"Thompson, David" <dthomps...@worcester.edu> skribis: > On Tue, Jul 7, 2015 at 10:35 AM, Ludovic Courtès <l...@gnu.org> wrote:
[...] > I have a shiny new patch that adds --network, --share, and --expose > options. Neat! > Also, rather than bind-mounting the entire store, I figured out how to > bind-mount only the union of the closures of the inputs like build > daemon containers. How does it perform compared to doing a single bind mount? It is noticeably slower or OK? > And finally, the original patch didn't setup /bin/sh, which is of > course terrible and broke tons of things so I've fixed that, too. Right. :-) > Now I can do things like build Guix from source inside a container, or > better replicate the build daemon's environment when debugging with > failed builds. I hope that soon everyone will be able to enjoy this. > :) Sounds cool! > From 8e2d0fca75feeaacaf6a401a3c13d614f9c3720b Mon Sep 17 00:00:00 2001 > From: David Thompson <da...@gnu.org> > Date: Fri, 19 Jun 2015 08:57:44 -0400 > Subject: [PATCH] scripts: environment: Add --container option. > > * guix/scripts/system.scm (specification->file-system-mapping): Move from > here... > * guix/ui.scm (specification->file-system-mapping): ... to here. > * guix/scripts/enviroment.scm (show-help): Show help for new options. > (%options): Add --container --network, --expose, and --share options. > (launch-environment, launch-environment/container, requisites*, > inputs->requisites): New procedures. > (guix-environment): Spawn new process in a container when requested. > * doc/guix.texi (Invoking guix environment): Document it. [...] > +The example below spawns a Guile REPL in a container in which the user's > +home directory is accessible read-only via the @file{/exchange} > +directory: > + > +@example > +guix environment --container --expose=$HOME=/exchange guile -E guile > +@end example \o/ > + -C, --container run command within an isolated container")) s/within/in/ ? (You know better than me...) > +(define (inputs->requisites inputs) > + "Convert INPUTS, a list of derivations, into a set of requisite store > items i.e. s/derivations/input tuples/ since it’s a list of (LABEL DRV) or (LABEL DRV OUTPUT). > + ;; When in Rome, do as Nix build.cc does: Automagically > + ;; map common network configuration files. > + (if network? > + (filter-map (lambda (file) > + (and (file-exists? file) > + (file-system-mapping > + (source file) > + (target file) > + (writable? #f)))) > + '("/etc/resolv.conf" > + "/etc/nsswitch.conf" > + "/etc/services" > + "/etc/hosts")) Could you make this list a global variable for clarity? [...] > +(define (specification->file-system-mapping spec writable?) > + "Read the SPEC and return the corresponding <file-system-mapping>." Now that this is public, could you add an example of what SPEC looks like in the docstring? Last, could you add (maybe in a separate patch?) tests/guix-environment-container.sh mimicking tests/guix-environment.sh? It only needs to use -E to run a tiny script that checks that we really get an environment with only the right file system mappings? Thanks! Ludo’.