1fae7ed5e042@HIDDEN>
 <87edvt9e16.fsf@HIDDEN>
From: Maxime Devos <maximedevos@HIDDEN>
In-Reply-To: <87edvt9e16.fsf@HIDDEN>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------D50Qfzvlo8cG3AlbjirfLJaA"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
 t=1664563734; bh=FM4mQ3NL30pcW688seY8yC43nNPMipyWFDZshuKodXs=;
 h=Date:Subject:To:References:From:In-Reply-To;
 b=Zse1kUwe98Hifgqpx2Srs1SZj3viTu6o8Sx/F1Gtiz2Eoyx57S3BZy3guUVBB4rZj
 Gi0GU6z8/mivMj+B7W5hch+r69H6YRZmiwRGNweEDlTZyckZrjssacslGso7hyjknQ
 PTqnWaupSngAQ/0XP8axQYlh5ZgOAhEh2iUJRQPNnlPVUxsYUz22DqyBrgZJHkxSNv
 Z0BuMPFPtakqZS2yjpxK8++9AiRK5tcuy7ceD3Zt/bV16k6Q1Hh1Ru7QOl1ofQIWQO
 a7GQ38sLWhljN8A6hM+ozb7flGZgW6/ZUDpeeZDO/GjECtHffbgHgavt5T5N04SWB/
 jh1SxepUwLj5w==
X-Spam-Score: -2.5 (--)
X-Debbugs-Envelope-To: 58123
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.5 (---)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------D50Qfzvlo8cG3AlbjirfLJaA
Content-Type: multipart/mixed; boundary="------------XTnHacixFct70WqHO7MBTIcY";
 protected-headers="v1"
From: Maxime Devos <maximedevos@HIDDEN>
To: =?UTF-8?B?TcOhamEgVG9tw6HFoWVr?= <maya.tomasek@HIDDEN>,
 58123 <at> debbugs.gnu.org
Message-ID: <6c9813c0-ea43-3238-2b6d-376307017e9c@HIDDEN>
Subject: Re: [bug#58123] [PATCH] gnu: services: docker: Add
 docker-container-service-type
References: <87r0zwr9dv.fsf@HIDDEN>
 <dd0d0076-39e1-5934-4304-1fae7ed5e042@HIDDEN>
 <87edvt9e16.fsf@HIDDEN>
In-Reply-To: <87edvt9e16.fsf@HIDDEN>

--------------XTnHacixFct70WqHO7MBTIcY
Content-Type: multipart/mixed; boundary="------------fR4tjA3Uz8rILqY5Oa6WhJRV"

--------------fR4tjA3Uz8rILqY5Oa6WhJRV
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

DQoNCk9uIDMwLTA5LTIwMjIgMTU6NDAsIE3DoWphIFRvbcOhxaFlayB3cm90ZToNCj4gKyhk
ZWZpbmUtY29uZmlndXJhdGlvbi9uby1zZXJpYWxpemF0aW9uIGRvY2tlci1jb250YWluZXIt
Y29uZmlndXJhdGlvbg0KPiArICAobmFtZQ0KPiArICAgKHN5bWJvbCAnKCkpDQo+ICsgICAi
TmFtZSBvZiB0aGUgZG9ja2VyIGNvbnRhaW5lci4gV2lsbCBiZSB1c2VkIHRvIGRlbm90ZSBz
ZXJ2aWNlIHRvIFNoZXBoZXJkIGFuZCBtdXN0IGJlIHVuaXF1ZSENCj4gK1dlIHJlY29tbWVu
ZCwgdGhhdCB0aGUgbmFtZSBvZiB0aGUgY29udGFpbmVyIGlzIHByZWZpeGVkIHdpdGggQGNv
ZGV7ZG9ja2VyLX0uIikNCg0KT24gdW5pcXVlbmVzczogb24gc2Vjb25kIHRob3VnaHQsIHRo
YXQncyBwcm9iYWJseSBhbHJlYWR5IGhhbmRsZWQgYnkgdGhlIA0KZ2VuZXJhbCBzZXJ2aWNl
IGNvZGUsIHByb2JhYmx5IG5vIG5lZWQgZm9yIGFuIGFkZGl0aW9uYWwgY2hlY2sgaGVyZS4N
Cg0KR3JlZXRpbmdzLA0KTWF4aW1lLg0K
--------------fR4tjA3Uz8rILqY5Oa6WhJRV
Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc"
Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc"
Content-Description: OpenPGP public key
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m
xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2
ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL
CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc
/gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4
LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C
kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK
CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W
ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ
Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0
k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo
AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE
fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D
=3DOVqp
-----END PGP PUBLIC KEY BLOCK-----

--------------fR4tjA3Uz8rILqY5Oa6WhJRV--

--------------XTnHacixFct70WqHO7MBTIcY--

--------------D50Qfzvlo8cG3AlbjirfLJaA
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYzc6FgUDAAAAAAAKCRBJ4+4iGRcl7uh8
APsFLqo1z4Dxqa5HSdI2JG5arzpRJXOnJjTFrcBt/GUwogEArJxR6tWHva6c9LK01TidQ1fm0VX5
sNQwxE+C/Nmbswc=
=LrkQ
-----END PGP SIGNATURE-----

--------------D50Qfzvlo8cG3AlbjirfLJaA--

Message received at 58123 <at> debbugs.gnu.org:

Received: (at 58123) by debbugs.gnu.org; 30 Sep 2022 18:47:55 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 30 14:47:55 2022
Received: from localhost ([127.0.0.1]:42946 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1oeL3C-0007aS-Q6
	for submit <at> debbugs.gnu.org; Fri, 30 Sep 2022 14:47:55 -0400
Received: from baptiste.telenet-ops.be ([195.130.132.51]:37770)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@HIDDEN>) id 1oeL38-0007aF-PK
 for 58123 <at> debbugs.gnu.org; Fri, 30 Sep 2022 14:47:53 -0400
Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]
 ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16])
 by baptiste.telenet-ops.be with bizsmtp
 id SJnn2800B20ykKC01Jnnb2; Fri, 30 Sep 2022 20:47:47 +0200
Message-ID: <b4cfc59a-470a-14a1-6437-49995ca0f2a3@HIDDEN>
Date: Fri, 30 Sep 2022 20:47:47 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.12.0
Content-Language: en-US
To: =?UTF-8?B?TcOhamEgVG9tw6HFoWVr?= <maya.tomasek@HIDDEN>,
 58123 <at> debbugs.gnu.org
References: <87r0zwr9dv.fsf@HIDDEN>
 <dd0d0076-39e1-5934-4304-1fae7ed5e042@HIDDEN>
 <87edvt9e16.fsf@HIDDEN>
From: Maxime Devos <maximedevos@HIDDEN>
Subject: Re: [bug#58123] [PATCH] gnu: services: docker: Add
 docker-container-service-type
In-Reply-To: <87edvt9e16.fsf@HIDDEN>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------1aGvWHNHKQBfCz01vb6gOHxT"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
 t=1664563667; bh=woEPNda4ukbd36rPAkwstR22Vv37/h/AMt0lq8cDJh8=;
 h=Date:To:References:From:Subject:In-Reply-To;
 b=mt7ZKeEZ3t7NzoPoucBPsNzfcVDcTgrEtA0k4FE+iH9utZakKfuRX8d7u36ymkfXO
 NEduVjnp+E5newX896LyijuTMu5pFml6QmuSHuHmpFQk0xTgDhk3FWk7MA4wDV9l3Y
 pK88X+bcLEnhl0m+ODh2oSsbHItOn+rdahV3KVBkzDbv3daBkAeEG2CGsDuhbTkRYY
 qtu8r4lNVVBP01heu9EuuCBdulfofmtlL49pOExQbzbMODDuyV5EgvHRPo1wyo+WdU
 k3qXtDvXvxNHIHkpSke1aLSoaQSZgHRLuAUGQgsPEtHlSNS/NIkikAHDYJH4L9xKt6
 8VfgFs57lqmWQ==
X-Spam-Score: -2.5 (--)
X-Debbugs-Envelope-To: 58123
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.5 (---)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------1aGvWHNHKQBfCz01vb6gOHxT
Content-Type: multipart/mixed; boundary="------------NYqIaQwvFN5rwMiFT3HtEksi";
 protected-headers="v1"
From: Maxime Devos <maximedevos@HIDDEN>
To: =?UTF-8?B?TcOhamEgVG9tw6HFoWVr?= <maya.tomasek@HIDDEN>,
 58123 <at> debbugs.gnu.org
Message-ID: <b4cfc59a-470a-14a1-6437-49995ca0f2a3@HIDDEN>
Subject: Re: [bug#58123] [PATCH] gnu: services: docker: Add
 docker-container-service-type
References: <87r0zwr9dv.fsf@HIDDEN>
 <dd0d0076-39e1-5934-4304-1fae7ed5e042@HIDDEN>
 <87edvt9e16.fsf@HIDDEN>
In-Reply-To: <87edvt9e16.fsf@HIDDEN>

--------------NYqIaQwvFN5rwMiFT3HtEksi
Content-Type: multipart/mixed; boundary="------------eqjSKE2fm4H03jbvTdp0G4Xs"

--------------eqjSKE2fm4H03jbvTdp0G4Xs
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

DQo+Pj4gKw0KPj4+ICsoZGVmaW5lIChkb2NrZXItY29udGFpbmVyLXNoZXBoZXJkLXNlcnZp
Y2UgZG9ja2VyLWNsaSBjb25maWcpDQo+Pj4gKyAgIlJldHVybiBhIHNoZXBoZXJkLXNlcnZp
Y2UgdGhhdCBydW5zIENPTlRBSU5FUi4iDQo+Pj4gKyAgKGxldCogKChjb250YWluZXItbmFt
ZSAoc3ltYm9sLT5zdHJpbmcgKGRvY2tlci1jb250YWluZXItY29uZmlndXJhdGlvbi1uYW1l
IGNvbmZpZykpKQ0KPj4+ICsgICAgICAgICAoY2lkLWZpbGUgKHN0cmluZy1hcHBlbmQgIi92
YXIvcnVuL2RvY2tlci8iIGNvbnRhaW5lci1uYW1lICIucGlkIikpDQo+Pg0KPj4gVGhpcyBz
b3VuZHMgbGlrZSAiLiIsICIuLiIgYW5kIGFueXRoaW5nIGNvbnRhaW5pbmcgYSAiLyIgb3Ig
Ilx4MDAiIHdvdWxkDQo+PiBiZSBpbnZhbGlkIGNvbnRhaW5lciBuYW1lcywgSSByZWNvbW1l
bmQgcmVmaW5pbmcgdGhlIHR5cGUgY2hlY2sgZm9yDQo+PiAnY29udGFpbmVyLW5hbWUnIGEg
bGl0dGxlLiAgSXQgYWxzbyBsb29rcyBsaWtlIGNvbnRhaW5lciBuYW1lcyBtdXN0IGJlDQo+
PiB1bmlxdWUgd2l0aGluIGEgc3lzdGVtLCB0aGF0IHNvdW5kcyBsaWtlIHNvbWV0aGluZyB0
byBtZW50aW9uIGluIGl0cw0KPj4gZG9jc3RyaW5nIHRvIG1lLg0KPj4NCj4gDQo+IFRoZXJl
IGFjdHVhbGx5IGlzIG1lbnRpb24gb2YgaXQhDQo+IA0KPiAiTmFtZSBvZiB0aGUgZG9ja2Vy
IGNvbnRhaW5lci4gV2lsbCBiZSB1c2VkIHRvIGRlbm90ZSBzZXJ2aWNlIHRvIFNoZXBoZXJk
IGFuZCBtdXN0IGJlIHVuaXF1ZSENCj4gV2UgcmVjb21tZW5kLCB0aGF0IHRoZSBuYW1lIG9m
IHRoZSBjb250YWluZXIgaXMgcHJlZml4ZWQgd2l0aA0KPiBAY29kZXtkb2NrZXItfS4iDQoN
Ck9vcHMsIGRpZG4ndCBub3RpY2UgdGhhdC4gIEhvd2V2ZXIsIHlvdSBjb3VsZCBpbnNlcnQg
YSBjaGVjayBzb21ld2hlcmUgDQpmb3IgdW5pcXVlbmVzcywgdG8gYXZvaWQgYWNjaWRlbnRz
Lg0KDQo+Pj4gKyAgICAgKHN0b3AgKGlmICMkYXR0YWNoZWQ/DQo+Pj4gKyAgICAgICAgICAg
ICAgICN+KG1ha2Uta2lsbC1kZXN0cnVjdG9yKQ0KPj4+ICsgICAgICAgICAgICAgICAjfihs
YW1iZGEgXw0KPj4+ICsgICAgICAgICAgICAgICAgICAgKGV4ZWMtY29tbWFuZCAobGlzdA0K
Pj4+ICsgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgKHN0cmluZy1hcHBlbmQg
IyRkb2NrZXItY2xpICIvYmluL2RvY2tlciIpDQo+Pj4gKyAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAic3RvcCIgIyRjb250YWluZXItbmFtZSkpDQo+Pj4gKyAgICAgICAg
ICAgICAgICAgICAjZikpKSkpKQ0KPj4NCj4+IE5vdCB2ZXJ5IGZhbWlsaWFyIHdpdGggaG93
IFNoZXBoZXJkIHdvcmtzIGhlcmUsIGJ1dCBJIHRoaW5rIHRoYXQgdGhlDQo+PiAncmV0dXJu
ICNmYWxzZScgZHNlc2VydmVzIGEgY29tbWFuZC4NCj4+DQo+IA0KPiBXZWxsLCBJIGxvb2tl
ZCB0aHJvdWdoIHRoZSBzb3VyY2UgY29kZSwgYW5kIHRoaXMgaXMgc2hlcGhlcmQncyBvd24N
Cj4gZGVmaW5pdGlvbjoNCj4gDQo+IA0KPiAoZGVmaW5lKiAobWFrZS1raWxsLWRlc3RydWN0
b3IgIzpvcHRpb25hbCAoc2lnbmFsIFNJR1RFUk0pKQ0KPiAgICAiUmV0dXJuIGEgcHJvY2Vk
dXJlIHRoYXQgc2VuZHMgU0lHTkFMIHRvIHRoZSBwcm9jZXNzIGdyb3VwIG9mIHRoZSBQSUQg
Z2l2ZW4NCj4gYXMgYXJndW1lbnQsIHdoZXJlIFNJR05BTCBkZWZhdWx0cyB0byBgU0lHVEVS
TScuIg0KPiAgICAobGFtYmRhIChwaWQgLiBhcmdzKQ0KPiAgICAgIDs7IEtpbGwgdGhlIHdo
b2xlIHByb2Nlc3MgZ3JvdXAgUElEIGJlbG9uZ3MgdG8uICBEb24ndCBhc3N1bWUgdGhhdCBQ
SUQgaXMNCj4gICAgICA7OyBhIHByb2Nlc3MgZ3JvdXAgSUQ6IHRoYXQncyBub3QgdGhlIGNh
c2Ugd2hlbiB1c2luZyAjOnBpZC1maWxlLCB3aGVyZQ0KPiAgICAgIDs7IHRoZSBwcm9jZXNz
IGdyb3VwIElEIGlzIHRoZSBQSUQgb2YgdGhlIHByb2Nlc3MgdGhhdCAiZGFlbW9uaXplZCIu
ICBJZg0KPiAgICAgIDs7IHRoaXMgcHJvY2VkdXJlIGlzIGNhbGxlZCwgYmV0d2VlbiB0aGUg
cHJvY2VzcyBmb3JrIGFuZCBleGVjLCB0aGUgUEdJRA0KPiAgICAgIDs7IHdpbGwgc3RpbGwg
YmUgemVybyAodGhlIFNoZXBoZXJkIFBHSUQpLiBJbiB0aGF0IGNhc2UsIHVzZSB0aGUgUElE
Lg0KPiAgICAgIChsZXQgKChwZ2lkIChnZXRwZ2lkIHBpZCkpKQ0KPiAgICAgICAgKGlmICg9
IChnZXRwZ2lkIDApIHBnaWQpDQo+ICAgICAgICAgICAgKGtpbGwgcGlkIHNpZ25hbCkgO2Rv
bid0IGtpbGwgb3Vyc2VsZg0KPiAgICAgICAgICAgIChraWxsICgtIHBnaWQpIHNpZ25hbCkp
KQ0KPiAgICAgICNmKSkNCj4gDQo+IA0KPiBTbyBJIHRoaW5rIHRoYXQgcmV0dXJuaW5nICNm
IHdvcmtzLiBkb2NrZXIgc3RvcCB3aWxsIHNlbmQgU0lHS0lMTCBpZiB0aGUNCj4gY29udGFp
bmVyIHRha2VzIHRvbyBsb25nLCBzbyBpdCBzaG91bGQgc3VjY2VlZC4NCg0KTm90IHNheWlu
ZyBpdCB3b24ndCB3b3JrLCBqdXN0IHRoYXQgaXQgZGVzZXJ2ZXMgYSBjb21tZW50ICh0aG91
Z2ggDQphcHBhcmVudGx5IEkgbWlzc3BlbGxlZCAnY29tbWVudCcpLCBldmVuIGlmIGl0J3Mg
b25seSBzb21ldGhpbmcgbGlrZSANCiJyZXR1cm4gI2ZhbHNlIGFzIGRvbmUgYnkgJ21ha2Ut
a2lsbC1kZXN0cnVjdG9yJyIuDQoNCkhvd2V2ZXIsICdleGVjLWNvbW1hbmQnIHJ1bnMgJ2V4
ZWMnIChyZXBsYWNpbmcgdGhlIHNoZXBoZXJkIHByb2Nlc3MpLCBJIA0KdGhpbmsgeW91IG5l
ZWQgc29tZXRoaW5nIGxpa2UgJ2ludm9rZScgb3IgJ3N5c3RlbSonIGluc3RlYWQuDQoNCkdy
ZWV0aW5ncywNCk1heGltRS4NCg==
--------------eqjSKE2fm4H03jbvTdp0G4Xs
Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc"
Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc"
Content-Description: OpenPGP public key
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m
xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2
ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL
CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc
/gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4
LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C
kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK
CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W
ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ
Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0
k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo
AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE
fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D
=3DOVqp
-----END PGP PUBLIC KEY BLOCK-----

--------------eqjSKE2fm4H03jbvTdp0G4Xs--

--------------NYqIaQwvFN5rwMiFT3HtEksi--

--------------1aGvWHNHKQBfCz01vb6gOHxT
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYzc50wUDAAAAAAAKCRBJ4+4iGRcl7hox
APwMXh8ljOvHyVQbTAbmFZ0dfGLILT/AKPtrzANYq94N3gD/RFgoflz8UMnm1cxTCSw+ou9DU0Bg
EtLG+iXalYA4Xgc=
=cybu
-----END PGP SIGNATURE-----

--------------1aGvWHNHKQBfCz01vb6gOHxT--

Message received at 58123 <at> debbugs.gnu.org:

Received: (at 58123) by debbugs.gnu.org; 30 Sep 2022 16:49:54 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Sep 30 12:49:53 2022
Received: from localhost ([127.0.0.1]:42807 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1oeJCy-0004e0-RE
	for submit <at> debbugs.gnu.org; Fri, 30 Sep 2022 12:49:53 -0400
Received: from knopi.disroot.org ([178.21.23.139]:39958)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maya.tomasek@HIDDEN>) id 1oeGFQ-00016g-O8
 for 58123 <at> debbugs.gnu.org; Fri, 30 Sep 2022 09:40:14 -0400
Received: from localhost (localhost [127.0.0.1])
 by disroot.org (Postfix) with ESMTP id E920F4BCFD;
 Fri, 30 Sep 2022 15:40:10 +0200 (CEST)
X-Virus-Scanned: SPAM Filter at disroot.org
Received: from knopi.disroot.org ([127.0.0.1])
 by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id I1XolEzqq_YU; Fri, 30 Sep 2022 15:40:09 +0200 (CEST)
From: =?utf-8?B?TcOhamEgVG9tw6HFoWVr?= <maya.tomasek@HIDDEN>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail;
 t=1664545209; bh=jCelJf2+Mj2uHbBQzLrx/u0huO1RBab1/hbIRQNWZbQ=;
 h=From:To:Subject:In-Reply-To:References:Date;
 b=j/qX+UtFHCQnkiqZ0nV3nb1EExeEIWvwqBC7Ms46fw42os6skOYGLfKC+2AoAdieY
 Y6y+311rw/n4rh9ot4MWmQmPxk9AS9EfF5eOTgy1xVf/goHw7FIeBY0g9nxDELBlri
 +N5ibkD3I643QhVunpYP1NNrMRofCeg9zymwBGcZr3DCW1MBngyFqEFzVQs3noII59
 pHE4HQ6/bLfa0zNUgW0yRpCTHQuZnXNKgIbGPecgVX+rHlgM6kY/iCE3xE/07dohHL
 OD06DAQADB7/xuEpSn3JR49e8kE6L7f0B54b5CAV9cyRhusAzYxjCzr4spr7akkIha
 wRs8rLWyy3KHg==
To: Maxime Devos <maximedevos@HIDDEN>, 58123 <at> debbugs.gnu.org
Subject: Re: [bug#58123] [PATCH] gnu: services: docker: Add
 docker-container-service-type
In-Reply-To: <dd0d0076-39e1-5934-4304-1fae7ed5e042@HIDDEN>
References: <87r0zwr9dv.fsf@HIDDEN>
 <dd0d0076-39e1-5934-4304-1fae7ed5e042@HIDDEN>
Date: Fri, 30 Sep 2022 15:40:05 +0200
Message-ID: <87edvt9e16.fsf@HIDDEN>
Mime-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 58123
X-Mailman-Approved-At: Fri, 30 Sep 2022 12:49:50 -0400
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)


Hi

> On 27-09-2022 19:16, guix-patches--- via wrote:
>> 
>> This patch provides a new service type, which allows the creation of shepherd
>> services from docker containers.
>> ---
>> Hi,
>> 
>> I have written a definition of the docker-container-service-type. It is
>> a service that allows you to convert docker containers into shepherd
>> services.  [...]
>> 
>> There is currently no documentation outside of docstrings, I plan to
>> write it, but first I would welcome comments from you, maybe this
>> service isn't suitable for guix, as it does imply breaking of the
>> declarative guix model, but that goes for docker and flatpak too, so I
>> thought I can try it.
>
> We already have a docker-service-type, why not a 
> docker-container-service-type, though I wouldn't recommend docker 
> myself.  Can't really document on the docker bits, but some mostly 
> superficial comments:

I was thinking that this isn't exactly a "needed" use and can be thought
of as separate, but probably I was wrong.

>>
>> +(define (pair-of-strings? val)
>> +  (and (pair val)
>
> I think you meant 'pair?' here, not 'pair'.
>

Yes.

>> +       (string? (car val))
>> +       (string? (cdr val))))
>> +
>> +(define (list-of-pair-of-strings? val)
>> +  (list-of pair-of-strings?))
>> +
>> +(define-configuration/no-serialization docker-container-configuration
>> +  (name
>> +   (symbol '())
>> +   "Name of the docker container. Will be used to denote service to Shepherd and must be unique!
>> +We recommend, that the name of the container is prefixed with @code{docker-}.")
>> +  (comment
>> +   (string "")
>> +   "A documentation on the docker container.")
>
> I don't think documentation is countable, maybe
>
> "Documentation on the Docker container (optional)."
>
> ?  (I don't know what casing is appropriate here).
>
>> +  (image-name
>> +   (string)
>> +   "A name of the image that will be used. (Note that the existence of the image
>> +is not guaranteed by this daemon.)")
>> +  (volumes
>> +   (list-of-pair-of-strings '())
>> +   "A list of volume binds. In (HOST_PATH CONTAINER_PATH) format.")
>
> binds -> bindings and HOST_PATH CONTAINER_PATH -> (HOST-PATH 
> CONTAINER-PATH) per Scheme conventions.
>
>> +  (ports
>> +   (list-of-pair-of-strings '())
>> +   "A list of port binds. In (HOST_PORT CONTAINER_PORT) or (HOST_PORT CONTAINER_PORT OPTIONS) format.
>> +For example, both port bindings are valid:
>> +
>> +@lisp
>> +(ports '((\"2222\" \"22\") (\"21\" \"21\" \"tcp\")))
>> +@end lisp"
>
> * binds -> bindings
>
>> +   (environments
>> +    (list-of-pair-of-strings '())
>> +    "A list of variable binds, inside the container enviornment. In (VARIABLE VALUE) format."))
>
> 'enviornment' -> 'environment', 'variable binds' -> 'environment 
> variables', '. In' -> ', in'.
>
>> +  (network
>> +   (string "none")
>> +   "Network type.")
>
> Can the available network types be listed or a reference to the Docker 
> documentation be added, to help users with determining what to set it to?
>
>> +  (additional-arguments
>> +   (list-of-strings '())
>> +   "Additional arguments to the docker command line interface.")
>> +  (container-command
>> +   (list-of-strings '())
>> +   "Command to send into the container.")
>> +  (attached?
>> +   (boolean #t)
>> +   "Run the container as an normal attached process (sending SIGTERM).
>> +Or run the container as a isolated environment that must be stopped with @code{docker stop}.
>> +
>> +Please verify first, that you container is indeed not attached, otherwise @code{shepherd} might
>> +assume the process is dead, even when it is not.
>> +
>> +You can do that, by first running your container with @code{docker run image-name}.
>> +
>> +Then check @code{docker ps}, if the command shows beside your container the word @code{running}.
>> +Your container is indeed detached, but if it shows @code{starting}, and it doesn't flip to
>> +@code{running} after a while, it means that you container is attached, and you need to keep this
>> +option turned @code{#t}."))
>> +
>> +(define (serialize-volumes config)
>> +  "Serialize list of pairs into flat list of @code{(\"-v\" \"HOST_PATH:CONTAINER_PATH\" ...)}"
>> +  (append-map
>> +   (lambda (volume-bind)
>> +     (list "-v" (format #f "~?" "~a:~a" volume-bind)))
>> +   (docker-container-configuration-volumes config)))
>
> See following about pairs and simplification.
>
>> +
>> +(define (serialize-ports config)
>> +  "Serialize list of either pairs, or lists into flat list of
>> +@code{(\"-p\" \"NUMBER:NUMBER\" \"-p\" \"NUMBER:NUMBER/PROTOCOL\" ...)}"
>> +  (append-map
>> +   (lambda (port-bind)
>> +     (list "-p" (format #f "~?" "~a:~a~^/~a" port-bind)))
>> +   (docker-container-configuration-ports config)))
>
> See following about pairs and simplification.
>
>> +
>> +(define (serialized-environments config)
>> +  "Serialize list of pairs into flat list of @code{(\"-e\" \"VAR=val\" \"-e\" \"VAR=val\" ...)}."
>> +  (append-map
>> +   (lambda (env-bind)
>> +     (list "-e" (format #f "~?" "~a=~a" env-bind)))
>> +   (docker-container-configuration-environments config)))
>
> I tried this out in a REPL, but found that it doesn't accept pairs but 
> 2-element lists:
>
> scheme@(guile-user)> (format #f "~?" "~a=~a" '("x" . "y"))
> ice-9/boot-9.scm:1685:16: In procedure raise-exception:
> In procedure length: Wrong type argument in position 1: ("x" . "y")
>
> Entering a new prompt.  Type `,bt' for a backtrace or `,q' to continue.
> scheme@(guile-user) [1]> ,q
> scheme@(guile-user)> (format #f "~?" "~a=~a" '("x" "y"))
> $1 = "x=y"
>
> Also, the 'format' can be simplified:
>
> (apply format #f "~a=~a" env-bind)
>
>
>> +
>> +(define (docker-container-startup-script docker-cli container-name config)
>> +  "Return a program file, that executes the startup sequence of the @code{docker-container-shepherd-service}."
>> +  (let* ((attached? (docker-container-configuration-attached? config))
>> +         (image-name (docker-container-configuration-image config))
>> +         (volumes (serialize-volumes config))
>> +         (ports (serialize-ports config))
>> +         (envs (serialize-environments config))
>> +         (network (docker-container-configuration-network config))
>> +         (additional-arguments (docker-container-configuration-additional-arguments config))
>> +         (container-command (docker-container-configuration-container-command config)))
>> +    (program-file
>> +     (string-append "start-" container-name "-container")
>> +     #~(let ((docker (string-append #$docker-cli "/bin/docker")))
>> +         (system* docker "stop" #$container-name)
>> +         (system* docker "rm" #$container-name) > +         (apply system* `(,docker
>> +                          "run"
>> +                          ,(string-append "--name=" #$container-name)
>> +                          ;; Automatically remove the container when stopping
>> +                          ;; If you want persistent data, you need to use
>> +                          ;; volume binds or other methods.
>> +                          "--rm"
>> +                          ,(string-append "--network=" #$network)
>> +                          ;; TODO:
>> +                          ;; Write to a cid file the container id, this allows
>> +                          ;; for shepherd to manage container even when the process
>> +                          ;; itself gets detached from the container
>> +                          ,@(if (not #$attached) '("--cidfile" #$cid-file) '())
>> +                          #$@volumes
>> +                          #$@ports
>> +                          #$@envs
>> +                          #$@additional-arguments
>> +                          ,#$image-name
>> +                          #$@container-command))))))
>
> 'system*' can fail, which it does by returning some number (and not by 
> an exception).  I recommend using 'invoke' from (guix build utils) 
> (which uses exceptions) instead; you may need use-modules + 
> with-imported-modules to use that module.
>
>
>> +
>> +(define (docker-container-shepherd-service docker-cli config)
>> +  "Return a shepherd-service that runs CONTAINER."
>> +  (let* ((container-name (symbol->string (docker-container-configuration-name config)))
>> +         (cid-file (string-append "/var/run/docker/" container-name ".pid"))
>
> This sounds like ".", ".." and anything containing a "/" or "\x00" would 
> be invalid container names, I recommend refining the type check for 
> 'container-name' a little.  It also looks like container names must be 
> unique within a system, that sounds like something to mention in its 
> docstring to me.
>

There actually is mention of it!

"Name of the docker container. Will be used to denote service to Shepherd and must be unique!
We recommend, that the name of the container is prefixed with
@code{docker-}."

But I agree I need to modify it a bit.

>> +         (attached? (docker-container-configuration-attached? config)))
>> +    (shepherd-service
>> +     (provision (list (docker-container-configuration-name config)))
>> +     (requirement `(dockerd))
>> +     (start #~(make-forkexec-constructor
>> +               (list #$(docker-container-startup-script docker-cli container-name config))
>> +               ;; Watch the cid-file instead of the docker run command, as the daemon can
>> +               ;; still be running even when the command terminates
>> +               (if (not #$attached?)
>> +                   #:pid-file #$cid-file)))
>
> I don't think this does what you want it to do -- when attached, it will 
> evaluate to #$cid-file, when not, it will evaluate to #:pid-flile.
>
> Try apply+list instead:
>
> (apply
>    make-forkexec-constructor
>    (list ...)
>    #$(if $attached
>          #~()
>          #~(list #:pid-file #$cid-file)))
>
> (Changing the staging is not required, though myself I prefer it this way.)
>
> I recommend writing a system test (in gnu/tests/docker.scm), to prevent 
> such problems, though I don't know how feasible it would be.
>

I overlooked some issues, as I was sending the patch after last minute
changes and I forgot to check it, thank you for noticing that mistake.

>> +     (stop (if #$attached?
>> +               #~(make-kill-destructor)
>> +               #~(lambda _
>> +                   (exec-command (list
>> +                                  (string-append #$docker-cli "/bin/docker")
>> +                                  "stop" #$container-name))
>> +                   #f))))))
>
> Not very familiar with how Shepherd works here, but I think that the 
> 'return #false' dseserves a command.
>

Well, I looked through the source code, and this is shepherd's own
definition:


(define* (make-kill-destructor #:optional (signal SIGTERM))
  "Return a procedure that sends SIGNAL to the process group of the PID given
as argument, where SIGNAL defaults to `SIGTERM'."
  (lambda (pid . args)
    ;; Kill the whole process group PID belongs to.  Don't assume that PID is
    ;; a process group ID: that's not the case when using #:pid-file, where
    ;; the process group ID is the PID of the process that "daemonized".  If
    ;; this procedure is called, between the process fork and exec, the PGID
    ;; will still be zero (the Shepherd PGID). In that case, use the PID.
    (let ((pgid (getpgid pid)))
      (if (= (getpgid 0) pgid)
          (kill pid signal) ;don't kill ourself
          (kill (- pgid) signal)))
    #f))


So I think that returning #f works. docker stop will send SIGKILL if the
container takes too long, so it should succeed.

I will send a new patch with this service moved into the
docker-service-type and addressed your criticisms.

Maya

Message received at 58123 <at> debbugs.gnu.org:

Received: (at 58123) by debbugs.gnu.org; 29 Sep 2022 18:32:08 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Sep 29 14:32:08 2022
Received: from localhost ([127.0.0.1]:39572 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1odyKN-00051l-SF
	for submit <at> debbugs.gnu.org; Thu, 29 Sep 2022 14:32:08 -0400
Received: from albert.telenet-ops.be ([195.130.137.90]:59148)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maximedevos@HIDDEN>) id 1odyKI-00051Y-TQ
 for 58123 <at> debbugs.gnu.org; Thu, 29 Sep 2022 14:32:06 -0400
Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]
 ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16])
 by albert.telenet-ops.be with bizsmtp
 id RuXz2800320ykKC06uXz6n; Thu, 29 Sep 2022 20:31:59 +0200
Message-ID: <dd0d0076-39e1-5934-4304-1fae7ed5e042@HIDDEN>
Date: Thu, 29 Sep 2022 20:31:59 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.12.0
Content-Language: en-US
To: =?UTF-8?B?TcOhamEgVG9tw6HFoWVr?= <maya.tomasek@HIDDEN>,
 58123 <at> debbugs.gnu.org
References: <87r0zwr9dv.fsf@HIDDEN>
From: Maxime Devos <maximedevos@HIDDEN>
Subject: Re: [bug#58123] [PATCH] gnu: services: docker: Add
 docker-container-service-type
In-Reply-To: <87r0zwr9dv.fsf@HIDDEN>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------MkhQdqx650Vxa0JLe6dYfSvF"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22;
 t=1664476319; bh=VVUatcLyJ0TNAZ5w71v14sDtzCVFj/G9QusfmoiUslE=;
 h=Date:To:References:From:Subject:In-Reply-To;
 b=m+BKTtL3zNFwgSbb1XkDndWnOPbb7TSILh1QGv4ZCYYSNFNQmWF+ZSHPdEMmKsyA8
 4qMfA1mKyCoRlxlrIExw3ZjvHtsCq88LlWsmmJAJ+HUpZdAqcdtKqJCXXKNjITLyk8
 RhOV5khewGLaks0bFJ4EZu4loD5xijvqrSw6ByWrgyxOOqv3uHLKFbAoN+BqXWbjkS
 IQ3o4fayh3JJN4un0mv1vBI5KPeKEiv8H9tkHcKyq61TUWIYBlIFFrGWuZ2Cd0XPw/
 ADvNwrmbcDRP78KyVFepznJZEvwIC5gcGW62WOKs2E80WL7G4PSF91NLp+iuPYi0Qo
 B60zdtPA7W5Nw==
X-Spam-Score: -1.8 (-)
X-Debbugs-Envelope-To: 58123
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.8 (--)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------MkhQdqx650Vxa0JLe6dYfSvF
Content-Type: multipart/mixed; boundary="------------cWvhmhlwM8vYzhvCwxcOYDXd";
 protected-headers="v1"
From: Maxime Devos <maximedevos@HIDDEN>
To: =?UTF-8?B?TcOhamEgVG9tw6HFoWVr?= <maya.tomasek@HIDDEN>,
 58123 <at> debbugs.gnu.org
Message-ID: <dd0d0076-39e1-5934-4304-1fae7ed5e042@HIDDEN>
Subject: Re: [bug#58123] [PATCH] gnu: services: docker: Add
 docker-container-service-type
References: <87r0zwr9dv.fsf@HIDDEN>
In-Reply-To: <87r0zwr9dv.fsf@HIDDEN>

--------------cWvhmhlwM8vYzhvCwxcOYDXd
Content-Type: multipart/mixed; boundary="------------Uop0srNDnw720NWSCTaIOq8W"

--------------Uop0srNDnw720NWSCTaIOq8W
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

DQoNCk9uIDI3LTA5LTIwMjIgMTk6MTYsIGd1aXgtcGF0Y2hlcy0tLSB2aWEgd3JvdGU6DQo+
IA0KPiBUaGlzIHBhdGNoIHByb3ZpZGVzIGEgbmV3IHNlcnZpY2UgdHlwZSwgd2hpY2ggYWxs
b3dzIHRoZSBjcmVhdGlvbiBvZiBzaGVwaGVyZA0KPiBzZXJ2aWNlcyBmcm9tIGRvY2tlciBj
b250YWluZXJzLg0KPiAtLS0NCj4gSGksDQo+IA0KPiBJIGhhdmUgd3JpdHRlbiBhIGRlZmlu
aXRpb24gb2YgdGhlIGRvY2tlci1jb250YWluZXItc2VydmljZS10eXBlLiBJdCBpcw0KPiBh
IHNlcnZpY2UgdGhhdCBhbGxvd3MgeW91IHRvIGNvbnZlcnQgZG9ja2VyIGNvbnRhaW5lcnMg
aW50byBzaGVwaGVyZA0KPiBzZXJ2aWNlcy4gIFsuLi5dDQo+IA0KPiBUaGVyZSBpcyBjdXJy
ZW50bHkgbm8gZG9jdW1lbnRhdGlvbiBvdXRzaWRlIG9mIGRvY3N0cmluZ3MsIEkgcGxhbiB0
bw0KPiB3cml0ZSBpdCwgYnV0IGZpcnN0IEkgd291bGQgd2VsY29tZSBjb21tZW50cyBmcm9t
IHlvdSwgbWF5YmUgdGhpcw0KPiBzZXJ2aWNlIGlzbid0IHN1aXRhYmxlIGZvciBndWl4LCBh
cyBpdCBkb2VzIGltcGx5IGJyZWFraW5nIG9mIHRoZQ0KPiBkZWNsYXJhdGl2ZSBndWl4IG1v
ZGVsLCBidXQgdGhhdCBnb2VzIGZvciBkb2NrZXIgYW5kIGZsYXRwYWsgdG9vLCBzbyBJDQo+
IHRob3VnaHQgSSBjYW4gdHJ5IGl0Lg0KDQpXZSBhbHJlYWR5IGhhdmUgYSBkb2NrZXItc2Vy
dmljZS10eXBlLCB3aHkgbm90IGEgDQpkb2NrZXItY29udGFpbmVyLXNlcnZpY2UtdHlwZSwg
dGhvdWdoIEkgd291bGRuJ3QgcmVjb21tZW5kIGRvY2tlciANCm15c2VsZi4gIENhbid0IHJl
YWxseSBkb2N1bWVudCBvbiB0aGUgZG9ja2VyIGJpdHMsIGJ1dCBzb21lIG1vc3RseSANCnN1
cGVyZmljaWFsIGNvbW1lbnRzOg0KDQo+DQo+ICsoZGVmaW5lIChwYWlyLW9mLXN0cmluZ3M/
IHZhbCkNCj4gKyAgKGFuZCAocGFpciB2YWwpDQoNCkkgdGhpbmsgeW91IG1lYW50ICdwYWly
PycgaGVyZSwgbm90ICdwYWlyJy4NCg0KPiArICAgICAgIChzdHJpbmc/IChjYXIgdmFsKSkN
Cj4gKyAgICAgICAoc3RyaW5nPyAoY2RyIHZhbCkpKSkNCj4gKw0KPiArKGRlZmluZSAobGlz
dC1vZi1wYWlyLW9mLXN0cmluZ3M/IHZhbCkNCj4gKyAgKGxpc3Qtb2YgcGFpci1vZi1zdHJp
bmdzPykpDQo+ICsNCj4gKyhkZWZpbmUtY29uZmlndXJhdGlvbi9uby1zZXJpYWxpemF0aW9u
IGRvY2tlci1jb250YWluZXItY29uZmlndXJhdGlvbg0KPiArICAobmFtZQ0KPiArICAgKHN5
bWJvbCAnKCkpDQo+ICsgICAiTmFtZSBvZiB0aGUgZG9ja2VyIGNvbnRhaW5lci4gV2lsbCBi
ZSB1c2VkIHRvIGRlbm90ZSBzZXJ2aWNlIHRvIFNoZXBoZXJkIGFuZCBtdXN0IGJlIHVuaXF1
ZSENCj4gK1dlIHJlY29tbWVuZCwgdGhhdCB0aGUgbmFtZSBvZiB0aGUgY29udGFpbmVyIGlz
IHByZWZpeGVkIHdpdGggQGNvZGV7ZG9ja2VyLX0uIikNCj4gKyAgKGNvbW1lbnQNCj4gKyAg
IChzdHJpbmcgIiIpDQo+ICsgICAiQSBkb2N1bWVudGF0aW9uIG9uIHRoZSBkb2NrZXIgY29u
dGFpbmVyLiIpDQoNCkkgZG9uJ3QgdGhpbmsgZG9jdW1lbnRhdGlvbiBpcyBjb3VudGFibGUs
IG1heWJlDQoNCiJEb2N1bWVudGF0aW9uIG9uIHRoZSBEb2NrZXIgY29udGFpbmVyIChvcHRp
b25hbCkuIg0KDQo/ICAoSSBkb24ndCBrbm93IHdoYXQgY2FzaW5nIGlzIGFwcHJvcHJpYXRl
IGhlcmUpLg0KDQo+ICsgIChpbWFnZS1uYW1lDQo+ICsgICAoc3RyaW5nKQ0KPiArICAgIkEg
bmFtZSBvZiB0aGUgaW1hZ2UgdGhhdCB3aWxsIGJlIHVzZWQuIChOb3RlIHRoYXQgdGhlIGV4
aXN0ZW5jZSBvZiB0aGUgaW1hZ2UNCj4gK2lzIG5vdCBndWFyYW50ZWVkIGJ5IHRoaXMgZGFl
bW9uLikiKQ0KPiArICAodm9sdW1lcw0KPiArICAgKGxpc3Qtb2YtcGFpci1vZi1zdHJpbmdz
ICcoKSkNCj4gKyAgICJBIGxpc3Qgb2Ygdm9sdW1lIGJpbmRzLiBJbiAoSE9TVF9QQVRIIENP
TlRBSU5FUl9QQVRIKSBmb3JtYXQuIikNCg0KYmluZHMgLT4gYmluZGluZ3MgYW5kIEhPU1Rf
UEFUSCBDT05UQUlORVJfUEFUSCAtPiAoSE9TVC1QQVRIIA0KQ09OVEFJTkVSLVBBVEgpIHBl
ciBTY2hlbWUgY29udmVudGlvbnMuDQoNCj4gKyAgKHBvcnRzDQo+ICsgICAobGlzdC1vZi1w
YWlyLW9mLXN0cmluZ3MgJygpKQ0KPiArICAgIkEgbGlzdCBvZiBwb3J0IGJpbmRzLiBJbiAo
SE9TVF9QT1JUIENPTlRBSU5FUl9QT1JUKSBvciAoSE9TVF9QT1JUIENPTlRBSU5FUl9QT1JU
IE9QVElPTlMpIGZvcm1hdC4NCj4gK0ZvciBleGFtcGxlLCBib3RoIHBvcnQgYmluZGluZ3Mg
YXJlIHZhbGlkOg0KPiArDQo+ICtAbGlzcA0KPiArKHBvcnRzICcoKFwiMjIyMlwiIFwiMjJc
IikgKFwiMjFcIiBcIjIxXCIgXCJ0Y3BcIikpKQ0KPiArQGVuZCBsaXNwIg0KDQoqIGJpbmRz
IC0+IGJpbmRpbmdzDQoNCj4gKyAgIChlbnZpcm9ubWVudHMNCj4gKyAgICAobGlzdC1vZi1w
YWlyLW9mLXN0cmluZ3MgJygpKQ0KPiArICAgICJBIGxpc3Qgb2YgdmFyaWFibGUgYmluZHMs
IGluc2lkZSB0aGUgY29udGFpbmVyIGVudmlvcm5tZW50LiBJbiAoVkFSSUFCTEUgVkFMVUUp
IGZvcm1hdC4iKSkNCg0KJ2Vudmlvcm5tZW50JyAtPiAnZW52aXJvbm1lbnQnLCAndmFyaWFi
bGUgYmluZHMnIC0+ICdlbnZpcm9ubWVudCANCnZhcmlhYmxlcycsICcuIEluJyAtPiAnLCBp
bicuDQoNCj4gKyAgKG5ldHdvcmsNCj4gKyAgIChzdHJpbmcgIm5vbmUiKQ0KPiArICAgIk5l
dHdvcmsgdHlwZS4iKQ0KDQpDYW4gdGhlIGF2YWlsYWJsZSBuZXR3b3JrIHR5cGVzIGJlIGxp
c3RlZCBvciBhIHJlZmVyZW5jZSB0byB0aGUgRG9ja2VyIA0KZG9jdW1lbnRhdGlvbiBiZSBh
ZGRlZCwgdG8gaGVscCB1c2VycyB3aXRoIGRldGVybWluaW5nIHdoYXQgdG8gc2V0IGl0IHRv
Pw0KDQo+ICsgIChhZGRpdGlvbmFsLWFyZ3VtZW50cw0KPiArICAgKGxpc3Qtb2Ytc3RyaW5n
cyAnKCkpDQo+ICsgICAiQWRkaXRpb25hbCBhcmd1bWVudHMgdG8gdGhlIGRvY2tlciBjb21t
YW5kIGxpbmUgaW50ZXJmYWNlLiIpDQo+ICsgIChjb250YWluZXItY29tbWFuZA0KPiArICAg
KGxpc3Qtb2Ytc3RyaW5ncyAnKCkpDQo+ICsgICAiQ29tbWFuZCB0byBzZW5kIGludG8gdGhl
IGNvbnRhaW5lci4iKQ0KPiArICAoYXR0YWNoZWQ/DQo+ICsgICAoYm9vbGVhbiAjdCkNCj4g
KyAgICJSdW4gdGhlIGNvbnRhaW5lciBhcyBhbiBub3JtYWwgYXR0YWNoZWQgcHJvY2VzcyAo
c2VuZGluZyBTSUdURVJNKS4NCj4gK09yIHJ1biB0aGUgY29udGFpbmVyIGFzIGEgaXNvbGF0
ZWQgZW52aXJvbm1lbnQgdGhhdCBtdXN0IGJlIHN0b3BwZWQgd2l0aCBAY29kZXtkb2NrZXIg
c3RvcH0uDQo+ICsNCj4gK1BsZWFzZSB2ZXJpZnkgZmlyc3QsIHRoYXQgeW91IGNvbnRhaW5l
ciBpcyBpbmRlZWQgbm90IGF0dGFjaGVkLCBvdGhlcndpc2UgQGNvZGV7c2hlcGhlcmR9IG1p
Z2h0DQo+ICthc3N1bWUgdGhlIHByb2Nlc3MgaXMgZGVhZCwgZXZlbiB3aGVuIGl0IGlzIG5v
dC4NCj4gKw0KPiArWW91IGNhbiBkbyB0aGF0LCBieSBmaXJzdCBydW5uaW5nIHlvdXIgY29u
dGFpbmVyIHdpdGggQGNvZGV7ZG9ja2VyIHJ1biBpbWFnZS1uYW1lfS4NCj4gKw0KPiArVGhl
biBjaGVjayBAY29kZXtkb2NrZXIgcHN9LCBpZiB0aGUgY29tbWFuZCBzaG93cyBiZXNpZGUg
eW91ciBjb250YWluZXIgdGhlIHdvcmQgQGNvZGV7cnVubmluZ30uDQo+ICtZb3VyIGNvbnRh
aW5lciBpcyBpbmRlZWQgZGV0YWNoZWQsIGJ1dCBpZiBpdCBzaG93cyBAY29kZXtzdGFydGlu
Z30sIGFuZCBpdCBkb2Vzbid0IGZsaXAgdG8NCj4gK0Bjb2Rle3J1bm5pbmd9IGFmdGVyIGEg
d2hpbGUsIGl0IG1lYW5zIHRoYXQgeW91IGNvbnRhaW5lciBpcyBhdHRhY2hlZCwgYW5kIHlv
dSBuZWVkIHRvIGtlZXAgdGhpcw0KPiArb3B0aW9uIHR1cm5lZCBAY29kZXsjdH0uIikpDQo+
ICsNCj4gKyhkZWZpbmUgKHNlcmlhbGl6ZS12b2x1bWVzIGNvbmZpZykNCj4gKyAgIlNlcmlh
bGl6ZSBsaXN0IG9mIHBhaXJzIGludG8gZmxhdCBsaXN0IG9mIEBjb2RleyhcIi12XCIgXCJI
T1NUX1BBVEg6Q09OVEFJTkVSX1BBVEhcIiAuLi4pfSINCj4gKyAgKGFwcGVuZC1tYXANCj4g
KyAgIChsYW1iZGEgKHZvbHVtZS1iaW5kKQ0KPiArICAgICAobGlzdCAiLXYiIChmb3JtYXQg
I2YgIn4/IiAifmE6fmEiIHZvbHVtZS1iaW5kKSkpDQo+ICsgICAoZG9ja2VyLWNvbnRhaW5l
ci1jb25maWd1cmF0aW9uLXZvbHVtZXMgY29uZmlnKSkpDQoNClNlZSBmb2xsb3dpbmcgYWJv
dXQgcGFpcnMgYW5kIHNpbXBsaWZpY2F0aW9uLg0KDQo+ICsNCj4gKyhkZWZpbmUgKHNlcmlh
bGl6ZS1wb3J0cyBjb25maWcpDQo+ICsgICJTZXJpYWxpemUgbGlzdCBvZiBlaXRoZXIgcGFp
cnMsIG9yIGxpc3RzIGludG8gZmxhdCBsaXN0IG9mDQo+ICtAY29kZXsoXCItcFwiIFwiTlVN
QkVSOk5VTUJFUlwiIFwiLXBcIiBcIk5VTUJFUjpOVU1CRVIvUFJPVE9DT0xcIiAuLi4pfSIN
Cj4gKyAgKGFwcGVuZC1tYXANCj4gKyAgIChsYW1iZGEgKHBvcnQtYmluZCkNCj4gKyAgICAg
KGxpc3QgIi1wIiAoZm9ybWF0ICNmICJ+PyIgIn5hOn5hfl4vfmEiIHBvcnQtYmluZCkpKQ0K
PiArICAgKGRvY2tlci1jb250YWluZXItY29uZmlndXJhdGlvbi1wb3J0cyBjb25maWcpKSkN
Cg0KU2VlIGZvbGxvd2luZyBhYm91dCBwYWlycyBhbmQgc2ltcGxpZmljYXRpb24uDQoNCj4g
Kw0KPiArKGRlZmluZSAoc2VyaWFsaXplZC1lbnZpcm9ubWVudHMgY29uZmlnKQ0KPiArICAi
U2VyaWFsaXplIGxpc3Qgb2YgcGFpcnMgaW50byBmbGF0IGxpc3Qgb2YgQGNvZGV7KFwiLWVc
IiBcIlZBUj12YWxcIiBcIi1lXCIgXCJWQVI9dmFsXCIgLi4uKX0uIg0KPiArICAoYXBwZW5k
LW1hcA0KPiArICAgKGxhbWJkYSAoZW52LWJpbmQpDQo+ICsgICAgIChsaXN0ICItZSIgKGZv
cm1hdCAjZiAifj8iICJ+YT1+YSIgZW52LWJpbmQpKSkNCj4gKyAgIChkb2NrZXItY29udGFp
bmVyLWNvbmZpZ3VyYXRpb24tZW52aXJvbm1lbnRzIGNvbmZpZykpKQ0KDQpJIHRyaWVkIHRo
aXMgb3V0IGluIGEgUkVQTCwgYnV0IGZvdW5kIHRoYXQgaXQgZG9lc24ndCBhY2NlcHQgcGFp
cnMgYnV0IA0KMi1lbGVtZW50IGxpc3RzOg0KDQpzY2hlbWVAKGd1aWxlLXVzZXIpPiAoZm9y
bWF0ICNmICJ+PyIgIn5hPX5hIiAnKCJ4IiAuICJ5IikpDQppY2UtOS9ib290LTkuc2NtOjE2
ODU6MTY6IEluIHByb2NlZHVyZSByYWlzZS1leGNlcHRpb246DQpJbiBwcm9jZWR1cmUgbGVu
Z3RoOiBXcm9uZyB0eXBlIGFyZ3VtZW50IGluIHBvc2l0aW9uIDE6ICgieCIgLiAieSIpDQoN
CkVudGVyaW5nIGEgbmV3IHByb21wdC4gIFR5cGUgYCxidCcgZm9yIGEgYmFja3RyYWNlIG9y
IGAscScgdG8gY29udGludWUuDQpzY2hlbWVAKGd1aWxlLXVzZXIpIFsxXT4gLHENCnNjaGVt
ZUAoZ3VpbGUtdXNlcik+IChmb3JtYXQgI2YgIn4/IiAifmE9fmEiICcoIngiICJ5IikpDQok
MSA9ICJ4PXkiDQoNCkFsc28sIHRoZSAnZm9ybWF0JyBjYW4gYmUgc2ltcGxpZmllZDoNCg0K
KGFwcGx5IGZvcm1hdCAjZiAifmE9fmEiIGVudi1iaW5kKQ0KDQoNCj4gKw0KPiArKGRlZmlu
ZSAoZG9ja2VyLWNvbnRhaW5lci1zdGFydHVwLXNjcmlwdCBkb2NrZXItY2xpIGNvbnRhaW5l
ci1uYW1lIGNvbmZpZykNCj4gKyAgIlJldHVybiBhIHByb2dyYW0gZmlsZSwgdGhhdCBleGVj
dXRlcyB0aGUgc3RhcnR1cCBzZXF1ZW5jZSBvZiB0aGUgQGNvZGV7ZG9ja2VyLWNvbnRhaW5l
ci1zaGVwaGVyZC1zZXJ2aWNlfS4iDQo+ICsgIChsZXQqICgoYXR0YWNoZWQ/IChkb2NrZXIt
Y29udGFpbmVyLWNvbmZpZ3VyYXRpb24tYXR0YWNoZWQ/IGNvbmZpZykpDQo+ICsgICAgICAg
ICAoaW1hZ2UtbmFtZSAoZG9ja2VyLWNvbnRhaW5lci1jb25maWd1cmF0aW9uLWltYWdlIGNv
bmZpZykpDQo+ICsgICAgICAgICAodm9sdW1lcyAoc2VyaWFsaXplLXZvbHVtZXMgY29uZmln
KSkNCj4gKyAgICAgICAgIChwb3J0cyAoc2VyaWFsaXplLXBvcnRzIGNvbmZpZykpDQo+ICsg
ICAgICAgICAoZW52cyAoc2VyaWFsaXplLWVudmlyb25tZW50cyBjb25maWcpKQ0KPiArICAg
ICAgICAgKG5ldHdvcmsgKGRvY2tlci1jb250YWluZXItY29uZmlndXJhdGlvbi1uZXR3b3Jr
IGNvbmZpZykpDQo+ICsgICAgICAgICAoYWRkaXRpb25hbC1hcmd1bWVudHMgKGRvY2tlci1j
b250YWluZXItY29uZmlndXJhdGlvbi1hZGRpdGlvbmFsLWFyZ3VtZW50cyBjb25maWcpKQ0K
PiArICAgICAgICAgKGNvbnRhaW5lci1jb21tYW5kIChkb2NrZXItY29udGFpbmVyLWNvbmZp
Z3VyYXRpb24tY29udGFpbmVyLWNvbW1hbmQgY29uZmlnKSkpDQo+ICsgICAgKHByb2dyYW0t
ZmlsZQ0KPiArICAgICAoc3RyaW5nLWFwcGVuZCAic3RhcnQtIiBjb250YWluZXItbmFtZSAi
LWNvbnRhaW5lciIpDQo+ICsgICAgICN+KGxldCAoKGRvY2tlciAoc3RyaW5nLWFwcGVuZCAj
JGRvY2tlci1jbGkgIi9iaW4vZG9ja2VyIikpKQ0KPiArICAgICAgICAgKHN5c3RlbSogZG9j
a2VyICJzdG9wIiAjJGNvbnRhaW5lci1uYW1lKQ0KPiArICAgICAgICAgKHN5c3RlbSogZG9j
a2VyICJybSIgIyRjb250YWluZXItbmFtZSkgPiArICAgICAgICAgKGFwcGx5IHN5c3RlbSog
YCgsZG9ja2VyDQo+ICsgICAgICAgICAgICAgICAgICAgICAgICAgICJydW4iDQo+ICsgICAg
ICAgICAgICAgICAgICAgICAgICAgICwoc3RyaW5nLWFwcGVuZCAiLS1uYW1lPSIgIyRjb250
YWluZXItbmFtZSkNCj4gKyAgICAgICAgICAgICAgICAgICAgICAgICAgOzsgQXV0b21hdGlj
YWxseSByZW1vdmUgdGhlIGNvbnRhaW5lciB3aGVuIHN0b3BwaW5nDQo+ICsgICAgICAgICAg
ICAgICAgICAgICAgICAgIDs7IElmIHlvdSB3YW50IHBlcnNpc3RlbnQgZGF0YSwgeW91IG5l
ZWQgdG8gdXNlDQo+ICsgICAgICAgICAgICAgICAgICAgICAgICAgIDs7IHZvbHVtZSBiaW5k
cyBvciBvdGhlciBtZXRob2RzLg0KPiArICAgICAgICAgICAgICAgICAgICAgICAgICAiLS1y
bSINCj4gKyAgICAgICAgICAgICAgICAgICAgICAgICAgLChzdHJpbmctYXBwZW5kICItLW5l
dHdvcms9IiAjJG5ldHdvcmspDQo+ICsgICAgICAgICAgICAgICAgICAgICAgICAgIDs7IFRP
RE86DQo+ICsgICAgICAgICAgICAgICAgICAgICAgICAgIDs7IFdyaXRlIHRvIGEgY2lkIGZp
bGUgdGhlIGNvbnRhaW5lciBpZCwgdGhpcyBhbGxvd3MNCj4gKyAgICAgICAgICAgICAgICAg
ICAgICAgICAgOzsgZm9yIHNoZXBoZXJkIHRvIG1hbmFnZSBjb250YWluZXIgZXZlbiB3aGVu
IHRoZSBwcm9jZXNzDQo+ICsgICAgICAgICAgICAgICAgICAgICAgICAgIDs7IGl0c2VsZiBn
ZXRzIGRldGFjaGVkIGZyb20gdGhlIGNvbnRhaW5lcg0KPiArICAgICAgICAgICAgICAgICAg
ICAgICAgICAsQChpZiAobm90ICMkYXR0YWNoZWQpICcoIi0tY2lkZmlsZSIgIyRjaWQtZmls
ZSkgJygpKQ0KPiArICAgICAgICAgICAgICAgICAgICAgICAgICAjJEB2b2x1bWVzDQo+ICsg
ICAgICAgICAgICAgICAgICAgICAgICAgICMkQHBvcnRzDQo+ICsgICAgICAgICAgICAgICAg
ICAgICAgICAgICMkQGVudnMNCj4gKyAgICAgICAgICAgICAgICAgICAgICAgICAgIyRAYWRk
aXRpb25hbC1hcmd1bWVudHMNCj4gKyAgICAgICAgICAgICAgICAgICAgICAgICAgLCMkaW1h
Z2UtbmFtZQ0KPiArICAgICAgICAgICAgICAgICAgICAgICAgICAjJEBjb250YWluZXItY29t
bWFuZCkpKSkpKQ0KDQonc3lzdGVtKicgY2FuIGZhaWwsIHdoaWNoIGl0IGRvZXMgYnkgcmV0
dXJuaW5nIHNvbWUgbnVtYmVyIChhbmQgbm90IGJ5IA0KYW4gZXhjZXB0aW9uKS4gIEkgcmVj
b21tZW5kIHVzaW5nICdpbnZva2UnIGZyb20gKGd1aXggYnVpbGQgdXRpbHMpIA0KKHdoaWNo
IHVzZXMgZXhjZXB0aW9ucykgaW5zdGVhZDsgeW91IG1heSBuZWVkIHVzZS1tb2R1bGVzICsg
DQp3aXRoLWltcG9ydGVkLW1vZHVsZXMgdG8gdXNlIHRoYXQgbW9kdWxlLg0KDQoNCj4gKw0K
PiArKGRlZmluZSAoZG9ja2VyLWNvbnRhaW5lci1zaGVwaGVyZC1zZXJ2aWNlIGRvY2tlci1j
bGkgY29uZmlnKQ0KPiArICAiUmV0dXJuIGEgc2hlcGhlcmQtc2VydmljZSB0aGF0IHJ1bnMg
Q09OVEFJTkVSLiINCj4gKyAgKGxldCogKChjb250YWluZXItbmFtZSAoc3ltYm9sLT5zdHJp
bmcgKGRvY2tlci1jb250YWluZXItY29uZmlndXJhdGlvbi1uYW1lIGNvbmZpZykpKQ0KPiAr
ICAgICAgICAgKGNpZC1maWxlIChzdHJpbmctYXBwZW5kICIvdmFyL3J1bi9kb2NrZXIvIiBj
b250YWluZXItbmFtZSAiLnBpZCIpKQ0KDQpUaGlzIHNvdW5kcyBsaWtlICIuIiwgIi4uIiBh
bmQgYW55dGhpbmcgY29udGFpbmluZyBhICIvIiBvciAiXHgwMCIgd291bGQgDQpiZSBpbnZh
bGlkIGNvbnRhaW5lciBuYW1lcywgSSByZWNvbW1lbmQgcmVmaW5pbmcgdGhlIHR5cGUgY2hl
Y2sgZm9yIA0KJ2NvbnRhaW5lci1uYW1lJyBhIGxpdHRsZS4gIEl0IGFsc28gbG9va3MgbGlr
ZSBjb250YWluZXIgbmFtZXMgbXVzdCBiZSANCnVuaXF1ZSB3aXRoaW4gYSBzeXN0ZW0sIHRo
YXQgc291bmRzIGxpa2Ugc29tZXRoaW5nIHRvIG1lbnRpb24gaW4gaXRzIA0KZG9jc3RyaW5n
IHRvIG1lLg0KDQo+ICsgICAgICAgICAoYXR0YWNoZWQ/IChkb2NrZXItY29udGFpbmVyLWNv
bmZpZ3VyYXRpb24tYXR0YWNoZWQ/IGNvbmZpZykpKQ0KPiArICAgIChzaGVwaGVyZC1zZXJ2
aWNlDQo+ICsgICAgIChwcm92aXNpb24gKGxpc3QgKGRvY2tlci1jb250YWluZXItY29uZmln
dXJhdGlvbi1uYW1lIGNvbmZpZykpKQ0KPiArICAgICAocmVxdWlyZW1lbnQgYChkb2NrZXJk
KSkNCj4gKyAgICAgKHN0YXJ0ICN+KG1ha2UtZm9ya2V4ZWMtY29uc3RydWN0b3INCj4gKyAg
ICAgICAgICAgICAgIChsaXN0ICMkKGRvY2tlci1jb250YWluZXItc3RhcnR1cC1zY3JpcHQg
ZG9ja2VyLWNsaSBjb250YWluZXItbmFtZSBjb25maWcpKQ0KPiArICAgICAgICAgICAgICAg
OzsgV2F0Y2ggdGhlIGNpZC1maWxlIGluc3RlYWQgb2YgdGhlIGRvY2tlciBydW4gY29tbWFu
ZCwgYXMgdGhlIGRhZW1vbiBjYW4NCj4gKyAgICAgICAgICAgICAgIDs7IHN0aWxsIGJlIHJ1
bm5pbmcgZXZlbiB3aGVuIHRoZSBjb21tYW5kIHRlcm1pbmF0ZXMNCj4gKyAgICAgICAgICAg
ICAgIChpZiAobm90ICMkYXR0YWNoZWQ/KQ0KPiArICAgICAgICAgICAgICAgICAgICM6cGlk
LWZpbGUgIyRjaWQtZmlsZSkpKQ0KDQpJIGRvbid0IHRoaW5rIHRoaXMgZG9lcyB3aGF0IHlv
dSB3YW50IGl0IHRvIGRvIC0tIHdoZW4gYXR0YWNoZWQsIGl0IHdpbGwgDQpldmFsdWF0ZSB0
byAjJGNpZC1maWxlLCB3aGVuIG5vdCwgaXQgd2lsbCBldmFsdWF0ZSB0byAjOnBpZC1mbGls
ZS4NCg0KVHJ5IGFwcGx5K2xpc3QgaW5zdGVhZDoNCg0KKGFwcGx5DQogICBtYWtlLWZvcmtl
eGVjLWNvbnN0cnVjdG9yDQogICAobGlzdCAuLi4pDQogICAjJChpZiAkYXR0YWNoZWQNCiAg
ICAgICAgICN+KCkNCiAgICAgICAgICN+KGxpc3QgIzpwaWQtZmlsZSAjJGNpZC1maWxlKSkp
DQoNCihDaGFuZ2luZyB0aGUgc3RhZ2luZyBpcyBub3QgcmVxdWlyZWQsIHRob3VnaCBteXNl
bGYgSSBwcmVmZXIgaXQgdGhpcyB3YXkuKQ0KDQpJIHJlY29tbWVuZCB3cml0aW5nIGEgc3lz
dGVtIHRlc3QgKGluIGdudS90ZXN0cy9kb2NrZXIuc2NtKSwgdG8gcHJldmVudCANCnN1Y2gg
cHJvYmxlbXMsIHRob3VnaCBJIGRvbid0IGtub3cgaG93IGZlYXNpYmxlIGl0IHdvdWxkIGJl
Lg0KDQo+ICsgICAgIChzdG9wIChpZiAjJGF0dGFjaGVkPw0KPiArICAgICAgICAgICAgICAg
I34obWFrZS1raWxsLWRlc3RydWN0b3IpDQo+ICsgICAgICAgICAgICAgICAjfihsYW1iZGEg
Xw0KPiArICAgICAgICAgICAgICAgICAgIChleGVjLWNvbW1hbmQgKGxpc3QNCj4gKyAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAoc3RyaW5nLWFwcGVuZCAjJGRvY2tlci1j
bGkgIi9iaW4vZG9ja2VyIikNCj4gKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAic3RvcCIgIyRjb250YWluZXItbmFtZSkpDQo+ICsgICAgICAgICAgICAgICAgICAgI2Yp
KSkpKSkNCg0KTm90IHZlcnkgZmFtaWxpYXIgd2l0aCBob3cgU2hlcGhlcmQgd29ya3MgaGVy
ZSwgYnV0IEkgdGhpbmsgdGhhdCB0aGUgDQoncmV0dXJuICNmYWxzZScgZHNlc2VydmVzIGEg
Y29tbWFuZC4NCg0KQWxzbywgb24gKHN0cmluZy1hcHBlbmQgIyRkb2NrZXItY2xpICIvYmlu
L2RvY2tlciIpOiB3ZSBoYXZlDQojJChmaWxlLWFwcGVuZCBkb2NrZXItY2xpICIvYmluL2Rv
Y2tlciIpIGZvciB0aGF0LCB0aG91Z2ggaW4gdGhpcyBjYXNlIA0KaXQgZG9lc24ndCBtYXR0
ZXIgKGZvciB1c2VzIGluc2lkZSAncXVvdGUnLCBpdCBkb2VzLCBidXQgaGVyZSwgbm90IHJl
YWxseSkuDQoNCkdyZWV0aW5ncywNCk1heGltZS4NCg==
--------------Uop0srNDnw720NWSCTaIOq8W
Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc"
Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc"
Content-Description: OpenPGP public key
Content-Transfer-Encoding: quoted-printable

-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m
xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2
ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL
CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc
/gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4
LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C
kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK
CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W
ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ
Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0
k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo
AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE
fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D
=3DOVqp
-----END PGP PUBLIC KEY BLOCK-----

--------------Uop0srNDnw720NWSCTaIOq8W--

--------------cWvhmhlwM8vYzhvCwxcOYDXd--

--------------MkhQdqx650Vxa0JLe6dYfSvF
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYzXknwUDAAAAAAAKCRBJ4+4iGRcl7jTQ
APsFykmO2S637Lr1xb3NYFQ1wWg+2mZaXQj1C/NFyAVJ0gEAiQMRlZrdgaFAj0LkDVKcMWoRa/dQ
tsJEFAoNlxJKiQ0=
=AwYa
-----END PGP SIGNATURE-----

--------------MkhQdqx650Vxa0JLe6dYfSvF--

Message received at submit <at> debbugs.gnu.org:

Received: (at submit) by debbugs.gnu.org; 27 Sep 2022 19:18:26 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Sep 27 15:18:26 2022
Received: from localhost ([127.0.0.1]:56834 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1odG65-0004Mb-S3
	for submit <at> debbugs.gnu.org; Tue, 27 Sep 2022 15:18:26 -0400
Received: from lists.gnu.org ([209.51.188.17]:51306)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maya.tomasek@HIDDEN>) id 1odEn2-0002DH-Az
 for submit <at> debbugs.gnu.org; Tue, 27 Sep 2022 13:54:41 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:39160)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <maya.tomasek@HIDDEN>)
 id 1odEn2-0000yu-57
 for guix-patches@HIDDEN; Tue, 27 Sep 2022 13:54:40 -0400
Received: from knopi.disroot.org ([178.21.23.139]:47034)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <maya.tomasek@HIDDEN>)
 id 1odEmz-0005Nc-62
 for guix-patches@HIDDEN; Tue, 27 Sep 2022 13:54:39 -0400
Received: from localhost (localhost [127.0.0.1])
 by disroot.org (Postfix) with ESMTP id 831584C38F
 for <guix-patches@HIDDEN>; Tue, 27 Sep 2022 19:54:10 +0200 (CEST)
X-Virus-Scanned: SPAM Filter at disroot.org
Received: from knopi.disroot.org ([127.0.0.1])
 by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id VjWtnDYMMhev for <guix-patches@HIDDEN>;
 Tue, 27 Sep 2022 19:54:09 +0200 (CEST)
From: =?utf-8?B?TcOhamEgVG9tw6HFoWVr?= <maya.tomasek@HIDDEN>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail;
 t=1664301248; bh=KsnGyHiu2wE5h/5N+3HziBpCVGhsZHHOvBe14pPFf9M=;
 h=From:To:Subject:Date;
 b=EQ7mUb6J7Pt/mnWpKG4gRIecfhcGIfiS5C0Ct5i86pR6TWD0Mcrwa395O9CYULepw
 Qn7qcVL3ZwsaNwrhVHg1C8J/ow4zEzRXRfP/k7jk8EsGpLDfVBMjSuYD3IEVzS4T10
 aWjvwN5xXDTLTKC0lTHENvA08BzUIqr1NTvnPM121Hycf5in4kgTilMx8y/7VtDHhC
 a+w+XBQuRS1SJVFCCu2VmWZ7Fk2051UwT/eDyjwEQ2y4DxxClkDZpy5IjryOg0Y6d3
 h0791xOGxMn6n4YhJTXTpeUfAFsKrOuPCjplkdZ3PIc6Fzn+JbXswKLvS5KH3xdHcM
 irz7ntTyZKJ/g==
To: guix-patches@HIDDEN
Subject: [PATCH] gnu: services: docker: Add docker-container-service-type
Date: Tue, 27 Sep 2022 19:16:32 +0200
Message-ID: <87r0zwr9dv.fsf@HIDDEN>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=178.21.23.139;
 envelope-from=maya.tomasek@HIDDEN; helo=knopi.disroot.org
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Tue, 27 Sep 2022 15:18:23 -0400
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.4 (--)


This patch provides a new service type, which allows the creation of shephe=
rd
services from docker containers.
---
Hi,

I have written a definition of the docker-container-service-type. It is
a service that allows you to convert docker containers into shepherd
services.

It has some limitations:

1. Containers are deleted when stopping.
   This makes it easier to manage them from shepherd. You can achieve
   persistence with volume binds.
=20=20=20
2. Containers must be either attached or detached.
   Some containers simply run a command inside the container, and when
   run with docker run, they stay attached and the docker run command
   therefore behaves like a normal command. However, some containers use
   docker's "init system", that means that they won't block the docker
   run command. Sadly attached containers don't properly report that
   they are initialized, so to docker they are in the "starting" state
   until termination. This means that docker doesn't create a cid
   file (pid file for containers). To sum it up, there is no way to tell
   how will the container report it's state, and this process must be
   specified by the user, if the container runs attached or detached.

3. Images are not managed.
   Docker does manage images in a really stupid way. My original idea
   was to have a file-like object to define an image (from an image
   archive), but sadly it has been more complex than I initially
   thought. Docker uses 2 versions of archive manifests, and each
   archive can have multiple images, depending on the architecture. And
   those images can be composed from layers, which are also images. The
   daemon determines ad-hoc which images from the archive it will use,
   and there is no official tool (at leats when I looked for it) to get
   image ids reliably. As the docker load command can return multiple
   images. I will expand on the process on how the images could be used
   in a managed way, but I have to say something to the current
   interface. It works by expecting an image by name from the image-name
   field. That means that docker must already have the image in its
   database. There is currently no way to ensure that images will be in
   docker database before running shepherd services, but I expect they
   should simply fail to start.

There is currently no documentation outside of docstrings, I plan to
write it, but first I would welcome comments from you, maybe this
service isn't suitable for guix, as it does imply breaking of the
declarative guix model, but that goes for docker and flatpak too, so I
thought I can try it.

Now finally to images. The idea is that all images belonging to a
docker-container-configuration are tagged (via docker tag) with the name
o the docker-container-configuration-name (as this is unique). The
activation service would get the propper image-id (which is not easy to
get from the manifest, but with some json parsing, it can be done). Then
it would load the image into the docker database with docker load, and
tag the new image with the docker-configuration-name tag. This would
automatically update the image from which the container is running
without having to modify the shepherd service.

Sadly docker does not allow for containers to be ran directly from the
image archive and this is the most straightforward workaround I could
think of.

I hope this patch finds you in good mood,

Maya

PS. I found out that the original docker-service-type wasn't
indent-region. And it got snuck into the patch, I hope this will still
be a valid patch.

 gnu/services/docker.scm | 289 +++++++++++++++++++++++++++++++++-------
 1 file changed, 242 insertions(+), 47 deletions(-)

diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm
index 741bab5a8c..b05804aa16 100644
--- a/gnu/services/docker.scm
+++ b/gnu/services/docker.scm
@@ -5,6 +5,7 @@
 ;;; Copyright =C2=A9 2020 Efraim Flashner <efraim@HIDDEN>
 ;;; Copyright =C2=A9 2020 Jesse Dowell <jessedowell@HIDDEN>
 ;;; Copyright =C2=A9 2021 Brice Waegeneire <brice@HIDDEN>
+;;; Copyright =C2=A9 2022 Maya Tomasek <maya.omase@HIDDEN>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -37,6 +38,8 @@ (define-module (gnu services docker)
=20
   #:export (docker-configuration
             docker-service-type
+            docker-container-configuration
+            docker-container-service-type
             singularity-service-type))
=20
 (define-configuration docker-configuration
@@ -164,6 +167,198 @@ (define docker-service-type
                                      (const %docker-accounts))))
                 (default-value (docker-configuration))))
=20
+(define (pair-of-strings? val)
+  (and (pair val)
+       (string? (car val))
+       (string? (cdr val))))
+
+(define (list-of-pair-of-strings? val)
+  (list-of pair-of-strings?))
+
+(define-configuration/no-serialization docker-container-configuration
+  (name
+   (symbol '())
+   "Name of the docker container. Will be used to denote service to Shephe=
rd and must be unique!
+We recommend, that the name of the container is prefixed with @code{docker=
-}.")
+  (comment
+   (string "")
+   "A documentation on the docker container.")
+  (image-name
+   (string)
+   "A name of the image that will be used. (Note that the existence of the=
 image
+is not guaranteed by this daemon.)")
+  (volumes
+   (list-of-pair-of-strings '())
+   "A list of volume binds. In (HOST_PATH CONTAINER_PATH) format.")
+  (ports
+   (list-of-pair-of-strings '())
+   "A list of port binds. In (HOST_PORT CONTAINER_PORT) or (HOST_PORT CONT=
AINER_PORT OPTIONS) format.
+For example, both port bindings are valid:
+
+@lisp
+(ports '((\"2222\" \"22\") (\"21\" \"21\" \"tcp\")))
+@end lisp"
+   (environments
+    (list-of-pair-of-strings '())
+    "A list of variable binds, inside the container enviornment. In (VARIA=
BLE VALUE) format."))
+  (network
+   (string "none")
+   "Network type.")
+  (additional-arguments
+   (list-of-strings '())
+   "Additional arguments to the docker command line interface.")
+  (container-command
+   (list-of-strings '())
+   "Command to send into the container.")
+  (attached?
+   (boolean #t)
+   "Run the container as an normal attached process (sending SIGTERM).
+Or run the container as a isolated environment that must be stopped with @=
code{docker stop}.
+
+Please verify first, that you container is indeed not attached, otherwise =
@code{shepherd} might
+assume the process is dead, even when it is not.
+
+You can do that, by first running your container with @code{docker run ima=
ge-name}.
+
+Then check @code{docker ps}, if the command shows beside your container th=
e word @code{running}.
+Your container is indeed detached, but if it shows @code{starting}, and it=
 doesn't flip to
+@code{running} after a while, it means that you container is attached, and=
 you need to keep this
+option turned @code{#t}."))
+
+(define (serialize-volumes config)
+  "Serialize list of pairs into flat list of @code{(\"-v\" \"HOST_PATH:CON=
TAINER_PATH\" ...)}"
+  (append-map
+   (lambda (volume-bind)
+     (list "-v" (format #f "~?" "~a:~a" volume-bind)))
+   (docker-container-configuration-volumes config)))
+
+(define (serialize-ports config)
+  "Serialize list of either pairs, or lists into flat list of
+@code{(\"-p\" \"NUMBER:NUMBER\" \"-p\" \"NUMBER:NUMBER/PROTOCOL\" ...)}"
+  (append-map
+   (lambda (port-bind)
+     (list "-p" (format #f "~?" "~a:~a~^/~a" port-bind)))
+   (docker-container-configuration-ports config)))
+
+(define (serialized-environments config)
+  "Serialize list of pairs into flat list of @code{(\"-e\" \"VAR=3Dval\" \=
"-e\" \"VAR=3Dval\" ...)}."
+  (append-map
+   (lambda (env-bind)
+     (list "-e" (format #f "~?" "~a=3D~a" env-bind)))
+   (docker-container-configuration-environments config)))
+
+(define (docker-container-startup-script docker-cli container-name config)
+  "Return a program file, that executes the startup sequence of the @code{=
docker-container-shepherd-service}."
+  (let* ((attached? (docker-container-configuration-attached? config))
+         (image-name (docker-container-configuration-image config))
+         (volumes (serialize-volumes config))
+         (ports (serialize-ports config))
+         (envs (serialize-environments config))
+         (network (docker-container-configuration-network config))
+         (additional-arguments (docker-container-configuration-additional-=
arguments config))
+         (container-command (docker-container-configuration-container-comm=
and config)))
+    (program-file
+     (string-append "start-" container-name "-container")
+     #~(let ((docker (string-append #$docker-cli "/bin/docker")))
+         (system* docker "stop" #$container-name)
+         (system* docker "rm" #$container-name)
+         (apply system* `(,docker
+                          "run"
+                          ,(string-append "--name=3D" #$container-name)
+                          ;; Automatically remove the container when stopp=
ing
+                          ;; If you want persistent data, you need to use
+                          ;; volume binds or other methods.
+                          "--rm"
+                          ,(string-append "--network=3D" #$network)
+                          ;; TODO:
+                          ;; Write to a cid file the container id, this al=
lows
+                          ;; for shepherd to manage container even when th=
e process
+                          ;; itself gets detached from the container
+                          ,@(if (not #$attached) '("--cidfile" #$cid-file)=
 '())
+                          #$@volumes
+                          #$@ports
+                          #$@envs
+                          #$@additional-arguments
+                          ,#$image-name
+                          #$@container-command))))))
+
+(define (docker-container-shepherd-service docker-cli config)
+  "Return a shepherd-service that runs CONTAINER."
+  (let* ((container-name (symbol->string (docker-container-configuration-n=
ame config)))
+         (cid-file (string-append "/var/run/docker/" container-name ".pid"=
))
+         (attached? (docker-container-configuration-attached? config)))
+    (shepherd-service
+     (provision (list (docker-container-configuration-name config)))
+     (requirement `(dockerd))
+     (start #~(make-forkexec-constructor
+               (list #$(docker-container-startup-script docker-cli contain=
er-name config))
+               ;; Watch the cid-file instead of the docker run command, as=
 the daemon can
+               ;; still be running even when the command terminates
+               (if (not #$attached?)
+                   #:pid-file #$cid-file)))
+     (stop (if #$attached?
+               #~(make-kill-destructor)
+               #~(lambda _
+                   (exec-command (list
+                                  (string-append #$docker-cli "/bin/docker=
")
+                                  "stop" #$container-name))
+                   #f))))))
+
+
+(define (list-of-docker-container-configurations? val)
+  (list-of docker-container-configuration?))
+
+(define-configuration/no-serialization docker-container-service-configurat=
ion
+  (docker-cli
+   (file-like docker-cli)
+   "The docker package to use.")
+  (containers
+   (list-of-docker-container-configurations '())
+   "The docker containers to run."))
+
+(define (docker-container-shepherd-services config)
+  "Return shepherd services for all containers inside config."
+  (let ((docker-cli (docker-container-service-configuration-docker-cli con=
fig)))
+    (map
+     (lambda (container)
+       (docker-container-shepherd-service
+        docker-cli
+        container))
+     (docker-container-service-configuration-containers config))))
+
+(define docker-container-service-type
+  "This is the type of the service that runs docker containers using GNU S=
hepherd.
+It allows for declarative management of running containers inside the Guix=
 System.
+
+This service can be extended with list of @code{<docker-container-configur=
ation>} objects.
+
+The following is an example @code{docker-container-service-type} configura=
tion.
+
+@lisp
+(service docker-container-service-type
+  (containers (list
+                (docker-container-configuration
+                  (name 'docker-example)
+                  (comment \"An example docker container configuration\")
+                  (image-name \"example/example:latest\") ;; Note that ima=
ges must be provided separately.
+                  (volumes '((\"/mnt\" \"/\") (\"/home/example\" \"/home/u=
ser\")))
+                  (ports '((\"21\" \"21\" \"tcp\") (\"22\" \"22\")))
+                  (network \"host\")))))
+@end lisp"
+  (service-type
+   (name 'docker-container)
+   (description "Manage docker containers with shepherd.")
+   (extensions
+    (list (service-extension shepherd-root-service-type docker-container-s=
hepherd-services)))
+   (compose concatenate)
+   (extend (lambda (config containers)
+             (let ((docker-cli (docker-container-service-configuration-doc=
ker-cli config))
+                   (initial-containers (docker-container-service-configura=
tion-containers config)))
+               (docker-container-service-configuration
+                (docker-cli docker-cli)
+                (containers (append initial-containers containers))))))
+   (default-value (docker-container-service-configuration))))
+
 
 ;;;
 ;;; Singularity.
--=20
2.37.3