diff options
Diffstat (limited to 'gnu/packages/containers.scm')
| -rw-r--r-- | gnu/packages/containers.scm | 265 |
1 files changed, 188 insertions, 77 deletions
diff --git a/gnu/packages/containers.scm b/gnu/packages/containers.scm index a3aa9ac1db..31260c5c0a 100644 --- a/gnu/packages/containers.scm +++ b/gnu/packages/containers.scm @@ -5,6 +5,8 @@ ;;; Copyright © 2022 Michael Rohleder <mike@rohleder.de> ;;; Copyright © 2023 Zongyuan Li <zongyuan.li@c0x0o.me> ;;; Copyright © 2023 Ricardo Wurmus <rekado@elephly.net> +;;; Copyright © 2024 Tomas Volf <~@wolfsden.cz> +;;; Copyright © 2024 Foundation Devices, Inc. <hello@foundation.xyz> ;;; ;;; This file is part of GNU Guix. ;;; @@ -42,6 +44,7 @@ #:use-module (gnu packages glib) #:use-module (gnu packages gnupg) #:use-module (gnu packages golang) + #:use-module (gnu packages guile) #:use-module (gnu packages linux) #:use-module (gnu packages python) #:use-module (gnu packages networking) @@ -53,62 +56,50 @@ #:use-module (gnu packages wget)) (define-public crun - (let ((commit "c381048530aa750495cf502ddb7181f2ded5b400")) - (package - (name "crun") - (version "1.4.5") - (source - (origin - (method git-fetch) - (uri (git-reference - (url "https://github.com/containers/crun") - (commit commit) - (recursive? #t))) - (sha256 - (base32 "0x2xmr5sv9ivvcv5fl5jjk4kq9b3n97s5hsqiqfwl4rz8qcz4xk1")) - (file-name (git-file-name name version)))) - (build-system gnu-build-system) - (arguments - `(#:configure-flags '("--disable-systemd") - #:tests? #f ; XXX: needs /sys/fs/cgroup mounted - #:phases - (modify-phases %standard-phases - (add-after 'unpack 'do-not-depend-on-git - (lambda _ - (substitute* "autogen.sh" - (("^git submodule update.*") - "")) - (with-output-to-file "git-version.h" - (lambda () - (display (string-append - "/* autogenerated. */\n#ifndef GIT_VERSION\n# define GIT_VERSION \"" - ,commit - "\"\n#endif\n")))))) - (add-after 'unpack 'fix-tests - (lambda _ - (substitute* (find-files "tests" "\\.(c|py)") - (("/bin/true") (which "true")) - (("/bin/false") (which "false")) - ; relies on sd_notify which requires systemd? - (("\"sd-notify\" : test_sd_notify,") "") - (("\"sd-notify-file\" : test_sd_notify_file,") ""))))))) - (inputs - (list libcap - libseccomp - yajl)) - (native-inputs - (list automake - autoconf - git - libtool - pkg-config - python-3)) - (home-page "https://github.com/containers/crun") - (synopsis "Open Container Initiative (OCI) Container runtime") - (description - "crun is a fast and low-memory footprint Open Container Initiative (OCI) + (package + (name "crun") + (version "1.14.1") + (source + (origin + (method url-fetch) + (uri (string-append + "https://github.com/containers/crun/releases/download/" + version + "/crun-" version ".tar.gz")) + (sha256 + (base32 + "02lplc2asyllb58mvy7l8b9gsk7fxs95g928xk28yzmf592ay33x")))) + (build-system gnu-build-system) + (arguments + `(#:configure-flags '("--disable-systemd") + #:tests? #f ; XXX: needs /sys/fs/cgroup mounted + #:phases + (modify-phases %standard-phases + (add-after 'unpack 'fix-tests + (lambda _ + (substitute* (find-files "tests" "\\.(c|py)") + (("/bin/true") (which "true")) + (("/bin/false") (which "false")) + ; relies on sd_notify which requires systemd? + (("\"sd-notify\" : test_sd_notify,") "") + (("\"sd-notify-file\" : test_sd_notify_file,") ""))))))) + (inputs + (list libcap + libseccomp + yajl)) + (native-inputs + (list automake + autoconf + git + libtool + pkg-config + python-3)) + (home-page "https://github.com/containers/crun") + (synopsis "Open Container Initiative (OCI) Container runtime") + (description + "crun is a fast and low-memory footprint Open Container Initiative (OCI) Container Runtime fully written in C.") - (license license:gpl2+)))) + (license license:gpl2+))) (define-public conmon (package @@ -160,7 +151,7 @@ runtime (like runc or crun) for a single container.") (define-public distrobox (package (name "distrobox") - (version "1.5.0.2") + (version "1.7.0") (source (origin (method git-fetch) @@ -168,23 +159,51 @@ runtime (like runc or crun) for a single container.") (url "https://github.com/89luca89/distrobox") (commit version))) (sha256 - (base32 "0h6rpgbcmg33vriyzh9nkdxj8yhfn0y35i1wh1zmb7zss3ik9kxj")) + (base32 "1g14q1sm3026h9n85v1gc3m2v9sgrac2mr9yrkh98qg5yahzmpc3")) (file-name (git-file-name name version)))) (build-system copy-build-system) - (inputs - (list podman wget)) (arguments (list #:phases #~(modify-phases %standard-phases - (add-before 'install 'refer-to-inputs - (lambda* (#:key inputs #:allow-other-keys) - (substitute* (find-files "." "^distrobox[^.]*[^1]$") - (("podman") (search-input-file inputs "/bin/podman")) - (("wget") (search-input-file inputs "/bin/wget")) - (("command -v") "test -x")))) + ;; Use WRAP-SCRIPT to wrap all of the scripts of distrobox, + ;; excluding the host side ones. + (add-after 'install 'wrap-scripts + (lambda _ + (let ((path (search-path-as-list + (list "bin") + (list #$(this-package-input "podman") + #$(this-package-input "wget"))))) + (for-each (lambda (script) + (wrap-script + (string-append #$output "/bin/distrobox-" + script) + `("PATH" ":" prefix ,path))) + '("assemble" + "create" + "enter" + "ephemeral" + "generate-entry" + "list" + "rm" + "stop" + "upgrade"))))) + ;; These scripts are used in the container side and the + ;; /gnu/store path is not shared with the containers. + (add-after 'patch-shebangs 'unpatch-shebangs + (lambda _ + (for-each (lambda (script) + (substitute* + (string-append #$output "/bin/distrobox-" + script) + (("#!.*/bin/sh") "#!/bin/sh\n"))) + '("export" "host-exec" "init")))) (replace 'install (lambda _ (invoke "./install" "--prefix" #$output)))))) + (inputs + (list guile-3.0 ; for wrap-script + podman + wget)) (home-page "https://distrobox.privatedns.org/") (synopsis "Create and start containers highly integrated with the hosts") (description @@ -221,7 +240,7 @@ containers or various tools.") (define-public slirp4netns (package (name "slirp4netns") - (version "1.2.0") + (version "1.2.3") (source (origin (method git-fetch) @@ -229,7 +248,7 @@ containers or various tools.") (url "https://github.com/rootless-containers/slirp4netns") (commit (string-append "v" version)))) (sha256 - (base32 "1rlzwp5fx1x3q179j9s2jp02imjag5pgj333z110nrvi7azl22l8")) + (base32 "0czvdsdv821fz4jd9rgrlkdhhjna6frawr8klvx3k2cfh444fbii")) (file-name (git-file-name name version)))) (build-system gnu-build-system) (arguments @@ -259,10 +278,50 @@ containers or various tools.") network namespaces.") (license license:gpl2+))) +(define-public passt + (package + (name "passt") + (version "2023_12_30.f091893") + (source + (origin + (method url-fetch) + (uri (string-append "https://passt.top/passt/snapshot/passt-" version + ".tar.gz")) + (sha256 + (base32 "1nyd4h93qlxn1r01ffijpsd7r7ny62phki5j58in8gz021jj4f3d")))) + (build-system gnu-build-system) + (arguments + (list + #:make-flags + #~(list (string-append "CC=" #$(cc-for-target)) + "RLIMIT_STACK_VAL=1024" ; ¯\_ (ツ)_/¯ + (string-append "VERSION=" #$version) + (string-append "prefix=" #$output)) + #:tests? #f + #:phases + #~(modify-phases %standard-phases + (delete 'configure)))) + (home-page "https://passt.top") + (synopsis "Plug A Simple Socket Transport") + (description + "passt implements a thin layer between guest and host, that only +implements what's strictly needed to pretend processes are running locally. +The TCP adaptation doesn't keep per-connection packet buffers, and reflects +observed sending windows and acknowledgements between the two sides. This TCP +adaptation is needed as passt runs without the CAP_NET_RAW capability: it +can't create raw IP sockets on the pod, and therefore needs to map packets at +Layer-2 to Layer-4 sockets offered by the host kernel. + +Also provides pasta, which similarly to slirp4netns, provides networking to +containers by creating a tap interface available to processes in the +namespace, and mapping network traffic outside the namespace using native +Layer-4 sockets.") + (license (list license:gpl2+ license:bsd-3)))) + (define-public cni-plugins (package (name "cni-plugins") - (version "1.0.1") + (version "1.4.1") (source (origin (method git-fetch) @@ -270,7 +329,7 @@ network namespaces.") (url "https://github.com/containernetworking/plugins") (commit (string-append "v" version)))) (sha256 - (base32 "1j91in0mg4nblpdccyq63ncbnn2pc2zzjp1fh3jy0bsndllgv0nc")) + (base32 "0l6f4z762n8blak41wcxdmdhm92gqw2qcxcqd3s4wiql3d7273kj")) (file-name (git-file-name name version)))) (build-system go-build-system) (arguments @@ -307,13 +366,57 @@ network namespaces.") configure network interfaces in Linux containers.") (license license:asl2.0))) +(define-public gvisor-tap-vsock + (package + (name "gvisor-tap-vsock") + (version "0.7.3") + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/containers/gvisor-tap-vsock") + (commit (string-append "v" version)))) + (file-name (git-file-name name version)) + (sha256 + (base32 + "1q1zism0c63k2aq6yhkjqc3b2zsm4lwn0bk39p2kl79h798wfyp4")))) + (build-system gnu-build-system) + (arguments + (list + #:make-flags `(list ,(string-append "GIT_VERSION=v" version)) + #:test-target "test" + #:phases + #~(modify-phases %standard-phases + (delete 'configure) + (add-before 'build 'setenv + (lambda _ + ;; For golang toolchain. + (setenv "HOME" "/tmp"))) + (add-before 'check 'prune-tests + (lambda _ + ;; Requires internet connection to fetch QEMU image. + (invoke "rm" "-r" "test"))) + (replace 'install + (lambda _ + (install-file "bin/gvproxy" (string-append #$output "/bin"))))))) + (native-inputs (list go-1.20)) + (home-page "https://github.com/containers/gvisor-tap-vsock") + (synopsis "Network stack for virtualization based on gVisor") + (description "This package provides a replacement for @code{libslirp} and +@code{VPNKit}, written in pure Go. It is based on the network stack of gVisor +and brings a configurable DNS server and dynamic port forwarding. + +It can be used with QEMU, Hyperkit, Hyper-V and User-Mode Linux. + +The binary is called @command{gvproxy}.") + (license license:asl2.0))) + ;; For podman to work, the user needs to run ;; `sudo mount -t cgroup2 none /sys/fs/cgroup` (define-public podman (package (name "podman") - (version "4.4.1") + (version "4.9.3") (source (origin (method git-fetch) @@ -324,8 +427,11 @@ configure network interfaces in Linux containers.") ;; FIXME: Btrfs libraries not detected by these scripts. (snippet '(substitute* "Makefile" ((".*hack/btrfs.*") ""))) + (patches + (search-patches + "podman-program-lookup.patch")) (sha256 - (base32 "0qbr6rbyig3c2hvdvmd94jjkg820hpdz6j7dgyv62dl6wfwvj5jj")) + (base32 "17g7n09ndxhpjr39s9qwxdcv08wavjj0g5nmnrvrkz2wgdqigl1x")) (file-name (git-file-name name version)))) (build-system gnu-build-system) @@ -352,10 +458,11 @@ configure network interfaces in Linux containers.") (invoke "make" "remotesystem")))) (add-after 'unpack 'fix-hardcoded-paths (lambda _ - (substitute* (find-files "libpod" "\\.go") - (("exec.LookPath[(][\"]slirp4netns[\"][)]") - (string-append "exec.LookPath(\"" - (which "slirp4netns") "\")"))) + (substitute* "vendor/github.com/containers/common/pkg/config/config.go" + (("@SLIRP4NETNS_DIR@") + (string-append #$slirp4netns "/bin")) + (("@PASST_DIR@") + (string-append #$passt "/bin"))) (substitute* "hack/install_catatonit.sh" (("CATATONIT_PATH=\"[^\"]+\"") (string-append "CATATONIT_PATH=" (which "true")))) @@ -385,11 +492,12 @@ configure network interfaces in Linux containers.") libassuan libseccomp libselinux + passt slirp4netns)) (native-inputs (list bats git - go-1.19 + go-1.21 ; strace ; XXX debug pkg-config python)) @@ -398,7 +506,10 @@ configure network interfaces in Linux containers.") (description "Podman (the POD MANager) is a tool for managing containers and images, volumes mounted into those containers, and pods made from groups of -containers.") +containers. + +The @code{machine} subcommand is not supported due to gvproxy not being +packaged.") (license license:asl2.0))) (define-public buildah |