bug#42983: "sudo -E guix pull" breaks ~/.config/guix/current for regular user

unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed

* bug#42983: "sudo -E guix pull" breaks ~/.config/guix/current for regular user
@ 2020-08-22 10:27 Danny Milosavljevic
  2020-08-22 16:20 ` Bengt Richter
                   ` (2 more replies)
  0 siblings, 3 replies; 9+ messages in thread
From: Danny Milosavljevic @ 2020-08-22 10:27 UTC (permalink / raw)
  To: 42983

[-- Attachment #1: Type: text/plain, Size: 1492 bytes --]

Hello,

Paul <paul@denknerd.org> reported on IRC that his guix behaved strangely.  Upon
investigation we found that the following happens (on a Guix system), when logged
in as regular user (not root):

$ readlink ~/.config/guix/current
/var/guix/profiles/per-user/dannym/current-guix
$ sudo -E guix pull
$ readlink ~/.config/guix/current
/var/guix/profiles/per-user/root/current-guix

You can also rm -f ~/.config/guix/current after that and do everything above
again and it will happen again.  It even happens when guix pull has nothing to
do.

That doesn't seem right.  We should at least try to prevent this from happening,
or warn or something.

The guix package manager that did that is:

$ sudo -E guix describe
Generation 64   Aug 22 2020 11:41:04    (current)
  guix dad963a
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: dad963a4393ea51409baa63817b26b449ed58338
  heads 50b97d4
    repository URL: https://github.com/daym/heads-guix.git
    branch: wip-musl
    commit: 50b97d446ebafd0be7a0e19d87cd236882093244

$ sudo -i
# guix describe
Generation 64   22. August 2020 11:41:04        (aktuell)
  guix dad963a
    Repository-URL: https://git.savannah.gnu.org/git/guix.git
    Branch: master
    Commit: dad963a4393ea51409baa63817b26b449ed58338
  heads 50b97d4
    Repository-URL: https://github.com/daym/heads-guix.git
    Branch: wip-musl
    Commit: 50b97d446ebafd0be7a0e19d87cd236882093244

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* bug#42983: "sudo -E guix pull" breaks ~/.config/guix/current for regular user
  2020-08-22 10:27 bug#42983: "sudo -E guix pull" breaks ~/.config/guix/current for regular user Danny Milosavljevic
@ 2020-08-22 16:20 ` Bengt Richter
  2020-08-23 23:53   ` Danny Milosavljevic
  2020-08-22 16:22 ` Leo Famulari
  2020-08-24  0:11 ` Danny Milosavljevic
  2 siblings, 1 reply; 9+ messages in thread
From: Bengt Richter @ 2020-08-22 16:20 UTC (permalink / raw)
  To: Danny Milosavljevic; +Cc: 42983

Hi,

On +2020-08-22 12:27:50 +0200, Danny Milosavljevic wrote:
> Hello,
> 
> Paul <paul@denknerd.org> reported on IRC that his guix behaved strangely.  Upon
> investigation we found that the following happens (on a Guix system), when logged
> in as regular user (not root):
> 
> $ readlink ~/.config/guix/current
> /var/guix/profiles/per-user/dannym/current-guix
> $ sudo -E guix pull
> $ readlink ~/.config/guix/current
> /var/guix/profiles/per-user/root/current-guix
> 
> You can also rm -f ~/.config/guix/current after that and do everything above
> again and it will happen again.  It even happens when guix pull has nothing to
> do.
> 
> That doesn't seem right.  We should at least try to prevent this from happening,
> or warn or something.
>

ISTM it looks like a bug that should be fixed[1], urgently, not just warned about :)
[1] eliminated from the possibility of happening :)

> The guix package manager that did that is:
> 
> $ sudo -E guix describe
> Generation 64   Aug 22 2020 11:41:04    (current)
>   guix dad963a
>     repository URL: https://git.savannah.gnu.org/git/guix.git
>     branch: master
>     commit: dad963a4393ea51409baa63817b26b449ed58338
>   heads 50b97d4
>     repository URL: https://github.com/daym/heads-guix.git
>     branch: wip-musl
>     commit: 50b97d446ebafd0be7a0e19d87cd236882093244
> 
> $ sudo -i
> # guix describe
> Generation 64   22. August 2020 11:41:04        (aktuell)
>   guix dad963a
>     Repository-URL: https://git.savannah.gnu.org/git/guix.git
>     Branch: master
>     Commit: dad963a4393ea51409baa63817b26b449ed58338
>   heads 50b97d4
>     Repository-URL: https://github.com/daym/heads-guix.git
>     Branch: wip-musl
>     Commit: 50b97d446ebafd0be7a0e19d87cd236882093244

I find it peculiar that root (sudo -i) looks like it's using swedish locale
("aktuell" is swedish for "current") with the rest of the output identical.
(Hm, maybe that's also Norwegian ;-)

If describe is describing two things that are identical end values of
readlink -f thing{1..2}, I think it would be helpful to show the thing{1..2}
profile links it's using.

BTW, what would sudo guix describe without the -E (preserving user environment) have produced?

-- 
Regards,
Bengt Richter




^ permalink raw reply	[flat|nested] 9+ messages in thread

* bug#42983: "sudo -E guix pull" breaks ~/.config/guix/current for regular user
  2020-08-22 16:20 ` Bengt Richter
@ 2020-08-23 23:53   ` Danny Milosavljevic
       [not found]     ` <20200824023829.GA18670@LionPure>
  0 siblings, 1 reply; 9+ messages in thread
From: Danny Milosavljevic @ 2020-08-23 23:53 UTC (permalink / raw)
  To: Bengt Richter; +Cc: 42983

[-- Attachment #1: Type: text/plain, Size: 1433 bytes --]

Hi,

On Sat, 22 Aug 2020 18:20:09 +0200
Bengt Richter <bokr@bokr.com> wrote:

> BTW, what would sudo guix describe without the -E (preserving user environment) have produced?

I've tried it again (it's 100% reproducible) and I get (after "sudo -E guix pull"):

 dannym@dayas ~$ export LC_ALL=C
 dannym@dayas ~$ sudo -E guix describe
Generation 65   Aug 23 2020 23:44:26    (current)
  guix 9e2a49d
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: 9e2a49db8ce70068644cecdfda4c198d4c09e36e
  heads 50b97d4
    repository URL: https://github.com/daym/heads-guix.git
    branch: wip-musl
    commit: 50b97d446ebafd0be7a0e19d87cd236882093244
 dannym@dayas ~$ sudo guix describe
Generation 65   Aug 23 2020 23:44:26    (current)
  guix 9e2a49d
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: 9e2a49db8ce70068644cecdfda4c198d4c09e36e
  heads 50b97d4
    repository URL: https://github.com/daym/heads-guix.git
    branch: wip-musl
    commit: 50b97d446ebafd0be7a0e19d87cd236882093244
 dannym@dayas ~$ guix describe
  guix 9e2a49d
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: 9e2a49db8ce70068644cecdfda4c198d4c09e36e
  heads 50b97d4
    repository URL: https://github.com/daym/heads-guix.git
    branch: wip-musl
    commit: 50b97d446ebafd0be7a0e19d87cd236882093244

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

[parent not found: <20200824023829.GA18670@LionPure>]

* bug#42983: "sudo -E guix pull" breaks ~/.config/guix/current for regular user
       [not found]     ` <20200824023829.GA18670@LionPure>
@ 2020-08-25  8:43       ` Danny Milosavljevic
  0 siblings, 0 replies; 9+ messages in thread
From: Danny Milosavljevic @ 2020-08-25  8:43 UTC (permalink / raw)
  To: Bengt Richter, 42983

[-- Attachment #1: Type: text/plain, Size: 10054 bytes --]

Hi,

On Mon, 24 Aug 2020 04:38:29 +0200
Bengt Richter <bokr@bokr.com> wrote:

> On +2020-08-24 01:53:20 +0200, Danny Milosavljevic wrote:
> > Hi,
> > 
> > On Sat, 22 Aug 2020 18:20:09 +0200
> > Bengt Richter <bokr@bokr.com> wrote:
> >   
> > > BTW, what would sudo guix describe without the -E (preserving user environment) have produced?  
>                                        ^^^^^^^^^^^^^^
> 				       ^^^^^^^
> > 
> > I've tried it again (it's 100% reproducible) and I get (after "sudo -E guix pull"):
> > 
> >  dannym@dayas ~$ export LC_ALL=C
> >  dannym@dayas ~$ sudo -E guix describe  
>                    ^^^^^^^-- ??

Ohh, yeah, sudo without "-E" works fine (sudo guix pull, too).

$ sudo guix describe
Passwort: 
  guix 3d9fddb
    Repository-URL: https://git.savannah.gnu.org/git/guix.git
    Branch: master
    Commit: 3d9fddb2683790df26c53e18d4ff9468442e2368
  heads 50b97d4
    Repository-URL: https://github.com/daym/heads-guix.git
    Branch: wip-musl
    Commit: 50b97d446ebafd0be7a0e19d87cd236882093244

> Maybe it would throw some light to try
>   sudo -iu root env

SHELL=/gnu/store/87kif0bpf0anwbsaw0jvg8fyciw4sz67-bash-5.0.16/bin/bash
XDG_CONFIG_DIRS=/root/.guix-profile/etc/xdg:/run/current-system/profile/etc/xdg
SUDO_GID=998
BASH_LOADABLES_PATH=/run/current-system/profile/lib/bash
LINUX_MODULE_DIRECTORY=/run/booted-system/kernel/lib/modules
XCURSOR_PATH=/root/.icons:/root/.guix-profile/share/icons:/run/current-system/profile/share/icons
SUDO_COMMAND=/gnu/store/87kif0bpf0anwbsaw0jvg8fyciw4sz67-bash-5.0.16/bin/bash -c env
NM_VPN_PLUGIN_DIR=/gnu/store/mnq8x522qp0f0dd6v9p85xqrsx9pjx4a-network-manager-vpn-plugins/lib/NetworkManager/VPN
SUDO_USER=dannym
GTK_DATA_PREFIX=/run/current-system/profile
PWD=/root
LOGNAME=root
MANPATH=/run/current-system/profile/share/man:/root/.guix-profile/share/man:/run/current-system/profile/share/man
GUILE_LOAD_PATH=/run/current-system/profile/share/guile/site/3.0
XAUTHORITY=/run/user/27481/gdm/Xauthority
HOME=/root
GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt
LANG=de_AT.utf8
COLUMNS=1600
SSL_CERT_DIR=/etc/ssl/certs
GIO_EXTRA_MODULES=/run/current-system/profile/lib/gio/modules
PULSE_CLIENTCONFIG=/gnu/store/zc4dsmvdabi00nvisrjhi9w00ff4igs7-client.conf
GUILE_LOAD_COMPILED_PATH=/run/current-system/profile/lib/guile/3.0/site-ccache:/run/current-system/profile/share/guile/site/3.0
INFOPATH=/root/.config/guix/current/share/info:/run/current-system/profile/share/info:/root/.guix-profile/share/info:/run/current-system/profile/share/info
DICPATH=/root/.guix-profile/share/hunspell:/run/current-system/profile/share/hunspell
DBUS_FATAL_WARNINGS=0
PYTHONPATH=/root/.guix-profile/lib/python3.7/site-packages
TERM=xterm
USER=root
TZDIR=/gnu/store/pyk3skinp1f72afpd2xdjdi2j80xngr0-tzdata-2020a/share/zoneinfo
DISPLAY=:1.0
SHLVL=0
GUIX_LOCPATH=/run/current-system/locale
LC_MEASUREMENT=de_DE.utf8
GST_PLUGIN_PATH=/root/.guix-profile/lib/gstreamer-1.0
SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
NODE_PATH=/root/.guix-profile/lib/node_modules
LC_TIME=de_DE.utf8
LC_ALL=de_DE.utf8
PULSE_CONFIG=/gnu/store/i90b7c63gxd7jf8jqvw2giry88jy3hx0-daemon.conf
XDG_DATA_DIRS=/run/current-system/profile/share:/root/.guix-profile/share:/run/current-system/profile/share
PATH=/run/setuid-programs:/root/.config/guix/current/bin:/root/.guix-profile/bin:/root/.guix-profile/sbin:/run/current-system/profile/bin:/run/current-system/profile/sbin
SUDO_UID=27481
MAIL=/var/mail/root
GUIX_GTK3_PATH=/run/current-system/profile/lib/gtk-3.0
_=/run/current-system/profile/bin/env

> vs
>   sudo -u root env

XAUTHORITY=/run/user/27481/gdm/Xauthority
LANG=de_AT.utf8
TERM=xterm
DISPLAY=:1.0
LC_MEASUREMENT=de_DE.utf8
PS1=${?#0} \u@\h \w\$ 
LC_TIME=de_DE.utf8
LC_ALL=de_DE.utf8
PATH=/home/dannym/.meteor:/home/dannym/.local/scala/bin:/home/dannym/.local/bin:/home/dannym/.local/rust/bin:/home/dannym/.meteor:/home/dannym/.local/scala/bin:/home/dannym/.local/bin:/home/dannym/.local/rust/bin:/run/setuid-programs:/home/dannym/.config/guix/current/bin:/home/dannym/.guix-profile/bin:/home/dannym/.guix-profile/sbin:/run/current-system/profile/bin:/run/current-system/profile/sbin
MAIL=/var/mail/root
LOGNAME=root
USER=root
HOME=/root
SHELL=/gnu/store/87kif0bpf0anwbsaw0jvg8fyciw4sz67-bash-5.0.16/bin/bash
SUDO_COMMAND=/run/current-system/profile/bin/env
SUDO_USER=dannym
SUDO_UID=27481
SUDO_GID=998
TZDIR=/gnu/store/pyk3skinp1f72afpd2xdjdi2j80xngr0-tzdata-2020a/share/zoneinfo
LINUX_MODULE_DIRECTORY=/run/booted-system/kernel/lib/modules
SSL_CERT_DIR=/etc/ssl/certs
SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt
GTK_DATA_PREFIX=/run/current-system/profile
DBUS_FATAL_WARNINGS=0
GUIX_LOCPATH=/run/current-system/locale
PULSE_CONFIG=/gnu/store/i90b7c63gxd7jf8jqvw2giry88jy3hx0-daemon.conf
PULSE_CLIENTCONFIG=/gnu/store/zc4dsmvdabi00nvisrjhi9w00ff4igs7-client.conf
NM_VPN_PLUGIN_DIR=/gnu/store/mnq8x522qp0f0dd6v9p85xqrsx9pjx4a-network-manager-vpn-plugins/lib/NetworkManager/VPN

># should most likely be the same as sudo env

It is.

>, and maybe also same as sudo -E env

No.

SHELL=/gnu/store/87kif0bpf0anwbsaw0jvg8fyciw4sz67-bash-5.0.16/bin/bash
WINDOWID=48234509
XDG_CONFIG_DIRS=/home/dannym/.guix-profile/etc/xdg:/run/current-system/profile/etc/xdg
GTK_IM_MODULE=uim
XTERM_VERSION=XTerm(353)
HISTSIZE=
BASH_LOADABLES_PATH=/run/current-system/profile/lib/bash
SSH_AUTH_SOCK=/tmp/ssh-LxjFPNecF9So/agent.886
KICAD_TEMPLATE_DIR=/home/dannym/.guix-profile/share/kicad/template
LINUX_MODULE_DIRECTORY=/run/booted-system/kernel/lib/modules
PACKAGEPATH=/home/dannym/.local/guix/gnu/packages
XMODIFIERS=@im=uim
DESKTOP_SESSION=mate
SSH_AGENT_PID=994
NM_VPN_PLUGIN_DIR=/gnu/store/mnq8x522qp0f0dd6v9p85xqrsx9pjx4a-network-manager-vpn-plugins/lib/NetworkManager/VPN
XTERM_SHELL=/gnu/store/87kif0bpf0anwbsaw0jvg8fyciw4sz67-bash-5.0.16/bin/bash
GDM_DBUS_DAEMON=/gnu/store/c34bs9dzcw2nblcmjpvaq97a95ywqbps-gdm-dbus-wrapper
GTK_DATA_PREFIX=/run/current-system/profile
EDITOR=nano -w
XDG_SEAT=seat0
PWD=/home/dannym
PURPLE_PLUGIN_PATH=/home/dannym/.guix-profile/lib/purple-2:/home/dannym/.guix-profile/lib/pidgin
LOGNAME=root
XDG_SESSION_DESKTOP=mate
XDG_SESSION_TYPE=x11
MANPATH=/run/current-system/profile/share/man:/home/dannym/.guix-profile/share/man:/run/current-system/profile/share/man
R_LIBS_SITE=/home/dannym/.guix-profile/site-library/
GUILE_LOAD_PATH=/run/current-system/profile/share/guile/site/3.0
XAUTHORITY=/run/user/27481/gdm/Xauthority
WINDOWPATH=8
GDM_LANG=de_AT.utf8
GIT_EXEC_PATH=/home/dannym/.guix-profile/libexec/git-core
GI_TYPELIB_PATH=/home/dannym/.guix-profile/lib/girepository-1.0
HOME=/home/dannym
USERNAME=dannym
GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt
LANG=de_AT.utf8
XDG_CURRENT_DESKTOP=MATE
SSL_CERT_DIR=/etc/ssl/certs
GIO_EXTRA_MODULES=/home/dannym/.guix-profile/lib/gio/modules:/run/current-system/profile/lib/gio/modules:/gnu/store/nsxp18n8yk2k773719a5qc5h6l11f1yq-dconf-0.34.0/lib/gio/modules
PROMPT_COMMAND=export PREV_COMMAND=""
PULSE_CLIENTCONFIG=/gnu/store/zc4dsmvdabi00nvisrjhi9w00ff4igs7-client.conf
XTERM_LOCALE=de_DE.utf8
GUILE_LOAD_COMPILED_PATH=/run/current-system/profile/lib/guile/3.0/site-ccache:/run/current-system/profile/share/guile/site/3.0
INFOPATH=/home/dannym/.config/guix/current/share/info:/home/dannym/.guix-profile/share/info:/run/current-system/profile/share/info:/home/dannym/.guix-profile/share/info:/run/current-system/profile/share/info
DICPATH=/home/dannym/.guix-profile/share/hunspell:/run/current-system/profile/share/hunspell
GDM_X_SESSION=/gnu/store/q8bc2cv7dcbx97ka6lq82dbkg4v2v283-xinitrc
GDM_CUSTOM_CONF=/gnu/store/x9jrhvajqpdfk4hhkw5bxplg7fisx6pg-gdm-custom.conf
XDG_SESSION_CLASS=user
DBUS_FATAL_WARNINGS=0
TERM=xterm
GTK_PATH=/gnu/store/c4dspf0c3p445rx4hsddsd2dv962i4b1-libcanberra-0.30/lib/gtk-3.0:/gnu/store/067bymbx50ng0fll7zi3mpmsjwbrlja4-gtk+-3.24.20/lib/gtk-3.0
CPLUS_INCLUDE_PATH=/home/dannym/.guix-profile/include/c++:/home/dannym/.guix-profile/include
USER=root
LIBRARY_PATH=/home/dannym/.guix-profile/lib
PYTHONIOENCODING=utf-8
DISPLAY=:1.0
SHLVL=1
GUIX_LOCPATH=/run/current-system/locale
QT_IM_MODULE=uim
LC_MEASUREMENT=de_DE.utf8
XDG_VTNR=8
XDG_SESSION_ID=c2
GST_PLUGIN_PATH=/home/dannym/.guix-profile/lib/gstreamer-1.0
XDG_RUNTIME_DIR=/run/user/27481
SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
PREV_COMMAND=
PS1=${?#0} \u@\h \w\$ 
NODE_PATH=/home/dannym/.guix-profile/lib/node_modules
LC_TIME=de_DE.utf8
GST_PLUGIN_SYSTEM_PATH=/home/dannym/.guix-profile/lib/gstreamer-1.0
LC_ALL=de_DE.utf8
PULSE_CONFIG=/gnu/store/i90b7c63gxd7jf8jqvw2giry88jy3hx0-daemon.conf
XDG_DATA_DIRS=/home/dannym/.guix-profile/share:/run/current-system/profile/share:/home/dannym/.guix-profile/share:/run/current-system/profile/share
BROWSER=icecat
PATH=/home/dannym/.meteor:/home/dannym/.local/scala/bin:/home/dannym/.local/bin:/home/dannym/.local/rust/bin:/home/dannym/.meteor:/home/dannym/.local/scala/bin:/home/dannym/.local/bin:/home/dannym/.local/rust/bin:/run/setuid-programs:/home/dannym/.config/guix/current/bin:/home/dannym/.guix-profile/bin:/home/dannym/.guix-profile/sbin:/run/current-system/profile/bin:/run/current-system/profile/sbin
GDMSESSION=mate
GHC_PACKAGE_PATH=/home/dannym/.guix-profile/lib/ghc-8.6.5/package.conf.d
GDM_X_SERVER=/gnu/store/1lcxxwl5rmbqqvbr8rbfyhyc7v10s27l-X-wrapper
DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-dRjt5ThTHH,guid=5feb1b57970b7afe5fea4e5b5f39031f
C_INCLUDE_PATH=/home/dannym/.guix-profile/include
EMACSLOADPATH=/home/dannym/.guix-profile/share/emacs/site-lisp:/home/dannym/.guix-profile/share/emacs/26.3/lisp
GUIX_GTK3_PATH=/home/dannym/.guix-profile/lib/gtk-3.0:/run/current-system/profile/lib/gtk-3.0
MICRO_TRUECOLOR=1
_=/run/setuid-programs/sudo
SUDO_COMMAND=/run/current-system/profile/bin/env
SUDO_USER=dannym
SUDO_UID=27481
SUDO_GID=998
TZDIR=/gnu/store/pyk3skinp1f72afpd2xdjdi2j80xngr0-tzdata-2020a/share/zoneinfo

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* bug#42983: "sudo -E guix pull" breaks ~/.config/guix/current for regular user
  2020-08-22 10:27 bug#42983: "sudo -E guix pull" breaks ~/.config/guix/current for regular user Danny Milosavljevic
  2020-08-22 16:20 ` Bengt Richter
@ 2020-08-22 16:22 ` Leo Famulari
  2020-08-23 21:24   ` Danny Milosavljevic
  2020-08-24  0:11 ` Danny Milosavljevic
  2 siblings, 1 reply; 9+ messages in thread
From: Leo Famulari @ 2020-08-22 16:22 UTC (permalink / raw)
  To: Danny Milosavljevic; +Cc: 42983

On Sat, Aug 22, 2020 at 12:27:50PM +0200, Danny Milosavljevic wrote:
> Paul <paul@denknerd.org> reported on IRC that his guix behaved strangely.  Upon
> investigation we found that the following happens (on a Guix system), when logged
> in as regular user (not root):
> 
> $ readlink ~/.config/guix/current
> /var/guix/profiles/per-user/dannym/current-guix
> $ sudo -E guix pull
> $ readlink ~/.config/guix/current
> /var/guix/profiles/per-user/root/current-guix

What is expected to happen in this case? Why would one want to use an
unprivileged environment with privileges to do `guix pull`, which is a
per-user operation?




^ permalink raw reply	[flat|nested] 9+ messages in thread

* bug#42983: "sudo -E guix pull" breaks ~/.config/guix/current for regular user
  2020-08-22 16:22 ` Leo Famulari
@ 2020-08-23 21:24   ` Danny Milosavljevic
  2020-08-23 21:45     ` Leo Famulari
  0 siblings, 1 reply; 9+ messages in thread
From: Danny Milosavljevic @ 2020-08-23 21:24 UTC (permalink / raw)
  To: Leo Famulari; +Cc: 42983

[-- Attachment #1: Type: text/plain, Size: 546 bytes --]

Hi Leo,

On Sat, 22 Aug 2020 12:22:41 -0400
Leo Famulari <leo@famulari.name> wrote:

> What is expected to happen in this case? Why would one want to use an
> unprivileged environment with privileges to do `guix pull`, which is a
> per-user operation?

Paul did not know that it is a per-user operation.

I did almost exactly the same thing when I was a new guix user.
That's pretty much what one is used to from Debian etc.

I don't really know whether it should do anything useful, but the current
situation is seriously weird.

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* bug#42983: "sudo -E guix pull" breaks ~/.config/guix/current for regular user
  2020-08-23 21:24   ` Danny Milosavljevic
@ 2020-08-23 21:45     ` Leo Famulari
  0 siblings, 0 replies; 9+ messages in thread
From: Leo Famulari @ 2020-08-23 21:45 UTC (permalink / raw)
  To: Danny Milosavljevic; +Cc: 42983

[-- Attachment #1: Type: text/plain, Size: 1307 bytes --]

On Sun, Aug 23, 2020 at 11:24:43PM +0200, Danny Milosavljevic wrote:
> Paul did not know that it is a per-user operation.
> 
> I did almost exactly the same thing when I was a new guix user.
> That's pretty much what one is used to from Debian etc.

I see. Coming from Debian, I also had trouble learning the differences
between various options of sudo, and also the differences between login
shells, interactive shells, etc. They don't matter on Debian, but they
do matter for Guix.

> I don't really know whether it should do anything useful, but the current
> situation is seriously weird.

Considering how often people stumble on this, I've been wondering if
Guix should handle privilege escalation internally, rather than asking
users to learn these arcane details of Unix.

Systemd does that. For example, given an operation that requires
privileges, if I attempt to run it without privileges, it will use
polkit (I think) to escalate safely. It's optional and not all distros
enable it by default. It looks like this:

------
$ systemctl restart guix-daemon 
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to restart 'guix-daemon.service'.
Authenticating as: leo,,, (leo)
Password: 
==== AUTHENTICATION COMPLETE ===
------

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* bug#42983: "sudo -E guix pull" breaks ~/.config/guix/current for regular user
  2020-08-22 10:27 bug#42983: "sudo -E guix pull" breaks ~/.config/guix/current for regular user Danny Milosavljevic
  2020-08-22 16:20 ` Bengt Richter
  2020-08-22 16:22 ` Leo Famulari
@ 2020-08-24  0:11 ` Danny Milosavljevic
  2020-08-28 13:41   ` Ludovic Courtès
  2 siblings, 1 reply; 9+ messages in thread
From: Danny Milosavljevic @ 2020-08-24  0:11 UTC (permalink / raw)
  To: 42983

[-- Attachment #1: Type: text/plain, Size: 1870 bytes --]

On Sat, 22 Aug 2020 12:27:50 +0200
Danny Milosavljevic <dannym@scratchpost.org> wrote:

> /var/guix/profiles/per-user/dannym/current-guix

Follow-up errors (translated to English manually):

 dannym@dayas ~$ guix pull
Migrating profile generations to „/var/guix/profiles/per-user/dannym“ …
guix pull: error: symlink: file exists: "/var/guix/profiles/per-user/dannym/current-guix"
1 dannym@dayas ~$ rm ~/.config/guix/current
 dannym@dayas ~$ cd .config/guix/
 dannym@dayas ~/.config/guix$ ln -s /var/guix/profiles/per-user/dannym/current-guix current
 dannym@dayas ~/.config/guix$ guix pull
Refreshing channel „guix“ from Git-Repository „https://git.savannah.gnu.org/git/guix.git“ …
guix pull: error: Git-Error: failed open - '/home/dannym/.cache/guix/checkouts/pjmkglp4t7znuugeurpurzikxq3tnlaywmisyr27shj7apsnalwq/.git/FETCH_HEAD' is locked: Permission denied

That's some weird guix pull state.

The culprit, I think, is this:

(define (ensure-default-profile)
  (ensure-profile-directory)

  ;; In 0.15.0+ we'd create ~/.config/guix/current-[0-9]*-link symlinks.  Move
  ;; them to %PROFILE-DIRECTORY.
  ;;
  ;; XXX: Ubuntu's 'sudo' preserves $HOME by default, and thus the second
  ;; condition below is always false when one runs "sudo guix pull".  As a
  ;; workaround, skip this code when $SUDO_USER is set.  See
  ;; <https://bugs.gnu.org/36785>.
  (unless (or (getenv "SUDO_USER")
              (string=? %profile-directory
                        (dirname
                         (canonicalize-profile %user-profile-directory))))
    (migrate-generations %user-profile-directory %profile-directory))

where

  %profile-directory = "/var/guix/profiles/per-user/dannym"
  %user-profile-directory = "/home/dannym/.config/guix/current" (which is a
symlink to /var/guix/profiles/per-user/root/current-guix)

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 9+ messages in thread

* bug#42983: "sudo -E guix pull" breaks ~/.config/guix/current for regular user
  2020-08-24  0:11 ` Danny Milosavljevic
@ 2020-08-28 13:41   ` Ludovic Courtès
  0 siblings, 0 replies; 9+ messages in thread
From: Ludovic Courtès @ 2020-08-28 13:41 UTC (permalink / raw)
  To: Danny Milosavljevic; +Cc: 42983

Hi Danny,

Danny Milosavljevic <dannym@scratchpost.org> skribis:

> The culprit, I think, is this:
>
> (define (ensure-default-profile)
>   (ensure-profile-directory)
>
>   ;; In 0.15.0+ we'd create ~/.config/guix/current-[0-9]*-link symlinks.  Move
>   ;; them to %PROFILE-DIRECTORY.
>   ;;
>   ;; XXX: Ubuntu's 'sudo' preserves $HOME by default, and thus the second
>   ;; condition below is always false when one runs "sudo guix pull".  As a
>   ;; workaround, skip this code when $SUDO_USER is set.  See
>   ;; <https://bugs.gnu.org/36785>.
>   (unless (or (getenv "SUDO_USER")
>               (string=? %profile-directory
>                         (dirname
>                          (canonicalize-profile %user-profile-directory))))
>     (migrate-generations %user-profile-directory %profile-directory))
>
> where
>
>   %profile-directory = "/var/guix/profiles/per-user/dannym"
>   %user-profile-directory = "/home/dannym/.config/guix/current" (which is a
> symlink to /var/guix/profiles/per-user/root/current-guix)

We could detect such inconsistencies and emit a warning/hint.  I’m
unsure just how far we need to go in trying to prevent users from
shooting themselves in the foot, though.  Thoughts?

> Ohh, yeah, sudo without "-E" works fine (sudo guix pull, too).

Yes.

Ludo’.




^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2020-08-28 13:42 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-08-22 10:27 bug#42983: "sudo -E guix pull" breaks ~/.config/guix/current for regular user Danny Milosavljevic
2020-08-22 16:20 ` Bengt Richter
2020-08-23 23:53   ` Danny Milosavljevic
     [not found]     ` <20200824023829.GA18670@LionPure>
2020-08-25  8:43       ` Danny Milosavljevic
2020-08-22 16:22 ` Leo Famulari
2020-08-23 21:24   ` Danny Milosavljevic
2020-08-23 21:45     ` Leo Famulari
2020-08-24  0:11 ` Danny Milosavljevic
2020-08-28 13:41   ` Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).