Hi Ludovic,
Ludovic Courtès <ludovic.cour...@inria.fr> writes:
> ‘guix pack -f docker’ currently creates an image without
> /etc/{passwd,group,shadow}.
>
> It’s OK most of the time, but again it looks like a gratuitous annoyance
> for those cases where having them around matters (that’s also the reason
> why guix-daemon creates them.)
Would that include the files required for PAM authentication to work
correctly? I remember struggling with this use case: using the Docker
image with CQFD wrapper, which must be able to create a user and
sudo'ing (or 'su') to it in the docker container. I had started
populating base files such as shadow, passwd, etc. but when confronted
with the PAM configuration (which sudo was complaining about), it
appeared intimidating. I then decided to modify my operating system
declaration so that it'd contain the required Shepherd services that
populate /etc, and devise a hack to call
'/var/guix/profiles/system/boot' when the container would start.
The minimal system configuration (+ python stuff, which was the
requirement) I came up with was:
--8<---------------cut here---------------end--------------->8---
;; This is an operating system configuration template for a bare-bone,
;; containerization-friendly setup, with no X11 display server and
;; no Guix daemon / client.
(use-modules (gnu)
(gnu packages bash)
(gnu packages python)
(gnu packages python-xyz)
(gnu packages xml)
(guix packages))
(operating-system
(host-name "robot-framework")
(timezone "America/Montreal")
;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the
;; target hard disk, and "my-root" is the label of the target
;; root file system.
(bootloader (bootloader-configuration
(bootloader grub-bootloader)
(target "/dev/sda")))
(file-systems (cons (file-system
(device (file-system-label "my-root"))
(mount-point "/")
(type "ext4"))
%base-file-systems))
(users (cons (user-account
(name "builder")
(group "users")
(supplementary-groups '("wheel"))
(home-directory "/home/builder"))
%base-user-accounts))
;; Globally-installed packages.
(packages (cons* python-wrapper
(list python "tk")
python-robotframework
python-robotframework-sshlibrary
python-robotframework-lint
python-xmltodict
%base-packages))
(services (list
;; Enable #!/bin/sh and #!/bin/bash shebangs.
(service special-files-service-type
`(("/bin/bash" ,(file-append (canonical-package bash)
"/bin/bash"))))
(service special-files-service-type
`(("/bin/sh" ,(file-append (canonical-package bash)
"/bin/sh"))))
;; The following is a very small subset extracted of
;; %base-services.
(service login-service-type)
(service udev-service-type (udev-configuration))
(syslog-service)))
;; When using sudo, by default some environment variables such as
;; PYTHONPATH are dropped. Make it so that any environment
;; variables are honored. This is important so that the Guix system
;; profile can work correctly for any user.
(sudoers-file (plain-file "sudoers" "\
root ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
Defaults !env_reset,!env_delete\n")))
--8<---------------cut here---------------end--------------->8---
Maxim
