X-Loop: help-debbugs@HIDDEN Subject: [bug#67613] Introduce unit tests for oci-container-service-type. Resent-From: paul <goodoldpaul@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: guix-patches@HIDDEN Resent-Date: Sun, 03 Dec 2023 21:55:02 +0000 Resent-Message-ID: <handler.67613.B.17016404651877 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: report 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 67613 <at> debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> X-Debbugs-Original-To: guix-patches@HIDDEN Received: via spool by submit <at> debbugs.gnu.org id=B.17016404651877 (code B ref -1); Sun, 03 Dec 2023 21:55:02 +0000 Received: (at submit) by debbugs.gnu.org; 3 Dec 2023 21:54:25 +0000 Received: from localhost ([127.0.0.1]:32898 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1r9uPx-0000UD-26 for submit <at> debbugs.gnu.org; Sun, 03 Dec 2023 16:54:25 -0500 Received: from lists.gnu.org ([2001:470:142::17]:51564) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <goodoldpaul@HIDDEN>) id 1r9uPu-0000Ty-2g for submit <at> debbugs.gnu.org; Sun, 03 Dec 2023 16:54:23 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <goodoldpaul@HIDDEN>) id 1r9uPa-0002eL-Fw for guix-patches@HIDDEN; Sun, 03 Dec 2023 16:54:03 -0500 Received: from confino.investici.org ([2a11:7980:1::2:0]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <goodoldpaul@HIDDEN>) id 1r9uPX-0000gP-Vg; Sun, 03 Dec 2023 16:54:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1701640431; bh=hxJtt+cPE2tO1SUtvX7itSPVYgmlqLo4wlkfIM0MtHQ=; h=Date:To:Cc:From:Subject:From; b=W/TzPOD6fk/hjcRz2IkgJcCLdgK2/imgK7da2AGg7yLzCk9fIiIWtVynqhf55cs+V w2H9RRvVRFQ6w256pV5oJyIWzxhJ05Zm0A+mlC9bG/qLat13iArtjuYz1OLXeOxXK+ TFZ/+cqzmJkkpbMq+DiPb7+amrkJ9zWGf2ZdTaGY= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4Sk0tR1csJz11Jw; Sun, 3 Dec 2023 21:53:51 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@HIDDEN) by localhost (Postfix) with ESMTPSA id 4Sk0tR0SWlz11Jt; Sun, 3 Dec 2023 21:53:50 +0000 (UTC) Message-ID: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@HIDDEN> Date: Sun, 3 Dec 2023 22:53:50 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 Content-Language: en-US From: paul <goodoldpaul@HIDDEN> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a11:7980:1::2:0; envelope-from=goodoldpaul@HIDDEN; helo=confino.investici.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.9 (/) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -0.1 (/) Hi, as discussed in issue #66160 and #67574 I'm sending a follow up with some unit tests for most of the internals of oci-container-service-type. These tests depend on the hotfix from #67574 since #66160 was merged with a blocking bug due to a last minute feature I added during the review process :( Hence if this gets merged before #67574 tests will fail . Thank you for your help and apologies for the noise, giacomo
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: paul <goodoldpaul@HIDDEN> Subject: bug#67613: Acknowledgement (Introduce unit tests for oci-container-service-type.) Message-ID: <handler.67613.B.17016404651877.ack <at> debbugs.gnu.org> References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@HIDDEN> X-Gnu-PR-Message: ack 67613 X-Gnu-PR-Package: guix-patches Reply-To: 67613 <at> debbugs.gnu.org Date: Sun, 03 Dec 2023 21:55:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): guix-patches@HIDDEN If you wish to submit further information on this problem, please send it to 67613 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 67613: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D67613 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
X-Loop: help-debbugs@HIDDEN Subject: [bug#67613] [PATCH] tests: Add oci-container-service-type unit tests. References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@HIDDEN> In-Reply-To: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@HIDDEN> Resent-From: Giacomo Leidi <goodoldpaul@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: guix-patches@HIDDEN Resent-Date: Sun, 03 Dec 2023 21:57:01 +0000 Resent-Message-ID: <handler.67613.B67613.17016406142123 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 67613 <at> debbugs.gnu.org Cc: Giacomo Leidi <goodoldpaul@HIDDEN> Received: via spool by 67613-submit <at> debbugs.gnu.org id=B67613.17016406142123 (code B ref 67613); Sun, 03 Dec 2023 21:57:01 +0000 Received: (at 67613) by debbugs.gnu.org; 3 Dec 2023 21:56:54 +0000 Received: from localhost ([127.0.0.1]:32903 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1r9uSL-0000YA-Lz for submit <at> debbugs.gnu.org; Sun, 03 Dec 2023 16:56:54 -0500 Received: from confino.investici.org ([93.190.126.19]:39489) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <goodoldpaul@HIDDEN>) id 1r9uSJ-0000Xz-PO for 67613 <at> debbugs.gnu.org; Sun, 03 Dec 2023 16:56:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1701640600; bh=+c+LP5Pl+Jam/PArkvV5F/+9iVUrD5pHIyKiEYyu8dg=; h=From:To:Cc:Subject:Date:From; b=C+OW7s7wRgtpPmFJp6wGxNSZJ2haTRYCvEssSuwpJvd41bQEKfEN74oknHnIV5yr9 LTzD+mOEQ7Sg5BYV6Vzx0T7NEFcil6fmeL/Wgv9WmsEvoQmFP0u2cjFgaMwNHgrd90 Q3myBD5WP1kDfwimAGVEMzpJPc5XfdnliRZ9a8f0= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4Sk0xh2MrCz11Cc; Sun, 3 Dec 2023 21:56:40 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@HIDDEN) by localhost (Postfix) with ESMTPSA id 4Sk0xh13fdz11CX; Sun, 3 Dec 2023 21:56:40 +0000 (UTC) From: Giacomo Leidi <goodoldpaul@HIDDEN> Date: Sun, 3 Dec 2023 22:56:28 +0100 Message-ID: <20231203215630.28144-1-goodoldpaul@HIDDEN> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) This patch is a followup to issue #66160 and issue #67574. It introduces unit tests for the oci-container-service-type. 8 out 11 tests depend on issue #67574 being merged since issue #66160 was merged with a blocking bug from the beginning. * gnu/services/docker.scm: Export oci-container-configuration-container-user and oci-container-configuration-workdir. * tests/services/docker.scm: New file. * Makefile.am (SCM_TESTS): Register it. Change-Id: I47ed0fe36060ba84dd50b548a66f36e3df8a3710 --- Makefile.am | 1 + gnu/services/docker.scm | 2 + tests/services/docker.scm | 187 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 190 insertions(+) create mode 100644 tests/services/docker.scm diff --git a/Makefile.am b/Makefile.am index cbc3191dfc..91f7a77a94 100644 --- a/Makefile.am +++ b/Makefile.am @@ -564,6 +564,7 @@ SCM_TESTS = \ tests/services.scm \ tests/services/file-sharing.scm \ tests/services/configuration.scm \ + tests/services/docker.scm \ tests/services/lightdm.scm \ tests/services/linux.scm \ tests/services/pam-mount.scm \ diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index ebea0a473a..263cb41df3 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -58,6 +58,8 @@ (define-module (gnu services docker) oci-container-configuration-network oci-container-configuration-ports oci-container-configuration-volumes + oci-container-configuration-container-user + oci-container-configuration-workdir oci-container-service-type oci-container-shepherd-service)) diff --git a/tests/services/docker.scm b/tests/services/docker.scm new file mode 100644 index 0000000000..fad28a228c --- /dev/null +++ b/tests/services/docker.scm @@ -0,0 +1,187 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2023 Giacomo Leidi <goodoldpaul@HIDDEN> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (tests services docker) + #:use-module (gnu packages docker) + #:use-module (gnu services docker) + #:use-module (guix derivations) + #:use-module (guix gexp) + #:use-module (guix monads) + #:use-module (guix packages) + #:use-module (guix store) + #:use-module (guix tests) + #:use-module (ice-9 match) + #:use-module (srfi srfi-1) + #:use-module (srfi srfi-64)) + + +;;; Commentary: +;;; +;;; Unit tests for the (gnu services docker) module. +;;; +;;; Code: + + +;;; +;;; Unit tests for the oci-container-service-type. +;;; + + +;;; Access some internals for whitebox testing. +(define %store + (open-connection-for-tests)) +(define (gexp->sexp . x) + (apply (@@ (guix gexp) gexp->sexp) x)) +(define* (gexp->sexp* exp #:optional target) + (run-with-store %store (gexp->sexp exp (%current-system) target) + #:guile-for-build (%guile-for-build))) +(define (list->sexp-list* lst) + (map (lambda (el) + (if (gexp? el) + (gexp->sexp* el) + el)) + lst)) +(define oci-sanitize-mixed-list + (@@ (gnu services docker) oci-sanitize-mixed-list)) +(define (oci-container-configuration->options config) + (list->sexp-list* + ((@@ (gnu services docker) oci-container-configuration->options) config))) + +(test-begin "oci-containers-service") + +(test-group "oci-sanitize-mixed-list" + (define delimiter "=") + (define file-like-key + (plain-file "oci-tests-file-like-key" "some-content")) + (define mixed-list + `("any kind of string" + ("KEY" . "VALUE") + (,#~(string-append "COMPUTED" "_KEY") . "VALUE") + (,file-like-key . "VALUE"))) + + (test-assertm "successfully lower mixed values" + (mlet* %store-monad ((ml -> (oci-sanitize-mixed-list "field-name" mixed-list delimiter)) + (actual -> (list->sexp-list* ml)) + (file-like-item (lower-object file-like-key)) + (expected -> `("any kind of string" + (string-append "KEY" "=" "VALUE") + (string-append (string-append "COMPUTED" "_KEY") "=" "VALUE") + (string-append ,file-like-item "=" "VALUE")))) + (mbegin %store-monad + (return + (every (lambda (pair) + (apply (if (string? (first pair)) + string=? + equal?) + pair)) + (zip expected actual)))))) + + (test-error + "illegal list values" #t + (oci-sanitize-mixed-list "field-name" '(("KEY" . "VALUE") #f) delimiter)) + + (test-error + "illegal pair member values" #t + (oci-sanitize-mixed-list "field-name" '(("KEY" . 1)) delimiter))) + +(test-group "oci-container-configuration->options" + (define config + (oci-container-configuration + (image "guix/guix:latest"))) + + (test-equal "entrypoint" + (list "--entrypoint" "entrypoint") + (oci-container-configuration->options + (oci-container-configuration + (inherit config) + (entrypoint "entrypoint")))) + + (test-equal "environment" + (list "--env" '(string-append "key" "=" "value") + "--env" '(string-append "environment" "=" "variable")) + (oci-container-configuration->options + (oci-container-configuration + (inherit config) + (environment + '(("key" . "value") + ("environment" . "variable")))))) + + (test-equal "network" + (list "--network" "host") + (oci-container-configuration->options + (oci-container-configuration + (inherit config) + (network "host")))) + + (test-equal "container-user" + (list "--user" "service-account") + (oci-container-configuration->options + (oci-container-configuration + (inherit config) + (container-user "service-account")))) + + (test-equal "workdir" + (list "--workdir" "/srv/http") + (oci-container-configuration->options + (oci-container-configuration + (inherit config) + (workdir "/srv/http")))) + + (test-equal "ports" + (list "-p" '(string-append "10443" ":" "443") + "-p" '(string-append "9022" ":" "22")) + (oci-container-configuration->options + (oci-container-configuration + (inherit config) + (ports + '(("10443" . "443") + ("9022" . "22")))))) + + (test-equal "volumes" + (list "-v" '(string-append "/gnu/store" ":" "/gnu/store") + "-v" '(string-append "/var/lib/guix" ":" "/var/lib/guix")) + (oci-container-configuration->options + (oci-container-configuration + (inherit config) + (volumes + '(("/gnu/store" . "/gnu/store") + ("/var/lib/guix" . "/var/lib/guix")))))) + + (test-equal "complete configuration" + (list "--entrypoint" "entrypoint" + "--env" '(string-append "key" "=" "value") + "--network" "host" + "--user" "service-account" + "--workdir" "/srv/http" + "-p" '(string-append "10443" ":" "443") + "-v" '(string-append "/gnu/store" ":" "/gnu/store")) + (oci-container-configuration->options + (oci-container-configuration + (inherit config) + (entrypoint "entrypoint") + (environment + '(("key" . "value"))) + (network "host") + (container-user "service-account") + (workdir "/srv/http") + (ports + '(("10443" . "443"))) + (volumes + '(("/gnu/store" . "/gnu/store"))))))) + +(test-end "oci-containers-service") base-commit: 2c9ac9ab20c76abe570ff83f8746fa089fea3047 -- 2.41.0
X-Loop: help-debbugs@HIDDEN Subject: [bug#67613] Introduce unit tests for oci-container-service-type. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: guix-patches@HIDDEN Resent-Date: Sun, 10 Dec 2023 21:48:02 +0000 Resent-Message-ID: <handler.67613.B67613.170224485124270 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Giacomo Leidi <goodoldpaul@HIDDEN> Cc: 67613 <at> debbugs.gnu.org Received: via spool by 67613-submit <at> debbugs.gnu.org id=B67613.170224485124270 (code B ref 67613); Sun, 10 Dec 2023 21:48:02 +0000 Received: (at 67613) by debbugs.gnu.org; 10 Dec 2023 21:47:31 +0000 Received: from localhost ([127.0.0.1]:51879 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1rCRe6-0006JO-Nr for submit <at> debbugs.gnu.org; Sun, 10 Dec 2023 16:47:31 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:42308) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1rCRe3-0006JA-Oz for 67613 <at> debbugs.gnu.org; Sun, 10 Dec 2023 16:47:29 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1rCRdh-0007M6-NK; Sun, 10 Dec 2023 16:47:07 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=/MwSfBM5VhpwskLIbe90gupBswZCeAAwnP1ZrxvBnro=; b=DQqvcavaLihGv6Ej4bFR MSfCnT+syKjAWBrLgE56MOo7+tIa8KpO/eGLmUK9sR/pyZMcte6IO3OoJA6iwa+82FlYasrHFGwoA RWF53wJHN1cz/iHPn9nv7/EOcVuoQbTQF5PHb6IJm8eOgU3jytN/R6vcjTDFy0KroNrlJgJ5v7eR3 4S6xLPnoklqW/inShp5xo87V1gOHSKrq7MjJYg8PSMa1U67ReTseNMnFXEXqO82fyRJSkkMwfR32h Xdh9Xyhi61VYciBo/1wyPfFAMJK3Zxb+Gfzd1LlSGeaztChJcguCUFefTyKab3WP0S/NX2CE9duCP IWXe3eEi98kasQ==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> In-Reply-To: <20231203215630.28144-1-goodoldpaul@HIDDEN> (Giacomo Leidi's message of "Sun, 3 Dec 2023 22:56:28 +0100") References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@HIDDEN> <20231203215630.28144-1-goodoldpaul@HIDDEN> Date: Sun, 10 Dec 2023 22:47:01 +0100 Message-ID: <87lea13f3e.fsf_-_@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hello, Giacomo Leidi <goodoldpaul@HIDDEN> skribis: > This patch is a followup to issue #66160 and issue #67574. It introduces > unit tests for the oci-container-service-type. 8 out 11 tests depend on > issue #67574 being merged since issue #66160 was merged with a blocking > bug from the beginning. > > * gnu/services/docker.scm: Export > oci-container-configuration-container-user and > oci-container-configuration-workdir. > * tests/services/docker.scm: New file. > * Makefile.am (SCM_TESTS): Register it. > > Change-Id: I47ed0fe36060ba84dd50b548a66f36e3df8a3710 Thanks for working on this! To me, what=E2=80=99s really helpful is a system test: a test that spins up= a VM running an OCI service and makes sure said service is functional. Apologies if I wasn=E2=80=99t clear! Unit tests can be interesting too, but only if their =E2=80=9Cbug-finding performance=E2=80=9D is good. The tests below, for instance, are likely to= be mirroring the implementation too closely to be really able to find bugs: > + (test-equal "environment" > + (list "--env" '(string-append "key" "=3D" "value") > + "--env" '(string-append "environment" "=3D" "variable")) > + (oci-container-configuration->options > + (oci-container-configuration > + (inherit config) > + (environment > + '(("key" . "value") > + ("environment" . "variable")))))) > + > + (test-equal "network" > + (list "--network" "host") > + (oci-container-configuration->options > + (oci-container-configuration > + (inherit config) > + (network "host")))) > + > + (test-equal "container-user" > + (list "--user" "service-account") > + (oci-container-configuration->options > + (oci-container-configuration > + (inherit config) > + (container-user "service-account")))) Thus my suggestion would be to instead focus on a system test, like those in (gnu tests docker). Does that make sense? WDYT? Ludo=E2=80=99.
X-Loop: help-debbugs@HIDDEN Subject: [bug#67613] Introduce unit tests for oci-container-service-type. Resent-From: paul <goodoldpaul@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: guix-patches@HIDDEN Resent-Date: Sun, 10 Dec 2023 22:12:01 +0000 Resent-Message-ID: <handler.67613.B67613.170224626726882 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> Cc: 67613 <at> debbugs.gnu.org Received: via spool by 67613-submit <at> debbugs.gnu.org id=B67613.170224626726882 (code B ref 67613); Sun, 10 Dec 2023 22:12:01 +0000 Received: (at 67613) by debbugs.gnu.org; 10 Dec 2023 22:11:07 +0000 Received: from localhost ([127.0.0.1]:51910 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1rCS0w-0006zV-Ff for submit <at> debbugs.gnu.org; Sun, 10 Dec 2023 17:11:06 -0500 Received: from confino.investici.org ([2a11:7980:1::2:0]:26059) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <goodoldpaul@HIDDEN>) id 1rCS0q-0006yz-JG for 67613 <at> debbugs.gnu.org; Sun, 10 Dec 2023 17:11:05 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1702246243; bh=M+F4RlbkwcQChvxocRRMmefa3QAQdBYKU4g1vaw3vP8=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=ZcnQP+AnY8xm2+gcxWHLWYF+MlTp7XCQd4+NBHE10Z5M/PKwSa08krYSN61L0GSzA r+P4KZ75Bqd7UoLEVArhCcCsjWGm5aXnBg5C275xiws9POhQVdqiSRH1BmjnBBsF8J xJnje310C7UzkXToy/pCHA+/VG8hpYK2LzbrkaFs= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4SpJwg06mtz11KS; Sun, 10 Dec 2023 22:10:43 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@HIDDEN) by localhost (Postfix) with ESMTPSA id 4SpJwf5kG7z11Js; Sun, 10 Dec 2023 22:10:42 +0000 (UTC) Content-Type: multipart/alternative; boundary="------------02IP0j4d1R0Zg52ZIAropfkD" Message-ID: <cb50582a-b886-e6c8-59a0-d71285058e43@HIDDEN> Date: Sun, 10 Dec 2023 23:10:42 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 Content-Language: en-US References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@HIDDEN> <20231203215630.28144-1-goodoldpaul@HIDDEN> <87lea13f3e.fsf_-_@HIDDEN> From: paul <goodoldpaul@HIDDEN> In-Reply-To: <87lea13f3e.fsf_-_@HIDDEN> X-Spam-Score: -2.2 (--) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.2 (---) This is a multi-part message in MIME format. --------------02IP0j4d1R0Zg52ZIAropfkD Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Hi Ludo’, On 12/10/23 22:47, Ludovic Courtès wrote: > Thus my suggestion would be to instead focus on a system test, like > those in (gnu tests docker). > > Does that make sense? WDYT? I definitely misunderstood, I'll work also on system tests like those you pointed out. Thank you, I was not aware of them, I was wondering how do I run them? guix shell --pure -D guix -- make check TESTS=gnu/tests/docker.scm gives me ============================================================================ Testsuite summary for GNU Guix 1.3.0.50882-34e1c ============================================================================ # TOTAL: 0 # PASS: 0 # SKIP: 0 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 0 ============================================================================ Thank you, giacomo --------------02IP0j4d1R0Zg52ZIAropfkD Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> <p>Hi Ludo’,<br> </p> <div class="moz-cite-prefix">On 12/10/23 22:47, Ludovic Courtès wrote:<br> </div> <blockquote type="cite" cite="mid:87lea13f3e.fsf_-_@HIDDEN"> <pre class="moz-quote-pre" wrap="">Thus my suggestion would be to instead focus on a system test, like those in (gnu tests docker). Does that make sense? WDYT? </pre> </blockquote> <p>I definitely misunderstood, I'll work also on system tests like those you pointed out. Thank you, I was not aware of them, I was wondering how do I run them?<br> </p> <pre>guix shell --pure -D guix -- make check TESTS=gnu/tests/docker.scm</pre> <p>gives me<br> </p> <pre>============================================================================ Testsuite summary for GNU Guix 1.3.0.50882-34e1c ============================================================================ # TOTAL: 0 # PASS: 0 # SKIP: 0 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 0 ============================================================================ </pre> <p>Thank you,</p> <p>giacomo<br> </p> <p></p> </body> </html> --------------02IP0j4d1R0Zg52ZIAropfkD--
X-Loop: help-debbugs@HIDDEN Subject: [bug#67613] Introduce unit tests for oci-container-service-type. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: guix-patches@HIDDEN Resent-Date: Thu, 14 Dec 2023 18:36:02 +0000 Resent-Message-ID: <handler.67613.B67613.170257891032656 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: paul <goodoldpaul@HIDDEN> Cc: 67613 <at> debbugs.gnu.org Received: via spool by 67613-submit <at> debbugs.gnu.org id=B67613.170257891032656 (code B ref 67613); Thu, 14 Dec 2023 18:36:02 +0000 Received: (at 67613) by debbugs.gnu.org; 14 Dec 2023 18:35:10 +0000 Received: from localhost ([127.0.0.1]:50906 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1rDqY9-0008Ue-G6 for submit <at> debbugs.gnu.org; Thu, 14 Dec 2023 13:35:09 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:50290) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1rDqY7-0008UL-E7 for 67613 <at> debbugs.gnu.org; Thu, 14 Dec 2023 13:35:08 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1rDqY1-0005Lg-UX; Thu, 14 Dec 2023 13:35:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=T08gi4YvAPwo/lffJUkiGAyLx7Di3Pa0mCFNZ4kFrYY=; b=e56mbeoqtK9ytZ803dXF J2sTA0r9+cnxNAvqK/u0gOwMVdftYXvEJGtbmVULoiL7XXzCtBI7AYcPjONRRYZsN5Xq/l27z1kkR bp5fJEoO76jzhgIiLI8h5DHiyeZbNIKDnmxXLtiJDGqCUn6COezVwYy6GFU8a8MWrVYw/3MVzdUg1 Zn1omqloYxKaLo5ElldzB51oQse1bGSIIwMInB7LJ/vffeKT3+/MtoHarfdhZ450usGuxR0zX3idL E7RZp9O7qR/rPX0wA8YOfs+DrPAZ6hPR96fpeLGqyiyhMWq7/HaQf3cAfkI7YM0OF537L4fAMU7i4 slDLfCjuJZsESw==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> In-Reply-To: <cb50582a-b886-e6c8-59a0-d71285058e43@HIDDEN> (paul's message of "Sun, 10 Dec 2023 23:10:42 +0100") References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@HIDDEN> <20231203215630.28144-1-goodoldpaul@HIDDEN> <87lea13f3e.fsf_-_@HIDDEN> <cb50582a-b886-e6c8-59a0-d71285058e43@HIDDEN> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Quartidi 24 Frimaire an 232 de la =?UTF-8?Q?R=C3=A9volution,?= jour de l'Oseille X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 14 Dec 2023 19:34:59 +0100 Message-ID: <87wmtgtyy4.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi, paul <goodoldpaul@HIDDEN> skribis: > I definitely misunderstood, I'll work also on system tests like those > you pointed out. Thank you, I was not aware of them, I was wondering > how do I run them? With =E2=80=98make check-system TESTS=3D=E2=80=A6=E2=80=99: https://guix.gnu.org/manual/devel/en/html_node/Running-the-Test-Suite.html Apologies for the miscommunication! Ludo=E2=80=99.
X-Loop: help-debbugs@HIDDEN Subject: [bug#67613] Introduce unit tests for oci-container-service-type. Resent-From: paul <goodoldpaul@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: guix-patches@HIDDEN Resent-Date: Thu, 11 Jan 2024 20:40:01 +0000 Resent-Message-ID: <handler.67613.B67613.170500555210356 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> Cc: 67613 <at> debbugs.gnu.org Received: via spool by 67613-submit <at> debbugs.gnu.org id=B67613.170500555210356 (code B ref 67613); Thu, 11 Jan 2024 20:40:01 +0000 Received: (at 67613) by debbugs.gnu.org; 11 Jan 2024 20:39:12 +0000 Received: from localhost ([127.0.0.1]:34032 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1rO1pY-0002gy-86 for submit <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:39:12 -0500 Received: from confino.investici.org ([93.190.126.19]:36917) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <goodoldpaul@HIDDEN>) id 1rO1pU-0002gm-OI for 67613 <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:39:10 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1705005549; bh=suYstArobkyqS5pXH0Hb7rUuKE/QeXEAMbCmEwuTWrw=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=PSFH6qAV+KSBinoeHMP6gr0sFM4CzJFvTfLkrt9K7hWw8PaSS1z0YZp9sTDoWUFO7 sFnyOuzoTIsBn7TQUlBorFAaf5WRi7fz0jsOHu1LCVtBjKc1+zH5eLEaHRWKlgLlpd ghgkP8OrG+cDi8ynb+D8LnBfI1TQLSVtheVm94Ns= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4T9xNF1MLyz112x; Thu, 11 Jan 2024 20:39:09 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@HIDDEN) by localhost (Postfix) with ESMTPSA id 4T9xNF0lCYz10w5; Thu, 11 Jan 2024 20:39:09 +0000 (UTC) Message-ID: <05d4f2f7-01ff-65d1-107f-f71b8e103de0@HIDDEN> Date: Thu, 11 Jan 2024 21:39:08 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 Content-Language: en-US References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@HIDDEN> <20231203215630.28144-1-goodoldpaul@HIDDEN> <87lea13f3e.fsf_-_@HIDDEN> <cb50582a-b886-e6c8-59a0-d71285058e43@HIDDEN> <87wmtgtyy4.fsf@HIDDEN> From: paul <goodoldpaul@HIDDEN> In-Reply-To: <87wmtgtyy4.fsf@HIDDEN> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Score: -3.8 (---) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -4.8 (----) Hi Ludo’ , I should have created a suitable system test for the oci-container-service-type. Thanks to a nice input from @graywolf@HIDDEN on mastodon, and actually to be able to run the test since the vm doesn't have internet access and can't pull OCI images, I implemented a new oci-image record that can be given some lowerable value that can be lowered to an OCI tarballed image and passed to the image field of the oci-container-configuration record. I'd like to point out two things: - It's the first time I use Guix internal API to build derivations, I took most of my implementation from other places around Guix and I hope is sound but I may have missed something. I'd like your feedback about it. - I was tempted to make the image field of the oci-container-configuration record directly only accept oci-image records (hence making the value field of oci-image optional) but that would break existing configurations. I'm not sure about the contract we have for configuration records API, should I wait 1.5.0 for this change? I'm sending an updated patchset, thank you for all your help and efforts. giacomo
X-Loop: help-debbugs@HIDDEN Subject: [bug#67613] [PATCH v2 2/5] gnu: docker: Allow setting host environment variables in oci-container-configuration. Resent-From: Giacomo Leidi <goodoldpaul@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: guix-patches@HIDDEN Resent-Date: Thu, 11 Jan 2024 20:41:02 +0000 Resent-Message-ID: <handler.67613.B67613.170500561610524 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 67613 <at> debbugs.gnu.org Cc: Giacomo Leidi <goodoldpaul@HIDDEN> Received: via spool by 67613-submit <at> debbugs.gnu.org id=B67613.170500561610524 (code B ref 67613); Thu, 11 Jan 2024 20:41:02 +0000 Received: (at 67613) by debbugs.gnu.org; 11 Jan 2024 20:40:16 +0000 Received: from localhost ([127.0.0.1]:34042 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1rO1qZ-0002jX-MV for submit <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:40:16 -0500 Received: from confino.investici.org ([2a11:7980:1::2:0]:54837) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <goodoldpaul@HIDDEN>) id 1rO1qX-0002j2-4L for 67613 <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:40:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1705005614; bh=mOOk2Rl7z1ZR1MtttF94Yl37JZ7ppTLvHQS+nvfnC40=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jklp8KjoINmvUElFMxOgyVt8NLknAkXMIZQkbWAozs2HP8+oy/PIbycg8PDhvacRS 7SOlkjwqNlH8GNemvFaddewxEPxSBWbX0aQZOaM2G74U1pe2lP8VYrelT+deqG3U10 y/JgQlEVXgxC3bgShcfViLo5Ticuh1htXh0wVIvc= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4T9xPV6Z7Bz112y; Thu, 11 Jan 2024 20:40:14 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@HIDDEN) by localhost (Postfix) with ESMTPSA id 4T9xPV5kPXz10w5; Thu, 11 Jan 2024 20:40:14 +0000 (UTC) From: Giacomo Leidi <goodoldpaul@HIDDEN> Date: Thu, 11 Jan 2024 21:39:50 +0100 Message-ID: <20240111203954.29335-2-goodoldpaul@HIDDEN> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240111203954.29335-1-goodoldpaul@HIDDEN> References: <20240111203954.29335-1-goodoldpaul@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) * gnu/services/docker.scm (oci-container-configuration) [host-environment]: New field; (oci-sanitize-host-environment): sanitize it; (oci-container-shepherd-service): use it. Change-Id: I4d54d37736cf09f042a71cb0b6e673abc0948d9c --- gnu/services/docker.scm | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index b4fd94d1fd..7706b4a29a 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -5,7 +5,7 @@ ;;; Copyright © 2020 Efraim Flashner <efraim@HIDDEN> ;;; Copyright © 2020 Jesse Dowell <jessedowell@HIDDEN> ;;; Copyright © 2021 Brice Waegeneire <brice@HIDDEN> -;;; Copyright © 2023 Giacomo Leidi <goodoldpaul@HIDDEN> +;;; Copyright © 2023, 2024 Giacomo Leidi <goodoldpaul@HIDDEN> ;;; ;;; This file is part of GNU Guix. ;;; @@ -285,6 +285,11 @@ (define (oci-sanitize-mixed-list name value delimiter) name el))))) value)) +(define (oci-sanitize-host-environment value) + ;; Expected spec format: + ;; '(("HOME" . "/home/nobody") "JAVA_HOME=/java") + (oci-sanitize-mixed-list "host-environment" value "=")) + (define (oci-sanitize-environment value) ;; Expected spec format: ;; '(("HOME" . "/home/nobody") "JAVA_HOME=/java") @@ -330,6 +335,24 @@ (define-configuration/no-serialization oci-container-configuration (entrypoint (maybe-string) "Overwrite the default entrypoint (@code{ENTRYPOINT}) of the image.") + (host-environment + (list '()) + "Set environment variables in the host environment where @command{docker run} +is invoked. This is especially useful to pass secrets from the host to the +container without having them on the @command{docker run}'s command line: by +setting the @{MYSQL_PASSWORD} on the host and by passing +@code{--env MYSQL_PASSWORD} through the @code{extra-arguments} field, it is +possible to securely set values in the container environment. This field's +value can be a list of pairs or strings, even mixed: + +@lisp +(list '(\"LANGUAGE\" . \"eo:ca:eu\") + \"JAVA_HOME=/opt/java\") +@end lisp + +Pair members can be strings, gexps or file-like objects. Strings are passed +directly to @code{make-forkexec-constructor}." + (sanitizer oci-sanitize-host-environment)) (environment (list '()) "Set environment variables. This can be a list of pairs or strings, even @@ -450,6 +473,8 @@ (define (guess-name name image) (let* ((docker-command (file-append docker-cli "/bin/docker")) (user (oci-container-configuration-user config)) (group (oci-container-configuration-group config)) + (host-environment + (oci-container-configuration-host-environment config)) (command (oci-container-configuration-command config)) (provision (oci-container-configuration-provision config)) (image (oci-container-configuration-image config)) @@ -471,7 +496,9 @@ (define (guess-name name image) "--name" #$name #$@options #$@extra-arguments #$image #$@command) #:user #$user - #:group #$group)) + #:group #$group + #:environment-variables + (list #$@host-environment))) (stop #~(lambda _ (invoke #$docker-command "rm" "-f" #$name))) -- 2.41.0
X-Loop: help-debbugs@HIDDEN Subject: [bug#67613] [PATCH v2 1/5] gnu: docker: Provide escape hatch in oci-container-configuration. References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@HIDDEN> In-Reply-To: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@HIDDEN> Resent-From: Giacomo Leidi <goodoldpaul@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: guix-patches@HIDDEN Resent-Date: Thu, 11 Jan 2024 20:41:03 +0000 Resent-Message-ID: <handler.67613.B67613.170500561710531 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 67613 <at> debbugs.gnu.org Cc: Giacomo Leidi <goodoldpaul@HIDDEN> Received: via spool by 67613-submit <at> debbugs.gnu.org id=B67613.170500561710531 (code B ref 67613); Thu, 11 Jan 2024 20:41:03 +0000 Received: (at 67613) by debbugs.gnu.org; 11 Jan 2024 20:40:17 +0000 Received: from localhost ([127.0.0.1]:34044 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1rO1qa-0002jh-DX for submit <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:40:17 -0500 Received: from confino.investici.org ([93.190.126.19]:45877) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <goodoldpaul@HIDDEN>) id 1rO1qX-0002j1-1B for 67613 <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:40:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1705005614; bh=XWMm9aw5xTxGJSFe/HmCEMWJtNwk9h+dQ0nFyKudE2U=; h=From:To:Cc:Subject:Date:From; b=B2quKg7pzfri8ER+3yh9ZD0TZWgI2vgJv//pr++iAPwHSBsrA/jGt0pzwynowTKsT SUmqqGWYOBeJDU1H6bNj4Sr2qJ0wxTm8SlnH7F2PYTOX8DcP0BrW0TFNER+gyhwYOA onW4JXk8o5pweuRbkt9/ZBNBQ91AJs55lDpqF4dw= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4T9xPV5N4jz112x; Thu, 11 Jan 2024 20:40:14 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@HIDDEN) by localhost (Postfix) with ESMTPSA id 4T9xPV4QQRz10w5; Thu, 11 Jan 2024 20:40:14 +0000 (UTC) From: Giacomo Leidi <goodoldpaul@HIDDEN> Date: Thu, 11 Jan 2024 21:39:49 +0100 Message-ID: <20240111203954.29335-1-goodoldpaul@HIDDEN> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) * gnu/services/docker.scm (oci-container-configuration) [extra-arguments]: New field; (oci-sanitize-extra-arguments): sanitize it; (oci-container-shepherd-service): use it; * doc/guix.texi: document it. Change-Id: I54c74ac2fe0f5ca65ca5a1d0d7f3fb55ff428063 --- doc/guix.texi | 13 ++++++++++--- gnu/services/docker.scm | 42 ++++++++++++++++++++++++++++++++++------- 2 files changed, 45 insertions(+), 10 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 395545bed7..ce239c603d 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -39844,7 +39844,8 @@ Set environment variables. This can be a list of pairs or strings, even mixed: "JAVA_HOME=/opt/java") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. +Strings are passed directly to the Docker CLI. You can refer to the @uref{https://docs.docker.com/engine/reference/commandline/run/#env,upstream} documentation for semantics. @@ -39868,7 +39869,8 @@ list of pairs or strings, even mixed: "10443:443") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. +Strings are passed directly to the Docker CLI. You can refer to the @uref{https://docs.docker.com/engine/reference/commandline/run/#publish,upstream} documentation for semantics. @@ -39881,7 +39883,8 @@ list of pairs or strings, even mixed: "/gnu/store:/gnu/store") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. +Strings are passed directly to the Docker CLI. You can refer to the @uref{https://docs.docker.com/engine/reference/commandline/run/#volume,upstream} documentation for semantics. @@ -39896,6 +39899,10 @@ You can refer to the @url{https://docs.docker.com/engine/reference/run/#workdir,upstream} documentation for semantics. +@item @code{extra-arguments} (default: @code{()}) (type: list) +A list of strings, gexps or file-like objects that will be directly +passed to the @command{docker run} invokation. + @end table @end deftp diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index 4d32b96847..b4fd94d1fd 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -58,6 +58,9 @@ (define-module (gnu services docker) oci-container-configuration-network oci-container-configuration-ports oci-container-configuration-volumes + oci-container-configuration-container-user + oci-container-configuration-workdir + oci-container-configuration-extra-arguments oci-container-service-type oci-container-shepherd-service)) @@ -297,6 +300,21 @@ (define (oci-sanitize-volumes value) ;; '(("/mnt/dir" . "/dir") "/run/current-system/profile:/java") (oci-sanitize-mixed-list "volumes" value ":")) +(define (oci-sanitize-extra-arguments value) + (define (valid? member) + (or (string? member) + (gexp? member) + (file-like? member))) + (map + (lambda (el) + (if (valid? el) + el + (raise + (formatted-message + (G_ "extra arguments may only be strings, gexps or file-like objects +but ~a was found") el)))) + value)) + (define-maybe/no-serialization string) (define-configuration/no-serialization oci-container-configuration @@ -322,7 +340,8 @@ (define-configuration/no-serialization oci-container-configuration \"JAVA_HOME=/opt/java\") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. Strings are passed +directly to the Docker CLI. You can refer to the @url{https://docs.docker.com/engine/reference/commandline/run/#env,upstream} documentation for semantics." (sanitizer oci-sanitize-environment)) @@ -347,7 +366,8 @@ (define-configuration/no-serialization oci-container-configuration \"10443:443\") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. Strings are passed +directly to the Docker CLI. You can refer to the @url{https://docs.docker.com/engine/reference/commandline/run/#publish,upstream} documentation for semantics." (sanitizer oci-sanitize-ports)) @@ -361,7 +381,8 @@ (define-configuration/no-serialization oci-container-configuration \"/gnu/store:/gnu/store\") @end lisp -String are passed directly to the Docker CLI. You can refer to the +Pair members can be strings, gexps or file-like objects. Strings are passed +directly to the Docker CLI. You can refer to the @url{https://docs.docker.com/engine/reference/commandline/run/#volume,upstream} documentation for semantics." (sanitizer oci-sanitize-volumes)) @@ -375,7 +396,12 @@ (define-configuration/no-serialization oci-container-configuration "Set the current working for the spawned Shepherd service. You can refer to the @url{https://docs.docker.com/engine/reference/run/#workdir,upstream} -documentation for semantics.")) +documentation for semantics.") + (extra-arguments + (list '()) + "A list of strings, gexps or file-like objects that will be directly passed +to the @command{docker run} invokation." + (sanitizer oci-sanitize-extra-arguments))) (define oci-container-configuration->options (lambda (config) @@ -428,7 +454,9 @@ (define (guess-name name image) (provision (oci-container-configuration-provision config)) (image (oci-container-configuration-image config)) (options (oci-container-configuration->options config)) - (name (guess-name provision image))) + (name (guess-name provision image)) + (extra-arguments + (oci-container-configuration-extra-arguments config))) (shepherd-service (provision `(,(string->symbol name))) (requirement '(dockerd user-processes)) @@ -441,7 +469,7 @@ (define (guess-name name image) ;; docker run [OPTIONS] IMAGE [COMMAND] [ARG...] (list #$docker-command "run" "--rm" "--name" #$name - #$@options #$image #$@command) + #$@options #$@extra-arguments #$image #$@command) #:user #$user #:group #$group)) (stop @@ -482,5 +510,5 @@ (define oci-container-service-type (extend append) (compose concatenate) (description - "This service allows the management of Docker and OCI + "This service allows the management of OCI containers as Shepherd services."))) base-commit: 637b72e2b83a6332849218ef1f193124fa8239eb -- 2.41.0
X-Loop: help-debbugs@HIDDEN Subject: [bug#67613] [PATCH v2 3/5] gnu: docker: Allow setting Shepherd dependencies in oci-container-configuration. Resent-From: Giacomo Leidi <goodoldpaul@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: guix-patches@HIDDEN Resent-Date: Thu, 11 Jan 2024 20:41:03 +0000 Resent-Message-ID: <handler.67613.B67613.170500561710538 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 67613 <at> debbugs.gnu.org Cc: Giacomo Leidi <goodoldpaul@HIDDEN> Received: via spool by 67613-submit <at> debbugs.gnu.org id=B67613.170500561710538 (code B ref 67613); Thu, 11 Jan 2024 20:41:03 +0000 Received: (at 67613) by debbugs.gnu.org; 11 Jan 2024 20:40:17 +0000 Received: from localhost ([127.0.0.1]:34046 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1rO1qb-0002jo-2x for submit <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:40:17 -0500 Received: from confino.investici.org ([2a11:7980:1::2:0]:33833) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <goodoldpaul@HIDDEN>) id 1rO1qX-0002j5-C6 for 67613 <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:40:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1705005615; bh=yrJSM07unALGLurAQx4P+SyGutdFXugjekWvX0puvs0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JAkXkhAhzCSqFOXDyfng/wBDftVvT7SGGV+Ih+B+OfdBKlv9t6GKpbV2epDqrCjjI IKtwD4ItGB9lSOsz4aQlylPPnsXNQSkzz4Qu5oMBlr5baatbotnBYbz9G7Sdo7/ZoK kfQpwLcvujcwk4F9z0tF8IIIFyvw0X/BjIV5U21M= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4T9xPW1pMlz1132; Thu, 11 Jan 2024 20:40:15 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@HIDDEN) by localhost (Postfix) with ESMTPSA id 4T9xPV6xLjz10w5; Thu, 11 Jan 2024 20:40:14 +0000 (UTC) From: Giacomo Leidi <goodoldpaul@HIDDEN> Date: Thu, 11 Jan 2024 21:39:51 +0100 Message-ID: <20240111203954.29335-3-goodoldpaul@HIDDEN> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240111203954.29335-1-goodoldpaul@HIDDEN> References: <20240111203954.29335-1-goodoldpaul@HIDDEN> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) * gnu/services/docker.scm (oci-container-configuration) [requirement]: New field; (list-of-symbols): sanitize it; (oci-container-shepherd-service): use it. Change-Id: Ic0ba336a2257d6ef7c658cfc6cd630116661f581 --- gnu/services/docker.scm | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index 7706b4a29a..43ffb71901 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -320,6 +320,9 @@ (define (valid? member) but ~a was found") el)))) value)) +(define list-of-symbols? + (list-of symbol?)) + (define-maybe/no-serialization string) (define-configuration/no-serialization oci-container-configuration @@ -376,6 +379,10 @@ (define-configuration/no-serialization oci-container-configuration (provision (maybe-string) "Set the name of the provisioned Shepherd service.") + (requirement + (list-of-symbols '()) + "Set additional Shepherd services dependencies to the provisioned Shepherd +service.") (network (maybe-string) "Set a Docker network for the spawned container.") @@ -477,6 +484,7 @@ (define (guess-name name image) (oci-container-configuration-host-environment config)) (command (oci-container-configuration-command config)) (provision (oci-container-configuration-provision config)) + (requirement (oci-container-configuration-requirement config)) (image (oci-container-configuration-image config)) (options (oci-container-configuration->options config)) (name (guess-name provision image)) @@ -484,7 +492,7 @@ (define (guess-name name image) (oci-container-configuration-extra-arguments config))) (shepherd-service (provision `(,(string->symbol name))) - (requirement '(dockerd user-processes)) + (requirement `(dockerd user-processes ,@requirement)) (respawn? #f) (documentation (string-append -- 2.41.0
X-Loop: help-debbugs@HIDDEN Subject: [bug#67613] [PATCH v2 5/5] gnu: Add tests and documentation for oci-container-service-type. Resent-From: Giacomo Leidi <goodoldpaul@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: guix-patches@HIDDEN Resent-Date: Thu, 11 Jan 2024 20:41:04 +0000 Resent-Message-ID: <handler.67613.B67613.170500562210550 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 67613 <at> debbugs.gnu.org Cc: Giacomo Leidi <goodoldpaul@HIDDEN> Received: via spool by 67613-submit <at> debbugs.gnu.org id=B67613.170500562210550 (code B ref 67613); Thu, 11 Jan 2024 20:41:04 +0000 Received: (at 67613) by debbugs.gnu.org; 11 Jan 2024 20:40:22 +0000 Received: from localhost ([127.0.0.1]:34048 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1rO1qf-0002k4-KO for submit <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:40:22 -0500 Received: from confino.investici.org ([2a11:7980:1::2:0]:42745) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <goodoldpaul@HIDDEN>) id 1rO1qY-0002j8-7o for 67613 <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:40:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1705005616; bh=6boZOwO4I0ZIE1UTL8wcix2bNKAFfYQcrb52wh6MITQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=e99uyPf8aVlccV9GJ4FpZWqzFTk9z6L9SNVhDUznE7e7URQ98i2YlyptKi92L83Hm k8Fr2zJNHbonfq1o0WKZZWvUp7NjBu++pO+W9lma9YEwS2924IQ9OuI68Vac9fgFcD F1PSIsH6cr7jf/3q1bm+YwOtfsenY8XnPtMuenkk= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4T9xPX04msz1135; Thu, 11 Jan 2024 20:40:16 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@HIDDEN) by localhost (Postfix) with ESMTPSA id 4T9xPW3n5Dz10w5; Thu, 11 Jan 2024 20:40:15 +0000 (UTC) From: Giacomo Leidi <goodoldpaul@HIDDEN> Date: Thu, 11 Jan 2024 21:39:53 +0100 Message-ID: <20240111203954.29335-5-goodoldpaul@HIDDEN> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240111203954.29335-1-goodoldpaul@HIDDEN> References: <20240111203954.29335-1-goodoldpaul@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) * doc/guix.texi: Add documentation for the oci-image record and update the oci-container-configuration documentation. * gnu/tests/docker.scm (run-oci-container-test): New variable; (%test-oci-container): new variable. Change-Id: Id8f4f5454aa3b88d8aa3fa47de823e921acece05 --- doc/guix.texi | 91 +++++++++++++++++++++++++++- gnu/services/docker.scm | 6 +- gnu/tests/docker.scm | 131 +++++++++++++++++++++++++++++++++++++++- 3 files changed, 221 insertions(+), 7 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index ce239c603d..1916a00412 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -39790,6 +39790,17 @@ processes as Shepherd Services. @lisp (service oci-container-service-type (list + (oci-container-configuration + (image + (oci-image + (repository "guile") + (tag "3") + (value (specifications->manifest '("guile"))) + (pack-options '(#:symlinks (("/bin/guile" -> "bin/guile")) + #:max-layers 2)))) + (entrypoint "/bin/guile") + (command + '("-c" "(display \"hello!\n\")"))) (oci-container-configuration (image "prom/prometheus") (network "host") @@ -39836,6 +39847,23 @@ Overwrite the default command (@code{CMD}) of the image. @item @code{entrypoint} (default: @code{""}) (type: string) Overwrite the default entrypoint (@code{ENTRYPOINT}) of the image. +@item @code{host-environment} (default: @code{()}) (type: list) +Set environment variables in the host environment where @command{docker +run} is invoked. This is especially useful to pass secrets from the +host to the container without having them on the @command{docker run}'s +command line: by setting the @code{MYSQL_PASSWORD} on the host and by passing +@code{--env MYSQL_PASSWORD} through the @code{extra-arguments} field, it is +possible to securely set values in the container environment. This field's +value can be a list of pairs or strings, even mixed: + +@lisp +(list '(\"LANGUAGE\" . \"eo:ca:eu\") + \"JAVA_HOME=/opt/java\") +@end lisp + +Pair members can be strings, gexps or file-like objects. Strings are passed +directly to @code{make-forkexec-constructor}. + @item @code{environment} (default: @code{()}) (type: list) Set environment variables. This can be a list of pairs or strings, even mixed: @@ -39849,14 +39877,19 @@ Strings are passed directly to the Docker CLI. You can refer to the @uref{https://docs.docker.com/engine/reference/commandline/run/#env,upstream} documentation for semantics. -@item @code{image} (type: string) -The image used to build the container. Images are resolved by the -Docker Engine, and follow the usual format +@item @code{image} (type: string-or-oci-image) +The image used to build the container. It can be a string or an +@code{oci-image} record. Strings are resolved by the Docker Engine, and +follow the usual format @code{myregistry.local:5000/testing/test-image:tag}. @item @code{provision} (default: @code{""}) (type: string) Set the name of the provisioned Shepherd service. +@item @code{requirement} (default: @code{()}) (type: list-of-symbols) +Set additional Shepherd services dependencies to the provisioned +Shepherd service. + @item @code{network} (default: @code{""}) (type: string) Set a Docker network for the spawned container. @@ -39908,6 +39941,58 @@ passed to the @command{docker run} invokation. @end deftp +@c %end of fragment + +@c %start of fragment + +@deftp {Data Type} oci-image +Available @code{oci-image} fields are: + +@table @asis +@item @code{repository} (type: string) +A string like @code{myregistry.local:5000/testing/test-image} that names +the OCI image. + +@item @code{tag} (default: @code{"latest"}) (type: string) +A string representing the OCI image tag. Defaults to @code{latest}. + +@item @code{value} (type: oci-lowerable-image) +A @code{manifest} or @code{operating-system} record that will be lowered +into an OCI compatible tarball. Otherwise this field's value can be a +gexp or a file-like object that evaluates to an OCI compatible tarball. + +@item @code{pack-options} (default: @code{()}) (type: list) +An optional set of keyword arguments that will be passed to the +@code{docker-image} procedure from @code{guix scripts pack}. They can +be used to replicate @command{guix pack} behavior: + +@lisp +(oci-image + (repository "guile") + (tag "3") + (value + (specifications->manifest '("guile"))) + (pack-options '(#:symlinks (("/bin/guile" -> "bin/guile")) + #:max-layers 2))) +@end lisp + +If the @code{value} field is an @code{operating-system} record, this field's +value will be ignored. + +@item @code{system} (default: @code{""}) (type: string) +Attempt to build for a given system, e.g. "i686-linux" + +@item @code{target} (default: @code{""}) (type: string) +Attempt to cross-build for a given triple, e.g. "aarch64-linux-gnu" + +@item @code{grafts?} (default: @code{#f}) (type: boolean) +Whether to allow grafting or not in the pack build. + +@end table + +@end deftp + + @c %end of fragment @cindex Audit diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index 58a725737c..7aff8dcc5f 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -420,7 +420,7 @@ (define-configuration/no-serialization oci-container-configuration "Set environment variables in the host environment where @command{docker run} is invoked. This is especially useful to pass secrets from the host to the container without having them on the @command{docker run}'s command line: by -setting the @{MYSQL_PASSWORD} on the host and by passing +setting the @code{MYSQL_PASSWORD} on the host and by passing @code{--env MYSQL_PASSWORD} through the @code{extra-arguments} field, it is possible to securely set values in the container environment. This field's value can be a list of pairs or strings, even mixed: @@ -435,8 +435,8 @@ (define-configuration/no-serialization oci-container-configuration (sanitizer oci-sanitize-host-environment)) (environment (list '()) - "Set environment variables. This can be a list of pairs or strings, even -mixed: + "Set environment variables inside the container. This can be a list of pairs +or strings, even mixed: @lisp (list '(\"LANGUAGE\" . \"eo:ca:eu\") diff --git a/gnu/tests/docker.scm b/gnu/tests/docker.scm index 9e9d2e2d07..d550136b4a 100644 --- a/gnu/tests/docker.scm +++ b/gnu/tests/docker.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2019 Danny Milosavljevic <dannym@HIDDEN> ;;; Copyright © 2019-2023 Ludovic Courtès <ludo@HIDDEN> +;;; Copyright © 2024 Giacomo Leidi <goodoldpaul@HIDDEN> ;;; ;;; This file is part of GNU Guix. ;;; @@ -29,6 +30,7 @@ (define-module (gnu tests docker) #:use-module (gnu services networking) #:use-module (gnu services docker) #:use-module (gnu services desktop) + #:use-module (gnu packages) #:use-module ((gnu packages base) #:select (glibc)) #:use-module (gnu packages guile) #:use-module (gnu packages docker) @@ -43,7 +45,8 @@ (define-module (gnu tests docker) #:use-module (guix build-system trivial) #:use-module ((guix licenses) #:prefix license:) #:export (%test-docker - %test-docker-system)) + %test-docker-system + %test-oci-container)) (define %docker-os (simple-operating-system @@ -316,3 +319,129 @@ (define %test-docker-system (locale-libcs (list glibc))) #:type docker-image-type))) run-docker-system-test))))) + + +(define %oci-os + (simple-operating-system + (service dhcp-client-service-type) + (service dbus-root-service-type) + (service polkit-service-type) + (service elogind-service-type) + (service docker-service-type) + (extra-special-file "/shared.txt" + (plain-file "shared.txt" "hello")) + (service oci-container-service-type + (list + (oci-container-configuration + (image + (oci-image + (repository "guile") + (value + (specifications->manifest '("guile"))) + (pack-options + '(#:symlinks (("/bin" -> "bin")))))) + (entrypoint + "/bin/guile") + (command + '("-c" "(let l ((c 300))(display c)(sleep 1)(when(positive? c)(l (- c 1))))")) + (host-environment + '(("VARIABLE" . "value"))) + (volumes + '(("/shared.txt" . "/shared.txt:ro"))) + (extra-arguments + '("--env" "VARIABLE"))))))) + +(define (run-oci-container-test) + "Run IMAGE as an OCI backed Shepherd service, inside OS." + + (define os + (marionette-operating-system + (operating-system-with-gc-roots + %oci-os + (list)) + #:imported-modules '((gnu services herd) + (guix combinators)))) + + (define vm + (virtual-machine + (operating-system os) + (volatile? #f) + (memory-size 1024) + (disk-image-size (* 3000 (expt 2 20))) + (port-forwardings '()))) + + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (srfi srfi-11) (srfi srfi-64) + (gnu build marionette)) + + (define marionette + ;; Relax timeout to accommodate older systems and + ;; allow for pulling the image. + (make-marionette (list #$vm) #:timeout 60)) + + (test-runner-current (system-test-runner #$output)) + (test-begin "oci-container") + + (test-assert "dockerd running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (match (start-service 'dockerd) + (#f #f) + (('service response-parts ...) + (match (assq-ref response-parts 'running) + ((pid) (number? pid)))))) + marionette)) + + (sleep 10) ; let service start + + (test-assert "docker-guile running" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (match (start-service 'docker-guile) + (#f #f) + (('service response-parts ...) + (match (assq-ref response-parts 'running) + ((pid) (number? pid)))))) + marionette)) + + (test-equal "passing host environment variables and volumes" + '("value" "hello") + (marionette-eval + `(begin + (use-modules (ice-9 popen) + (ice-9 rdelim)) + + (define slurp + (lambda args + (let* ((port (apply open-pipe* OPEN_READ args)) + (output (let ((line (read-line port))) + (if (eof-object? line) + "" + line))) + (status (close-pipe port))) + output))) + (let* ((response1 (slurp + ,(string-append #$docker-cli "/bin/docker") + "exec" "docker-guile" + "/bin/guile" "-c" "(display (getenv \"VARIABLE\"))")) + (response2 (slurp + ,(string-append #$docker-cli "/bin/docker") + "exec" "docker-guile" + "/bin/guile" "-c" "(begin (use-modules (ice-9 popen) (ice-9 rdelim)) +(display (call-with-input-file \"/shared.txt\" read-line)))"))) + (list response1 response2))) + marionette)) + + (test-end)))) + + (gexp->derivation "oci-container-test" test)) + +(define %test-oci-container + (system-test + (name "oci-container") + (description "Test OCI backed Shepherd service.") + (value (run-oci-container-test)))) -- 2.41.0
X-Loop: help-debbugs@HIDDEN Subject: [bug#67613] [PATCH v2 4/5] gnu: docker: Allow passing tarballs for images in oci-container-configuration. Resent-From: Giacomo Leidi <goodoldpaul@HIDDEN> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> Resent-CC: guix-patches@HIDDEN Resent-Date: Thu, 11 Jan 2024 20:41:04 +0000 Resent-Message-ID: <handler.67613.B67613.170500562310558 <at> debbugs.gnu.org> Resent-Sender: help-debbugs@HIDDEN X-GNU-PR-Message: followup 67613 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 67613 <at> debbugs.gnu.org Cc: Giacomo Leidi <goodoldpaul@HIDDEN> Received: via spool by 67613-submit <at> debbugs.gnu.org id=B67613.170500562310558 (code B ref 67613); Thu, 11 Jan 2024 20:41:04 +0000 Received: (at 67613) by debbugs.gnu.org; 11 Jan 2024 20:40:23 +0000 Received: from localhost ([127.0.0.1]:34050 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1rO1qg-0002k7-GU for submit <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:40:23 -0500 Received: from confino.investici.org ([93.190.126.19]:29449) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <goodoldpaul@HIDDEN>) id 1rO1qX-0002j7-QF for 67613 <at> debbugs.gnu.org; Thu, 11 Jan 2024 15:40:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1705005615; bh=lU7r01dxDSSIwNeQf2hhzS1UJbikwB2UpRWsBi3HYfw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=u1eCDMAOzwKXIM67h44DUgf8n+QEFAJhMHDa0ftfyyipy8dWp10nBaMIzJH7MEH2U rF63UIEWPghWbt9GeA4Fla58QtInaJKJ9b1nQ4sFBhS3dqc17IEsSxa5tOtXxit9d7 0C4yhfXGFux0k7sev9QrxZ4r9h8H1oSby3PHPdeI= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4T9xPW3P7Pz1134; Thu, 11 Jan 2024 20:40:15 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@HIDDEN) by localhost (Postfix) with ESMTPSA id 4T9xPW2C6gz10w5; Thu, 11 Jan 2024 20:40:15 +0000 (UTC) From: Giacomo Leidi <goodoldpaul@HIDDEN> Date: Thu, 11 Jan 2024 21:39:52 +0100 Message-ID: <20240111203954.29335-4-goodoldpaul@HIDDEN> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20240111203954.29335-1-goodoldpaul@HIDDEN> References: <20240111203954.29335-1-goodoldpaul@HIDDEN> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) This commit allows for loading an OCI image tarball before running an OCI backed Shepherd service. It does so by adding a one shot Shepherd service to the dependencies of the OCI backed service that at boot runs docker load on the tarball. * gnu/services/docker.scm (oci-image): New record; (lower-oci-image): new variable, lower it; (string-or-oci-image?): sanitize it; (oci-container-configuration)[image]: allow also for oci-image records; (oci-container-shepherd-service): use it; (%oci-image-loader): new variable. Change-Id: Ie504f479ea0d47f74b0ec5df9085673ffd3f639d --- gnu/services/docker.scm | 244 ++++++++++++++++++++++++++++++++++++---- 1 file changed, 219 insertions(+), 25 deletions(-) diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm index 43ffb71901..58a725737c 100644 --- a/gnu/services/docker.scm +++ b/gnu/services/docker.scm @@ -23,11 +23,14 @@ ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. (define-module (gnu services docker) + #:use-module (gnu image) #:use-module (gnu services) #:use-module (gnu services configuration) #:use-module (gnu services base) #:use-module (gnu services dbus) #:use-module (gnu services shepherd) + #:use-module (gnu system) + #:use-module (gnu system image) #:use-module (gnu system setuid) #:use-module (gnu system shadow) #:use-module (gnu packages admin) ;shadow @@ -37,7 +40,11 @@ (define-module (gnu services docker) #:use-module (guix diagnostics) #:use-module (guix gexp) #:use-module (guix i18n) + #:use-module (guix monads) #:use-module (guix packages) + #:use-module (guix profiles) + #:use-module ((guix scripts pack) #:prefix pack:) + #:use-module (guix store) #:use-module (srfi srfi-1) #:use-module (ice-9 format) #:use-module (ice-9 match) @@ -45,6 +52,16 @@ (define-module (gnu services docker) #:export (docker-configuration docker-service-type singularity-service-type + oci-image + oci-image? + oci-image-fields + oci-image-repository + oci-image-tag + oci-image-value + oci-image-pack-options + oci-image-target + oci-image-system + oci-image-grafts? oci-container-configuration oci-container-configuration? oci-container-configuration-fields @@ -52,9 +69,11 @@ (define-module (gnu services docker) oci-container-configuration-group oci-container-configuration-command oci-container-configuration-entrypoint + oci-container-configuration-host-environment oci-container-configuration-environment oci-container-configuration-image oci-container-configuration-provision + oci-container-configuration-requirement oci-container-configuration-network oci-container-configuration-ports oci-container-configuration-volumes @@ -62,7 +81,8 @@ (define-module (gnu services docker) oci-container-configuration-workdir oci-container-configuration-extra-arguments oci-container-service-type - oci-container-shepherd-service)) + oci-container-shepherd-service + %oci-container-accounts)) (define-maybe file-like) @@ -320,11 +340,68 @@ (define (valid? member) but ~a was found") el)))) value)) +(define (oci-image-reference image) + (if (string? image) + image + (string-append (oci-image-repository image) + ":" (oci-image-tag image)))) + +(define (oci-lowerable-image? image) + (or (manifest? image) + (operating-system? image) + (gexp? image) + (file-like? image))) + +(define (string-or-oci-image? image) + (or (string? image) + (oci-image? image))) + (define list-of-symbols? (list-of symbol?)) (define-maybe/no-serialization string) +(define-configuration/no-serialization oci-image + (repository + (string) + "A string like @code{myregistry.local:5000/testing/test-image} that names +the OCI image.") + (tag + (string "latest") + "A string representing the OCI image tag. Defaults to @code{latest}.") + (value + (oci-lowerable-image) + "A @code{manifest} or @code{operating-system} record that will be lowered +into an OCI compatible tarball. Otherwise this field's value can be a gexp +or a file-like object that evaluates to an OCI compatible tarball.") + (pack-options + (list '()) + "An optional set of keyword arguments that will be passed to the +@code{docker-image} procedure from @code{guix scripts pack}. They can be used +to replicate @command{guix pack} behavior: + +@lisp +(oci-image + (repository \"guile\") + (tag \"3\") + (manifest (specifications->manifest '(\"guile\"))) + (pack-options + '(#:symlinks ((\"/bin/guile\" -> \"bin/guile\")) + #:max-layers 2))) +@end lisp + +If the @code{value} field is an @code{operating-system} record, this field's +value will be ignored.") + (system + (maybe-string) + "Attempt to build for a given system, e.g. \"i686-linux\"") + (target + (maybe-string) + "Attempt to cross-build for a given triple, e.g. \"aarch64-linux-gnu\"") + (grafts? + (boolean #f) + "Whether to allow grafting or not in the pack build.")) + (define-configuration/no-serialization oci-container-configuration (user (string "oci-container") @@ -372,8 +449,9 @@ (define-configuration/no-serialization oci-container-configuration documentation for semantics." (sanitizer oci-sanitize-environment)) (image - (string) - "The image used to build the container. Images are resolved by the Docker + (string-or-oci-image) + "The image used to build the container. It can be a string or an +@code{oci-image} record. Strings are resolved by the Docker Engine, and follow the usual format @code{myregistry.local:5000/testing/test-image:tag}.") (provision @@ -470,14 +548,122 @@ (define oci-container-configuration->options (list "-v" spec)) (oci-container-configuration-volumes config)))))))) +(define* (get-keyword-value args keyword #:key (default #f)) + (let ((kv (memq keyword args))) + (if (and kv (>= (length kv) 2)) + (cadr kv) + default))) + +(define (lower-operating-system os target system) + (mlet* %store-monad + ((tarball + (lower-object + (system-image (os->image os #:type docker-image-type)) + system + #:target target))) + (return tarball))) + +(define (lower-manifest name image target system) + (define value (oci-image-value image)) + (define options (oci-image-pack-options image)) + (define image-reference + (oci-image-reference image)) + (define image-tag + (let* ((extra-options + (get-keyword-value options #:extra-options)) + (image-tag-option + (and extra-options + (get-keyword-value extra-options #:image-tag)))) + (if image-tag-option + '() + `(#:extra-options (#:image-tag ,image-reference))))) + + (mlet* %store-monad + ((_ (set-grafting + (oci-image-grafts? image))) + (guile (set-guile-for-build (default-guile))) + (profile + (profile-derivation value + #:target target + #:system system + #:hooks '() + #:locales? #f)) + (tarball (apply pack:docker-image + `(,name ,profile + ,@options + ,@image-tag + #:localstatedir? #t)))) + (return tarball))) + +(define (lower-oci-image name image) + (define value (oci-image-value image)) + (define image-target (oci-image-target image)) + (define image-system (oci-image-system image)) + (define target + (if (maybe-value-set? image-target) + image-target + (%current-target-system))) + (define system + (if (maybe-value-set? image-system) + image-system + (%current-system))) + (with-store store + (run-with-store store + (match value + ((? manifest? value) + (lower-manifest name image target system)) + ((? operating-system? value) + (lower-operating-system value target system)) + ((or (? gexp? value) + (? file-like? value)) + value) + (_ + (raise + (formatted-message + (G_ "oci-image value must contain only manifest, +operating-system, gexp or file-like records but ~a was found") + value)))) + #:target target + #:system system))) + +(define (%oci-image-loader name image tag) + (let ((docker (file-append docker-cli "/bin/docker")) + (tarball (lower-oci-image name image))) + (with-imported-modules '((guix build utils)) + (program-file (format #f "~a-image-loader" name) + #~(begin + (use-modules (guix build utils) + (ice-9 popen) + (ice-9 rdelim)) + + (format #t "Loading image for ~a from ~a...~%" #$name #$tarball) + (define line + (read-line + (open-input-pipe + (string-append #$docker " load -i " #$tarball)))) + + (unless (or (eof-object? line) + (string-null? line)) + (format #t "~a~%" line) + (let ((repository&tag + (string-drop line + (string-length + "Loaded image: ")))) + + (invoke #$docker "tag" repository&tag #$tag) + (format #t "Tagged ~a with ~a...~%" #$tarball #$tag)))))))) + (define (oci-container-shepherd-service config) (define (guess-name name image) (if (maybe-value-set? name) name (string-append "docker-" - (basename (car (string-split image #\:)))))) + (basename + (if (string? image) + (first (string-split image #\:)) + (oci-image-repository image)))))) - (let* ((docker-command (file-append docker-cli "/bin/docker")) + (let* ((docker (file-append docker-cli "/bin/docker")) (user (oci-container-configuration-user config)) (group (oci-container-configuration-group config)) (host-environment @@ -486,6 +672,7 @@ (define (guess-name name image) (provision (oci-container-configuration-provision config)) (requirement (oci-container-configuration-requirement config)) (image (oci-container-configuration-image config)) + (image-reference (oci-image-reference image)) (options (oci-container-configuration->options config)) (name (guess-name provision image)) (extra-arguments @@ -496,30 +683,37 @@ (define (guess-name name image) (respawn? #f) (documentation (string-append - "Docker backed Shepherd service for image: " image)) + "Docker backed Shepherd service for " + (if (oci-image? image) name image) ".")) (start - #~(make-forkexec-constructor - ;; docker run [OPTIONS] IMAGE [COMMAND] [ARG...] - (list #$docker-command "run" "--rm" - "--name" #$name - #$@options #$@extra-arguments #$image #$@command) - #:user #$user - #:group #$group - #:environment-variables - (list #$@host-environment))) + #~(lambda () + (when #$(oci-image? image) + (invoke #$(%oci-image-loader + name image image-reference))) + (fork+exec-command + ;; docker run [OPTIONS] IMAGE [COMMAND] [ARG...] + (list #$docker "run" "--rm" "--name" #$name + #$@options #$@extra-arguments + #$image-reference #$@command) + #:user #$user + #:group #$group + #:environment-variables + (list #$@host-environment)))) (stop #~(lambda _ - (invoke #$docker-command "rm" "-f" #$name))) + (invoke #$docker "rm" "-f" #$name))) (actions - (list - (shepherd-action - (name 'pull) - (documentation - (format #f "Pull ~a's image (~a)." - name image)) - (procedure - #~(lambda _ - (invoke #$docker-command "pull" #$image))))))))) + (if (oci-image? image) + '() + (list + (shepherd-action + (name 'pull) + (documentation + (format #f "Pull ~a's image (~a)." + name image)) + (procedure + #~(lambda _ + (invoke #$docker "pull" #$image)))))))))) (define %oci-container-accounts (list (user-account -- 2.41.0
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.