bug#59771: Conda 22.9.0 needs "sudo" as dependency

bug#59771: Conda 22.9.0 needs "sudo" as dependency

[Hugo Buddelmeijer]

[-- Attachment #1: Type: text/plain, Size: 799 bytes --]

Hi all,

Conda 22.9.0 needs "sudo" as a dependency:

$ guix shell -C conda

[env]$ conda --version
conda 22.9.0

[env]$ conda init bash
[...]
    Traceback (most recent call last):
[...]
      File
"/gnu/store/lvip6h5pamjwmvnkwg60sjb63ph8698k-python-3.9.9/lib/python3.9/subprocess.py",
line 18
21, in _execute_child
        raise child_exception_type(errno_num, err_msg, err_filename)
    FileNotFoundError: [Errno 2] No such file or directory: 'sudo'


The problem goes away when sudo is added to the guix shell command. This
results in another error though; I'll report another bug for that.

As for why sudo is needed, I don't know. (Not sure I want to know.)

Background: if conda works well in guix, then we can get more conda users
and package maintainers on board with guix.

Greetings,
Hugo

[-- Attachment #2: Type: text/html, Size: 1197 bytes --]

bug#59771: Conda 22.9.0 needs "sudo" as dependency

[Tobias Geerinckx-Rice via Bug reports for GNU Guix]

[-- Attachment #1: Type: text/plain, Size: 852 bytes --]

Hi Hugo,

Hugo Buddelmeijer 写道：
> As for why sudo is needed, I don't know. (Not sure I want to 
> know.)

Indeed, this sounds like something to report and fix upstream.

> $ guix shell -C conda sudo

Won't work, because sudo needs to be setuid — that is, provided by 
the OS.

On Guix Systems, that means /run/setuid-programs/sudo.  It cannot 
be run from the store, where setuid programmes are not allowed.

I tried --expose'ing /run/setuid-programs, but then sudo fails to 
find libsudo_util.so.0.  I didn't test further but don't expect 
that to suffice: sudo simply makes too many assumptions about the 
system, because of the special job it needs to do.

While it would be nice to figure out how to provide 
setuid-programs to a containers, Conda's pointless use of sudo is 
the bug here.

Kind regards,

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]

bug#59771: Conda 22.9.0 needs "sudo" as dependency

[Hugo Buddelmeijer]

[-- Attachment #1: Type: text/plain, Size: 2934 bytes --]

Hi T G-R,

Won't work, because sudo needs to be setuid — that is, provided by
> the OS.
>
> On Guix Systems, that means /run/setuid-programs/sudo.  It cannot
> be run from the store, where setuid programmes are not allowed.
>

Thanks. I did not notice that there are two different sudo's. It does make
sense.

Note that I did not intend (or try) to actually run anything with root
access; it seemed that the problem went away if sudo was merely available,
but that is not true. I believe that bug 59772 (the next one) is a direct
result of sudo not behaving as conda expects. I do believe this bug and
59772 to ultimately be conda bugs, because "conda init" worked fine on guix
in the past; I'll investigate and raise it with them.

But maybe 59771 (this bug), 59772 (also due to sudo), and 59776 (hardcoded
paths), all three could be resolved in a more guix-y way. The problem in
these three bugs is that "conda init" wants to add something to ~/.bashrc
that adds some bash functions to the environment (and the sole purpose of
those bash functions seems to be to update PS1). However, I was wondering,
would it be possible to have guix itself add those bash functions to the
environment?

As in, we add some code to the guix conda package that ensures that if guix
enters an environment with conda, that it somehow adds the necessary bash
functions to the environment. So "conda init" and changes to ~/.bashrc
would not even be necessary (thus fixing these bugs). That is, that the
shell spawned through "guix shell -C conda" would have these bash functions
directly in the environment. Would something like this be possible?

Something simpler would be a guix package that updates an environment
variable. But I can't find one quickly, so maybe this is not something that
is possible in guix? E.g. the conda openjdk package sets JAVA_HOME, but the
guix openjdk package does not.

Greetings,
Hugo











On Fri, 2 Dec 2022 at 12:47, Tobias Geerinckx-Rice <me@tobias.gr> wrote:

> Hi Hugo,
>
> Hugo Buddelmeijer 写道：
> > As for why sudo is needed, I don't know. (Not sure I want to
> > know.)
>
> Indeed, this sounds like something to report and fix upstream.
>
> > $ guix shell -C conda sudo
>
> Won't work, because sudo needs to be setuid — that is, provided by
> the OS.
>
> On Guix Systems, that means /run/setuid-programs/sudo.  It cannot
> be run from the store, where setuid programmes are not allowed.
>
> I tried --expose'ing /run/setuid-programs, but then sudo fails to
> find libsudo_util.so.0.  I didn't test further but don't expect
> that to suffice: sudo simply makes too many assumptions about the
> system, because of the special job it needs to do.
>
> While it would be nice to figure out how to provide
> setuid-programs to a containers, Conda's pointless use of sudo is
> the bug here.
>
> Kind regards,
>
> T G-R
>

[-- Attachment #2: Type: text/html, Size: 3793 bytes --]

bug#59771: Conda 22.9.0 needs "sudo" as dependency

[Hugo Buddelmeijer]

[-- Attachment #1: Type: text/plain, Size: 1637 bytes --]

On Sat, 3 Dec 2022 at 20:11, Hugo Buddelmeijer <hugo@buddelmeijer.nl> wrote:

>
> But maybe 59771 (this bug), 59772 (also due to sudo), and 59776 (hardcoded
> paths), all three could be resolved in a more guix-y way. The problem in
> these three bugs is that "conda init" wants to add something to ~/.bashrc
> that adds some bash functions to the environment (and the sole purpose of
> those bash functions seems to be to update PS1). However, I was wondering,
> would it be possible to have guix itself add those bash functions to the
> environment?
>
> As in, we add some code to the guix conda package that ensures that if
> guix enters an environment with conda, that it somehow adds the necessary
> bash functions to the environment. So "conda init" and changes to ~/.bashrc
> would not even be necessary (thus fixing these bugs). That is, that the
> shell spawned through "guix shell -C conda" would have these bash functions
> directly in the environment. Would something like this be possible?
>

No, adding bash functions automatically to a Guix environment seems
impossible. The guile function load-profile allows packages to add
path-like environment variables through the search-path-specification
declaration, but not any other environment variables, let alone shell
functions.

That seems reasonable enough. One reason I'd like to move away from conda
is that I don't think the way conda handles environment variables is
tenable. So maybe it is worthwhile to make sure that "conda init" does what
it is expected to do (that is, add the code that loads these bash functions
to .bashrc), even though it is not really guix-y.

[-- Attachment #2: Type: text/html, Size: 2090 bytes --]