sysbox: init at 0.6.2 #273241
sysbox: init at 0.6.2 #273241
Conversation
github-actions
bot
added
6.topic: nixos
ofborg
bot
added
8.has: package (new)
|
Tested with |
nice, just want to make sure, the test was done with |
|
No, |
ah, forgot to mention, sysbox meant to be use to with docker, so the |
|
Hmmm, not sure about Docker, but Podman is returning EDIT: presumably the NixOS module needs to be enabled. |
DId the message |
|
ah, to make sure, when you say you tested, you mean the binaries only? and not the module |
|
yes, sysbox is a runtime that is meant to be added to docker, thats why the module is here as well |
|
Ok, I assumed testing of the module was not required. I apologize. Let me figure out how to test that.... |
| @@ -0,0 +1,73 @@ | |||
| { config, lib, pkgs, ... }: | |||
|
|
|||
| with lib; | |||
There was a problem hiding this comment.
to address #208242 for this module, uses of with such as this should be avoided.
consider inherits where you find yourself using lib.foo excessively.
| type = types.bool; | ||
| default = false; | ||
| description = | ||
| lib.mdDoc '' |
There was a problem hiding this comment.
lib.mkEnableOption would be nice.
| wantedBy = [ "multi-user.target" ]; | ||
|
|
||
| path = [ pkgs.rsync pkgs.kmod pkgs.iptables ]; | ||
| script = "${cfg.package}/bin/sysbox-mgr"; |
There was a problem hiding this comment.
would lib.getExe not be more appropriate here? ( and all following uses like this )
| @@ -908,6 +908,8 @@ with pkgs; | |||
|
|
|||
| docker-slim = callPackage ../applications/virtualization/docker-slim { }; | |||
|
|
|||
| sysbox = callPackage ../applications/virtualization/sysbox { }; | |||
There was a problem hiding this comment.
is this needed? pkgs/by-name should likely be used instead.
|
Looking forwards to this. |
| default = false; | ||
| description = | ||
| lib.mdDoc '' | ||
| This option enables sysbox |
There was a problem hiding this comment.
Would be nice to be a little bit more precise what this does =).
e.g.
| This option enables sysbox | |
| Enables the container runtime `sysbox-runc` from `nestybox`. | |
| Starts a `sysbox-mgr` manager service and makes the runtime available | |
| for `docker` to be used in `docker run --runtime=sysbox-runc ...`. |
|
I hate to ask, but I'm a bit new to nixos in general, I'm trying to test some software that depends on sysbox. Do we have any idea when this will bu added in? I've tried enabling just it locally with let
sysbox = builtins.getFlake "github:juliosueiras-nix/nixpkgs";
in
{
sysbox.virtualisation.sysbox.enable = true;
#The rest of my config
}in my configuration.nix, like I do for some home manager modules, but it doesn't seem to work for forks of nixpkgs like this. |
wegank
added
the
2.status: merge conflict
wegank
added
the
2.status: stale
|
I'm also very intersted in this. |
stale
bot
removed
the
2.status: stale
|
will revisit this in this week |
|
@juliosueiras wow that was a quick reply. Thanks for the heads up! |
|
Hmm how feasible would it be to swap to a source build? Looking at the That would mean we have 1 Nix package for each Sysbox module and the Sysbox NixOS module would bundle all of them into its own systemd unit. I'm not sure if the pre-compiled binaries for Debian from the GitHub release need a bunch of ELF patching (though the default fixup phase should already do this). |
|
Looks like that might be a bit more difficult than expected. Of the components, only the |
|
The So likely our builds steps are just: Need to figure out other native build inputs besides Go and Make. |
|
We might actually want to not use That or we use it but just do an I think GitLab Runner has a similar problem where the CLI has Some of the stuff in there looks like sysbox config options which we can make into NixOS module options. |
|
Tried doing a source build and got stuck. The sysbox build setup is...a bit tricky (to say the least) to work with. Here's the {
lib,
cacert,
fetchFromGitHub,
git,
go,
nix-update-script,
protobuf,
protoc-gen-go,
protoc-gen-go-grpc,
stdenv,
versionCheckHook,
}:
stdenv.mkDerivation rec {
pname = "sysbox";
version = "0.6.4";
src = fetchFromGitHub {
owner = "nestybox";
repo = "sysbox";
rev = "refs/tags/v${version}";
fetchSubmodules = true;
hash = "sha256-X2pBPfj3mPlp9ewbiQXoeT5ICv6bIrzMhGbhmUBgLd8=";
};
nativeBuildInputs = [
# From buildGoModule.
#
# We don't use buildGoModule since the sysbox repository uses Git submodules with relative paths and nested builds (i.e. not a simple build).
#
# https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/go/module.nix
cacert
git
go
# Protocol Buffers for sysbox-ipc.
protobuf
protoc-gen-go
protoc-gen-go-grpc
];
# From buildGoModule.
inherit (go) GOOS GOARCH;
# The various Makefiles use some programs (e.g. hostname, ip) and FHS files (e.g. /etc/os-release) to set variables used by a few Make targets.
#
# Most of these targets are for tests instead of builds. We won't set them and will just eat some ugly warning messages instead.
postPatch = ''
# sysbox-ipc expects people to manually download the Protocol Buffer compiler, extract it to /usr/bin, and extract its included header files to /usr/local/include.
#
# See:
# * https://github.com/nestybox/sysbox-ipc/blob/f05151f4b4c1df63d7fd241577ca032905c1bd0e/sysboxFsGrpc/sysboxFsProtobuf/Makefile
# * https://github.com/nestybox/sysbox-ipc/blob/f05151f4b4c1df63d7fd241577ca032905c1bd0e/sysboxMgrGrpc/sysboxMgrProtobuf/Makefile
substituteInPlace sysbox-ipc/sysboxFsGrpc/sysboxFsProtobuf/Makefile \
--replace-warn "/usr/local/include" "${protobuf}/include"
substituteInPlace sysbox-ipc/sysboxMgrGrpc/sysboxMgrProtobuf/Makefile \
--replace-warn "/usr/local/include" "${protobuf}/include"
# sysbox-ipc uses an old protoc-gen-go version that used to support Go gRPC code generation. This was removed after the release of protoc-gen-go-grpc.
#
# See: https://github.com/golang/protobuf/issues/1070
substituteInPlace sysbox-ipc/sysboxFsGrpc/sysboxFsProtobuf/Makefile \
--replace-warn "--go_out=plugins=grpc:." "--go_out=. --go-grpc_out=."
substituteInPlace sysbox-ipc/sysboxMgrGrpc/sysboxMgrProtobuf/Makefile \
--replace-warn "--go_out=plugins=grpc:." "--go_out=. --go-grpc_out=."
'';
# From buildGoModule.
configurePhase = ''
export GOCACHE=$TMPDIR/go-cache
export GOPATH=$TMPDIR/go
# ⛔ Go module lookup breaks in the build sandbox or due to GOPROXY=off. Not sure what to do.
export GOPROXY=off
export GOSUMDB=off
'';
buildFlags = [
"sysbox-local"
"HOSTNAME=nix"
];
installFlags = [
"install"
"DESTDIR=${placeholder "out"}/bin"
];
doInstallCheck = true;
nativeInstallCheckInputs = [ versionCheckHook ];
versionCheckProgramArg = "--version";
passthru = {
updateScript = nix-update-script { };
};
meta = {
description = "Open-source, next-generation \"runc\" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.";
homepage = "https://github.com/nestybox/sysbox";
license = lib.licenses.asl20;
mainProgram = "sysbox-runc";
platforms = lib.platforms.linux;
# TODO: Find maintainer(s).
maintainers = with lib.maintainers; [ ];
};
}It would probably be doable with That might be their plan in the future but it's not clear if the justification to do that today is worth their workflow disruption before sysbox reaches 1.0. As for this PR, we should probably also add the AArch64 Debian binary as well in addition to bumping up to 0.6.4. |
Description of changes
Add sysbox package and module
Fixes #271901
Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.