bug#59771: Conda 22.9.0 needs "sudo" as dependency

[Hugo Buddelmeijer <hugo@buddelmeijer.nl>]

[-- Attachment #1: Type: text/plain, Size: 2934 bytes --]

Hi T G-R,

Won't work, because sudo needs to be setuid — that is, provided by
> the OS.
>
> On Guix Systems, that means /run/setuid-programs/sudo.  It cannot
> be run from the store, where setuid programmes are not allowed.
>

Thanks. I did not notice that there are two different sudo's. It does make
sense.

Note that I did not intend (or try) to actually run anything with root
access; it seemed that the problem went away if sudo was merely available,
but that is not true. I believe that bug 59772 (the next one) is a direct
result of sudo not behaving as conda expects. I do believe this bug and
59772 to ultimately be conda bugs, because "conda init" worked fine on guix
in the past; I'll investigate and raise it with them.

But maybe 59771 (this bug), 59772 (also due to sudo), and 59776 (hardcoded
paths), all three could be resolved in a more guix-y way. The problem in
these three bugs is that "conda init" wants to add something to ~/.bashrc
that adds some bash functions to the environment (and the sole purpose of
those bash functions seems to be to update PS1). However, I was wondering,
would it be possible to have guix itself add those bash functions to the
environment?

As in, we add some code to the guix conda package that ensures that if guix
enters an environment with conda, that it somehow adds the necessary bash
functions to the environment. So "conda init" and changes to ~/.bashrc
would not even be necessary (thus fixing these bugs). That is, that the
shell spawned through "guix shell -C conda" would have these bash functions
directly in the environment. Would something like this be possible?

Something simpler would be a guix package that updates an environment
variable. But I can't find one quickly, so maybe this is not something that
is possible in guix? E.g. the conda openjdk package sets JAVA_HOME, but the
guix openjdk package does not.

Greetings,
Hugo











On Fri, 2 Dec 2022 at 12:47, Tobias Geerinckx-Rice <me@tobias.gr> wrote:

> Hi Hugo,
>
> Hugo Buddelmeijer 写道：
> > As for why sudo is needed, I don't know. (Not sure I want to
> > know.)
>
> Indeed, this sounds like something to report and fix upstream.
>
> > $ guix shell -C conda sudo
>
> Won't work, because sudo needs to be setuid — that is, provided by
> the OS.
>
> On Guix Systems, that means /run/setuid-programs/sudo.  It cannot
> be run from the store, where setuid programmes are not allowed.
>
> I tried --expose'ing /run/setuid-programs, but then sudo fails to
> find libsudo_util.so.0.  I didn't test further but don't expect
> that to suffice: sudo simply makes too many assumptions about the
> system, because of the special job it needs to do.
>
> While it would be nice to figure out how to provide
> setuid-programs to a containers, Conda's pointless use of sudo is
> the bug here.
>
> Kind regards,
>
> T G-R
>

[-- Attachment #2: Type: text/html, Size: 3793 bytes --]