| Message ID | cf279ef242bd28abcb8c73db99f0b9f57ddf99c8.1707938222.git.~@wolfsden.cz |
|---|---|
| State | New |
| Headers | show |
| Series | [bug#69131,1/2] gnu: Add passt. | expand |
"Add passt" review notes: The following checklist is based on the items listed in the manual (22.7 "Submitting Patches"). Each checklist item may have one of the following statuses: C: Commitable. This item looks as expected for a final commit. CC: Commitable with Context. Like commitable, but some notes have been added providing context about anything notable or unusual. These notes are provided for transparency or to set expectations for the committer and should not be interpreted as meaning that I object to the patch. MR: Minor Repair. There is something about the patch which I think should ideally be changed, but I do not think that the commit should be held up for this reason alone. A: Attention. Something in the patch needs attention from the author, the committer, or both. Resolving the matter may or may not require a change to the patch. Blank: I did not review this aspect of the patch. [CC] Applies cleanly (commit bd87416648929f38c0173f047776d7675ea8a10d) [CC] Cryptographic hash [C ] Synopsis & Description [C ] Package license matches source license [C ] No compiler warnings [CC] `guix lint` output [MR] `guix style` output [C ] Package builds (my host is an x86_64 Xen guest) [ ] Builds for other architectures [C ] No bundled software [ ] Works in container with minimal inputs [C ] `guix size` output [C ] Dependent packages (`guix refresh --list-dependent PACKAGE`) [C ] `guix build --rounds=2` [C ] Gender-neutral wording [C ] One set of related changes [ ] Simulated guix pull # Patch Application The copyright statement in the first patch does not apply cleanly because commit 6002e9e7711136373de5a6325769e9c7d11032c9 recently added it already, but git successfully processed that diff after manually deleting the chunk from the patch. # Cryptographic Signatures I was not able to locate signatures for either the source tarball or the git commits. # Guix Lint Output The linter printed two notes, one that the 'generic-html' updater failed to find upstream releases and another indicated that archives are not available from either Software Heritage or Disarchive. As I understand it, these issues issues should not block the package. Not every package has an automatic updater (though it would be nice if they did) and the release page for this project is atypical. The 'archival' section in the "Invoking 'guix lint'" chapter (9.8) indicates that the Software Heritage will pick up the source at some point in the future. # Guix Style output (Minor repair) The tool made some reasonable-looking changes. I'm not sure if it would be appropriate for me to add a new patch to this thread that applies these changes. # Runs in a container with minimal inputs This package wants to use QEMU, and my machine is already a Xen guest. I know that there are some complications when it comes to nested virtualization. The demo script (at #$output/share/doc/passt/demo.sh) did not "just work" for me, but it's not clear to me that this is a problem with the package. I tried running it with the following: ``` $ # Extra inputs are for the shell script $ ./pre-inst-env guix shell -C iproute2 coreutils util-linux-with-udev passd [env]$ /gnu/store/wgzlv2chrxmk4y4m4fxx8g7x0z59cb98-passt-2023_12_30.f091893/share/doc/passt/demo.sh ```
Skyler Ferris <skyvine@protonmail.com> writes: > # Guix Style output (Minor repair) > The tool made some reasonable-looking changes. I'm not sure if it would > be appropriate for me to add a new patch to this thread that applies > these changes. I sent a v2 with some of the style changes applied. It seems that across guix the more common approach is to put (modify-phases) under the #:phases keyword, and I prefer it. In general I do not believe what `guix style' did to the (arguments) let to more readable code, so I left it as it was. I did adjust the (source) and (description) though. > > # Runs in a container with minimal inputs > This package wants to use QEMU, and my machine is already a Xen guest. I > know that there are some complications when it comes to nested > virtualization. The demo script (at #$output/share/doc/passt/demo.sh) > did not "just work" for me, but it's not clear to me that this is a > problem with the package. I tried running it with the following: > > ``` > $ # Extra inputs are for the shell script > $ ./pre-inst-env guix shell -C iproute2 coreutils util-linux-with-udev > passd > [env]$ > /gnu/store/wgzlv2chrxmk4y4m4fxx8g7x0z59cb98-passt-2023_12_30.f091893/share/doc/passt/demo.sh > ``` I tested the pasta binary instead using podman (--network=pasta), since it was the reason I added this package in the first place. It worked.
diff --git a/gnu/packages/containers.scm b/gnu/packages/containers.scm index a3aa9ac1db..5cd81e85a6 100644 --- a/gnu/packages/containers.scm +++ b/gnu/packages/containers.scm @@ -5,6 +5,7 @@ ;;; Copyright © 2022 Michael Rohleder <mike@rohleder.de> ;;; Copyright © 2023 Zongyuan Li <zongyuan.li@c0x0o.me> ;;; Copyright © 2023 Ricardo Wurmus <rekado@elephly.net> +;;; Copyright © 2024 Tomas Volf <~@wolfsden.cz> ;;; ;;; This file is part of GNU Guix. ;;; @@ -259,6 +260,46 @@ (define-public slirp4netns network namespaces.") (license license:gpl2+))) +(define-public passt + (package + (name "passt") + (version "2023_12_30.f091893") + (source (origin + (method url-fetch) + (uri + (string-append + "https://passt.top/passt/snapshot/passt-" version ".tar.gz")) + (sha256 + (base32 + "1nyd4h93qlxn1r01ffijpsd7r7ny62phki5j58in8gz021jj4f3d")))) + (build-system gnu-build-system) + (arguments + (list + #:make-flags + #~(list (string-append "CC=" #$(cc-for-target)) + "RLIMIT_STACK_VAL=1024" ; ¯\_ (ツ)_/¯ + (string-append "VERSION=" #$version) + (string-append "prefix=" #$output)) + #:tests? #f + #:phases + #~(modify-phases %standard-phases + (delete 'configure)))) + (home-page "https://passt.top") + (synopsis "Plug A Simple Socket Transport") + (description "passt implements a thin layer between guest and host, that +only implements what's strictly needed to pretend processes are running +locally. The TCP adaptation doesn't keep per-connection packet buffers, and +reflects observed sending windows and acknowledgements between the two sides. +This TCP adaptation is needed as passt runs without the CAP_NET_RAW +capability: it can't create raw IP sockets on the pod, and therefore needs to +map packets at Layer-2 to Layer-4 sockets offered by the host kernel. + +Also provides pasta, which similarly to slirp4netns, provides networking to +containers by creating a tap interface available to processes in the +namespace, and mapping network traffic outside the namespace using native +Layer-4 sockets.") + (license (list license:gpl2+ license:bsd-3)))) + (define-public cni-plugins (package (name "cni-plugins")