guix-builder/Makefile
Collin J. Doering c9b3062f11
Makefile: Use ssl certificates from within the container by default
When a guix-builder container runs without the store attached, it should still be able to use
ssl certificates. This was not possible prior to this change without adjusting the
SSL_CERT_FILE and SSL_CERT_DIR environment variables to be prefixed with '/guix-builder'.
Preferably and as implemented in this commit, we can keep standard values of these
environment variables and provide a link from /etc/ssl -> /guix-builder/etc/ssl where the
certificate files reference /guix-builder/gnu/store instead of /gnu/store.

This allows correct functioning in either case of the store being mounted or not. Its
important to note that if a users mounts their guix hosts certificates, they must also mount
its store as the certificate files in /etc/ssl/certs will be links to files in the store.
2024-01-01 15:08:20 -05:00

54 lines
1.2 KiB
Makefile

.DEFAULT_GOAL := build
GUIX_MANIFEST := manifest.scm
GUIX_MANIFEST_DEV := manifest-dev.scm
TARBALL ?= guix-tarball-pack.tar.gz
LINKS_TARBALL ?= links.tar.gz
PASSWD_FILE ?= passwd
IMAGE_TAG ?= guix-builder
$(PASSWD_FILE):
echo 'root:x:0:0:root:/root:/bin/sh' > passwd
$(LINKS_TARBALL):
ln -s /guix-builder/bin bin
mkdir etc && ln -s /guix-builder/etc/ssl etc/ssl
tar -czvf $@ bin etc
rm -r etc bin
$(TARBALL):
@cp $$(guix pack -RR -S /bin=bin -S /etc/ssl=etc/ssl -S /lib/locale=lib/locale -m $(GUIX_MANIFEST)) $@
@chmod +w $@
.PHONY: size
size: $(TARBALL)
guix size $$(guix pack -RR -S /bin=bin -S /etc/ssl=etc/ssl -m $(GUIX_MANIFEST))
.PHONY: pre-build
pre-build: $(TARBALL) $(LINKS_TARBALL) $(PASSWD_FILE)
.PHONY: build
build: pre-build
@docker build -t $(IMAGE_TAG) .
.PHONY: run
run: build
@docker run --rm -it \
-v /var/guix/daemon-socket/socket:/var/guix/daemon-socket/socket \
-v /gnu/store:/gnu/store:ro \
-v /etc/ssl:/etc/ssl:ro \
$(IMAGE_TAG):latest
.PHONY: run-no-store
run-no-store: build
@docker run --rm -it $(IMAGE_TAG):latest
.PHONY: shell
shell:
@./shell.sh $(GUIX_MANIFEST) $(GUIX_MANIFEST_DEV)
.PHONY:
clean:
rm -r $(TARBALL) $(LINKS_TARBALL) $(PASSWD_FILE)