guix-builder/Dockerfile

FROM scratch

# Extract guix produced relocatable
ADD guix-tarball-pack.tar.gz /guix-builder

# Extract variety of links to be setup in root, pointing into /guix-builder
ADD links.tar.gz /

ADD passwd /etc/passwd

# Create an empty directory for use by proot
#
# Any following RUN command or command in the container will not run without the below PROOT
# env var set, and the directory existing
ADD passwd /tmp/proot/delete-me
ENV PROOT_TMP_DIR=/tmp/proot

# Setup ssl and glibc-locales environment variables
ENV SSL_CERT_DIR=/etc/ssl/certs
ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
ENV GUIX_LOCPATH=/guix-builder/lib/locale

# Remove the empty file that was used to create a temporary directory, and adjust file
# permissions
RUN rm /tmp/proot/delete-me \
 && chown -PR 0:0 /etc /bin

VOLUME /var/guix/daemon-socket/socket /gnu/store /etc/ssl
CMD ["/guix-builder/bin/bash"]
CI: Cleanup Dockerfile and Makefile (following 5764deb) 2023-12-29 16:30:17 +00:00			`FROM scratch`
Dockerfile: Adjust file permissions; add comments; tidy formatting 2024-01-02 04:18:40 +00:00
			`# Extract guix produced relocatable`
Initial commit 2023-07-15 20:37:59 +00:00			`ADD guix-tarball-pack.tar.gz /guix-builder`
Dockerfile: Adjust file permissions; add comments; tidy formatting 2024-01-02 04:18:40 +00:00
			`# Extract variety of links to be setup in root, pointing into /guix-builder`
Ensure /bin->/guix-builder/bin exists within the container 2023-12-29 01:55:50 +00:00			`ADD links.tar.gz /`
Dockerfile: Adjust file permissions; add comments; tidy formatting 2024-01-02 04:18:40 +00:00
Place /etc/passwd file inside the container for root user This is needed because ssh requires the user that runs it to exist in /etc/passwd. 2023-12-29 17:03:48 +00:00			`ADD passwd /etc/passwd`
Dockerfile: Adjust file permissions; add comments; tidy formatting 2024-01-02 04:18:40 +00:00
			`# Create an empty directory for use by proot`
			`#`
			`# Any following RUN command or command in the container will not run without the below PROOT`
			`# env var set, and the directory existing`
Correct hidden dependency on host /gnu/store Unbeknownst to me, the docker image produced by previous versions of guix-builder actually had a hidden dependency on the hosts /gnu/store. I have not been able to fully characterize it, but the following proves it to be true. This fails with an error 139, segfault: docker run -it guix-builder:latest However it succeeds when provided the hosts guix store: docker run -it -v /gnu/store:/gnu/store:ro guix-builder:latest By using GUIX_EXECUTION_ENGINE=proot (which is implied by the '-RR' option to 'guix pack'), we avoid the segfaults and hidden dependency on the hosts /gnu/store. Sadly using proot will have performance impacts, but I'm not sure yet to what extent this will impact my usecase. 2023-12-30 02:32:46 +00:00			`ADD passwd /tmp/proot/delete-me`
Dockerfile: Adjust file permissions; add comments; tidy formatting 2024-01-02 04:18:40 +00:00			`ENV PROOT_TMP_DIR=/tmp/proot`
Correct hidden dependency on host /gnu/store Unbeknownst to me, the docker image produced by previous versions of guix-builder actually had a hidden dependency on the hosts /gnu/store. I have not been able to fully characterize it, but the following proves it to be true. This fails with an error 139, segfault: docker run -it guix-builder:latest However it succeeds when provided the hosts guix store: docker run -it -v /gnu/store:/gnu/store:ro guix-builder:latest By using GUIX_EXECUTION_ENGINE=proot (which is implied by the '-RR' option to 'guix pack'), we avoid the segfaults and hidden dependency on the hosts /gnu/store. Sadly using proot will have performance impacts, but I'm not sure yet to what extent this will impact my usecase. 2023-12-30 02:32:46 +00:00
Dockerfile: Adjust file permissions; add comments; tidy formatting 2024-01-02 04:18:40 +00:00			`# Setup ssl and glibc-locales environment variables`
Dockerfile: Allow ssl to be used 2023-12-31 20:01:01 +00:00			`ENV SSL_CERT_DIR=/etc/ssl/certs`
			`ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt`
Dockerfile: Set the env var GUIX_LOCALES to the now installed locales * Makefile: Provide a symlink for the profiles lib/locale 2023-12-31 19:20:47 +00:00			`ENV GUIX_LOCPATH=/guix-builder/lib/locale`
Dockerfile: Adjust file permissions; add comments; tidy formatting 2024-01-02 04:18:40 +00:00
			`# Remove the empty file that was used to create a temporary directory, and adjust file`
			`# permissions`
			`RUN rm /tmp/proot/delete-me \`
			`&& chown -PR 0:0 /etc /bin`
Initial commit 2023-07-15 20:37:59 +00:00
			`VOLUME /var/guix/daemon-socket/socket /gnu/store /etc/ssl`
Dockerfile: Use CMD instead of ENTRYPOINT This corrects ci behaviour, allowing this image to now be used like this: docker run --rm -it guix-builder:latest <cmd> Where <cmd> is any executable on the containers PATH. 2024-01-02 01:34:58 +00:00			`CMD ["/guix-builder/bin/bash"]`