[PATCH 0/3] guix environment --user, --link-profile, --no-cwd

  • Done
  • quality assurance status badge
Details
4 participants
  • Ludovic Courtès
  • Maxim Cournoyer
  • Mike Gerwitz
  • Ricardo Wurmus
Owner
unassigned
Submitted by
Mike Gerwitz
Severity
normal
Merged with
M
M
Mike Gerwitz wrote on 26 Jan 2018 04:29
(address . guix-patches@gnu.org)(name . David Thompson)(address . davet@gnu.org)
cover.1516937216.git.mtg@gnu.org
On help-guix I initiated a conversation on using IceCat within a container
(<87vag2wopo.fsf@gnu.org>). This covers some of the lower-level concepts I
was thinking off. Specifically:

0. The ability to hide the user (and home directory) from procsses within the
container. This includes rewritting mapped paths;
1. Suppressing the behavior of automatically sharing cwd; and
2. Linking $GUIX_ENVIRONMENT to ~/.guix-profile.

The first two are for privacy (#1 is for conveinence, since creating an empty
dir just to cd into it is a bit klugy as a workaround). #2 was motivated by
my needs with font-config, but I can imaging that it'd be useful elsewhere
as well. It only really makes sense if you're not sharing your home
directory.

Mike Gerwitz (3):
scripts: environment: Add --link-profile.
scripts: environment: Add --user.
scripts: environment: Add --no-cwd.

doc/guix.texi | 59 +++++++++++++-
guix/scripts/environment.scm | 178 +++++++++++++++++++++++++++++++++++--------
tests/guix-environment.sh | 30 ++++++++
3 files changed, 233 insertions(+), 34 deletions(-)

--
2.15.1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJaaqB+AAoJEIyRe39dxRuiafEP/jmJii6A75ckdrFAqTxPZYtO
uxLCDYE4JF38e1n1pnNg8bS8djW0NGkYbXD3p9zqj870zs9zCv+gwsI6hQO+FTXw
fhbrSU7cjOXWubNF/u15NM6NMeQ8bMz/MZmCukVO15Wdux+A67LLIGq6w10R/Xkt
M01B4KsqTVg1OV8gY/4TJsa7DTVRUpjIJHj5YkEeKXnhiDB3CX/msIz3pCQDwAbh
K396M1ZttJQKGhDJbwU9p5MQxdrZY19b2YZHv3x1NdaOECwf7ZvhXQn98b85HJmr
3akpAIlbnt3HL6ZWEZzRsp9ybMSkZupjmrQKTKQCBDUTZDx9ZdbmgFfdhSVXFgxa
vYc6XeIIZ6PRFxzdhBQ7adBjkg9fw/N+cnIZi6ykZyfKkZ/wcoYeb8sKSIMeJv6K
lqQBGFQFejNXuDruZNOZGSxazRQlsiuAg8ziu4hjNRG2Vm62tIyY6G5cSyfzfj6Z
G0e2gei10xLrXKJU6nMEM7BR8G3MwWr2gK5+AG5NxNgiePglxJlZBPpoEUS44Crq
fBWOELDjS7RAVrQhP6gdg8TbjoWUFWj88m1gs+cH0IEwM9bTMXA6meOvNbCBK64h
NuDkZGdCFwvouNkzEHGI55W6jZO7rHUcLzdULnlRQ8CqVC5t9pF+T2xRRrb9ch+z
9QQepdbHsOhwgvqSAe88
=o/jn
-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 3 Mar 2018 22:22
control message for bug #30256
(address . control@debbugs.gnu.org)
87efl0am80.fsf@gnu.org
merge 30256 30254
L
L
Ludovic Courtès wrote on 17 Oct 2018 14:19
Re: [bug#30256] [PATCH 3/3] scripts: environment: Add --no-cwd.
(name . Mike Gerwitz)(address . mtg@gnu.org)
87murcdaui.fsf@gnu.org
Hello Mike,

There’s this last patch from the series you submitted a while back
that’s ready modulo an issue with the test. Could you take a look?

TIA,
Ludo’.

ludo@gnu.org (Ludovic Courtès) skribis:

Toggle quote (45 lines)
> Mike Gerwitz <mtg@gnu.org> skribis:
>
>> * doc/guix.texi (Invoking guix environment): Add --no-cwd.
>> * guix/scripts/environment.scm (show-help, %options): Add --no-cwd.
>> (launch-environment/container): Add 'map-cwd?' param; only add mapping for cwd
>> if #t. Only change to cwd within container if #t, otherwise home.
>> (guix-environment): Error if --no-cwd without --container. Provide '(not
>> no-cwd?)' to launch-environment/container as 'map-cwd?'.
>> * tests/guix-environment.sh: Add test for no-cwd.
>
> This one LGTM as well (with the test moved to
> guix-environment-container.sh). There’s just a minor issue:
>
>> --- a/tests/guix-environment.sh
>> +++ b/tests/guix-environment.sh
>> @@ -84,6 +84,14 @@ HOME="$tmpdir" guix environment --bootstrap --container --user=foognu \
>> --share="$tmpdir/umock" \
>> -- guile -c "$usertest"
>>
>> +# if not sharing CWD, chdir home
>> +(
>> + cd "$tmpdir" \
>> + && guix environment --bootstrap --container --no-cwd --user=foo \
>> + --ad-hoc guile-bootstrap --pure \
>> + -- /bin/sh -c 'test $(pwd) == "/home/foo" -a ! -d '"$tmpdir"
>> +)
>> +
>
> This test would fail for me because my test store is at
> ~ludo/src/guix/test-tmp/store and my CWD is ~/src/guix. So when using
> both --user and --no-cwd, the effect is that
> ~ludo/src/guix/test-tmp/store is not available at all within the
> container, and thus execve("/bin/sh") fails with ENOENT:
>
> $ ./test-env guix environment --bootstrap --container --no-cwd --user=foo --ad-hoc guile-bootstrap
> accepted connection from pid 29684, user ludo
> accepted connection from pid 29695, user ludo
> ./test-env: line 1: 29683 Terminated "/home/ludo/src/guix/pre-inst-env" "/home/ludo/src/guix/guix-daemon" --disable-chroot --substitute-urls="$GUIX_BINARY_SUBSTITUTE_URL"
> $ echo $?
> 1
>
> Thoughts?
>
> TIA,
> Ludo’.
M
M
Mike Gerwitz wrote on 8 Nov 2018 02:56
(name . Ludovic Courtès)(address . ludo@gnu.org)
87lg64xrfx.fsf@gnu.org
Ludo:

On Wed, Oct 17, 2018 at 15:19:33 +0200, Ludovic Courtès wrote:
Toggle quote (3 lines)
> There’s this last patch from the series you submitted a while back
> that’s ready modulo an issue with the test. Could you take a look?

I'm not ignoring this; I'll have time to look over the next couple of
weeks. I'll need to research the issue.

--
Mike Gerwitz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJb45fSAAoJEIyRe39dxRuisEMQALzkRSbdn1DLakjTK2vMJTMh
oNJI00NgVPrmTbCgohtIZCvW9rhdmhgDmWr3gSM1I+3ptMKoN79kQCcT3O/seKWd
1oh1MOswwwzNaZPBuVqq8m8FjE25OmYm4+FAT+KJWV3xBA2t3gUuxWway4OLmL7w
wFkMTWUftScog0Aa2BceI56dXT6YmheajMoTjhhc27lnAT71Yf3qPsNfjs7VpGjY
Wqz6oC7h3Kv44WNN7KbUV0Zilvfh/zpU8AKeayovd9v4gQUudiCtPEimPi9VPeuZ
pvQk412DOfTAZYSCai8y8+2JYsXks+BGXd1+yX/cOqHp7tvAcrDxna96X0H1DS4d
+O1srjpEhsb39HvCnya/u6c7ltWNjUAdojksm2KpY5eMjQkvkhV5O6K/0wAZf53l
9jyd4uJ9hLYqKlspbiTvFCAqa3SDp43/deKT3PR1Gd7x04c7R+GtF9PLwvIOSsVY
ZUlsujv/YWQqGVt9LJ0XN2ffQ+wyZ8xxIyPQBtnRUHNFlJrOIXxtkuRKdVuSDB4g
kZPky1QyBhG9HldJEDyvr3JXeyDxgPGBxpAt0K3vadv+5fL59+7Q59oaSnKkC2ln
FpXEw+8cz+93Xjh8N3zybBl9sGfh+LVp87Cjd06Dlw+g/bcCsCoRGV165VHa3kuy
bAe5pEu9SpGWVxBcicgv
=V7Ay
-----END PGP SIGNATURE-----

R
R
Ricardo Wurmus wrote on 4 Feb 2019 14:29
control message for bug #30254
(address . control@debbugs.gnu.org)
168b8b31ef3.2c1a096-1530070560.2547737053220808969@zoho.com
tags 30254 moreinfo
L
L
Ludovic Courtès wrote on 7 Jul 2019 15:18
Re: [bug#30256] [PATCH 3/3] scripts: environment: Add --no-cwd.
(name . Carl Dong)(address . contact@carldong.me)
87lfxac7ab.fsf@gnu.org
Hi Carl,

Carl Dong <contact@carldong.me> skribis:

Toggle quote (13 lines)
> I believe I've found a solution to the problem that Ludo was encountering. The
> reason why Ludo was having trouble was because when a user specifies `--user`,
> we rewrite the targets of our filesystem mappings so that every instance of
> `$HOME` (as seen ouside the container) becomes `/home/$USER`. Since this applied
> to all filesystem mappings, it included our filesystem mappings for inputs too.
> However, our symlinks were not updated.
>
> My change makes it so that we _only_ update the mappings that are either
> user-specified, or cwd (if applicable). This solves Ludo's problems.
>
> Here's the patch, let me know if it looks good:
> https://github.com/dongcarl/guix/compare/8e92d5465fc154fed5d06f7e4a64d7dcccded74d...2019-06-env-no-cwd-fix.patch

Good catch! The patches LGTM. (Note: you can use the ‘Co-authored-by’
tag for the second patch, I think it’s a more or less common
convention.)

Speaking of which, could you create an account on Savannah? That way we
could grant you commit access to make it more convenient for you and so
you can review and apply other people’s patches in your areas of expertise.

Please let me know what your account is, and reply with a message signed
by the key you’ll use to sign commits. Also please read the ‘HACKING’
file for info on the commit “rules”.

Thanks!

Ludo’.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEPORkVYqE/cadtAz7CQsRmT2a67UFAl0h8RwACgkQCQsRmT2a
67Xc+Q/+Kq8VHJSSLVX8lMtbCNz+PR7fjFXVIou2E81SyQ1RzjeK/Iy0RbwdsOnX
02/GB1+8WK2F4L/j+48DEAzNO9Pg3AMYNITXaCyhxx0uqjhCIgWK5XBfLnjgGGIO
e2U2mxRhwCDAK5hbdlJncrtax6rgqouZmUiPkTfJ6cnJRmYAWtl/2zKf7aPxiZ/Z
k9k2E4IUcsDrP/tpl6CT8WUiFOBvzudfbFij3PH7a17kzO7TQKJAK7R9R2LdywwC
teZ2BYzpqF+eMo1+L13aQpC+Kh58rYDU+DWsIVtm0vnEJqLdkiOZsgIMOlIhuluN
gS1RR06af/ayJsxilwS3DUjXKetVo0Dr7EaOyhSzW0UfYepHZQVQDDVu9ELJ2qu5
QaWZGcWqx+tS78JHIO3yHgWisTaB473JroKPJbvCkoDMTXrHoyEoRA9kX4IzPL5N
DT+8GcXhn+iAQneZBBxemRZuxVlEMi3lqP5NMLH9bsS7Gm2hCFKCqYoBEGKhgLiQ
qEDTJLVrT96f39KxItPrps40qrvPWu3U8vcxf9XIlIHM8yZ1PC44UTViH8aKmq+r
YhD+RjsiyYNq2frW7U+Nv7INkyHWujmMFhmhw2rfv9cfU00+Eq/yIqu2dR3B4PiS
Ubz0hngpdNh1ySpgoJq0Cgj5hyrcHd6nWsVwhda/rawJp83RWFg=
=SlEi
-----END PGP SIGNATURE-----

M
M
Maxim Cournoyer wrote on 14 Jul 2021 15:18
Re: bug#30254: [PATCH 0/3] guix environment --user, --link-profile, --no-cwd
(name . Ludovic Courtès)(address . ludo@gnu.org)
875yxdowy4.fsf_-_@gmail.com
Hello,

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (16 lines)
> Hello!
>
> Carl Dong <contact@carldong.me> skribis:
>
>>> Good catch! The patches LGTM. (Note: you can use the ‘Co-authored-by’ tag for
>>> the second patch, I think it’s a more or less common convention.)
>>
>> Done! Updated at the same link as last time:
>> https://github.com/dongcarl/guix/compare/8e92d5465fc154fed5d06f7e4a64d7dcccded74d...2019-06-env-no-cwd-fix.patch
>
> Alright!
>
>>> Speaking of which, could you create an account on Savannah? That way we could
>>> grant you commit access to make it more convenient for you and so you can
>>> review and apply other people’s patches in your areas of expertise.

[...]

Toggle quote (3 lines)
> Cool, I’ve added you to the Savannah group. You can now push these two
> patches to test it.

Seems the patches have indeed been pushed :-).

Closing.

Maxim
Closed
?