HCoop / jackhill / guix / guix.git / blob
? search:


2d41ecd58a537f9e66b0c3a4f90e48bdd16b3ac7
[jackhill/guix/guix.git] / gnu / packages / containers.scm
1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2021 Timmy Douglas <mail@timmydouglas.com>
3 ;;; Copyright © 2022 Tobias Geerinckx-Rice <me@tobias.gr>
4 ;;; Copyright © 2022 Zhu Zihao <all_but_last@163.com>
5 ;;;
6 ;;; This file is part of GNU Guix.
7 ;;;
8 ;;; GNU Guix is free software; you can redistribute it and/or modify it
9 ;;; under the terms of the GNU General Public License as published by
10 ;;; the Free Software Foundation; either version 3 of the License, or (at
11 ;;; your option) any later version.
12 ;;;
13 ;;; GNU Guix is distributed in the hope that it will be useful, but
14 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
15 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 ;;; GNU General Public License for more details.
17 ;;;
18 ;;; You should have received a copy of the GNU General Public License
19 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
20
21 (define-module (gnu packages containers)
22 #:use-module (guix gexp)
23 #:use-module ((guix licenses) #:prefix license:)
24 #:use-module (gnu packages)
25 #:use-module (guix packages)
26 #:use-module (guix download)
27 #:use-module (guix git-download)
28 #:use-module (guix build-system gnu)
29 #:use-module (guix build-system go)
30 #:use-module (guix build-system meson)
31 #:use-module (guix utils)
32 #:use-module (gnu packages admin)
33 #:use-module (gnu packages autotools)
34 #:use-module (gnu packages base)
35 #:use-module (gnu packages bash)
36 #:use-module (gnu packages check)
37 #:use-module (gnu packages compression)
38 #:use-module (gnu packages glib)
39 #:use-module (gnu packages gnupg)
40 #:use-module (gnu packages golang)
41 #:use-module (gnu packages linux)
42 #:use-module (gnu packages python)
43 #:use-module (gnu packages networking)
44 #:use-module (gnu packages pkg-config)
45 #:use-module (gnu packages selinux)
46 #:use-module (gnu packages version-control)
47 #:use-module (gnu packages virtualization)
48 #:use-module (gnu packages web))
49
50 (define-public crun
51 (let ((commit "c381048530aa750495cf502ddb7181f2ded5b400"))
52 (package
53 (name "crun")
54 (version "1.4.5")
55 (source
56 (origin
57 (method git-fetch)
58 (uri (git-reference
59 (url "https://github.com/containers/crun")
60 (commit commit)
61 (recursive? #t)))
62 (sha256
63 (base32 "0x2xmr5sv9ivvcv5fl5jjk4kq9b3n97s5hsqiqfwl4rz8qcz4xk1"))
64 (file-name (git-file-name name version))))
65 (build-system gnu-build-system)
66 (arguments
67 `(#:configure-flags '("--disable-systemd")
68 #:tests? #f ; XXX: needs /sys/fs/cgroup mounted
69 #:phases
70 (modify-phases %standard-phases
71 (add-after 'unpack 'do-not-depend-on-git
72 (lambda _
73 (substitute* "autogen.sh"
74 (("^git submodule update.*")
75 ""))
76 (with-output-to-file "git-version.h"
77 (lambda ()
78 (display (string-append
79 "/* autogenerated. */\n#ifndef GIT_VERSION\n# define GIT_VERSION \""
80 ,commit
81 "\"\n#endif\n"))))))
82 (add-after 'unpack 'fix-tests
83 (lambda _
84 (substitute* (find-files "tests" "\\.(c|py)")
85 (("/bin/true") (which "true"))
86 (("/bin/false") (which "false"))
87 ; relies on sd_notify which requires systemd?
88 (("\"sd-notify\" : test_sd_notify,") "")
89 (("\"sd-notify-file\" : test_sd_notify_file,") "")))))))
90 (inputs
91 (list libcap
92 libseccomp
93 libyajl))
94 (native-inputs
95 (list automake
96 autoconf
97 git
98 libtool
99 pkg-config
100 python-3))
101 (home-page "https://github.com/containers/crun")
102 (synopsis "Open Container Initiative (OCI) Container runtime")
103 (description
104 "crun is a fast and low-memory footprint Open Container Initiative (OCI)
105 Container Runtime fully written in C.")
106 (license license:gpl2+))))
107
108 (define-public conmon
109 (package
110 (name "conmon")
111 (version "2.0.31")
112 (source
113 (origin
114 (method git-fetch)
115 (uri (git-reference
116 (url "https://github.com/containers/conmon")
117 (commit (string-append "v" version))))
118 (sha256
119 (base32 "1cxklcihb2i4ywli0fxafkp2gi1x831r37z7spnigaj6pzj1517w"))
120 (file-name (git-file-name name version))))
121 (build-system gnu-build-system)
122 (arguments
123 (list #:make-flags
124 #~(list (string-append "CC=" #$(cc-for-target))
125 (string-append "PREFIX=" #$output))
126 ;; XXX: uses `go get` to download 50 packages, runs a ginkgo test suite
127 ;; then tries to download busybox and use a systemd logging library
128 ;; see also https://github.com/containers/conmon/blob/main/nix/derivation.nix
129 #:tests? #f
130 #:test-target "test"
131 #:phases
132 #~(modify-phases %standard-phases
133 (delete 'configure)
134 (add-after 'unpack 'set-env
135 (lambda _
136 ;; when running go, things fail because
137 ;; HOME=/homeless-shelter.
138 (setenv "HOME" "/tmp"))))))
139 (inputs
140 (list crun
141 glib
142 libseccomp))
143 (native-inputs
144 (list git
145 go
146 pkg-config))
147 (home-page "https://github.com/containers/conmon")
148 (synopsis "Monitoring tool for Open Container Initiative (OCI) runtime")
149 (description
150 "Conmon is a monitoring program and communication tool between a container
151 manager (like Podman or CRI-O) and an Open Container Initiative (OCI)
152 runtime (like runc or crun) for a single container.")
153 (license license:asl2.0)))
154
155 (define-public libslirp
156 (package
157 (name "libslirp")
158 (version "4.7.0")
159 (source
160 (origin
161 (method git-fetch)
162 (uri (git-reference
163 (url "https://gitlab.freedesktop.org/slirp/libslirp")
164 (commit (string-append "v" version))))
165 (sha256
166 (base32 "0dny8187a8qh6akaa37aa9b5pjxx88f02wh6achp4mygff0ipxba"))
167 (file-name (git-file-name name version))))
168 (build-system meson-build-system)
169 (propagated-inputs
170 ;; In Requires of slirp.pc.
171 (list glib))
172 (native-inputs
173 (list pkg-config))
174 (home-page "https://gitlab.freedesktop.org/slirp/libslirp")
175 (synopsis "User-mode networking library")
176 (description
177 "libslirp is a user-mode networking library used by virtual machines,
178 containers or various tools.")
179 (license license:bsd-3)))
180
181 (define-public slirp4netns
182 (package
183 (name "slirp4netns")
184 (version "1.1.12")
185 (source
186 (origin
187 (method git-fetch)
188 (uri (git-reference
189 (url "https://github.com/rootless-containers/slirp4netns")
190 (commit (string-append "v" version))))
191 (sha256
192 (base32 "03llv4dlf7qqxwz4zdyk926g4bigfj2gb50glm70ciflpvzs8081"))
193 (file-name (git-file-name name version))))
194 (build-system gnu-build-system)
195 (arguments
196 '(#:tests? #f ; XXX: open("/dev/net/tun"): No such file or directory
197 #:phases (modify-phases %standard-phases
198 (add-after 'unpack 'fix-hardcoded-paths
199 (lambda _
200 (substitute* (find-files "tests" "\\.sh")
201 (("ping") "/run/setuid-programs/ping")))))))
202 (inputs
203 (list glib
204 libcap
205 libseccomp
206 libslirp))
207 (native-inputs
208 (list automake
209 autoconf
210 iproute ; iproute, jq, nmap (ncat) and util-linux are for tests
211 jq
212 nmap
213 pkg-config
214 util-linux))
215 (home-page "https://github.com/rootless-containers/slirp4netns")
216 (synopsis "User-mode networking for unprivileged network namespaces")
217 (description
218 "slirp4netns provides user-mode networking (\"slirp\") for unprivileged
219 network namespaces.")
220 (license license:gpl2+)))
221
222 (define-public cni-plugins
223 (package
224 (name "cni-plugins")
225 (version "1.0.1")
226 (source
227 (origin
228 (method git-fetch)
229 (uri (git-reference
230 (url "https://github.com/containernetworking/plugins")
231 (commit (string-append "v" version))))
232 (sha256
233 (base32 "1j91in0mg4nblpdccyq63ncbnn2pc2zzjp1fh3jy0bsndllgv0nc"))
234 (file-name (git-file-name name version))))
235 (build-system go-build-system)
236 (arguments
237 `(#:unpack-path "github.com/containernetworking/plugins"
238 #:tests? #f ; XXX: see stat /var/run below
239 #:phases (modify-phases %standard-phases
240 (replace 'build
241 (lambda _
242 (with-directory-excursion
243 "src/github.com/containernetworking/plugins"
244 (invoke "./build_linux.sh"))))
245 (replace 'check
246 (lambda* (#:key tests? #:allow-other-keys)
247 ; only pkg/ns tests run without root
248 (when tests?
249 (with-directory-excursion
250 "src/github.com/containernetworking/plugins/pkg/ns"
251 (invoke "stat" "/var/run") ; XXX: test tries to stat this directory
252 (invoke "unshare" "-rmn" "go" "test")))))
253 (add-before 'check 'set-test-environment
254 (lambda _
255 (setenv "XDG_RUNTIME_DIR" "/tmp/cni-rootless")))
256 (replace 'install
257 (lambda* (#:key outputs #:allow-other-keys)
258 (copy-recursively
259 "src/github.com/containernetworking/plugins/bin"
260 (string-append (assoc-ref outputs "out") "/bin")))))))
261 (native-inputs
262 (list util-linux))
263 (home-page "https://github.com/containernetworking/plugins")
264 (synopsis "Container Network Interface (CNI) network plugins")
265 (description
266 "This package provides Container Network Interface (CNI) plugins to
267 configure network interfaces in Linux containers.")
268 (license license:asl2.0)))
269
270 ;; For podman to work, the user needs to run
271 ;; `sudo mount -t cgroup2 none /sys/fs/cgroup`
272
273 (define-public podman
274 (package
275 (name "podman")
276 (version "4.2.0")
277 (source
278 (origin
279 (method git-fetch)
280 (uri (git-reference
281 (url "https://github.com/containers/podman")
282 (commit (string-append "v" version))))
283 (sha256
284 (base32 "00wyjppd11hznmals9ax4s2qjklj6p1vfz4jjkp50bk8q4blxfbj"))
285 (file-name (git-file-name name version))))
286
287 (build-system gnu-build-system)
288 (arguments
289 (list
290 #:make-flags
291 #~(list #$(string-append "CC=" (cc-for-target))
292 (string-append "PREFIX=" #$output))
293 #:tests? #f ; /sys/fs/cgroup not set up in guix sandbox
294 #:test-target "test"
295 #:phases
296 #~(modify-phases %standard-phases
297 (delete 'configure)
298 (add-after 'unpack 'set-env
299 (lambda* (#:key inputs #:allow-other-keys)
300 ;; when running go, things fail because
301 ;; HOME=/homeless-shelter.
302 (setenv "HOME" "/tmp")))
303 (replace 'check
304 (lambda* (#:key tests? #:allow-other-keys)
305 (when tests?
306 ;; (invoke "strace" "-f" "bin/podman" "version")
307 (invoke "make" "localsystem")
308 (invoke "make" "remotesystem"))))
309 (add-after 'unpack 'fix-hardcoded-paths
310 (lambda _
311 (substitute* (find-files "libpod" "\\.go")
312 (("exec.LookPath[(][\"]slirp4netns[\"][)]")
313 (string-append "exec.LookPath(\""
314 (which "slirp4netns") "\")")))
315 (substitute* "hack/install_catatonit.sh"
316 (("CATATONIT_PATH=\"[^\"]+\"")
317 (string-append "CATATONIT_PATH=" (which "true"))))
318 (substitute* "vendor/github.com/containers/common/pkg/config/config_linux.go"
319 (("/usr/local/libexec/podman")
320 (string-append #$output "/bin")))
321 (substitute* "vendor/github.com/containers/common/pkg/config/default.go"
322 (("/usr/libexec/podman/conmon") (which "conmon"))
323 (("/usr/local/libexec/cni")
324 (string-append #$(this-package-input "cni-plugins")
325 "/bin"))
326 (("/usr/bin/crun") (which "crun"))))))))
327 (inputs
328 (list btrfs-progs
329 cni-plugins
330 conmon
331 crun
332 gpgme
333 go-github-com-go-md2man
334 iptables
335 libassuan
336 libseccomp
337 libselinux
338 slirp4netns))
339 (native-inputs
340 (list bats
341 git
342 go
343 ; strace ; XXX debug
344 pkg-config))
345 (home-page "https://podman.io")
346 (synopsis "Manage containers, images, pods, and their volumes")
347 (description
348 "Podman (the POD MANager) is a tool for managing containers and images,
349 volumes mounted into those containers, and pods made from groups of
350 containers.")
351 (license license:asl2.0)))
jackhill's copy of GNU Guix: https://guix.gnu.org/