From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ricardo Wurmus Subject: bug#20381: Interacting with a remote daemon Date: Fri, 10 Jul 2015 22:24:02 +0200 Message-ID: <87k2u7iwwt.fsf@mdc-berlin.de> References: <87a8y3q84k.fsf@gnu.org> <87h9pbaoot.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:56738) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZDer5-00007r-4U for bug-guix@gnu.org; Fri, 10 Jul 2015 16:25:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZDer0-0008IJ-Oq for bug-guix@gnu.org; Fri, 10 Jul 2015 16:25:06 -0400 Received: from debbugs.gnu.org ([140.186.70.43]:45018) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZDer0-0008I1-LV for bug-guix@gnu.org; Fri, 10 Jul 2015 16:25:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1ZDer0-0006US-5S for bug-guix@gnu.org; Fri, 10 Jul 2015 16:25:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87h9pbaoot.fsf@gnu.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 20381@debbugs.gnu.org Ludovic Courtès writes: > What about installing Guix in /gnu/bin (say) and sharing it over NFS? > > I would avoid installing Guix in a profile, because if things go wrong, > you may find yourself unable to do anything. In practice, you can > always roll-back by hand (it’s simply a matter of switching the > profiles/per-user/$USER symlink), but still. > >> It would be great if $localstatedir could be overridden at runtime or >> if it could default to whatever the daemon uses. > > Actually it can be overridden via the intentionally-undocumented > NIX_STATE_DIR environment variable (see (guix config).) Oh, nice. Installing Guix somewhere into /gnu is actually a pretty good idea. I’ll try that and play with NIX_STATE_DIR as well. >> This would probably work fine if I limited the socket forwarding to just >> the cluster nodes, because only there user ids are guaranteed to be >> correct (not on workstations). On workstations that are not centrally >> managed this will not work, as the user ids could be arbitrary and it >> would thus allow anyone to change anyone else’s profile by creating a >> local account with the appropriate uid. > > The only problem would be with ‘guix package’, which you haven’t > mentioned yet. :-) For ‘guix package’ to work, > /gnu/var/guix/profiles/per-user must be shared read-write (over NFS) > with correct UID mapping. Correct. I haven’t tried ‘guix package’ at all because I just assumed it would work. > I think we should have a “Cluster Setup” section in the manual to > explain all this. Would you like to give it a try? Sounds like a good idea. I can give it a try but I’ll be on vacation for a while and can only get around to writing in a couple of weeks. But I think I’m a good candidate for drafting this section, given that I’ve got a cluster to play with :) Thanks for your helpful recommendations! ~~ Ricardo