[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Running IceCat in a container
From: |
Ludovic Courtès |
Subject: |
Re: Running IceCat in a container |
Date: |
Thu, 25 Jan 2018 23:16:47 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) |
address@hidden (Ludovic Courtès) skribis:
> Mike Gerwitz <address@hidden> skribis:
>
>> On Tue, Jan 16, 2018 at 17:30:42 +0100, Ludovic Courtès wrote:
>
> [...]
>
>>> But really, we should make a specific tool for this.
>>>
>>> Thoughts?
>>
>> Yes, though I'd be curious how you'd approach it---each package requires
>> certain paths be shared, and those paths would further depend on user
>> privacy preferences, so need to be able to be overridden.
>
> For a start, we could simply share everything that’s in:
>
> guix gc -R $(guix build the-package)
>
> plus /tmp/.X11-unix, maybe $PWD, and a few more.
If you drop the attached file under guix/scripts/, you can then run:
guix run icecat icecat
and similar. This particular example doesn’t work well because of the
font issue you’re familiar with, but you get the idea. :-)
Ludo’.
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2018 Ludovic Courtès <address@hidden>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (guix scripts run)
#:use-module (guix ui)
#:use-module (guix scripts)
#:use-module (guix store)
#:use-module (guix packages)
#:use-module (guix derivations)
#:use-module ((guix build utils) #:select (which mkdir-p))
#:use-module (gnu build linux-container)
#:use-module (gnu system file-systems)
#:use-module (gnu packages)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-11)
#:use-module (srfi srfi-37)
#:use-module (ice-9 match)
#:export (guix-run))
(define %options
(list (option '(#\h "help") #f #f
(lambda args
(show-help)
(exit 0)))
(option '(#\V "version") #f #f
(lambda args
(show-version-and-exit "guix run")))))
(define (show-help)
(display (G_ "Usage: guix run PACKAGE COMMAND...
Run COMMAND from PACKAGE in a container.\n"))
(newline)
(display (G_ "
-h, --help display this help and exit"))
(display (G_ "
-V, --version display version information and exit"))
(newline)
(show-bug-report-information))
(define (bind-mount-spec/ro item)
(and (file-exists? item)
(file-system
(device item)
(mount-point item)
(title 'device)
(type "none")
(flags '(bind-mount read-only))
(check? #f))))
(define (bind-mount-spec/rw item)
(and (file-exists? item)
(file-system
(inherit (bind-mount-spec/ro item))
(flags '(bind-mount)))))
(define %writable-things
(list "/var/run/nscd/socket"
(string-append (getenv "HOME") "/.Xauthority")
"/tmp/.X11-unix"
"/etc/machine-id"))
(define (guix-run . args)
(with-error-handling
(match (reverse (parse-command-line args %options '(())
#:argument-handler cons))
((spec command args ...)
(with-store store
(let-values (((package output)
(specification->package+output spec)))
(let* ((drv (package-derivation store package))
(prefix (derivation->output-path drv output)))
(show-what-to-build store (list drv))
(build-derivations store (list drv))
(let* ((items (requisites store (list prefix)))
(env (environ))
(full (search-path (list (string-append prefix "/bin")
(string-append prefix "/sbin"))
command)))
(unless full
(leave (G_ "command '~a' not found in package '~a'~%")
command (package-name package)))
(call-with-container
(append (filter-map bind-mount-spec/ro items)
(filter-map bind-mount-spec/rw %writable-things))
(lambda ()
(environ env) ;TODO: filter ENV
(mkdir-p (getenv "HOME"))
(newline)
(catch #t
(lambda ()
(apply execl full command args))
(lambda (key . args)
(print-exception (current-error-port) #f key args)
(exit 1))))
#:namespaces (delq 'net %namespaces))))))))))
- Running IceCat in a container, Mike Gerwitz, 2018/01/15
- Re: Running IceCat in a container, Ludovic Courtès, 2018/01/16
- Re: Running IceCat in a container, Ludovic Courtès, 2018/01/25
- Re: Running IceCat in a container,
Ludovic Courtès <=
- Re: Running IceCat in a container, Mike Gerwitz, 2018/01/26
- Re: Running IceCat in a container, Ludovic Courtès, 2018/01/29
- Re: Running IceCat in a container, Ricardo Wurmus, 2018/01/29
- Running code from packs in containers, Ludovic Courtès, 2018/01/30
- Re: Running IceCat in a container, Ludovic Courtès, 2018/01/29