Report forwarded
to bug-guix@gnu.org: bug#45295; Package guix.
(Thu, 17 Dec 2020 14:02:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Ludovic Courtès <ludo@gnu.org>:
New bug report received and forwarded. Copy sent to bug-guix@gnu.org.
(Thu, 17 Dec 2020 14:02:01 GMT) (full text, mbox, link).
Subject: “sudo guix system reconfigure” triggers re-clone/update of Git checkout
Date: Thu, 17 Dec 2020 15:01:43 +0100
Hi!
If you do, as a regular user:
guix pull
sudo guix system reconfigure …
the ‘guix system reconfigure’, as part of the downgrade-detection
machinery, triggers an update of the channel checkout(s) in
~root/.cache, even though ~USER/.cache is already up-to-date.
One way to avoid it might be to special-case the checkout cache
directory for when ‘SUDO_USER’ is set.
Thoughts?
Ludo’.
Severity set to 'important' from 'normal'
Request was from Ludovic Courtès <ludo@gnu.org>
to control@debbugs.gnu.org.
(Wed, 23 Dec 2020 23:17:02 GMT) (full text, mbox, link).
Information forwarded
to bug-guix@gnu.org: bug#45295; Package guix.
(Sun, 17 Jan 2021 22:07:01 GMT) (full text, mbox, link).
Ludovic Courtès <ludo@gnu.org> skribis:
> If you do, as a regular user:
>
> guix pull
> sudo guix system reconfigure …
>
> the ‘guix system reconfigure’, as part of the downgrade-detection
> machinery, triggers an update of the channel checkout(s) in
> ~root/.cache, even though ~USER/.cache is already up-to-date.
>
> One way to avoid it might be to special-case the checkout cache
> directory for when ‘SUDO_USER’ is set.
Attached is a prototype that first clones/fetches from ~USER/.cache into
~root/.cache, in the hope that this avoids the need to access the
upstream repo. (It requires ‘set-remote-url!’, which is only in
Guile-Git ‘master’.)
It’s a bit hacky but I can’t think of a better way to address this
issue. In particular, having root use ~USER/.cache directly is not an
option: it could end up creating root-owned files there.
Thoughts?
Ludo’.
Hi,
New user here, so maybe I'm talking BS.
I'm wondering if getting rid of sudo for reconfiguration is an option.
What if instead of running all the process as root, it invoked sudo (or
doas) in the final stage, so it can perform the bits that require
permissions?
That way, it would use the user channel directly and this issue would
not exist.
Regards,
Jorge
Information forwarded
to bug-guix@gnu.org: bug#45295; Package guix.
(Sun, 09 Jan 2022 20:19:02 GMT) (full text, mbox, link).
Jorge Acereda schreef op zo 09-01-2022 om 20:55 [+0100]:
> Hi,
>
> New user here, so maybe I'm talking BS.
>
> I'm wondering if getting rid of sudo for reconfiguration is an option.
>
> What if instead of running all the process as root, it invoked sudo (or
> doas) in the final stage, so it can perform the bits that require
> permissions?
A problem here is that this assumes sudo, so "guix system reconfigure"
needs to guess whether to use "su", "sudo", "sudo -E", "doas", ...
Looking at guix/scripts/system.scm, it appears that
"guix system reconfigure" interacts with shepherd directly,
so "guix system reconfigure" needs to be run as root to work;
at least currently it cannot delegate this to a separate process
to be run under "sudo" or the like.
Greetings,
Maxime.
Jorge Acereda schreef op zo 09-01-2022 om 20:55 [+0100]:
> Hi,
>
> New user here, so maybe I'm talking BS.
>
> I'm wondering if getting rid of sudo for reconfiguration is an option.
>
> What if instead of running all the process as root, it invoked sudo (or
> doas) in the final stage, so it can perform the bits that require
> permissions?
A problem here is that this assumes sudo, so "guix system reconfigure"
needs to guess whether to use "su", "sudo", "sudo -E", "doas", ...
Looking at guix/scripts/system.scm, it appears that
"guix system reconfigure" interacts with shepherd directly,
so "guix system reconfigure" needs to be run as root to work;
at least currently it cannot delegate this to a separate process
to be run under "sudo" or the like.
Greetings,
Maxime.
Debbugs is free software and licensed under the terms of the
GNU Public License version 2. The current version can be
obtained from https://bugs.debian.org/debbugs-source/.