[PATCH 0/3] guix environment --user, --link-profile, --no-cwd

DoneSubmitted by Mike Gerwitz.
Details
4 participants
  • Ludovic Courtès
  • Maxim Cournoyer
  • Mike Gerwitz
  • Ricardo Wurmus
Owner
unassigned
Severity
normal
Merged with
M
M
Mike Gerwitz wrote on 26 Jan 2018 04:29
(address . guix-patches@gnu.org)(name . David Thompson)(address . davet@gnu.org)
cover.1516937216.git.mtg@gnu.org
On help-guix I initiated a conversation on using IceCat within a container(<87vag2wopo.fsf@gnu.org>). This covers some of the lower-level concepts Iwas thinking off. Specifically:
0. The ability to hide the user (and home directory) from procsses within the container. This includes rewritting mapped paths;1. Suppressing the behavior of automatically sharing cwd; and2. Linking $GUIX_ENVIRONMENT to ~/.guix-profile.
The first two are for privacy (#1 is for conveinence, since creating an emptydir just to cd into it is a bit klugy as a workaround). #2 was motivated bymy needs with font-config, but I can imaging that it'd be useful elsewhereas well. It only really makes sense if you're not sharing your homedirectory.
Mike Gerwitz (3): scripts: environment: Add --link-profile. scripts: environment: Add --user. scripts: environment: Add --no-cwd.
doc/guix.texi | 59 +++++++++++++- guix/scripts/environment.scm | 178 +++++++++++++++++++++++++++++++++++-------- tests/guix-environment.sh | 30 ++++++++ 3 files changed, 233 insertions(+), 34 deletions(-)
-- 2.15.1
-----BEGIN PGP SIGNATURE-----Version: GnuPG v2
iQIcBAEBCgAGBQJaaqB+AAoJEIyRe39dxRuiafEP/jmJii6A75ckdrFAqTxPZYtOuxLCDYE4JF38e1n1pnNg8bS8djW0NGkYbXD3p9zqj870zs9zCv+gwsI6hQO+FTXwfhbrSU7cjOXWubNF/u15NM6NMeQ8bMz/MZmCukVO15Wdux+A67LLIGq6w10R/XktM01B4KsqTVg1OV8gY/4TJsa7DTVRUpjIJHj5YkEeKXnhiDB3CX/msIz3pCQDwAbhK396M1ZttJQKGhDJbwU9p5MQxdrZY19b2YZHv3x1NdaOECwf7ZvhXQn98b85HJmr3akpAIlbnt3HL6ZWEZzRsp9ybMSkZupjmrQKTKQCBDUTZDx9ZdbmgFfdhSVXFgxavYc6XeIIZ6PRFxzdhBQ7adBjkg9fw/N+cnIZi6ykZyfKkZ/wcoYeb8sKSIMeJv6KlqQBGFQFejNXuDruZNOZGSxazRQlsiuAg8ziu4hjNRG2Vm62tIyY6G5cSyfzfj6ZG0e2gei10xLrXKJU6nMEM7BR8G3MwWr2gK5+AG5NxNgiePglxJlZBPpoEUS44CrqfBWOELDjS7RAVrQhP6gdg8TbjoWUFWj88m1gs+cH0IEwM9bTMXA6meOvNbCBK64hNuDkZGdCFwvouNkzEHGI55W6jZO7rHUcLzdULnlRQ8CqVC5t9pF+T2xRRrb9ch+z9QQepdbHsOhwgvqSAe88=o/jn-----END PGP SIGNATURE-----
L
L
Ludovic Courtès wrote on 3 Mar 2018 22:22
control message for bug #30256
(address . control@debbugs.gnu.org)
87efl0am80.fsf@gnu.org
merge 30256 30254
L
L
Ludovic Courtès wrote on 17 Oct 2018 14:19
Re: [bug#30256] [PATCH 3/3] scripts: environment: Add --no-cwd.
(name . Mike Gerwitz)(address . mtg@gnu.org)
87murcdaui.fsf@gnu.org
Hello Mike,
There’s this last patch from the series you submitted a while backthat’s ready modulo an issue with the test. Could you take a look?
TIA,Ludo’.
ludo@gnu.org (Ludovic Courtès) skribis:
Toggle quote (45 lines)> Mike Gerwitz <mtg@gnu.org> skribis:>>> * doc/guix.texi (Invoking guix environment): Add --no-cwd.>> * guix/scripts/environment.scm (show-help, %options): Add --no-cwd.>> (launch-environment/container): Add 'map-cwd?' param; only add mapping for cwd>> if #t. Only change to cwd within container if #t, otherwise home.>> (guix-environment): Error if --no-cwd without --container. Provide '(not>> no-cwd?)' to launch-environment/container as 'map-cwd?'.>> * tests/guix-environment.sh: Add test for no-cwd.>> This one LGTM as well (with the test moved to> guix-environment-container.sh). There’s just a minor issue:>>> --- a/tests/guix-environment.sh>> +++ b/tests/guix-environment.sh>> @@ -84,6 +84,14 @@ HOME="$tmpdir" guix environment --bootstrap --container --user=foognu \>> --share="$tmpdir/umock" \>> -- guile -c "$usertest">> >> +# if not sharing CWD, chdir home>> +(>> + cd "$tmpdir" \>> + && guix environment --bootstrap --container --no-cwd --user=foo \>> + --ad-hoc guile-bootstrap --pure \>> + -- /bin/sh -c 'test $(pwd) == "/home/foo" -a ! -d '"$tmpdir">> +)>> +>> This test would fail for me because my test store is at> ~ludo/src/guix/test-tmp/store and my CWD is ~/src/guix. So when using> both --user and --no-cwd, the effect is that> ~ludo/src/guix/test-tmp/store is not available at all within the> container, and thus execve("/bin/sh") fails with ENOENT:>> $ ./test-env guix environment --bootstrap --container --no-cwd --user=foo --ad-hoc guile-bootstrap> accepted connection from pid 29684, user ludo> accepted connection from pid 29695, user ludo> ./test-env: line 1: 29683 Terminated "/home/ludo/src/guix/pre-inst-env" "/home/ludo/src/guix/guix-daemon" --disable-chroot --substitute-urls="$GUIX_BINARY_SUBSTITUTE_URL"> $ echo $?> 1>> Thoughts?>> TIA,> Ludo’.
M
M
Mike Gerwitz wrote on 8 Nov 2018 02:56
(name . Ludovic Courtès)(address . ludo@gnu.org)
87lg64xrfx.fsf@gnu.org
Ludo:
On Wed, Oct 17, 2018 at 15:19:33 +0200, Ludovic Courtès wrote:
Toggle quote (3 lines)> There’s this last patch from the series you submitted a while back> that’s ready modulo an issue with the test. Could you take a look?
I'm not ignoring this; I'll have time to look over the next couple ofweeks. I'll need to research the issue.
-- Mike Gerwitz
-----BEGIN PGP SIGNATURE-----Version: GnuPG v2
iQIcBAEBCgAGBQJb45fSAAoJEIyRe39dxRuisEMQALzkRSbdn1DLakjTK2vMJTMhoNJI00NgVPrmTbCgohtIZCvW9rhdmhgDmWr3gSM1I+3ptMKoN79kQCcT3O/seKWd1oh1MOswwwzNaZPBuVqq8m8FjE25OmYm4+FAT+KJWV3xBA2t3gUuxWway4OLmL7wwFkMTWUftScog0Aa2BceI56dXT6YmheajMoTjhhc27lnAT71Yf3qPsNfjs7VpGjYWqz6oC7h3Kv44WNN7KbUV0Zilvfh/zpU8AKeayovd9v4gQUudiCtPEimPi9VPeuZpvQk412DOfTAZYSCai8y8+2JYsXks+BGXd1+yX/cOqHp7tvAcrDxna96X0H1DS4d+O1srjpEhsb39HvCnya/u6c7ltWNjUAdojksm2KpY5eMjQkvkhV5O6K/0wAZf53l9jyd4uJ9hLYqKlspbiTvFCAqa3SDp43/deKT3PR1Gd7x04c7R+GtF9PLwvIOSsVYZUlsujv/YWQqGVt9LJ0XN2ffQ+wyZ8xxIyPQBtnRUHNFlJrOIXxtkuRKdVuSDB4gkZPky1QyBhG9HldJEDyvr3JXeyDxgPGBxpAt0K3vadv+5fL59+7Q59oaSnKkC2lnFpXEw+8cz+93Xjh8N3zybBl9sGfh+LVp87Cjd06Dlw+g/bcCsCoRGV165VHa3kuybAe5pEu9SpGWVxBcicgv=V7Ay-----END PGP SIGNATURE-----
R
R
Ricardo Wurmus wrote on 4 Feb 2019 14:29
control message for bug #30254
(address . control@debbugs.gnu.org)
168b8b31ef3.2c1a096-1530070560.2547737053220808969@zoho.com
tags 30254 moreinfo
L
L
Ludovic Courtès wrote on 7 Jul 2019 15:18
Re: [bug#30256] [PATCH 3/3] scripts: environment: Add --no-cwd.
(name . Carl Dong)(address . contact@carldong.me)
87lfxac7ab.fsf@gnu.org
Hi Carl,
Carl Dong <contact@carldong.me> skribis:
Toggle quote (13 lines)> I believe I've found a solution to the problem that Ludo was encountering. The> reason why Ludo was having trouble was because when a user specifies `--user`,> we rewrite the targets of our filesystem mappings so that every instance of> `$HOME` (as seen ouside the container) becomes `/home/$USER`. Since this applied> to all filesystem mappings, it included our filesystem mappings for inputs too.> However, our symlinks were not updated.>> My change makes it so that we _only_ update the mappings that are either> user-specified, or cwd (if applicable). This solves Ludo's problems.>> Here's the patch, let me know if it looks good:> https://github.com/dongcarl/guix/compare/8e92d5465fc154fed5d06f7e4a64d7dcccded74d...2019-06-env-no-cwd-fix.patch
Good catch! The patches LGTM. (Note: you can use the ‘Co-authored-by’tag for the second patch, I think it’s a more or less commonconvention.)
Speaking of which, could you create an account on Savannah? That way wecould grant you commit access to make it more convenient for you and soyou can review and apply other people’s patches in your areas of expertise.
Please let me know what your account is, and reply with a message signedby the key you’ll use to sign commits. Also please read the ‘HACKING’file for info on the commit “rules”.
Thanks!
Ludo’.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEPORkVYqE/cadtAz7CQsRmT2a67UFAl0h8RwACgkQCQsRmT2a67Xc+Q/+Kq8VHJSSLVX8lMtbCNz+PR7fjFXVIou2E81SyQ1RzjeK/Iy0RbwdsOnX02/GB1+8WK2F4L/j+48DEAzNO9Pg3AMYNITXaCyhxx0uqjhCIgWK5XBfLnjgGGIOe2U2mxRhwCDAK5hbdlJncrtax6rgqouZmUiPkTfJ6cnJRmYAWtl/2zKf7aPxiZ/Zk9k2E4IUcsDrP/tpl6CT8WUiFOBvzudfbFij3PH7a17kzO7TQKJAK7R9R2LdywwCteZ2BYzpqF+eMo1+L13aQpC+Kh58rYDU+DWsIVtm0vnEJqLdkiOZsgIMOlIhuluNgS1RR06af/ayJsxilwS3DUjXKetVo0Dr7EaOyhSzW0UfYepHZQVQDDVu9ELJ2qu5QaWZGcWqx+tS78JHIO3yHgWisTaB473JroKPJbvCkoDMTXrHoyEoRA9kX4IzPL5NDT+8GcXhn+iAQneZBBxemRZuxVlEMi3lqP5NMLH9bsS7Gm2hCFKCqYoBEGKhgLiQqEDTJLVrT96f39KxItPrps40qrvPWu3U8vcxf9XIlIHM8yZ1PC44UTViH8aKmq+rYhD+RjsiyYNq2frW7U+Nv7INkyHWujmMFhmhw2rfv9cfU00+Eq/yIqu2dR3B4PiSUbz0hngpdNh1ySpgoJq0Cgj5hyrcHd6nWsVwhda/rawJp83RWFg==SlEi-----END PGP SIGNATURE-----
M
M
Maxim Cournoyer wrote on 14 Jul 15:18 +0200
Re: bug#30254: [PATCH 0/3] guix environment --user, --link-profile, --no-cwd
(name . Ludovic Courtès)(address . ludo@gnu.org)
875yxdowy4.fsf_-_@gmail.com
Hello,
Ludovic Courtès <ludo@gnu.org> writes:
Toggle quote (16 lines)> Hello!>> Carl Dong <contact@carldong.me> skribis:>>>> Good catch! The patches LGTM. (Note: you can use the ‘Co-authored-by’ tag for>>> the second patch, I think it’s a more or less common convention.)>>>> Done! Updated at the same link as last time:>> https://github.com/dongcarl/guix/compare/8e92d5465fc154fed5d06f7e4a64d7dcccded74d...2019-06-env-no-cwd-fix.patch>> Alright!>>>> Speaking of which, could you create an account on Savannah? That way we could>>> grant you commit access to make it more convenient for you and so you can>>> review and apply other people’s patches in your areas of expertise.
[...]
Toggle quote (3 lines)> Cool, I’ve added you to the Savannah group. You can now push these two> patches to test it.
Seems the patches have indeed been pushed :-).
Closing.
Maxim
Closed
?