pure Guix system in a docker image

[monperrus]

Thanks a lot for the Guix Docker image! It is super useful to experiment with Guix.

Instead of having Alpine + Guix, we could have a pure Guix system as a docker image.

Have you ever seen this?

Thanks! --Martin

[viferga]

Sure, it's a great idea, I had it written in the TODO list: https://github.com/metacall/guix/blob/e9a0e791af919ddf74349cdbb11acc325ee1b48b/TODO#L1

It will improve the docker image size and probably we can pack it on a single layer.

Unfortunately I haven't had time to do it yet. PRs are welcome.

[viferga]

Also I am going to add some documentation as there is people interested on it.

[monperrus]

Also I am going to add some documentation

Looking forward to it. Would be super useful to give it a try!

[viferga]

Also I am going to add some documentation

Looking forward to it. Would be super useful to give it a try!

Check it out: https://github.com/metacall/guix/blob/master/README.md

Probably the ease of usage can be improved, I am using it in order to build https://github.com/metacall/core through this project: https://github.com/metacall/distributable , and that's why I haven't improved it too much. But this can change if more people gets interested on it.

[monperrus]

FYI, I was able to bootstrap a pure guix docker image.

From metacall/guix

guix pack -f docker guix bash coreutils

From the host machine:

docker load < n4l437ih2sg8w3jchry5856vgj8vlapk-docker-pack.tar.gz
docker run -ti guix-bash-coreutils sh

In guix-bash-coreutils this is pure guix, no Alpine anymore.

[viferga]

Is there any way to run guix pack against current snapshot of guix? I mean, on your example you packaged bash and coreutils, but I would like to package also the fixed version of guix (https://github.com/metacall/guix/blob/5600f167f66badebbc1394cf0287351a9b6c21a4/Dockerfile#L69) and the entry point, so the docker imagen can be seen like a daemonless tool.

Does the resulting image has an user when running? Or are the build users defined (https://github.com/metacall/guix/blob/5600f167f66badebbc1394cf0287351a9b6c21a4/Dockerfile#L52)?

[monperrus]

Is there any way to run guix pack against current snapshot of guix?

I'd say yes, by setting right channel, see https://guix.gnu.org/manual/en/html_node/Channels.html

[monperrus]

Does the resulting image has an user when running?

I don't think so, there is no file passwd in /etc.

[viferga]

Does the resulting image has an user when running?

I don't think so, there is no file passwd in /etc.

If it cannot be run, then it is not suitable for CI/CD which is the main objective of this project. I think a good solution may be to use build stages to generate a target (from scratch) with only the Guix dependencies (including Guix itself, among the users and entry point script for allowing to run the daemon).

For example:

FROM alpine AS builder
# ...
FROM scratch AS guix
COPY /gnu /entry-point.sh /etc /

Later on if we want to make it look like a docker image generated by Guix (with a single target), maybe we can find a way for removing the builder target.

[monperrus]

If it cannot be run

Yes, it can be run, I tried it :)

[viferga]

If it cannot be run Yes, it can be run, I tried it :)

Awesome, feel free to implement (and PR) it if you want, or I will try to implement it whenever I have free time.

[viferga]

For more reference: https://lists.gnu.org/archive/html/guix-devel/2019-11/msg00436.html