* guix/scripts/environment.scm (launch-environment/container): Add UID
and GID. Use them in PASSWD and GROUPS. Pass them as #:guest-uid and
#:guest-gid to 'call-with-container'.
* tests/guix-environment-container.sh: Test the inner UID.
In '--user' test, replace hard-coded 0 with 1000.
* doc/guix.texi (Invoking guix environment): Adjust accordingly.
Reported by Pierre Neidhardt <mail@ambrevar.xyz>.
* guix/scripts/environment.scm (launch-environment/container): Create
GROUPS and call 'write-group'.
* tests/guix-environment-container.sh: Test it.
* guix/scripts/environment.scm (launch-environment/container): Remove
call to 'mock-passwd'; instantiate a <password-entry> instead. Call
'write-passwd' to write the pasword database instead of using custom
code.
(mock-passwd): Remove.
* tests/guix-environment-container.sh: Test 'getpwuid'.
This change allows overriding the home directory of all filesystem mappings to
help hide the identity of the calling user in a container.
* doc/guix.texi (Invoking guix environment)[--container]: Mention --user.
[--user]: Add item.
* guix/scripts/environment.scm (show-help): Add --user.
(%options): Add --user.
(launch-environment/container) Add 'user' parameter. Update doc. Override
'user-mappings' using 'override-user-mappings'. Consider override for chdir.
(mock-passwd, user-override-home, overrid-euser-dir): New procedures.
(guix-environment): Disallow --user without --container. Provide user to
'launch-environment/container'.
* tests/guix-environment.sh: Add user test.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This change is motivated by attempts to run programs (like GNU IceCat) within
containers. The 'fontconfig' program, for example, is configured explicitly
to check ~/.guix-profile for additional fonts.
There were no existing container tests in 'tests/guix-environment.sh', but I
added one anyway for this change.
* doc/guix.texi (Invoking guix environment): Add '--link-profile'.
* guix/scripts/environment.scm (show-help): Add '--link-profile'.
(%options): Add 'link-profile' as '#\P', assigned to 'link-profile?'.
(link-environment): New procedure.
(launch-environment/container): Use it when 'link-profile?'.
[link-profile?]: New parameter.
(guix-environment): Leave when '--link-prof' but not '--container'. Add
'#:link-profile?' argument to 'launch-environment/container' application.
* tests/guix-environment-container.sh: New '--link-profile' test.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Reported by Ting-Wei Lan <lantw44@gmail.com>.
This is a followup to 1250034d5a.
* tests/guix-environment-container.sh (mount_test_code): Reverse order
of 'string-prefix?' arguments.
Fixes <http://bugs.gnu.org/22004>.
Reported by Ting-Wei Lan <lantw44@gmail.com>.
* tests/guix-environment-container.sh (mount_test_code): Add 'match'
clause to ignore "/"; augment clause that ignores specific file system
types such that it does not ignore parent mount points.
Fixes <http://bugs.gnu.org/23306>.
* gnu/build/linux-container.scm (run-container): Use 'socketpair'
instead of 'pipe'. Rename 'in' to 'child' and 'out' to 'parent'. Send
a 'ready message or an exception argument list from the child to the
parent; adjust the parent accordingly.
* tests/containers.scm ("call-with-container, mnt namespace, wrong bind
mount"): New test.
* tests/guix-environment-container.sh: Add test with
--expose=/does-not-exist.
Switching to execlp means that the process spawned in a container is PID
1, which obsoleted one of the 'guix environment --container' tests
because the init process can't be killed in the usual manner.
* guix/scripts/environment.scm (launch-environment/fork): New procedure.
(launch-environment): Switch from system* to execlp. Add handler for
SIGINT.
(guix-environment): Use launch-environment/fork.
* tests/guix-environment-container.sh: Replace abnormal exit test with
one that works now that the spawned process is PID 1.
Fixes <http://bugs.gnu.org/19816>.
* guix/scripts/environment.scm (evaluate-input-search-paths)
(build-inputs): Delete.
(evaluate-profile-search-paths, strip-input-name)
(package-or-package+output?, package-environment-inputs)
(build-environment, inputs->profile-derivations): New procedures.
(create-environment, show-search-paths, launch-environment)
(launch-environment/container): Replace 'inputs' argument
with 'profile' argument.
(package+propagated-inputs): Strip off names off of input tuples.
(options/resolve-packages): Handle input tuples that specify an output
in expressions.
(guix-environment): Convert inputs into a profile to use in the
environment. Remove non-package inputs such as origins from
environment inputs.
* doc/guix.texi ("invoking guix environment"): Document package+output
tuples for --expression option.
* tests/guix-environment.sh: Update tests.
* tests/guix-environment-container.sh: Likewise.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
Fixes <http://bugs.gnu.org/21958>.
* guix/scripts/environment.scm (status->exit-code): New procedure.
(exit/status, primitive-exit/status): Use it.
* tests/guix-environment-container.sh: Add test.
Fixes <http://bugs.gnu.org/21410>.
Reported by Alex Vong <alexvong1995@gmail.com>.
* tests/guix-environment-container.sh: Exit with 77 when
'((@@ (guix scripts environment) assert-container-features))' fails.
* guix/scripts/system.scm (specification->file-system-mapping): Move from
here...
* guix/ui.scm (specification->file-system-mapping): ... to here.
* guix/scripts/enviroment.scm (show-help): Show help for new options.
(%options): Add --container --network, --expose, and --share options.
(%network-configuration-files): New variable.
(launch-environment, launch-environment/container, requisites*,
inputs->requisites): New procedures.
(guix-environment): Spawn new process in a container when requested.
* doc/guix.texi (Invoking guix environment): Document it.
* tests/guix-environment-container.sh: New file.
* Makefile.am (SH_TESTS): Add it.
Ludovic Courtès