aboutsummaryrefslogtreecommitdiff
path: root/tests/guix-pack-relocatable.sh
blob: 2fc9fde0bd985bf82b92c08261e450c026f7e3f8 (about) (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252

# GNU Guix --- Functional package management for GNU
# Copyright © 2018, 2019, 2020, 2023 Ludovic Courtès <ludo@gnu.org>
# Copyright © 2020 Eric Bavier <bavier@posteo.net>
#
# This file is part of GNU Guix.
#
# GNU Guix is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# GNU Guix is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

#
# Test the 'guix pack --relocatable' using the external store, if any.
#

guix pack --version

# 'guix pack --relocatable' requires a C compiler and libc.a, which our
# bootstrap binaries don't provide.  To make the test relatively inexpensive,
# run it on the user's global store if possible, on the grounds that binaries
# may already be there or can be built or downloaded inexpensively.

storedir="`guile -c '(use-modules (guix config))(display %storedir)'`"
localstatedir="`guile -c '(use-modules (guix config))(display %localstatedir)'`"
NIX_STORE_DIR="$storedir"
GUIX_DAEMON_SOCKET="$localstatedir/guix/daemon-socket/socket"
export NIX_STORE_DIR GUIX_DAEMON_SOCKET

if ! guile -c '(use-modules (guix)) (exit (false-if-exception (open-connection)))'
then
    exit 77
fi

# Attempt to run the given command in a namespace where the store is
# invisible.  This makes sure the presence of the store does not hide
# problems.
run_without_store ()
{
    if unshare -r true		# Are user namespaces supported?
    then
	# Run that relocatable executable in a user namespace where we "erase"
	# the store by mounting an empty file system on top of it.  That way,
	# we exercise the wrapper code that creates the user namespace and
	# bind-mounts the store.
	unshare -mrf sh -c 'mount -t tmpfs -o ro none "$NIX_STORE_DIR"; '"$*"
    else
	# Run the relocatable program in the current namespaces.  This is a
	# weak test because we're going to access store items from the host
	# store.
	sh -c "$*"
    fi
}

# Wait for the given file to show up.  Error out if it doesn't show up in a
# timely fashion.
wait_for_file ()
{
    i=0
    while ! test -f "$1" && test $i -lt 20
    do
	sleep 0.3
	i=`expr $i + 1`
    done
    test -f "$1"
}

test_directory="`mktemp -d`"
export test_directory
trap 'chmod -Rf +w "$test_directory"; rm -rf "$test_directory"' EXIT

if unshare -r true
then
    # Test the 'userns' execution engine.
    tarball="`guix pack -R -S /Bin=bin sed`"
    (cd "$test_directory"; tar xvf "$tarball")

    chmod +w "$test_directory"
    run_without_store "$test_directory/Bin/sed" --version > "$test_directory/output"
    grep 'GNU sed' "$test_directory/output"

    # Same with an explicit engine.
    run_without_store GUIX_EXECUTION_ENGINE="userns" \
		      "$test_directory/Bin/sed" --version > "$test_directory/output"
    grep 'GNU sed' "$test_directory/output"

    # Check whether the exit code is preserved.
    run_without_store "$test_directory/Bin/sed" --does-not-exist && false

    chmod -Rf +w "$test_directory"; rm -rf "$test_directory"/*
else
    echo "'userns' execution tests skipped" >&2
fi

case "`uname -m`" in
    x86_64|i?86)
	# Try '-RR' and PRoot.
	tarball="`guix pack -RR -S /Bin=bin sed`"
	tar tvf "$tarball" | grep /bin/proot
	(cd "$test_directory"; tar xf "$tarball")
	chmod +w "$test_directory"
	run_without_store GUIX_EXECUTION_ENGINE="proot" \
	"$test_directory/Bin/sed" --version > "$test_directory/output"
	grep 'GNU sed' "$test_directory/output"

	# Now with fakechroot.
	run_without_store GUIX_EXECUTION_ENGINE="fakechroot" \
	"$test_directory/Bin/sed" --version > "$test_directory/output"
	grep 'GNU sed' "$test_directory/output"
	unset GUIX_EXECUTION_ENGINE

	chmod -Rf +w "$test_directory"; rm -rf "$test_directory"/*

	if unshare -r true
	then
	    # Check whether the store contains everything it should.  Check
	    # once when erasing $STORE_PARENT ("/gnu") and once when erasing
	    # $NIX_STORE_DIR ("/gnu/store").
	    tarball="`guix pack -RR -S /bin=bin bash-minimal`"
	    (cd "$test_directory"; tar xf "$tarball")

	    STORE_PARENT="`dirname $NIX_STORE_DIR`"
	    export STORE_PARENT

	    for engine in userns proot fakechroot
	    do
		for i in $(guix gc -R $(guix build bash-minimal | grep -v -e '-doc$'))
		do
		    unshare -mrf sh -c "mount -t tmpfs none \"$NIX_STORE_DIR\"; GUIX_EXECUTION_ENGINE=$engine $test_directory/bin/sh -c 'echo $NIX_STORE_DIR/*'" | grep $(basename $i)
		    unshare -mrf sh -c "mount -t tmpfs none \"$STORE_PARENT\";  GUIX_EXECUTION_ENGINE=$engine $test_directory/bin/sh -c 'echo $NIX_STORE_DIR/*'" | grep $(basename $i)
		done
	    done

	    chmod -Rf +w "$test_directory"; rm -rf "$test_directory"/*
	fi
	;;
    *)
	echo "skipping PRoot and Fakechroot tests" >&2
	;;
esac

if unshare -r true
then
    # Check what happens if the wrapped binary forks and leaves child
    # processes behind, like a daemon.  The root file system should remain
    # available to those child processes.  See <https://bugs.gnu.org/44261>.
    cat > "$test_directory/manifest.scm" <<EOF
(use-modules (guix))

(define daemon
  (program-file "daemon"
                #~(begin
                    (use-modules (ice-9 match)
                                 (ice-9 ftw))

                    (call-with-output-file "parent-store"
                      (lambda (port)
                        (write (scandir (ungexp (%store-prefix)))
                               port)))

                    (match (primitive-fork)
                      (0 (sigaction SIGHUP (const #t))
                         (call-with-output-file "pid"
                           (lambda (port)
                             (display (getpid) port)))
                         (pause)
                         (call-with-output-file "child-store"
                           (lambda (port)
                             (write (scandir (ungexp (%store-prefix)))
                                    port))))
                      (_ #t)))))

(define package
  (computed-file "package"
                 #~(let ((out (ungexp output)))
                     (mkdir out)
                     (mkdir (string-append out "/bin"))
                     (symlink (ungexp daemon)
                              (string-append out "/bin/daemon")))))

(manifest (list (manifest-entry
                  (name "daemon")
                  (version "0")
                  (item package))))
EOF

    tarball="$(guix pack -S /bin=bin -R -m "$test_directory/manifest.scm")"
    (cd "$test_directory"; tar xf "$tarball")

    # Run '/bin/daemon', which forks, then wait for the child, send it SIGHUP
    # so that it dumps its view of the store, and make sure the child and
    # parent both see the same store contents.
    chmod +w "$test_directory"
    (cd "$test_directory"; run_without_store ./bin/daemon)
    wait_for_file "$test_directory/pid"
    kill -HUP $(cat "$test_directory/pid")
    wait_for_file "$test_directory/child-store"
    diff -u "$test_directory/parent-store" "$test_directory/child-store"

    chmod -Rf +w "$test_directory"; rm -rf "$test_directory"/*
fi

# Ensure '-R' works with outputs other than "out".
tarball="`guix pack -R -S /share=share groff:doc`"
(cd "$test_directory"; tar xf "$tarball")
test -d "$test_directory/share/doc/groff/html"
chmod -Rf +w "$test_directory"; rm -rf "$test_directory"/*

# Ensure '-R' applies to propagated inputs.  Failing to do that, it would fail
# with a profile collision error in this case because 'python-scipy'
# propagates 'python-numpy'.  See <https://bugs.gnu.org/42510>.
guix pack -RR python-numpy python-scipy --no-grafts -n

# Check that packages that mix executable and support files (e.g. git) in the
# "binary" directories still work after wrapped.
cat >"$test_directory/manifest.scm" <<'EOF'
(use-modules (guix) (guix profiles) (guix search-paths)
             (gnu packages bootstrap))
(manifest
 (list (manifest-entry
        (name "test") (version "0")
        (item (file-union "test"
                          `(("bin/hello"
                             ,(program-file
                               "hello"
                               #~(begin
                                   (add-to-load-path (getenv "HELLO_EXEC_PATH"))
                                   (display (load-from-path "msg"))(newline))
                               #:guile %bootstrap-guile))
                            ("libexec/hello/msg"
                             ,(plain-file "msg" "42")))))
        (search-paths
         (list (search-path-specification
                (variable "HELLO_EXEC_PATH")
                (files '("libexec/hello"))
                (separator #f)))))))
EOF
tarball="`guix pack -RR -S /opt= -m $test_directory/manifest.scm`"
(cd "$test_directory"; tar xvf "$tarball")
chmod +w "$test_directory"
( export GUIX_PROFILE=$test_directory/opt
  . $GUIX_PROFILE/etc/profile
  run_without_store "$test_directory/opt/bin/hello" > "$test_directory/output" )
cat "$test_directory/output"
test "`cat $test_directory/output`" = "42"
generated by cgit
es `(,@(source-module-closure '((gnu installer locale)) #:select? not-config?) ((guix config) => ,(make-config.scm))) #~(begin (use-modules (gnu installer locale)) ;; The locale files contain non-ASCII characters. #$set-utf8-locale (mkdir #$output) (let ((locale-file (string-append #$output "/" #$name ".scm")) (locale-compiled-file (string-append #$output "/" #$name ".go"))) (call-with-output-file locale-file (lambda (port) (write #$locale-builder port))) (compile-file locale-file #:output-file locale-compiled-file)))))) (computed-file name builder)) (define apply-locale ;; Install the specified locale. (with-imported-modules (source-module-closure '((gnu services herd))) #~(lambda (locale) (false-if-exception (setlocale LC_ALL locale)) ;; Restart the documentation viewer so it displays the manual in ;; language that corresponds to LOCALE. Make sure that nothing is ;; printed on the console. (parameterize ((shepherd-message-port (%make-void-port "w"))) (stop-service 'term-tty2) (start-service 'term-tty2 (list locale)))))) (define* (compute-locale-step #:key locales-name iso639-languages-name iso3166-territories-name) "Return a gexp that run the locale-page of INSTALLER, and install the selected locale. The list of locales, languages and territories passed to locale-page are computed in derivations named respectively LOCALES-NAME, ISO639-LANGUAGES-NAME and ISO3166-TERRITORIES-NAME. Those lists are compiled, so that when the installer is run, all the lengthy operations have already been performed at build time." (define (compiled-file-loader file name) #~(load-compiled (string-append #$file "/" #$name ".go"))) (let* ((supported-locales #~(supported-locales->locales #+(glibc-supported-locales))) (iso-codes #~(string-append #$iso-codes "/share/iso-codes/json/")) (iso639-3 #~(string-append #$iso-codes "iso_639-3.json")) (iso639-5 #~(string-append #$iso-codes "iso_639-5.json")) (iso3166 #~(string-append #$iso-codes "iso_3166-1.json")) (locales-file (build-compiled-file locales-name #~`(quote ,#$supported-locales))) (iso639-file (build-compiled-file iso639-languages-name #~`(quote ,(iso639->iso639-languages #$supported-locales #$iso639-3 #$iso639-5)))) (iso3166-file (build-compiled-file iso3166-territories-name #~`(quote ,(iso3166->iso3166-territories #$iso3166)))) (locales-loader (compiled-file-loader locales-file locales-name)) (iso639-loader (compiled-file-loader iso639-file iso639-languages-name)) (iso3166-loader (compiled-file-loader iso3166-file iso3166-territories-name))) #~(lambda (current-installer) (let ((result ((installer-locale-page current-installer) #:supported-locales #$locales-loader #:iso639-languages #$iso639-loader #:iso3166-territories #$iso3166-loader))) (#$apply-locale result) result)))) (define apply-keymap ;; Apply the specified keymap. Use the default keyboard model. #~(match-lambda ((layout variant options) (kmscon-update-keymap (default-keyboard-model) layout variant options)))) (define* (compute-keymap-step context) "Return a gexp that runs the keymap-page of INSTALLER and install the selected keymap." #~(lambda (current-installer) (let ((result (call-with-values (lambda () (xkb-rules->models+layouts (string-append #$xkeyboard-config "/share/X11/xkb/rules/base.xml"))) (lambda (models layouts) ((installer-keymap-page current-installer) layouts '#$context))))) (#$apply-keymap result) result))) (define (installer-steps) (let ((locale-step (compute-locale-step #:locales-name "locales" #:iso639-languages-name "iso639-languages" #:iso3166-territories-name "iso3166-territories")) (timezone-data #~(string-append #$tzdata "/share/zoneinfo/zone.tab"))) #~(lambda (current-installer) ((installer-parameters-menu current-installer) (lambda () ((installer-parameters-page current-installer) (lambda _ (#$(compute-keymap-step 'param) current-installer))))) (list ;; Ask the user to choose a locale among those supported by ;; the glibc. Install the selected locale right away, so that ;; the user may benefit from any available translation for the ;; installer messages. (installer-step (id 'locale) (description (G_ "Locale")) (compute (lambda _ (#$locale-step current-installer))) (configuration-formatter locale->configuration)) ;; Welcome the user and ask them to choose between manual ;; installation and graphical install. (installer-step (id 'welcome) (compute (lambda _ ((installer-welcome-page current-installer) #$(local-file "installer/aux-files/logo.txt"))))) ;; Ask the user to select a timezone under glibc format. (installer-step (id 'timezone) (description (G_ "Timezone")) (compute (lambda _ ((installer-timezone-page current-installer) #$timezone-data))) (configuration-formatter posix-tz->configuration)) ;; The installer runs in a kmscon virtual terminal where loadkeys ;; won't work. kmscon uses libxkbcommon as a backend for keyboard ;; input. It is possible to update kmscon current keymap by sending ;; it a keyboard model, layout, variant and options, in a somehow ;; similar way as what is done with setxkbmap utility. ;; ;; So ask for a keyboard model, layout and variant to update the ;; current kmscon keymap. For non-Latin layouts, we add an ;; appropriate second layout and toggle via Alt+Shift. (installer-step (id 'keymap) (description (G_ "Keyboard mapping selection")) (compute (lambda _ (#$(compute-keymap-step 'default) current-installer))) (configuration-formatter keyboard-layout->configuration)) ;; Ask the user to input a hostname for the system. (installer-step (id 'hostname) (description (G_ "Hostname")) (compute (lambda _ ((installer-hostname-page current-installer)))) (configuration-formatter hostname->configuration)) ;; Provide an interface above connmanctl, so that the user can select ;; a network susceptible to acces Internet. (installer-step (id 'network) (description (G_ "Network selection")) (compute (lambda _ ((installer-network-page current-installer))))) ;; Prompt for users (name, group and home directory). (installer-step (id 'user) (description (G_ "User creation")) (compute (lambda _ ((installer-user-page current-installer)))) (configuration-formatter users->configuration)) ;; Ask the user to choose one or many desktop environment(s). (installer-step (id 'services) (description (G_ "Services")) (compute (lambda _ ((installer-services-page current-installer)))) (configuration-formatter system-services->configuration)) ;; Run a partitioning tool allowing the user to modify ;; partition tables, partitions and their mount points. ;; Do this last so the user has something to boot if any ;; of the previous steps didn't go as expected. (installer-step (id 'partition) (description (G_ "Partitioning")) (compute (lambda _ ((installer-partition-page current-installer)))) (configuration-formatter user-partitions->configuration)) (installer-step (id 'final) (description (G_ "Configuration file")) (compute (lambda (result prev-steps) ((installer-final-page current-installer) result prev-steps)))))))) (define (installer-program) "Return a file-like object that runs the given INSTALLER." (define init-gettext ;; Initialize gettext support, so that installer messages can be ;; translated. #~(begin (bindtextdomain "guix" (string-append #$guix "/share/locale")) (textdomain "guix"))) (define set-installer-path ;; Add the specified binary to PATH for later use by the installer. #~(let* ((inputs '#$(list bash ;start subshells connman ;call connmanctl cryptsetup dosfstools ;mkfs.fat e2fsprogs ;mkfs.ext4 lvm2-static ;dmsetup btrfs-progs jfsutils ;jfs_mkfs ntfs-3g ;mkfs.ntfs kbd ;chvt guix ;guix system init call util-linux ;mkwap shadow coreutils))) (with-output-to-port (%make-void-port "w") (lambda () (set-path-environment-variable "PATH" '("bin" "sbin") inputs))))) (define steps (installer-steps)) (define modules (scheme-modules* (string-append (current-source-directory) "/..") "gnu/installer")) (define installer-builder ;; Note: Include GUIX as an extension to get all the (gnu system …), (gnu ;; packages …), etc. modules. (with-extensions (list guile-gcrypt guile-newt guile-parted guile-bytestructures guile-json-3 guile-git guix) (with-imported-modules `(,@(source-module-closure `(,@modules (gnu services herd) (guix build utils)) #:select? module-to-import?) ((guix config) => ,(make-config.scm))) #~(begin (use-modules (gnu installer record) (gnu installer keymap) (gnu installer steps) (gnu installer final) (gnu installer hostname) (gnu installer locale) (gnu installer parted) (gnu installer services) (gnu installer timezone) (gnu installer user) (gnu installer utils) (gnu installer newt) ((gnu installer newt keymap) #:select (keyboard-layout->configuration)) (gnu services herd) (guix i18n) (guix build utils) ((system repl debug) #:select (terminal-width)) (ice-9 match)) ;; Initialize gettext support so that installers can use ;; (guix i18n) module. #$init-gettext ;; Add some binaries used by the installers to PATH. #$set-installer-path ;; Arrange for language and territory name translations to be ;; available. We need them at run time, not just compile time, ;; because some territories have several corresponding languages ;; (e.g., "French" is always displayed as "français", but ;; "Belgium" could be translated to Dutch, French, or German.) (bindtextdomain "iso_639-3" ;languages #+(file-append iso-codes "/share/locale")) (bindtextdomain "iso_3166-1" ;territories #+(file-append iso-codes "/share/locale")) ;; Likewise for XKB keyboard layout names. (bindtextdomain "xkeyboard-config" #+(file-append xkeyboard-config "/share/locale")) ;; Initialize 'terminal-width' in (system repl debug) ;; to a large-enough value to make backtrace more ;; verbose. (terminal-width 200) (let* ((current-installer newt-installer) (steps (#$steps current-installer))) ((installer-init current-installer)) (catch #t (lambda () (define results (run-installer-steps #:rewind-strategy 'menu #:menu-proc (installer-menu-page current-installer) #:steps steps)) (match (result-step results 'final) ('success ;; We did it! Let's reboot! (sync) (stop-service 'root)) (_ ;; The installation failed, exit so that it is restarted ;; by login. #f))) (const #f) (lambda (key . args) (syslog "crashing due to uncaught exception: ~s ~s~%" key args) (let ((error-file "/tmp/last-installer-error")) (call-with-output-file error-file (lambda (port) (display-backtrace (make-stack #t) port) (print-exception port (stack-ref (make-stack #t) 1) key args))) ((installer-exit-error current-installer) error-file key args)) (primitive-exit 1))) ((installer-exit current-installer))))))) (program-file "installer" #~(begin ;; Set the default locale to install unicode support. For ;; some reason, unicode support is not correctly installed ;; when calling this in 'installer-builder'. (setenv "LANG" "en_US.UTF-8") (execl #$(program-file "installer-real" installer-builder #:guile guile-3.0-latest) "installer-real"))))
generated by cgit