summaryrefslogtreecommitdiff
path: root/gnu/system
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/system')
-rw-r--r--gnu/system/file-systems.scm8
-rw-r--r--gnu/system/image.scm154
-rw-r--r--gnu/system/images/hurd.scm32
-rw-r--r--gnu/system/images/pine64.scm59
-rw-r--r--gnu/system/linux-container.scm59
5 files changed, 252 insertions, 60 deletions
diff --git a/gnu/system/file-systems.scm b/gnu/system/file-systems.scm
index 5c02dfac93..464e87cb18 100644
--- a/gnu/system/file-systems.scm
+++ b/gnu/system/file-systems.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2020 Google LLC
;;; Copyright © 2020 Jakub Kądziołka <kuba@kadziolka.net>
;;; Copyright © 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;;
@@ -590,11 +591,8 @@ a bind mount."
;; XXX: On some GNU/Linux systems, /etc/resolv.conf is a
;; symlink to a file in a tmpfs which, for an unknown reason,
;; cannot be bind mounted read-only within the container.
- ;; The same goes with /var/run/nscd, as discussed in
- ;; <https://bugs.gnu.org/37967>.
- (writable? (or (string=? file "/etc/resolv.conf")
- (string=? file "/var/run/nscd")))))
- (cons "/var/run/nscd" %network-configuration-files)))
+ (writable? (string=? file "/etc/resolv.conf"))))
+ %network-configuration-files))
(define (file-system-type-predicate type)
"Return a predicate that, when passed a file system, returns #t if that file
diff --git a/gnu/system/image.scm b/gnu/system/image.scm
index 97c7021454..1b5ceb3553 100644
--- a/gnu/system/image.scm
+++ b/gnu/system/image.scm
@@ -18,6 +18,8 @@
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu system image)
+ #:use-module (guix diagnostics)
+ #:use-module (guix discovery)
#:use-module (guix gexp)
#:use-module (guix modules)
#:use-module (guix monads)
@@ -47,11 +49,13 @@
#:use-module (gnu packages hurd)
#:use-module (gnu packages linux)
#:use-module (gnu packages mtools)
+ #:use-module (gnu packages virtualization)
#:use-module ((srfi srfi-1) #:prefix srfi-1:)
#:use-module (srfi srfi-11)
#:use-module (srfi srfi-26)
#:use-module (srfi srfi-35)
#:use-module (rnrs bytevectors)
+ #:use-module (ice-9 format)
#:use-module (ice-9 match)
#:export (root-offset
root-label
@@ -61,10 +65,20 @@
efi-disk-image
iso9660-image
+ arm64-disk-image
- find-image
+ image-with-os
+ raw-image-type
+ qcow2-image-type
+ iso-image-type
+ uncompressed-iso-image-type
+ arm64-image-type
+
+ image-with-label
system-image
- image-with-label))
+
+ %image-types
+ lookup-image-type-by-name))
;;;
@@ -111,6 +125,64 @@
(label "GUIX_IMAGE")
(flags '(boot)))))))
+(define arm64-disk-image
+ (image
+ (format 'disk-image)
+ (target "aarch64-linux-gnu")
+ (partitions
+ (list (partition
+ (inherit root-partition)
+ (offset root-offset))))
+ ;; FIXME: Deleting and creating "/var/run" and "/tmp" on the overlayfs
+ ;; fails.
+ (volatile-root? #f)))
+
+
+;;;
+;;; Images types.
+;;;
+
+(define-syntax-rule (image-with-os base-image os)
+ "Return an image inheriting from BASE-IMAGE, with the operating-system field
+set to the given OS."
+ (image
+ (inherit base-image)
+ (operating-system os)))
+
+(define raw-image-type
+ (image-type
+ (name 'raw)
+ (constructor (cut image-with-os efi-disk-image <>))))
+
+(define qcow2-image-type
+ (image-type
+ (name 'qcow2)
+ (constructor (cut image-with-os
+ (image
+ (inherit efi-disk-image)
+ (name 'image.qcow2)
+ (format 'compressed-qcow2))
+ <>))))
+
+(define iso-image-type
+ (image-type
+ (name 'iso9660)
+ (constructor (cut image-with-os iso9660-image <>))))
+
+(define uncompressed-iso-image-type
+ (image-type
+ (name 'uncompressed-iso9660)
+ (constructor (cut image-with-os
+ (image
+ (inherit iso9660-image)
+ (compression? #f))
+ <>))))
+
+(define arm64-image-type
+ (image-type
+ (name 'arm)
+ (constructor (cut image-with-os arm64-disk-image <>))))
+
;;
;; Helpers.
@@ -149,6 +221,7 @@
(with-imported-modules `(,@(source-module-closure
'((gnu build vm)
(gnu build image)
+ (gnu build bootloader)
(gnu build hurd-boot)
(gnu build linux-boot)
(guix store database))
@@ -157,6 +230,7 @@
#~(begin
(use-modules (gnu build vm)
(gnu build image)
+ (gnu build bootloader)
(gnu build hurd-boot)
(gnu build linux-boot)
(guix store database)
@@ -207,8 +281,8 @@ used in the image."
(define (format->image-type format)
;; Return the genimage format corresponding to FORMAT. For now, only
;; the hdimage format (raw disk-image) is supported.
- (case format
- ((disk-image) "hdimage")
+ (cond
+ ((memq format '(disk-image compressed-qcow2)) "hdimage")
(else
(raise (condition
(&message
@@ -306,25 +380,24 @@ image ~a {
(name (if image-name
(symbol->string image-name)
name))
+ (format (image-format image))
(substitutable? (image-substitutable? image))
(builder
(with-imported-modules*
- (let ((inputs '#+(list genimage coreutils findutils))
+ (let ((inputs '#+(list genimage coreutils findutils qemu-minimal))
(bootloader-installer
- #+(bootloader-disk-image-installer bootloader)))
+ #+(bootloader-disk-image-installer bootloader))
+ (out-image (string-append "images/" #$genimage-name)))
(set-path-environment-variable "PATH" '("bin" "sbin") inputs)
- (genimage #$(image->genimage-cfg image) #$output)
+ (genimage #$(image->genimage-cfg image))
;; Install the bootloader directly on the disk-image.
(when bootloader-installer
(bootloader-installer
#+(bootloader-package bootloader)
#$(root-partition-index image)
- (string-append #$output "/" #$genimage-name))))))
- (image-dir (computed-file "image-dir" builder)))
- (computed-file name
- #~(symlink
- (string-append #$image-dir "/" #$genimage-name)
- #$output)
+ out-image))
+ (convert-disk-image out-image '#$format #$output)))))
+ (computed-file name builder
#:options `(#:substitutable? ,substitutable?))))
@@ -340,7 +413,7 @@ image ~a {
(define* (system-iso9660-image image
#:key
- (name "iso9660-image")
+ (name "image.iso")
bootcfg
bootloader
register-closures?
@@ -441,7 +514,7 @@ returns an image record where the first partition's label is set to <label>."
image-size)
(else root-size))))
-(define* (image-with-os base-image os)
+(define* (image-with-os* base-image os)
"Return an image based on BASE-IMAGE but with the operating-system field set
to OS. Also set the UUID and the size of the root partition."
(define root-file-system
@@ -522,20 +595,21 @@ image, depending on IMAGE format."
(with-parameters ((%current-target-system target))
(let* ((os (operating-system-for-image image))
- (image* (image-with-os image os))
+ (image* (image-with-os* image os))
+ (image-format (image-format image))
(register-closures? (has-guix-service-type? os))
(bootcfg (operating-system-bootcfg os))
(bootloader (bootloader-configuration-bootloader
(operating-system-bootloader os))))
- (case (image-format image)
- ((disk-image)
+ (cond
+ ((memq image-format '(disk-image compressed-qcow2))
(system-disk-image image*
#:bootcfg bootcfg
#:bootloader bootloader
#:register-closures? register-closures?
#:inputs `(("system" ,os)
("bootcfg" ,bootcfg))))
- ((iso9660)
+ ((memq image-format '(iso9660))
(system-iso9660-image
image*
#:bootcfg bootcfg
@@ -554,18 +628,34 @@ image, depending on IMAGE format."
#:grub-mkrescue-environment
'(("MKRESCUE_SED_MODE" . "mbr_only"))))))))
-(define (find-image file-system-type target)
- "Find and return an image built that could match the given FILE-SYSTEM-TYPE,
-built for TARGET. This is useful to adapt to interfaces written before the
-addition of the <image> record."
- (match file-system-type
- ("iso9660" iso9660-image)
- (_ (cond
- ((and target
- (hurd-triplet? target))
- (module-ref (resolve-interface '(gnu system images hurd))
- 'hurd-disk-image))
- (else
- efi-disk-image)))))
+
+;;
+;; Image detection.
+;;
+
+(define (image-modules)
+ "Return the list of image modules."
+ (cons (resolve-interface '(gnu system image))
+ (all-modules (map (lambda (entry)
+ `(,entry . "gnu/system/images/"))
+ %load-path)
+ #:warn warn-about-load-error)))
+
+(define %image-types
+ ;; The list of publically-known image types.
+ (delay (fold-module-public-variables (lambda (obj result)
+ (if (image-type? obj)
+ (cons obj result)
+ result))
+ '()
+ (image-modules))))
+
+(define (lookup-image-type-by-name name)
+ "Return the image type called NAME."
+ (or (srfi-1:find (lambda (image-type)
+ (eq? name (image-type-name image-type)))
+ (force %image-types))
+ (raise
+ (formatted-message (G_ "~a: no such image type~%") name))))
;;; image.scm ends here
diff --git a/gnu/system/images/hurd.scm b/gnu/system/images/hurd.scm
index d87640e8e3..4417952c5d 100644
--- a/gnu/system/images/hurd.scm
+++ b/gnu/system/images/hurd.scm
@@ -29,9 +29,13 @@
#:use-module (gnu system file-systems)
#:use-module (gnu system hurd)
#:use-module (gnu system image)
+ #:use-module (srfi srfi-26)
#:export (hurd-barebones-os
hurd-disk-image
- hurd-barebones-disk-image))
+ hurd-image-type
+ hurd-qcow2-image-type
+ hurd-barebones-disk-image
+ hurd-barebones-qcow2-image))
(define hurd-barebones-os
(operating-system
@@ -82,8 +86,28 @@
(flags '(boot))
(initializer hurd-initialize-root-partition))))))
+(define hurd-image-type
+ (image-type
+ (name 'hurd-raw)
+ (constructor (cut image-with-os hurd-disk-image <>))))
+
+(define hurd-qcow2-image-type
+ (image-type
+ (name 'hurd-qcow2)
+ (constructor (lambda (os)
+ (image
+ (inherit hurd-disk-image)
+ (format 'compressed-qcow2)
+ (operating-system os))))))
+
(define hurd-barebones-disk-image
(image
- (inherit hurd-disk-image)
- (name 'hurd-barebones-disk-image)
- (operating-system hurd-barebones-os)))
+ (inherit
+ (os->image hurd-barebones-os #:type hurd-image-type))
+ (name 'hurd-barebones-disk-image)))
+
+(define hurd-barebones-qcow2-image
+ (image
+ (inherit
+ (os->image hurd-barebones-os #:type hurd-qcow2-image-type))
+ (name 'hurd-barebones.qcow2)))
diff --git a/gnu/system/images/pine64.scm b/gnu/system/images/pine64.scm
new file mode 100644
index 0000000000..c738a77078
--- /dev/null
+++ b/gnu/system/images/pine64.scm
@@ -0,0 +1,59 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2020 Mathieu Othacehe <m.othacehe@gmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu system images pine64)
+ #:use-module (gnu bootloader)
+ #:use-module (gnu bootloader u-boot)
+ #:use-module (gnu image)
+ #:use-module (gnu packages linux)
+ #:use-module (gnu services)
+ #:use-module (gnu services base)
+ #:use-module (gnu system)
+ #:use-module (gnu system file-systems)
+ #:use-module (gnu system image)
+ #:use-module (srfi srfi-26)
+ #:export (pine64-barebones-os
+ pine64-image-type))
+
+(define pine64-barebones-os
+ (operating-system
+ (host-name "vignemale")
+ (timezone "Europe/Paris")
+ (locale "en_US.utf8")
+ (bootloader (bootloader-configuration
+ (bootloader u-boot-pine64-lts-bootloader)
+ (target "/dev/vda")))
+ (initrd-modules '())
+ (kernel linux-libre-arm64-generic)
+ (file-systems (cons (file-system
+ (device (file-system-label "my-root"))
+ (mount-point "/")
+ (type "ext4"))
+ %base-file-systems))
+ (services (cons (service agetty-service-type
+ (agetty-configuration
+ (extra-options '("-L")) ; no carrier detect
+ (baud-rate "115200")
+ (term "vt100")
+ (tty "ttyS0")))
+ %base-services))))
+
+(define pine64-image-type
+ (image-type
+ (name 'pine64-raw)
+ (constructor (cut image-with-os arm64-disk-image <>))))
diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm
index c5e2e4bf9c..4a9cd0efe2 100644
--- a/gnu/system/linux-container.scm
+++ b/gnu/system/linux-container.scm
@@ -3,6 +3,7 @@
;;; Copyright © 2016, 2017, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2019 Arun Isaac <arunisaac@systemreboot.net>
;;; Copyright © 2020 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2020 Google LLC
;;;
;;; This file is part of GNU Guix.
;;;
@@ -77,6 +78,15 @@ doing anything.")
(start #~(const #t))))
#f))
+(define %nscd-container-caches
+ ;; Similar to %nscd-default-caches but with smaller cache sizes. This allows
+ ;; many containers to coexist on the same machine without exhausting RAM.
+ (map (lambda (cache)
+ (nscd-cache
+ (inherit cache)
+ (max-database-size (expt 2 18)))) ;256KiB
+ %nscd-default-caches))
+
(define* (containerized-operating-system os mappings
#:key
shared-network?
@@ -100,22 +110,39 @@ containerized OS. EXTRA-FILE-SYSTEMS is a list of file systems to add to OS."
(file-system (inherit (file-system-mapping->bind-mount fs))
(needed-for-boot? #t)))
- (define useless-services
- ;; Services that make no sense in a container. Those that attempt to
- ;; access /dev/tty[0-9] in particular cannot work in a container.
+ (define services-to-drop
+ ;; Service types to filter from the original operating-system. Some of
+ ;; these make no sense in a container (e.g., those that access
+ ;; /dev/tty[0-9]), while others just need to be reinstantiated with
+ ;; different configs that are better suited to containers.
(append (list console-font-service-type
mingetty-service-type
- agetty-service-type)
- ;; Remove nscd service if network is shared with the host.
+ agetty-service-type
+ ;; Reinstantiated below with smaller caches.
+ nscd-service-type)
(if shared-network?
- (list nscd-service-type
- static-networking-service-type
- dhcp-client-service-type
- network-manager-service-type
- connman-service-type
- wicd-service-type)
+ ;; Replace these with dummy-networking-service-type below.
+ (list
+ static-networking-service-type
+ dhcp-client-service-type
+ network-manager-service-type
+ connman-service-type
+ wicd-service-type)
(list))))
+ (define services-to-add
+ (append
+ ;; Many Guix services depend on a 'networking' shepherd
+ ;; service, so make sure to provide a dummy 'networking'
+ ;; service when we are sure that networking is already set up
+ ;; in the host and can be used. That prevents double setup.
+ (if shared-network?
+ (list (service dummy-networking-service-type))
+ '())
+ (list
+ (nscd-service (nscd-configuration
+ (caches %nscd-container-caches))))))
+
(operating-system
(inherit os)
(swap-devices '()) ; disable swap
@@ -124,15 +151,9 @@ containerized OS. EXTRA-FILE-SYSTEMS is a list of file systems to add to OS."
#:shared-network? shared-network?))
(services (append (remove (lambda (service)
(memq (service-kind service)
- useless-services))
+ services-to-drop))
(operating-system-user-services os))
- ;; Many Guix services depend on a 'networking' shepherd
- ;; service, so make sure to provide a dummy 'networking'
- ;; service when we are sure that networking is already set up
- ;; in the host and can be used. That prevents double setup.
- (if shared-network?
- (list (service dummy-networking-service-type))
- '())))
+ services-to-add))
(file-systems (append (map mapping->fs
(if shared-network?
(append %network-file-mappings mappings)
generated by cgit v1.2.3 (git 2.44.0) at 2024-07-09 03:44:45 +0000