Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minimal environments #4

Open
PedroRegisPOAR opened this issue Aug 17, 2021 · 4 comments
Open

Minimal environments #4

PedroRegisPOAR opened this issue Aug 17, 2021 · 4 comments

Comments

@PedroRegisPOAR
Copy link
Contributor

PedroRegisPOAR commented Aug 17, 2021
edited
Loading

Abstract

An really great quote:

Toybox vs BusyBox - Rob Landley, hobbyist, start=721&end=777

nix develop nixpkgs#toybox --command sh -c 'cd "$TMPDIR" && source $stdenv/setup && genericBuild'
nix develop nixpkgs#pkgsStatic.toybox --command sh -c 'cd "$TMPDIR" && source $stdenv/setup && genericBuild'

It removes every binary and only compiles the toybox sh:

EXPR_NIX='
  (
    let
      nixpkgs = (builtins.getFlake "github:NixOS/nixpkgs/f3dab3509afca932f3f4fd0908957709bb1c1f57");
      pkgs = import nixpkgs { };
    in
      (
        pkgs.pkgsStatic.toybox.overrideAttrs 
          (oldAttrs: 
            {
              hardeningDisable = [ "fortify" ]; 
              buildPhase = "make clean && make sh";
              installPhase = "rm -frv $out && mkdir -pv $out/bin && cp -v sh $out/bin";
            }
          )
      )
  )
'

nix \
build \
--no-link \
--print-build-logs \
--print-out-paths \
--impure \
--expr \
"$EXPR_NIX"

sha256sum $FULL_LOCAL_PATH/bin/sh
EXPECTED_SHA256SUM=49e7a0edc0638e198d45a91b606b136f2fb0ceeb33a4751e844cc6f0128f97b0

du -hs $FULL_LOCAL_PATH/bin/sh
echo $EXPECTED_SHA256SUM  $FULL_LOCAL_PATH/bin/sh | sha256sum -c 

FULL_LOCAL_PATH=$(nix \
    build \
    --no-link \
    --print-build-logs \
    --print-out-paths \
    --rebuild \
    --impure \
    --expr \
    "$EXPR_NIX")

du -hs $FULL_LOCAL_PATH/bin/sh
echo $EXPECTED_SHA256SUM  $FULL_LOCAL_PATH/bin/sh | sha256sum -c

Refs.:

Using old Ubuntu OCI images

podman run ubuntu:10.04 bash -c 'lsb_release -a'
podman run ubuntu:10.04 bash -c 'lsb_release -a || cat /etc/os*release'
podman run ubuntu:14.04 bash -c 'lsb_release -a || cat /etc/os*release'
podman run ubuntu:16.04 bash -c 'lsb_release -a || cat /etc/os*release'
podman run ubuntu:18.04 bash -c 'lsb_release -a || cat /etc/os*release'
podman run ubuntu:20.04 bash -c 'lsb_release -a || cat /etc/os*release'
podman run ubuntu:22.04 bash -c 'lsb_release -a || cat /etc/os*release'
podman run ubuntu:23.04 bash -c 'lsb_release -a || cat /etc/os*release'
podman pull docker.io/tianon/toybox
podman pull docker.io/tianon/toybox@sha256:b7e31a6cc27d812ecfde6b7184a69b68890fa804937645bbf8fdd5557bd26c7d
podman image inspect --format='{{index .RepoDigests 0}}' docker.io/tianon/toybox

podman run docker.io/tianon/toybox toybox

TODOs:

TODO: https://discourse.nixos.org/t/build-a-yocto-rootfs-inside-nix/2643/26
TODO: https://github.com/hjones2199/ush

The busybox-sandbox-shell

TODO: add metadata infos

nix \
shell \
--ignore-environment \
nixpkgs#busybox-sandbox-shell \
--command \
sh \
-c \
'echo Hi!'

The toybox

Toybox vs BusyBox - Rob Landley, hobbyist

podman \
 run \
--interactive=true \
--tty=true \
--rm=true \
--user='guest' \
docker.io/tianon/toybox:0.8.5 \
sh \
-c \
"echo 'Hello!' && id"
podman \
run \
--log-level=error \
--privileged=false \
--device=/dev/fuse \
--device=/dev/kvm \
--env="DISPLAY=${DISPLAY:-:0.0}" \
--interactive=true \
--network=slirp4netns \
--tty=true \
--rm=true \
--user=guest \
docker.io/tianon/toybox \
sh
podman run --rm tianon/toybox toybox
# podman run --rm docker.io/library/busybox busybox
podman run --rm docker.io/library/busybox busybox --list | column

Refs:

podman run --rm alpine:latest apk list --installed
podman run --rm ubuntu:latest apt list --installed
podman run --rm ubuntu:latest dpkg-query -l

Refs.:

podman run --rm ubuntu:latest apt show '~i' -a

Refs.:

TODO: https://unix.stackexchange.com/a/665012

nix \
shell \
--ignore-environment \
nixpkgs#busybox \
--command \
sh \
-c \
'ls -al'
nix \
shell \
--ignore-environment \
nixpkgs#busybox-sandbox-shell \
--command \
sh \
-c \
'echo Hi!'
nix run nixpkgs#toybox file .

TODO: document other examples that for now are spread

nix shell -i nixpkgs#uutils-coreutils
nix run nixpkgs#uutils-coreutils

appimage-run and stean-run

nix shell nixpkgs#appimage-run
env NIXPKGS_ALLOW_UNFREE=1 nix shell --impure nixpkgs#steam-run
@PedroRegisPOAR
Copy link
Contributor Author

TODO: test it https://github.com/cleverca22/not-os

@PedroRegisPOAR
Copy link
Contributor Author

UTF-8 limitations

@PedroRegisPOAR
Copy link
Contributor Author

PedroRegisPOAR commented Nov 25, 2021
edited
Loading

Using sha256sum to compare environments

Improve it! Use sha512sum too?

# env | sort | sha256sum
env | grep -v HOSTNAME | sort | sha256sum
podman \
run \
--interactive=true \
--tty=false \
--rm=true \
--user=0 \
docker.io/library/busybox \
<<'COMMANDS'
env | grep -v HOSTNAME | sort | sha256sum
COMMANDS
env > env.txt
SHA="$(sha256sum env.txt | cut -d ' ' -f 1)"
echo "$SHA env.txt" | sha256sum --check
echo "$SHA env.txt" | sha256sum --check --status

https://superuser.com/questions/1312740/how-to-take-sha256sum-of-file-and-compare-to-check-in-one-line#comment2484548_1468626

@PedroRegisPOAR
Copy link
Contributor Author

TODO: make examples, refactor...

nix \
build \
github:ratsclub/dotfiles/54fc62c5cdc15176f7511381b20cfb0c524bfeec#homeConfigurations.textual.activationPackage

From: https://t.me/nixosbrasil/43756

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@PedroRegisPOAR