[PATCH] doc: Add container example to run a web browser.

DoneSubmitted by Pierre Neidhardt.
Details
3 participants
  • Caleb Ristvedt
  • Ludovic Courtès
  • Pierre Neidhardt
Owner
unassigned
Severity
normal
P
P
Pierre Neidhardt wrote on 3 May 10:12 +0200
(address . guix-patches@gnu.org)
20200503081258.21873-1-mail@ambrevar.xyz
* doc/guix.texi (Invoking `guix environment'): Add paragraph and example to run Eolie in a guix environment container. Add `container' cindex for the first container example, and the `certificates' cindex for the web browser example.--- doc/guix.texi | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+)
Toggle diff (38 lines)diff --git a/doc/guix.texi b/doc/guix.texiindex d5d8662937..3c31386036 100644--- a/doc/guix.texi+++ b/doc/guix.texi@@ -4786,6 +4786,7 @@ additionally includes Git and strace: guix environment --pure guix --ad-hoc git strace @end example +@cindex container Sometimes it is desirable to isolate the environment as much as possible, for maximal purity and reproducibility. In particular, when using Guix on a host distro that is not Guix System, it is desirable to@@ -4802,6 +4803,23 @@ guix environment --ad-hoc --container guile -- guile The @code{--container} option requires Linux-libre 3.19 or newer. @end quotation +@cindex certificates+Another typical use case for containers is to run security-sensitive+applications such as a web browser. To run Eolie, we must expose and+share some files and directories; we include @code{nss-certs} and expose+@file{/etc/sll/certs/} for HTTPS authentication; finally we use+@code{env} from the @code{coreutils} package to set the @code{DISPLAY}+environment variable since containerized graphical applications won't+display without it.++@example+guix environment --container --network --expose=/etc/machine-id \+ --expose=/etc/ssl/certs/ \+ --share=$HOME/.local/share/eolie/=$HOME/.local/share/eolie/ \+ --ad-hoc eolie coreutils nss-certs dbus -- \+ env DISPLAY=$DISPLAY eolie+@end example+ The available options are summarized below. @table @code-- 2.25.1
L
L
Ludovic Courtès wrote on 7 May 09:42 +0200
(name . Pierre Neidhardt)(address . mail@ambrevar.xyz)(address . 41041@debbugs.gnu.org)
87zhakdwd0.fsf@gnu.org
Hi,
Pierre Neidhardt <mail@ambrevar.xyz> skribis:
Toggle quote (5 lines)> * doc/guix.texi (Invoking `guix environment'): Add paragraph and example to> run Eolie in a guix environment container. Add `container' cindex for the> first container example, and the `certificates' cindex for the web browser> example.
Good idea!
Toggle quote (7 lines)> +@example> +guix environment --container --network --expose=/etc/machine-id \> + --expose=/etc/ssl/certs/ \> + --share=$HOME/.local/share/eolie/=$HOME/.local/share/eolie/ \> + --ad-hoc eolie coreutils nss-certs dbus -- \> + env DISPLAY=$DISPLAY eolie
Instead of ‘env’, you can preserve the ‘DISPLAY’ variable with:
guix environment -E ^DISPLAY$ …
which in turn allows you to remove ‘coreutils’, maybe.
Otherwise LGTM!
Thanks,Ludo’.
P
P
Pierre Neidhardt wrote on 7 May 09:47 +0200
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 41041@debbugs.gnu.org)
87tv0stcd2.fsf@ambrevar.xyz
Ludovic Courtès <ludo@gnu.org> writes:
Toggle quote (6 lines)> Instead of ‘env’, you can preserve the ‘DISPLAY’ variable with:>> guix environment -E ^DISPLAY$ …>> which in turn allows you to remove ‘coreutils’, maybe.
Good tip, thanks! It's strange that I've seen this "coreutils + env"trick so many times around. I guess we really lacked examples like thisone :)
-- Pierre Neidhardthttps://ambrevar.xyz/
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEUPM+LlsMPZAEJKvom9z0l6S7zH8FAl6zvSkACgkQm9z0l6S7zH88aAgAiT4e/nxZOrDY9YhsBLtQu1h3tnV8iFqPGOoOfoQ6ombAK5ddpt1gZ6LpLYE4k58xlIMHZh+lXaCVkHNA6eLLiI5sOptgA7LZzSEkMAg750W0C91FiUeAvUjpXWZ+JchWhPeekpZk76DDwRm2qcjn2Oc63311/FHlGRorrKtH1pUHBiK3HHnig2oAGmdMcAQ97GqyXJ4wR2yiu+/bfPTFhne61BwD59TyVAya71CtouZfq9iJrtOZZ38g7ss4GraOTSKhMM8Ucwpc35gkKMq/ACDIcfM3NsIQoEI2LWZ40Q3mWfVKUgM22ZY79+8JvfuUR60dZh8rurx0KTM485sz8g===3cLu-----END PGP SIGNATURE-----
C
C
Caleb Ristvedt wrote on 7 May 10:02 +0200
(name . Pierre Neidhardt)(address . mail@ambrevar.xyz)(address . 41041@debbugs.gnu.org)
87d07gqijw.fsf@cune.org
Pierre Neidhardt <mail@ambrevar.xyz> writes:
Toggle quote (3 lines)> +share some files and directories; we include @code{nss-certs} and expose> +@file{/etc/sll/certs/} for HTTPS authentication; finally we use
Typo: sll --> ssl
- reepca
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEdNapMPRLm4SepVYGwWaqSV9/GJwFAl6zwJQACgkQwWaqSV9/GJxHRggAjgOI6FgcBlJlsS+y8U7a5hGmB4i/oQ+qjTaQHcfC4sh8arp6Cr/Ik/0b2W4oTRlz0pjOKnHI2T0KwQtl+75EmacprioiI3Jlbpy9AFQNlWx0sLgTmip7MnEYI4mxwZHbnVQDu9Sq2aR5YSrME7H7CAFV7AP4JLBiZmEUVVSD7euWQMjfpCc/3z8AzQTnL4B0aLo7/x6q8RbHz4oeroFV5/l3n/AahU6FKXWP17IF145DRxxG265+VxBb849/Kfe+bcAIpD89N5GnhXbDCVC78umkcrX2z2th0aTsVTtahjTpJK3/WYxWdH6ft/cFdYH6GLCb3ignv6dKnWI1XlbqNw===7yJ/-----END PGP SIGNATURE-----
P
P
Pierre Neidhardt wrote on 7 May 10:05 +0200
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 41041@debbugs.gnu.org)
87o8r0tbkf.fsf@ambrevar.xyz
Merged with 60131df02b521235a311031f9410f530ded60f33.
-- Pierre Neidhardthttps://ambrevar.xyz/
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEUPM+LlsMPZAEJKvom9z0l6S7zH8FAl6zwTAACgkQm9z0l6S7zH/qOgf/fPXCOfuZOAg87Mtw2Ix8s81BAfffXiU9esQT0JD/M1AuYCEoH5oPSfa3Bd7UfQ/4sxIQZPY/EGGmM2NhbmgiS0cc1rl3fLHEbV79gwKEMfH79KgD5LLqmwAVacrsdKF6/ClL2q1LoNFlos4q1pHJuvWTqT2mqa51ckDVdMpERcy08p/oPT2ize0Vl0nS8A+aFFIPSw/5ilsZQPueM1rTvVwBcRW8JBbaY6HYyaiFG4EXcfr/S2JfgGKp8Sl7SmwoNcdmJlspTo3C7p7aWuRKSffYT7d9+39cLEU18PVdEoGmpiCxDMW108hRfj9VNv8woms999P2GMoEmQUVCGc2Dg===4009-----END PGP SIGNATURE-----
P
P
Pierre Neidhardt wrote on 7 May 10:05 +0200
control message for bug #41041
(address . control@debbugs.gnu.org)
87mu6ktbji.fsf@ambrevar.xyz
close 41041 quit
P
P
Pierre Neidhardt wrote on 7 May 10:38 +0200
Re: [bug#41041] [PATCH] doc: Add container example to run a web browser.
(name . Caleb Ristvedt)(address . caleb.ristvedt@cune.org)(address . 41041@debbugs.gnu.org)
87k11ota1g.fsf@ambrevar.xyz
Good catch! I've just fixed it.
-- Pierre Neidhardthttps://ambrevar.xyz/
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEUPM+LlsMPZAEJKvom9z0l6S7zH8FAl6zyOsACgkQm9z0l6S7zH/itAf+MAHaelQX65DgAeXV1D2GxpYJBN2XjA7Akhb/E7vCVS4fzHxUgDackxCsVRbygq64EKvSLWUPo5Dw9QWX3O06n/wRbUAlah87BbZ2+07iWSpTP6Kn2fKp7sNIgGL7aQKI29XESmXl9Ww0HTAGoeaYIxBrILRc9qlYtKRZhvEIbrNYCtum4HVgYV2TMg5bCCq1xhbXjlnqDFrV8mZ5Tmln7lkcBbRjEatZ9Wgwpb+4xwQYujF1JD8PV6/PhlSsH+Z/88NrO/gb+hP0tIIpREBaGMck7NMWwY08+r1uIj2G1nWL8+kmXST7rFhPgBJN5vIYAG3pV1N2laowZaLz7u3feQ===gXf4-----END PGP SIGNATURE-----
?