From patchwork Mon May 5 07:57:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Giacomo Leidi X-Patchwork-Id: 42317 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 49CFB27BC4B; Mon, 5 May 2025 08:59:53 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 5D65827BC49 for ; Mon, 5 May 2025 08:59:52 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1uBqjH-0000xg-4P; Mon, 05 May 2025 03:59:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uBqjD-0000wy-Ec for guix-patches@gnu.org; Mon, 05 May 2025 03:59:07 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1uBqjB-0000ka-P4 for guix-patches@gnu.org; Mon, 05 May 2025 03:59:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:References:In-Reply-To:Date:From:To:Subject; bh=2rKDRRmVHhOae7rEY88xph6nJ6AWx2gQOUzmsOUtq0A=; b=dZ5eik9px06GciBAd6oZqYWJ4RtqsKzGSEeL7fWaGga0YTlWKI7iLUtYIOFbAnfYoUIUL3l/KuObOqrSbJuUYnQaMYSefZ5ru2AyE6bulSwb3ixr0dy8/NDS2Hr3VPB9T2f0WyDWUGZbkB2cuxHyzvCaBQGMOM805BZxeFLtRB5wF/PAQO7EXBrH9IPy3u4Rhy/0VGIrWd+vSe6t8PPe+Jt636qU1YPj4QnEppnBgcjF4QexYdpVlBxHvIr0rYQWoo/6bNXLyX459EfaOnbr6XWn6QjpexFCPtuxvru6mfR6+V/oulFpmJIZ05PMnsQyjEm2CsH2n138C7vw28PxSw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1uBqjB-0008VP-KZ for guix-patches@gnu.org; Mon, 05 May 2025 03:59:05 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#76081] [PATCH v10 6/7] services: oci: Migrate oci-configuration to (guix records). Resent-From: Giacomo Leidi Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 05 May 2025 07:59:05 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 76081 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 76081@debbugs.gnu.org Cc: Giacomo Leidi Received: via spool by 76081-submit@debbugs.gnu.org id=B76081.174643190532581 (code B ref 76081); Mon, 05 May 2025 07:59:05 +0000 Received: (at 76081) by debbugs.gnu.org; 5 May 2025 07:58:25 +0000 Received: from localhost ([127.0.0.1]:38286 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uBqiW-0008TM-ES for submit@debbugs.gnu.org; Mon, 05 May 2025 03:58:25 -0400 Received: from confino.investici.org ([93.190.126.19]:51341) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uBqiI-0008Rp-Ni for 76081@debbugs.gnu.org; Mon, 05 May 2025 03:58:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1746431889; bh=2rKDRRmVHhOae7rEY88xph6nJ6AWx2gQOUzmsOUtq0A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=tbi/gSQQ3QnTkImDAoyMLVxMAshSmXvgljlDD9/AL802DbG/vavfHgj/+4zqfta3b Xryr+Qm2QAg2rS0MuETz3WFt9AlOcuhmkFAdzrmOWK+YG+KmN1JUnPwb8fq1hJ6Fiw YY/lIWHPRpBruAIGLgOf3NNkinaIrlnord4yZTOg= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4ZrYmd2sS5z11L0; Mon, 5 May 2025 07:58:09 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4ZrYmd1dhHz11Bx; Mon, 5 May 2025 07:58:09 +0000 (UTC) Date: Mon, 5 May 2025 09:57:53 +0200 Message-ID: <1f148e2994e78ed4614efe885380c06740515d0b.1746431874.git.goodoldpaul@autistici.org> X-Mailer: git-send-email 2.49.0 In-Reply-To: <2b78b4ce9b0a3a6c0bdbdec5bb16702a5b5083a3.1746431874.git.goodoldpaul@autistici.org> References: <2b78b4ce9b0a3a6c0bdbdec5bb16702a5b5083a3.1746431874.git.goodoldpaul@autistici.org> MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Giacomo Leidi X-ACL-Warn: , Giacomo Leidi via Guix-patches X-Patchwork-Original-From: Giacomo Leidi via Guix-patches via From: Giacomo Leidi Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches This commit migrates oci-configuration to (guix records) singe it appears (for-home (oci-configuration ...)) does not work as expected with (gnu services configuration). This is supposed to be completely transparent for users and can be reverted in the future once this has been implemented. * gnu/service/containers.scm: Migrate oci-configuration to (guix records). --- gnu/services/containers.scm | 199 +++++++++++++++++++++--------------- 1 file changed, 117 insertions(+), 82 deletions(-) diff --git a/gnu/services/containers.scm b/gnu/services/containers.scm index a8d10d842da..a974227e164 100644 --- a/gnu/services/containers.scm +++ b/gnu/services/containers.scm @@ -39,6 +39,7 @@ (define-module (gnu services containers) #:use-module (guix packages) #:use-module (guix profiles) #:use-module ((guix scripts pack) #:prefix pack:) + #:use-module (guix records) #:use-module (guix store) #:use-module (srfi srfi-1) #:use-module (ice-9 format) @@ -168,6 +169,7 @@ (define-module (gnu services containers) oci-container-shepherd-service oci-objects-merge-lst oci-extension-merge + oci-service-extension-wrap-validate oci-service-type oci-service-accounts oci-service-profile @@ -395,7 +397,7 @@ (define (oci-runtime-name runtime) (define (oci-runtime-group runtime maybe-group) "Implement the logic behind selection of the group that is to be used by Shepherd to execute OCI commands." - (if (not (maybe-value-set? maybe-group)) + (if (eq? maybe-group #f) (if (eq? 'podman runtime) "cgroup" "docker") @@ -766,62 +768,74 @@ (define (list-of-oci-networks? value) (define (package-or-string? value) (or (package? value) (string? value))) -(define-maybe/no-serialization package-or-string) - -(define-configuration/no-serialization oci-configuration - (runtime - (symbol 'docker) - "The OCI runtime to use to run commands. It can be either @code{'docker} or -@code{'podman}." - (sanitizer oci-sanitize-runtime)) - (runtime-cli - (maybe-package-or-string) - "The OCI runtime command line to be installed in the system profile and used -to provision OCI resources, it can be either a package or a string representing -an absolute path to the runtime binary entrypoint. When unset it will default -to @code{docker-cli} package for the @code{'docker} runtime or to @code{podman} -package for the @code{'podman} runtime.") - (runtime-extra-arguments - (list '()) - "A list of strings, gexps or file-like objects that will be placed -after each @command{docker} or @command{podman} invokation.") - (user - (string "oci-container") - "The user name under whose authority OCI runtime commands will be run.") - (group - (maybe-string) - "The group name under whose authority OCI commands will be run. When -using the @code{'podman} OCI runtime, this field will be ignored and the -default group of the user configured in the @code{user} field will be used.") - (subuids-range - (maybe-subid-range) - "An optional @code{subid-range} record allocating subuids for the user from -the @code{user} field. When unset, with the rootless Podman OCI runtime, it -defaults to @code{(subid-range (name \"oci-container\"))}.") - (subgids-range - (maybe-subid-range) - "An optional @code{subid-range} record allocating subgids for the user from -the @code{user} field. When unset, with the rootless Podman OCI runtime, it -defaults to @code{(subid-range (name \"oci-container\"))}.") - (containers - (list-of-oci-containers '()) - "The list of @code{oci-container-configuration} records representing the -containers to provision. Most users are supposed not to use this field and use -the @code{oci-extension} record instead.") - (networks - (list-of-oci-networks '()) - "The list of @code{oci-network-configuration} records representing the -networks to provision. Most users are supposed not to use this field and use -the @code{oci-extension} record instead.") - (volumes - (list-of-oci-volumes '()) - "The list of @code{oci-volume-configuration} records representing the -volumes to provision. Most users are supposed not to use this field and use -the @code{oci-extension} record instead.") - (verbose? - (boolean #f) - "When true, additional output will be printed, allowing to better follow the -flow of execution.")) +;; (for-home (oci-configuration ...)) is not able to replace for-home? with #t, +;; pk prints #f. Once for-home will be able to work with (gnu services configuration) the +;; record can be migrated back to define-configuration. +(define-record-type* + oci-configuration + make-oci-configuration + oci-configuration? + this-oci-configuration + + (runtime oci-configuration-runtime + (default 'docker)) + (runtime-cli oci-configuration-runtime-cli + (default #f)) ; package or string + (runtime-extra-arguments oci-configuration-runtime-extra-arguments ; strings or gexps + (default '())) ; or file-like objects + (user oci-configuration-user + (default "oci-container")) + (group oci-configuration-group ; string + (default #f)) + (subuids-range oci-configuration-subuids-range ; subid-range + (default #f)) + (subgids-range oci-configuration-subgids-range ; subid-range + (default #f)) + (containers oci-configuration-containers ; oci-container-configurations + (default '())) + (networks oci-configuration-networks ; oci-network-configurations + (default '())) + (volumes oci-configuration-volumes ; oci-volume-configurations + (default '())) + (verbose? oci-configuration-verbose? + (default #f)) + (home-service? oci-configuration-home-service? + (default for-home?) (innate))) + +;; TODO: This procedure can be dropped once we switch to define-configuration for +;; oci-configuration. +(define (oci-configuration-valid? config) + (define runtime-cli + (oci-configuration-runtime-cli config)) + (define group + (oci-configuration-group config)) + (define subuids-range + (oci-configuration-subuids-range config)) + (define subgids-range + (oci-configuration-subgids-range config)) + (and + (symbol? + (oci-sanitize-runtime (oci-configuration-runtime config))) + (or (eq? runtime-cli #f) + (package-or-string? runtime-cli)) + (list? (oci-configuration-runtime-extra-arguments config)) + (string? (oci-configuration-user config)) + (or (eq? group #f) + (string? group)) + (or (eq? subuids-range #f) + (subid-range? subuids-range)) + (or (eq? subgids-range #f) + (subid-range? subgids-range)) + (list-of-oci-containers? + (oci-configuration-containers config)) + (list-of-oci-networks? + (oci-configuration-networks config)) + (list-of-oci-volumes? + (oci-configuration-volumes config)) + (boolean? + (oci-configuration-verbose? config)) + (boolean? + (oci-configuration-home-service? config)))) (define (oci-runtime-system-environment runtime user) (if (eq? runtime 'podman) @@ -837,7 +851,7 @@ (define (oci-runtime-cli runtime runtime-cli path) ;; It is a user defined absolute path runtime-cli #~(string-append - #$(if (not (maybe-value-set? runtime-cli)) + #$(if (eq? runtime-cli #f) path runtime-cli) #$(if (eq? 'podman runtime) @@ -1581,18 +1595,27 @@ (define (oci-configuration->shepherd-services config) (passwd:gid (getpwnam #$user)))) (oci-runtime-group config (oci-configuration-group config)))) - (verbose? (oci-configuration-verbose? config))) - (oci-state->shepherd-services runtime system-runtime-cli containers networks volumes - #:user user - #:group group - #:verbose? verbose? - #:runtime-extra-arguments - runtime-extra-arguments - #:runtime-environment - (oci-runtime-system-environment runtime user) - #:runtime-requirement - (oci-runtime-system-requirement runtime) - #:networks-requirement '(networking)))) + (verbose? (oci-configuration-verbose? config)) + (home-service? + (oci-configuration-home-service? config))) + (if home-service? + (oci-state->shepherd-services runtime home-runtime-cli containers networks volumes + #:verbose? verbose? + #:networks-name + (oci-networks-home-shepherd-name runtime) + #:volumes-name + (oci-volumes-home-shepherd-name runtime)) + (oci-state->shepherd-services runtime system-runtime-cli containers networks volumes + #:user user + #:group group + #:verbose? verbose? + #:runtime-extra-arguments + runtime-extra-arguments + #:runtime-environment + (oci-runtime-system-environment runtime user) + #:runtime-requirement + (oci-runtime-system-requirement runtime) + #:networks-requirement '(networking))))) (define (oci-service-subids config) "Return a subids-extension record representing subuids and subgids required by @@ -1620,14 +1643,14 @@ (define (oci-service-subids config) (define subgid-ranges (delete-duplicate-ranges (cons - (if (not (maybe-value-set? subgids)) + (if (eq? subgids #f) (subid-range (name user)) subgids) container-users))) (define subuid-ranges (delete-duplicate-ranges (cons - (if (not (maybe-value-set? subuids)) + (if (eq? subuids #f) (subid-range (name user)) subuids) container-users))) @@ -1686,13 +1709,21 @@ (define (oci-service-profile runtime runtime-cli) '() (list (cond - ((maybe-value-set? runtime-cli) + ((not (eq? runtime-cli #f)) runtime-cli) ((eq? 'podman runtime) podman) (else docker-cli)))))) +(define (oci-service-extension-wrap-validate extension) + (lambda (config) + (if (oci-configuration-valid? config) + (extension config) + (raise + (formatted-message + (G_ "Invalide oci-configuration ~a.") config))))) + (define (oci-configuration-extend config extension) (oci-configuration (inherit config) @@ -1721,18 +1752,22 @@ (define oci-service-type (extensions (list (service-extension profile-service-type - (lambda (config) - (let ((runtime-cli - (oci-configuration-runtime-cli config)) - (runtime - (oci-configuration-runtime config))) - (oci-service-profile runtime runtime-cli)))) + (oci-service-extension-wrap-validate + (lambda (config) + (let ((runtime-cli + (oci-configuration-runtime-cli config)) + (runtime + (oci-configuration-runtime config))) + (oci-service-profile runtime runtime-cli))))) (service-extension subids-service-type - oci-service-subids) + (oci-service-extension-wrap-validate + oci-service-subids)) (service-extension account-service-type - oci-service-accounts) + (oci-service-extension-wrap-validate + oci-service-accounts)) (service-extension shepherd-root-service-type - oci-configuration->shepherd-services))) + (oci-service-extension-wrap-validate + oci-configuration->shepherd-services)))) ;; Concatenate OCI object lists. (compose (lambda (args) (fold oci-extension-merge