From patchwork Thu Jan 11 20:39:49 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Giacomo Leidi <goodoldpaul@autistici.org>
X-Patchwork-Id: 58806
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id F3D7D27BBE2; Thu, 11 Jan 2024 20:42:02 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,
	SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no
	version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id AC6F827BBEA
	for <patchwork@mira.cbaines.net>; Thu, 11 Jan 2024 20:42:00 +0000 (GMT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1rO1rc-0004tN-Bv; Thu, 11 Jan 2024 15:41:20 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1rO1rO-0004qD-Bc
 for guix-patches@gnu.org; Thu, 11 Jan 2024 15:41:08 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1rO1rN-0006Cc-MX
 for guix-patches@gnu.org; Thu, 11 Jan 2024 15:41:05 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1rO1rL-0002lo-70
 for guix-patches@gnu.org; Thu, 11 Jan 2024 15:41:03 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#67613] [PATCH v2 1/5] gnu: docker: Provide escape hatch in
 oci-container-configuration.
References: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@autistici.org>
In-Reply-To: <10a8cae4-a5a2-a2e0-fa64-95650ae2e703@autistici.org>
Resent-From: Giacomo Leidi <goodoldpaul@autistici.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Thu, 11 Jan 2024 20:41:03 +0000
Resent-Message-ID: <handler.67613.B67613.170500561710531@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 67613
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: 
To: 67613@debbugs.gnu.org
Cc: Giacomo Leidi <goodoldpaul@autistici.org>
Received: via spool by 67613-submit@debbugs.gnu.org id=B67613.170500561710531
 (code B ref 67613); Thu, 11 Jan 2024 20:41:03 +0000
Received: (at 67613) by debbugs.gnu.org; 11 Jan 2024 20:40:17 +0000
Received: from localhost ([127.0.0.1]:34044 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1rO1qa-0002jh-DX
 for submit@debbugs.gnu.org; Thu, 11 Jan 2024 15:40:17 -0500
Received: from confino.investici.org ([93.190.126.19]:45877)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <goodoldpaul@autistici.org>) id 1rO1qX-0002j1-1B
 for 67613@debbugs.gnu.org; Thu, 11 Jan 2024 15:40:14 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org;
 s=stigmate; t=1705005614;
 bh=XWMm9aw5xTxGJSFe/HmCEMWJtNwk9h+dQ0nFyKudE2U=;
 h=From:To:Cc:Subject:Date:From;
 b=B2quKg7pzfri8ER+3yh9ZD0TZWgI2vgJv//pr++iAPwHSBsrA/jGt0pzwynowTKsT
 SUmqqGWYOBeJDU1H6bNj4Sr2qJ0wxTm8SlnH7F2PYTOX8DcP0BrW0TFNER+gyhwYOA
 onW4JXk8o5pweuRbkt9/ZBNBQ91AJs55lDpqF4dw=
Received: from mx1.investici.org (unknown [127.0.0.1])
 by confino.investici.org (Postfix) with ESMTP id 4T9xPV5N4jz112x;
 Thu, 11 Jan 2024 20:40:14 +0000 (UTC)
Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19])
 (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with
 ESMTPSA id 4T9xPV4QQRz10w5; Thu, 11 Jan 2024 20:40:14 +0000 (UTC)
Date: Thu, 11 Jan 2024 21:39:49 +0100
Message-ID: <20240111203954.29335-1-goodoldpaul@autistici.org>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Reply-to: Giacomo Leidi <goodoldpaul@autistici.org>
X-ACL-Warn: ,  Giacomo Leidi via Guix-patches <guix-patches@gnu.org>
X-Patchwork-Original-From: Giacomo Leidi via Guix-patches via
 <guix-patches@gnu.org>
From: Giacomo Leidi <goodoldpaul@autistici.org>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

* gnu/services/docker.scm (oci-container-configuration)
[extra-arguments]: New field;
(oci-sanitize-extra-arguments): sanitize it;
(oci-container-shepherd-service): use it;
* doc/guix.texi: document it.

Change-Id: I54c74ac2fe0f5ca65ca5a1d0d7f3fb55ff428063
---
 doc/guix.texi           | 13 ++++++++++---
 gnu/services/docker.scm | 42 ++++++++++++++++++++++++++++++++++-------
 2 files changed, 45 insertions(+), 10 deletions(-)


base-commit: 637b72e2b83a6332849218ef1f193124fa8239eb

diff --git a/doc/guix.texi b/doc/guix.texi
index 395545bed7..ce239c603d 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -39844,7 +39844,8 @@ Set environment variables. This can be a list of pairs or strings, even mixed:
       "JAVA_HOME=/opt/java")
 @end lisp
 
-String are passed directly to the Docker CLI. You can refer to the
+Pair members can be strings, gexps or file-like objects.
+Strings are passed directly to the Docker CLI.  You can refer to the
 @uref{https://docs.docker.com/engine/reference/commandline/run/#env,upstream}
 documentation for semantics.
 
@@ -39868,7 +39869,8 @@ list of pairs or strings, even mixed:
       "10443:443")
 @end lisp
 
-String are passed directly to the Docker CLI.  You can refer to the
+Pair members can be strings, gexps or file-like objects.
+Strings are passed directly to the Docker CLI.  You can refer to the
 @uref{https://docs.docker.com/engine/reference/commandline/run/#publish,upstream}
 documentation for semantics.
 
@@ -39881,7 +39883,8 @@ list of pairs or strings, even mixed:
       "/gnu/store:/gnu/store")
 @end lisp
 
-String are passed directly to the Docker CLI.  You can refer to the
+Pair members can be strings, gexps or file-like objects.
+Strings are passed directly to the Docker CLI.  You can refer to the
 @uref{https://docs.docker.com/engine/reference/commandline/run/#volume,upstream}
 documentation for semantics.
 
@@ -39896,6 +39899,10 @@ You can refer to the
 @url{https://docs.docker.com/engine/reference/run/#workdir,upstream}
 documentation for semantics.
 
+@item @code{extra-arguments} (default: @code{()}) (type: list)
+A list of strings, gexps or file-like objects that will be directly
+passed to the @command{docker run} invokation.
+
 @end table
 
 @end deftp
diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm
index 4d32b96847..b4fd94d1fd 100644
--- a/gnu/services/docker.scm
+++ b/gnu/services/docker.scm
@@ -58,6 +58,9 @@ (define-module (gnu services docker)
             oci-container-configuration-network
             oci-container-configuration-ports
             oci-container-configuration-volumes
+            oci-container-configuration-container-user
+            oci-container-configuration-workdir
+            oci-container-configuration-extra-arguments
             oci-container-service-type
             oci-container-shepherd-service))
 
@@ -297,6 +300,21 @@ (define (oci-sanitize-volumes value)
   ;; '(("/mnt/dir" . "/dir") "/run/current-system/profile:/java")
   (oci-sanitize-mixed-list "volumes" value ":"))
 
+(define (oci-sanitize-extra-arguments value)
+  (define (valid? member)
+    (or (string? member)
+        (gexp? member)
+        (file-like? member)))
+  (map
+   (lambda (el)
+     (if (valid? el)
+         el
+         (raise
+          (formatted-message
+           (G_ "extra arguments may only be strings, gexps or file-like objects
+but ~a was found") el))))
+   value))
+
 (define-maybe/no-serialization string)
 
 (define-configuration/no-serialization oci-container-configuration
@@ -322,7 +340,8 @@ (define-configuration/no-serialization oci-container-configuration
       \"JAVA_HOME=/opt/java\")
 @end lisp
 
-String are passed directly to the Docker CLI.  You can refer to the
+Pair members can be strings, gexps or file-like objects. Strings are passed
+directly to the Docker CLI.  You can refer to the
 @url{https://docs.docker.com/engine/reference/commandline/run/#env,upstream}
 documentation for semantics."
    (sanitizer oci-sanitize-environment))
@@ -347,7 +366,8 @@ (define-configuration/no-serialization oci-container-configuration
       \"10443:443\")
 @end lisp
 
-String are passed directly to the Docker CLI.  You can refer to the
+Pair members can be strings, gexps or file-like objects. Strings are passed
+directly to the Docker CLI.  You can refer to the
 @url{https://docs.docker.com/engine/reference/commandline/run/#publish,upstream}
 documentation for semantics."
    (sanitizer oci-sanitize-ports))
@@ -361,7 +381,8 @@ (define-configuration/no-serialization oci-container-configuration
       \"/gnu/store:/gnu/store\")
 @end lisp
 
-String are passed directly to the Docker CLI.  You can refer to the
+Pair members can be strings, gexps or file-like objects. Strings are passed
+directly to the Docker CLI.  You can refer to the
 @url{https://docs.docker.com/engine/reference/commandline/run/#volume,upstream}
 documentation for semantics."
    (sanitizer oci-sanitize-volumes))
@@ -375,7 +396,12 @@ (define-configuration/no-serialization oci-container-configuration
    "Set the current working for the spawned Shepherd service.
 You can refer to the
 @url{https://docs.docker.com/engine/reference/run/#workdir,upstream}
-documentation for semantics."))
+documentation for semantics.")
+  (extra-arguments
+   (list '())
+   "A list of strings, gexps or file-like objects that will be directly passed
+to the @command{docker run} invokation."
+   (sanitizer oci-sanitize-extra-arguments)))
 
 (define oci-container-configuration->options
   (lambda (config)
@@ -428,7 +454,9 @@ (define (guess-name name image)
          (provision (oci-container-configuration-provision config))
          (image (oci-container-configuration-image config))
          (options (oci-container-configuration->options config))
-         (name (guess-name provision image)))
+         (name (guess-name provision image))
+         (extra-arguments
+          (oci-container-configuration-extra-arguments config)))
 
     (shepherd-service (provision `(,(string->symbol name)))
                       (requirement '(dockerd user-processes))
@@ -441,7 +469,7 @@ (define (guess-name name image)
                           ;; docker run [OPTIONS] IMAGE [COMMAND] [ARG...]
                           (list #$docker-command "run" "--rm"
                                 "--name" #$name
-                                #$@options #$image #$@command)
+                                #$@options #$@extra-arguments #$image #$@command)
                           #:user #$user
                           #:group #$group))
                       (stop
@@ -482,5 +510,5 @@ (define oci-container-service-type
                 (extend append)
                 (compose concatenate)
                 (description
-                 "This service allows the management of Docker and OCI
+                 "This service allows the management of OCI
 containers as Shepherd services.")))