* bug#45295: “sudo guix system reconfigure” triggers re-clone/update of Git checkout @ 2020-12-17 14:01 Ludovic Courtès 2021-01-17 22:06 ` Ludovic Courtès 2022-01-09 19:55 ` bug#45295: Alternative Jorge Acereda 0 siblings, 2 replies; 5+ messages in thread From: Ludovic Courtès @ 2020-12-17 14:01 UTC (permalink / raw) To: 45295 Hi! If you do, as a regular user: guix pull sudo guix system reconfigure … the ‘guix system reconfigure’, as part of the downgrade-detection machinery, triggers an update of the channel checkout(s) in ~root/.cache, even though ~USER/.cache is already up-to-date. One way to avoid it might be to special-case the checkout cache directory for when ‘SUDO_USER’ is set. Thoughts? Ludo’. ^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#45295: “sudo guix system reconfigure” triggers re-clone/update of Git checkout 2020-12-17 14:01 bug#45295: “sudo guix system reconfigure” triggers re-clone/update of Git checkout Ludovic Courtès @ 2021-01-17 22:06 ` Ludovic Courtès 2022-01-09 19:55 ` bug#45295: Alternative Jorge Acereda 1 sibling, 0 replies; 5+ messages in thread From: Ludovic Courtès @ 2021-01-17 22:06 UTC (permalink / raw) To: 45295 [-- Attachment #1: Type: text/plain, Size: 923 bytes --] Ludovic Courtès <ludo@gnu.org> skribis: > If you do, as a regular user: > > guix pull > sudo guix system reconfigure … > > the ‘guix system reconfigure’, as part of the downgrade-detection > machinery, triggers an update of the channel checkout(s) in > ~root/.cache, even though ~USER/.cache is already up-to-date. > > One way to avoid it might be to special-case the checkout cache > directory for when ‘SUDO_USER’ is set. Attached is a prototype that first clones/fetches from ~USER/.cache into ~root/.cache, in the hope that this avoids the need to access the upstream repo. (It requires ‘set-remote-url!’, which is only in Guile-Git ‘master’.) It’s a bit hacky but I can’t think of a better way to address this issue. In particular, having root use ~USER/.cache directly is not an option: it could end up creating root-owned files there. Thoughts? Ludo’. [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: Type: text/x-patch, Size: 4278 bytes --] diff --git a/guix/git.scm b/guix/git.scm index a5103547d3..467d199e37 100644 --- a/guix/git.scm +++ b/guix/git.scm @@ -346,10 +346,7 @@ definitely available in REPOSITORY, false otherwise." (check-out? #t) starting-commit (log-port (%make-void-port "w")) - (cache-directory - (url-cache-directory - url (%repository-cache-directory) - #:recursive? recursive?))) + (cache-directory *unspecified*)) "Update the cached checkout of URL to REF in CACHE-DIRECTORY. Return three values: the cache directory name, and the SHA1 commit (a string) corresponding to REF, and the relation of the new commit relative to STARTING-COMMIT (if @@ -381,12 +378,41 @@ it unchanged." (string-append "origin/" branch)))) (_ ref))) + (define default-cache-directory + (url-cache-directory url (%repository-cache-directory) + #:recursive? recursive?)) + + (when (and (zero? (getuid)) (getenv "SUDO_USER") + (unspecified? cache-directory)) + ;; Fetch from the sudoer's cache before attempting to reach URL. + (let* ((home (and=> (false-if-exception (getpwnam (getenv "SUDO_USER"))) + passwd:dir)) + (peer (and home (url-cache-directory + url (string-append home "/.cache/guix/checkouts") + #:recursive? recursive?)))) + (when (and peer (file-exists? peer)) + ;; Fetch from PEER. After that, the "origin" remote points to PEER, + ;; but we change it back to URL below. + (update-cached-checkout (pk 'update peer) + #:ref ref + #:recursive? recursive? + #:check-out? #f + #:cache-directory + default-cache-directory)))) + (with-libgit2 - (let* ((cache-exists? (openable-repository? cache-directory)) - (repository (if cache-exists? - (repository-open cache-directory) - (clone* url cache-directory)))) + (let* ((cache-directory (if (unspecified? cache-directory) + default-cache-directory + cache-directory)) + (cache-exists? (openable-repository? cache-directory)) + (repository (if cache-exists? + (repository-open cache-directory) + (clone* url cache-directory)))) + ;; Ensure the "origin" remote points to URL. + (set-remote-url! repository "origin" url) + ;; Only fetch remote if it has not been cloned just before. + (pk 'x cache-directory 'avail? (reference-available? repository ref)) (when (and cache-exists? (not (reference-available? repository ref))) (let ((auth-method (%make-auth-ssh-agent))) @@ -433,8 +459,6 @@ it unchanged." #:key recursive? (log-port (%make-void-port "w")) - (cache-directory - (%repository-cache-directory)) (ref '(branch . "master"))) "Return two values: the content of the git repository at URL copied into a store directory and the sha1 of the top level commit in this directory. The @@ -464,10 +488,6 @@ Log progress and checkout info to LOG-PORT." (update-cached-checkout url #:recursive? recursive? #:ref ref - #:cache-directory - (url-cache-directory url cache-directory - #:recursive? - recursive?) #:log-port log-port)) ((name) (url+commit->name url commit))) ^ permalink raw reply related [flat|nested] 5+ messages in thread
* bug#45295: Alternative 2020-12-17 14:01 bug#45295: “sudo guix system reconfigure” triggers re-clone/update of Git checkout Ludovic Courtès 2021-01-17 22:06 ` Ludovic Courtès @ 2022-01-09 19:55 ` Jorge Acereda 2022-01-09 20:17 ` Maxime Devos 2022-01-09 20:19 ` Maxime Devos 1 sibling, 2 replies; 5+ messages in thread From: Jorge Acereda @ 2022-01-09 19:55 UTC (permalink / raw) To: 45295 Hi, New user here, so maybe I'm talking BS. I'm wondering if getting rid of sudo for reconfiguration is an option. What if instead of running all the process as root, it invoked sudo (or doas) in the final stage, so it can perform the bits that require permissions? That way, it would use the user channel directly and this issue would not exist. Regards, Jorge ^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#45295: Alternative 2022-01-09 19:55 ` bug#45295: Alternative Jorge Acereda @ 2022-01-09 20:17 ` Maxime Devos 2022-01-09 20:19 ` Maxime Devos 1 sibling, 0 replies; 5+ messages in thread From: Maxime Devos @ 2022-01-09 20:17 UTC (permalink / raw) To: Jorge Acereda, 45295 [-- Attachment #1: Type: text/plain, Size: 802 bytes --] Jorge Acereda schreef op zo 09-01-2022 om 20:55 [+0100]: > Hi, > > New user here, so maybe I'm talking BS. > > I'm wondering if getting rid of sudo for reconfiguration is an option. > > What if instead of running all the process as root, it invoked sudo (or > doas) in the final stage, so it can perform the bits that require > permissions? A problem here is that this assumes sudo, so "guix system reconfigure" needs to guess whether to use "su", "sudo", "sudo -E", "doas", ... Looking at guix/scripts/system.scm, it appears that "guix system reconfigure" interacts with shepherd directly, so "guix system reconfigure" needs to be run as root to work; at least currently it cannot delegate this to a separate process to be run under "sudo" or the like. Greetings, Maxime. [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 260 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#45295: Alternative 2022-01-09 19:55 ` bug#45295: Alternative Jorge Acereda 2022-01-09 20:17 ` Maxime Devos @ 2022-01-09 20:19 ` Maxime Devos 1 sibling, 0 replies; 5+ messages in thread From: Maxime Devos @ 2022-01-09 20:19 UTC (permalink / raw) To: Jorge Acereda, 45295 [-- Attachment #1: Type: text/plain, Size: 802 bytes --] Jorge Acereda schreef op zo 09-01-2022 om 20:55 [+0100]: > Hi, > > New user here, so maybe I'm talking BS. > > I'm wondering if getting rid of sudo for reconfiguration is an option. > > What if instead of running all the process as root, it invoked sudo (or > doas) in the final stage, so it can perform the bits that require > permissions? A problem here is that this assumes sudo, so "guix system reconfigure" needs to guess whether to use "su", "sudo", "sudo -E", "doas", ... Looking at guix/scripts/system.scm, it appears that "guix system reconfigure" interacts with shepherd directly, so "guix system reconfigure" needs to be run as root to work; at least currently it cannot delegate this to a separate process to be run under "sudo" or the like. Greetings, Maxime. [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 260 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-01-09 20:20 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-12-17 14:01 bug#45295: “sudo guix system reconfigure” triggers re-clone/update of Git checkout Ludovic Courtès 2021-01-17 22:06 ` Ludovic Courtès 2022-01-09 19:55 ` bug#45295: Alternative Jorge Acereda 2022-01-09 20:17 ` Maxime Devos 2022-01-09 20:19 ` Maxime Devos
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).