Why is IceCat/GuixSD slower than Firefox/Debian on headless servers?
Running from a desktop to a headless server, and based on side-by-side clicking, IceCat/GuixSD takes ~5x times as long as Mozilla/Debian to respond to clicks. Further, Mozilla/Debian takes ~5x times as long as Mozilla running on the desktop. The bottom line: IceCat/GuixSD is unbearably slow. Has anyone else seen this? Is there a known IceCat/GuixSD performance problem? Details: Two identical headless servers with 3.4GHz E3 1240 V3 CPUs and PCI SATA NVMe SSDs. One runs Mozilla Firefox 45.7.0 on Debian 8.x. which was updated a few months ago. The other runs guix 0.14.0.617-e2f37 from a couple weeks ago. The desktop is XQuartz/MacOS 10.13.2/iMac. Both servers are reached via the same physical 1000BaseT network. Swapping the server switch port/cables doesn't affect the result.
Running IceCat in a container
Hello, everyone: I'm running IceCat in a container, with the goal of isolating it form the rest of my system as much as possible without running a full VM. Here's what I have so far: #+BEGIN_SRC sh guix environment \ --container \ --network \ -r "$gc_root" \ --share=/tmp/.X11-unix/ \ --expose=/etc/machine-id \ --share=$HOME/.mozilla/ \ --share=$HOME/.cache/mozilla/ \ --share=$HOME/.Xauthority \ --share=$HOME/Downloads/icecat-container/=$HOME/Downloads/ \ --ad-hoc icecat coreutils -- \ env DISPLAY="$DISPLAY" icecat "$@" #+END_SRC The most difficult problem I'm having is dealing with fonts. Specifically, I want to share the system fonts (/run/current-system/profile/share/fonts). The problem is, I can't just expose that directory, because it symlinks into the store, and those derivations don't exist within the container. - I do not want to expose all of /gnu. - I can provide the fonts as inputs to the environment, but I do not want to have to run fc-cache every time I start the container, because that is very slow. Exposing the cache directory doesn't help since the derivation used in the container ($GUIX_ENVIRONMENT) always appears to be different than the font derivation used on my system, and also by my user. - I don't want to expose my user's entire ~/.guix-profile/. I'm making things difficult for myself because I want as little shared/exposed with the container as possible. To complicate things further, for privacy, I don't want my user exposed to the container via the name of my home directory; Guix creates that automatically. I haven't yet looked at the code to see what exactly it does. Is there a reasonable solution here? Should I create a separate user entirely and then just share the entire home directory? I'm not sure how that might impact X11 socket sharing, though. Can I maybe pre-create an image, already having run fc-cache, and run that image as a container (like one would with Docker?)? But that wouldn't solve my user privacy issue. Thanks, -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature
Re: Guix and sel4
On Mon, Jan 15, 2018 at 09:44:08PM +0100, rados...@chmielarz.xyz wrote:
> Hi,
>
> It wasn't entirely what I was hoping for but thank You for answering. So to
> dig a little deeper how closely is guix connected to linux kernel? In other
> words what would have to be changed in order to work with a different kernel
> and therefore different syscalls? I don't mean the whole system but the
> minimal set. I would assume that a toolchain (make, binutils, gcc),
> obviously guile if there is anything specific to linux in it. Anything else?
>
> Cheers,
> Radek
>
from 'git grep linux-{libre-}headers' it comes up a few times, but
really in make-boostrap, cross-base and commencement. For a start I
would focus on make-bootstrap (to make the boostrap binaries) and then
commencement (to build up again).
As far as different syscalls, I assume mist things should just work, but
I haven't looked into it.
--
Efraim Flashner אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
signature.asc
Description: PGP signature
Re: Guix and sel4
On Monday 15. January 2018 21.44.08 rados...@chmielarz.xyz wrote: > > It wasn't entirely what I was hoping for but thank You for answering. So > to dig a little deeper how closely is guix connected to linux kernel? Some people are using Guix with the Hurd, so maybe they can explain the relationship between Guix and things other than the Linux kernel. I would guess that Guix shouldn't really care too much about the underlying system below a certain level, but then again I haven't looked into the details of the project that was mentioned involving Nix and Genode and why the Genode developers subsequently decided to do their own thing. The L4Re (as opposed to Genode) sources contains package modules that are reminiscent of things in the source trees of distributions like OpenWrt and OpenEmbedded (if I remember the latter correctly), but I don't think there is any notion of installing these packages while running the system. Instead, they appear to be bundled in the payload deployed to a system, at least within the scope of my own experiments. But package installation would mostly involve making files available in the filesystem that can then be accessed and executed, so I can imagine that with filesystem and program launching capabilities, you could have a package manager for L4Re. Maybe one already exists. All this said, I'm obviously still learning about L4Re and associated technologies, so I should probably investigate further before saying anything else. ;-) Paul
Re: Guix and sel4
Hi, It wasn't entirely what I was hoping for but thank You for answering. So to dig a little deeper how closely is guix connected to linux kernel? In other words what would have to be changed in order to work with a different kernel and therefore different syscalls? I don't mean the whole system but the minimal set. I would assume that a toolchain (make, binutils, gcc), obviously guile if there is anything specific to linux in it. Anything else? Cheers, Radek W dniu 2018-01-15 00:26, Paul Boddie napisał(a): On Sunday 14. January 2018 22.16.39 rados...@chmielarz.xyz wrote: In 2016 David Craven has sent an email about his attempt in using sel4 (genode with sel4 to be exact) with guix (https://lists.gnu.org/archive/html/help-guix/2016-12/msg00058.html). Do You know if he succeeded or not? And if not where there any substantial blockers or just lack of time? He referenced some work done to use Nix with Genode, since abandoned, but the Genode documentation provides more details about this: "The design of Genode's package-management concept is largely influenced by Git as well as the Nix package manager. In particular the latter opened our eyes to discover the potential that lies beyond the package management employed in state-of-the art commodity systems. Even though we considered adapting Nix for Genode and actually conducted intensive experiments in this direction (thanks to Emery Hemingway who pushed forward this line of work), we settled on a custom solution that leverages Genode's holistic view on all levels of the operating system including the build system and tooling, source structure, ABI design, framework API, system configuration, inter-component interaction, and the components itself. Whereby Nix is designed for being used on top of Linux, Genode's whole-systems view led us to simplifications that eliminated the needs for Nix' powerful features like its custom description language." http://genode.org/documentation/developer-resources/package_management (This is actually quite typical of Genode's online documentation, which seems to have a "white paper" feel at times (and a "manifest" feel, just summarising details, at others), so digesting it all can be time-consuming work.) Personally, I have spent some time looking at L4Re rather than Genode, mostly because I have been wanting to deploy Fiasco.OC and it would appear that these two things (L4Re and Fiasco.OC) are developed more closely together. Genode seems to bundle specific versions of Fiasco.OC, but I have been needing to get updates and make fixes in a more convenient relationship with Fiasco.OC's upstream. There was a remark about the Hurd in the previous thread. The one difference I tend to perceive between the Hurd and systems like L4Re and Genode is that the latter things tend to be demonstrated almost like embedded solutions - you build a specific payload and that is your system - whereas the Hurd behaves like the open-ended system we are familiar with from our desktop computers. That said, Genode is supposed to be usable as a desktop operating system, and will apparently introduce "a minimalistic generic live system that can be interactively shaped into a desktop scenario by the user without any reboot": https://genode.org/documentation/release-notes/17.11 Another difference, this time between Genode and L4Re, is the way the components seem to be wired up. Genode appears to use some kind of XML syntax for this: http://genode.org/documentation/developer-resources/init Whereas L4Re employs Lua for the same job. I cannot comment on Genode, but the L4Re framework seems to be something of a work in progress. A vague goal of mine is to try and bring Fiasco.OC or something similar within the realm of the Hurd again. There was once a project to port the Hurd to a L4 microkernel, but that stalled in various ways and also didn't involve the more modern L4 variants that are around today and are supported by Genode. Sorry if this was something of a digression from the topic! Paul
Re: Samba user mounts
Hello Ricardo, Ricardo Wurmus writes: >> I want to connect to my NAS using the Samba protocol. While I can use ‘gvfs’ >> for that it is not convenient for me to access it from the command line via >> the “/run/user/1000/gvfs/smb-share:server=nas,share=home/” filename. On my >> previous system I was able to add the following line in my “/etc/fstab” file: >> >>//nas/home /mnt/mthl/nas-home cifs >> credentials=/home/mthl/.smbfile,rw,noauto,user 0 0 >> >> which allowed me to execute the following command as a regular user: >> >>$ mount /mnt/mthl/nas-home >> >> Does anybody know how to achieve similar thing on GuixSD? > > I have this in my config: > > (file-system > (device "//my.nas/the-share") > (title 'device) > (options "uid=1000,gid=1000,credentials=/etc/samba.credentials") > (mount-point "/nas") > (type "cifs") > (mount? #f) > (create-mount-point? #t)) > > And it does the right thing when I run “mount /nas”. > > Does this help? Indeed this helps greatly. The only remaining minor issue is that the ‘mount’ command still needs to be run as root. I have added the “user” option and turn ‘mount.cifs’ into a setuid program. (file-system (device "//192.168.1.100/home") (title 'device) (options "uid=1000,gid=1000,credentials=/home/mthl/.smbfile,user") (mount-point "/mnt/nas-home") (type "cifs") (mount? #f) (create-mount-point? #t)) (setuid-programs (cons (file-append cifs-utils "/sbin/mount.cifs") %setuid-programs)) However I am still unable to mount this as a regular user: --8<---cut here---start->8--- $ mount /mnt/nas-home This program is not installed setuid root - "user" CIFS mounts not supported. --8<---cut here---end--->8--- What happens I think is that ‘mount’ calls the ‘mount.cifs’ from the store and not to the one in the “/run/current-system/setuid-programs” directory. I don't know how this could be fixed. Thank you very much for this very helpful snippet. -- Mathieu Lirzin GPG: F2A3 8D7E EB2B 6640 5761 070D 0ADE E100 9460 4D37
How to make XQuartz/MacOS <--> IceCat/GuixSD fast?
I want to speed up IceCat on my GuixSD headless server. I am using XQuartz/MacOS over 1000BaseT to reach a server with 3.4GHz Intel E3-1240 V3 CPU and SSD storage. ISTM this is about as fast as one can make a headless server. But IceCat is unusably slow. So I wonder ... Do you run IceCat remotely from a GuixSD desktop and get good performance? If so, please tell me about your setup. Would Wayland make it faster? Would an upgrade to a CPU w/GPU make it faster? TIA - George
Re: Samba user mounts
Hi Mathieu, > I want to connect to my NAS using the Samba protocol. While I can use ‘gvfs’ > for that it is not convenient for me to access it from the command line via > the “/run/user/1000/gvfs/smb-share:server=nas,share=home/” filename. On my > previous system I was able to add the following line in my “/etc/fstab” file: > >//nas/home /mnt/mthl/nas-home cifs > credentials=/home/mthl/.smbfile,rw,noauto,user 0 0 > > which allowed me to execute the following command as a regular user: > >$ mount /mnt/mthl/nas-home > > Does anybody know how to achieve similar thing on GuixSD? I have this in my config: (file-system (device "//my.nas/the-share") (title 'device) (options "uid=1000,gid=1000,credentials=/etc/samba.credentials") (mount-point "/nas") (type "cifs") (mount? #f) (create-mount-point? #t)) And it does the right thing when I run “mount /nas”. Does this help? -- Ricardo GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC https://elephly.net
