(address . firstname.lastname@example.org)(name . David Thompson)(address . email@example.com)
On help-guix I initiated a conversation on using IceCat within a container(<firstname.lastname@example.org>). This covers some of the lower-level concepts Iwas thinking off. Specifically: 0. The ability to hide the user (and home directory) from procsses within the container. This includes rewritting mapped paths;1. Suppressing the behavior of automatically sharing cwd; and2. Linking $GUIX_ENVIRONMENT to ~/.guix-profile. The first two are for privacy (#1 is for conveinence, since creating an emptydir just to cd into it is a bit klugy as a workaround). #2 was motivated bymy needs with font-config, but I can imaging that it'd be useful elsewhereas well. It only really makes sense if you're not sharing your homedirectory. Mike Gerwitz (3): scripts: environment: Add --link-profile. scripts: environment: Add --user. scripts: environment: Add --no-cwd. doc/guix.texi | 59 +++++++++++++- guix/scripts/environment.scm | 178 +++++++++++++++++++++++++++++++++++-------- tests/guix-environment.sh | 30 ++++++++ 3 files changed, 233 insertions(+), 34 deletions(-) -- 2.15.1
Hello Mike, There’s this last patch from the series you submitted a while backthat’s ready modulo an issue with the test. Could you take a look? TIA,Ludo’. email@example.com (Ludovic Courtès) skribis:
Toggle quote (45 lines)> Mike Gerwitz <firstname.lastname@example.org> skribis:>>> * doc/guix.texi (Invoking guix environment): Add --no-cwd.>> * guix/scripts/environment.scm (show-help, %options): Add --no-cwd.>> (launch-environment/container): Add 'map-cwd?' param; only add mapping for cwd>> if #t. Only change to cwd within container if #t, otherwise home.>> (guix-environment): Error if --no-cwd without --container. Provide '(not>> no-cwd?)' to launch-environment/container as 'map-cwd?'.>> * tests/guix-environment.sh: Add test for no-cwd.>> This one LGTM as well (with the test moved to> guix-environment-container.sh). There’s just a minor issue:>>> --- a/tests/guix-environment.sh>> +++ b/tests/guix-environment.sh>> @@ -84,6 +84,14 @@ HOME="$tmpdir" guix environment --bootstrap --container --user=foognu \>> --share="$tmpdir/umock" \>> -- guile -c "$usertest">> >> +# if not sharing CWD, chdir home>> +(>> + cd "$tmpdir" \>> + && guix environment --bootstrap --container --no-cwd --user=foo \>> + --ad-hoc guile-bootstrap --pure \>> + -- /bin/sh -c 'test $(pwd) == "/home/foo" -a ! -d '"$tmpdir">> +)>> +>> This test would fail for me because my test store is at> ~ludo/src/guix/test-tmp/store and my CWD is ~/src/guix. So when using> both --user and --no-cwd, the effect is that> ~ludo/src/guix/test-tmp/store is not available at all within the> container, and thus execve("/bin/sh") fails with ENOENT:>> $ ./test-env guix environment --bootstrap --container --no-cwd --user=foo --ad-hoc guile-bootstrap> accepted connection from pid 29684, user ludo> accepted connection from pid 29695, user ludo> ./test-env: line 1: 29683 Terminated "/home/ludo/src/guix/pre-inst-env" "/home/ludo/src/guix/guix-daemon" --disable-chroot --substitute-urls="$GUIX_BINARY_SUBSTITUTE_URL"> $ echo $?> 1>> Thoughts?>> TIA,> Ludo’.
Toggle quote (13 lines)> I believe I've found a solution to the problem that Ludo was encountering. The> reason why Ludo was having trouble was because when a user specifies `--user`,> we rewrite the targets of our filesystem mappings so that every instance of> `$HOME` (as seen ouside the container) becomes `/home/$USER`. Since this applied> to all filesystem mappings, it included our filesystem mappings for inputs too.> However, our symlinks were not updated.>> My change makes it so that we _only_ update the mappings that are either> user-specified, or cwd (if applicable). This solves Ludo's problems.>> Here's the patch, let me know if it looks good:> https://github.com/dongcarl/guix/compare/8e92d5465fc154fed5d06f7e4a64d7dcccded74d...2019-06-env-no-cwd-fix.patch
Good catch! The patches LGTM. (Note: you can use the ‘Co-authored-by’tag for the second patch, I think it’s a more or less commonconvention.) Speaking of which, could you create an account on Savannah? That way wecould grant you commit access to make it more convenient for you and soyou can review and apply other people’s patches in your areas of expertise. Please let me know what your account is, and reply with a message signedby the key you’ll use to sign commits. Also please read the ‘HACKING’file for info on the commit “rules”. Thanks! Ludo’.