Hi Ricardo, On Fri, Aug 26, 2022 at 3:43 AM Ricardo Wurmus <rek...@elephly.net> wrote: > > > Hi Yasu > > > Our idea is at the coop is that we want to develop software > > development acceleration tools, and a major part would be > > container-less software provisioning so that composition would not > > mean more and more layers of technical debt... > > Don’t discount containers too soon. Guix has “guix system container”, > which spins up lightweight Guix System containers that share /gnu/store. > You only need to set up a bridge interface on the host and create a > network device pair and move one end into the container’s net namespace.
I thought for sure that 'guix system container' would be something people would love, but it doesn't seem to get much use! Having all containers share the store eliminates several problems that come with Docker's primitive layer approach. When I realized all we had to do was bind mount store items into the container I couldn't believe it was so simple. > You can do containers and compose them without layers upon layers of > file system blobs. The reasons why this is not commonly done on > existing commercial platforms: > > - container images are often provided from different origins, so there > is no trust and thus no way to have them share the same files or > common packages > > - without reproducible builds trust cannot be established > > - container images are erroneously considered a requirement for > isolation, but it is not actually required to use them even in the > presence of an unshared mount namespace. All true. "Container" has come to mean the image more than the execution environment, so Guix containers not being based on disk images makes them not fit in. > Using a shared /gnu/store as a big cache for all containers can be a > real asset. We can learn lessons from the HPC experience here. What might have a positive impact is if Guix had an answer to 'docker compose'. Most of the pieces are there already. Such a tool could be combined with 'guix shell' so you could get all the tools needed for local development *and* automatically start any necessary daemons, like database servers, in isolated containers. - Dave
