From 95a03aa5c507d48e2cde19ea007b8f90a4e0108a Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 9 Aug 2022 10:46:07 +0200 Subject: system: install: Always use 'current-guix'. Fixes . Reported by Mathieu Othacehe . * gnu/system/install.scm (%installation-services): Set 'guix' to use (current-guix) in 'guix-configuration'. * gnu/system/examples/vm-image.tmpl: Likewise. * gnu/tests/install.scm (operating-system-with-current-guix): Remove. (run-install, installation-os-for-gui-tests): Remove its uses. * Makefile.am (release): Remove intermediate use of 'update-guix-package.scm' and subsequent 'git commit' invocation. --- gnu/system/examples/vm-image.tmpl | 9 ++++++++- gnu/system/install.scm | 14 ++++++++++---- 2 files changed, 18 insertions(+), 5 deletions(-) (limited to 'gnu/system') diff --git a/gnu/system/examples/vm-image.tmpl b/gnu/system/examples/vm-image.tmpl index ccb0b045db..c8449c6e95 100644 --- a/gnu/system/examples/vm-image.tmpl +++ b/gnu/system/examples/vm-image.tmpl @@ -123,7 +123,14 @@ root ALL=(ALL) ALL (login-service-type config => (login-configuration (inherit config) - (motd vm-image-motd))))))) + (motd vm-image-motd))) + + ;; Install and run the current Guix rather than an older + ;; snapshot. + (guix-service-type config => + (guix-configuration + (inherit config) + (guix (current-guix)))))))) ;; Allow resolution of '.local' host names with mDNS. (name-service-switch %mdns-host-lookup-nss)) diff --git a/gnu/system/install.scm b/gnu/system/install.scm index a3646b1d54..32b9f52e04 100644 --- a/gnu/system/install.scm +++ b/gnu/system/install.scm @@ -357,11 +357,17 @@ Access documentation at any time by pressing Alt-F2.\x1b[0m ;; network. It can be faster than fetching from remote servers. (service avahi-service-type) - ;; The build daemon. Register the default substitute server key(s) - ;; as trusted to allow the installation process to use substitutes by - ;; default. + ;; The build daemon. (service guix-service-type - (guix-configuration (authorize-key? #t))) + (guix-configuration + ;; Register the default substitute server key(s) as + ;; trusted to allow the installation process to use + ;; substitutes by default. + (authorize-key? #t) + + ;; Install and run the current Guix rather than an older + ;; snapshot. + (guix (current-guix)))) ;; Start udev so that useful device nodes are available. ;; Use device-mapper rules for cryptsetup & co; enable the CRDA for -- cgit 1.4.1 From fdafd404325413da4d5fdd717c84e57a51c60fe2 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 9 Aug 2022 11:48:52 +0200 Subject: maint: Use a pretty version string in ISO and VM images. * gnu/system/examples/vm-image.tmpl: Use the 'GUIX_DISPLAYED_VERSION' environment variable in 'label'. * gnu/system/install.scm (%installation-os): Likewise. * Makefile.am (release): Set 'GUIX_DISPLAYED_VERSION'. --- Makefile.am | 6 ++++-- gnu/system/examples/vm-image.tmpl | 4 +++- gnu/system/install.scm | 3 ++- 3 files changed, 9 insertions(+), 4 deletions(-) (limited to 'gnu/system') diff --git a/Makefile.am b/Makefile.am index ac6df11c85..8df8222573 100644 --- a/Makefile.am +++ b/Makefile.am @@ -984,13 +984,14 @@ release: dist-with-updated-version all -v1 --no-grafts --fallback # Generate the ISO installation images. for system in $(GUIX_SYSTEM_SUPPORTED_SYSTEMS) ; do \ + GUIX_DISPLAYED_VERSION="`git describe --match=v* | sed -'es/^v//v'`" ; \ image=`$(top_builddir)/pre-inst-env \ - guix system image -t iso9660 \ + guix system image -t iso9660 \ --label="GUIX_$${system}_$(VERSION)" \ --system=$$system --fallback \ gnu/system/install.scm` ; \ if [ ! -f "$$image" ] ; then \ - echo "failed to produce Guix installation image for $$system" >&2 ; \ + echo "failed to produce Guix installation image for $$system" >&2 ; \ exit 1 ; \ fi ; \ cp "$$image" "$(releasedir)/$(GUIX_SYSTEM_IMAGE_BASE).$$system.iso.tmp" ; \ @@ -999,6 +1000,7 @@ release: dist-with-updated-version all done # Generate the VM images. for system in $(GUIX_SYSTEM_VM_SYSTEMS) ; do \ + GUIX_DISPLAYED_VERSION="`git describe --match=v* | sed -'es/^v//v'`" ; \ image=`$(top_builddir)/pre-inst-env \ guix system image -t qcow2 $(GUIX_SYSTEM_VM_IMAGE_FLAGS) \ --save-provenance \ diff --git a/gnu/system/examples/vm-image.tmpl b/gnu/system/examples/vm-image.tmpl index c8449c6e95..d46a27978c 100644 --- a/gnu/system/examples/vm-image.tmpl +++ b/gnu/system/examples/vm-image.tmpl @@ -43,7 +43,9 @@ accounts.\x1b[0m (keyboard-layout (keyboard-layout "us" "altgr-intl")) ;; Label for the GRUB boot menu. - (label (string-append "GNU Guix " (package-version guix))) + (label (string-append "GNU Guix " + (or (getenv "GUIX_DISPLAYED_VERSION") + (package-version guix)))) (firmware '()) diff --git a/gnu/system/install.scm b/gnu/system/install.scm index 32b9f52e04..a7b7c246bf 100644 --- a/gnu/system/install.scm +++ b/gnu/system/install.scm @@ -469,7 +469,8 @@ Access documentation at any time by pressing Alt-F2.\x1b[0m (bootloader grub-bootloader) (targets '("/dev/sda")))) (label (string-append "GNU Guix installation " - (package-version guix))) + (or (getenv "GUIX_DISPLAYED_VERSION") + (package-version guix)))) ;; XXX: The AMD Radeon driver is reportedly broken, which makes kmscon ;; non-functional: -- cgit 1.4.1 From 26af06b66b65354a46b2196d1c11c90168b7fa12 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Tue, 9 Aug 2022 14:36:02 +0200 Subject: linux-container: container-script: Parse command line options. * gnu/system/linux-container.scm (container-script): Accept command line options to bind mount host directories into the container. * doc/guix.texi (Invoking guix system): Document options. --- doc/guix.texi | 4 ++ gnu/system/linux-container.scm | 97 +++++++++++++++++++++++++++++++----------- 2 files changed, 76 insertions(+), 25 deletions(-) (limited to 'gnu/system') diff --git a/doc/guix.texi b/doc/guix.texi index 306c7b635b..896c830aeb 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -37500,6 +37500,10 @@ guix system container my-config.scm \ --expose=$HOME --share=$HOME/tmp=/exchange @end example +The @option{--share} and @option{--expose} options can also be passed to +the generated script to bind-mount additional directories into the +container. + @quotation Note This option requires Linux-libre 3.19 or newer. @end quotation diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm index 24077e347a..69080bcacb 100644 --- a/gnu/system/linux-container.scm +++ b/gnu/system/linux-container.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2019 Arun Isaac ;;; Copyright © 2020 Efraim Flashner ;;; Copyright © 2020 Google LLC +;;; Copyright © 2022 Ricardo Wurmus ;;; ;;; This file is part of GNU Guix. ;;; @@ -202,16 +203,49 @@ that will be shared with the host system." (guix build utils) (guix i18n) (guix diagnostics) - (srfi srfi-1)) + (srfi srfi-1) + (srfi srfi-37) + (ice-9 match)) - (define file-systems - (filter-map (lambda (spec) - (let* ((fs (spec->file-system spec)) - (flags (file-system-flags fs))) - (and (or (not (memq 'bind-mount flags)) - (file-exists? (file-system-device fs))) - fs))) - '#$specs)) + (define (show-help) + (display (G_ "Usage: run-container [OPTION ...] +Run the container with the given options.")) + (newline) + (display (G_ " + --share=SPEC share host file system with read/write access + according to SPEC")) + (display (G_ " + --expose=SPEC expose host file system directory as read-only + according to SPEC")) + (newline) + (display (G_ " + -h, --help display this help and exit")) + (newline)) + + (define %options + ;; Specifications of the command-line options. + (list (option '(#\h "help") #f #f + (lambda args + (show-help) + (exit 0))) + (option '("share") #t #f + (lambda (opt name arg result) + (alist-cons 'file-system-mapping + (specification->file-system-mapping arg #t) + result))) + (option '("expose") #t #f + (lambda (opt name arg result) + (alist-cons 'file-system-mapping + (specification->file-system-mapping arg #f) + result))))) + + (define (parse-options args options) + (args-fold args options + (lambda (opt name arg . rest) + (report-error (G_ "~A: unrecognized option~%") name) + (exit 1)) + (lambda (op res) (cons op res)) + '())) (define (explain pid) ;; XXX: We can't quite call 'bindtextdomain' so there's actually @@ -225,22 +259,35 @@ that will be shared with the host system." (info (G_ "or run 'sudo nsenter -a -t ~a' to get a shell into it.~%") pid) (newline (guix-warning-port))) - (call-with-container file-systems - (lambda () - (setenv "HOME" "/root") - (setenv "TMPDIR" "/tmp") - (setenv "GUIX_NEW_SYSTEM" #$os) - (for-each mkdir-p '("/run" "/bin" "/etc" "/home" "/var")) - (primitive-load (string-append #$os "/boot"))) - ;; A range of 65536 uid/gids is used to cover 16 bits worth of - ;; users and groups, which is sufficient for most cases. - ;; - ;; See: http://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--private-users= - #:host-uids 65536 - #:namespaces (if #$shared-network? - (delq 'net %namespaces) - %namespaces) - #:process-spawned-hook explain)))) + (let* ((opts (parse-options (cdr (command-line)) %options)) + (mappings (filter-map (match-lambda + (('file-system-mapping . mapping) mapping) + (_ #f)) + opts)) + (file-systems + (filter-map (lambda (fs) + (let ((flags (file-system-flags fs))) + (and (or (not (memq 'bind-mount flags)) + (file-exists? (file-system-device fs))) + fs))) + (append (map file-system-mapping->bind-mount mappings) + (map spec->file-system '#$specs))))) + (call-with-container file-systems + (lambda () + (setenv "HOME" "/root") + (setenv "TMPDIR" "/tmp") + (setenv "GUIX_NEW_SYSTEM" #$os) + (for-each mkdir-p '("/run" "/bin" "/etc" "/home" "/var")) + (primitive-load (string-append #$os "/boot"))) + ;; A range of 65536 uid/gids is used to cover 16 bits worth of + ;; users and groups, which is sufficient for most cases. + ;; + ;; See: http://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--private-users= + #:host-uids 65536 + #:namespaces (if #$shared-network? + (delq 'net %namespaces) + %namespaces) + #:process-spawned-hook explain))))) (gexp->script "run-container" script))) -- cgit 1.4.1 From 4b494878380920c8c7eecccd1f299164dd4a2c3f Mon Sep 17 00:00:00 2001 From: Oleg Pykhalov Date: Tue, 19 Jul 2022 19:40:28 +0300 Subject: gnu: system: file-systems: Add shared flag. * gnu/build/file-systems.scm (mount-flags->bit-mask, mount-file-system): Handle shared flag. * gnu/system/file-systems.scm (invalid-file-system-flags): Add shared to known flags. * guix/build/syscalls.scm (MS_SHARED): New variable. * doc/guix.texi (File Systems): Document shared flag. --- doc/guix.texi | 5 +++-- gnu/build/file-systems.scm | 6 ++++++ gnu/system/file-systems.scm | 4 +++- guix/build/syscalls.scm | 3 +++ 4 files changed, 15 insertions(+), 3 deletions(-) (limited to 'gnu/system') diff --git a/doc/guix.texi b/doc/guix.texi index eb3a1a4eb5..99321929cc 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -16421,8 +16421,9 @@ include @code{read-only}, @code{bind-mount}, @code{no-dev} (disallow access to special files), @code{no-suid} (ignore setuid and setgid bits), @code{no-atime} (do not update file access times), @code{strict-atime} (update file access time), @code{lazy-time} (only -update time on the in-memory version of the file inode), and -@code{no-exec} (disallow program execution). +update time on the in-memory version of the file inode), +@code{no-exec} (disallow program execution), and @code{shared} (make the +mount shared). @xref{Mount-Unmount-Remount,,, libc, The GNU C Library Reference Manual}, for more information on these flags. diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm index 1d3b33e7bd..b9d46c9350 100644 --- a/gnu/build/file-systems.scm +++ b/gnu/build/file-systems.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2019–2021 Tobias Geerinckx-Rice ;;; Copyright © 2019 David C. Trudgian ;;; Copyright © 2020 Maxim Cournoyer +;;; Copyright © 2022 Oleg Pykhalov ;;; ;;; This file is part of GNU Guix. ;;; @@ -1123,6 +1124,8 @@ corresponds to the symbols listed in FLAGS." (logior MS_STRICTATIME (loop rest))) (('lazy-time rest ...) (logior MS_LAZYTIME (loop rest))) + (('shared rest ...) + (loop rest)) (() 0)))) @@ -1186,6 +1189,9 @@ corresponds to the symbols listed in FLAGS." (cond ((string-prefix? "nfs" type) (mount-nfs source target type flags options)) + ((memq 'shared (file-system-flags fs)) + (mount source target type flags options) + (mount "none" target #f MS_SHARED)) (else (mount source target type flags options))) diff --git a/gnu/system/file-systems.scm b/gnu/system/file-systems.scm index f8f4276283..464b76a2ca 100644 --- a/gnu/system/file-systems.scm +++ b/gnu/system/file-systems.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2020 Jakub Kądziołka ;;; Copyright © 2020, 2021 Maxim Cournoyer ;;; Copyright © 2021 Tobias Geerinckx-Rice +;;; Copyright © 2022 Oleg Pykhalov ;;; ;;; This file is part of GNU Guix. ;;; @@ -121,7 +122,8 @@ ;; Note: Keep in sync with 'mount-flags->bit-mask'. (let ((known-flags '(read-only bind-mount no-suid no-dev no-exec - no-atime strict-atime lazy-time))) + no-atime strict-atime lazy-time + shared))) (lambda (flags) "Return the subset of FLAGS that is invalid." (remove (cut memq <> known-flags) flags)))) diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm index a7401fd73f..eda487f52e 100644 --- a/guix/build/syscalls.scm +++ b/guix/build/syscalls.scm @@ -8,6 +8,7 @@ ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen ;;; Copyright © 2021 Chris Marusich ;;; Copyright © 2021 Tobias Geerinckx-Rice +;;; Copyright © 2022 Oleg Pykhalov ;;; ;;; This file is part of GNU Guix. ;;; @@ -49,6 +50,7 @@ MS_RELATIME MS_BIND MS_MOVE + MS_SHARED MS_LAZYTIME MNT_FORCE MNT_DETACH @@ -537,6 +539,7 @@ the last argument of `mknod'." (define MS_NOATIME 1024) (define MS_BIND 4096) (define MS_MOVE 8192) +(define MS_SHARED 1048576) (define MS_RELATIME 2097152) (define MS_STRICTATIME 16777216) (define MS_LAZYTIME 33554432) -- cgit 1.4.1