From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id AEuEHJufi2MyGgEAbAwnHQ (envelope-from ) for ; Sat, 03 Dec 2022 20:12:27 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id oGCDHJufi2PaWQAA9RJhRA (envelope-from ) for ; Sat, 03 Dec 2022 20:12:27 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id EDB3D9102 for ; Sat, 3 Dec 2022 20:12:26 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1p1Xvh-0003y5-Di; Sat, 03 Dec 2022 14:12:05 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p1Xvf-0003xd-57 for bug-guix@gnu.org; Sat, 03 Dec 2022 14:12:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1p1Xve-0001z6-LV for bug-guix@gnu.org; Sat, 03 Dec 2022 14:12:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1p1Xve-0000EI-4s for bug-guix@gnu.org; Sat, 03 Dec 2022 14:12:02 -0500 X-Loop: help-debbugs@gnu.org Subject: bug#59771: Conda 22.9.0 needs "sudo" as dependency Resent-From: Hugo Buddelmeijer Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sat, 03 Dec 2022 19:12:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 59771 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Tobias Geerinckx-Rice Cc: 59771@debbugs.gnu.org X-Debbugs-Original-Cc: bug-guix@gnu.org, 59771@debbugs.gnu.org Received: via spool by submit@debbugs.gnu.org id=B.1670094682864 (code B ref -1); Sat, 03 Dec 2022 19:12:02 +0000 Received: (at submit) by debbugs.gnu.org; 3 Dec 2022 19:11:22 +0000 Received: from localhost ([127.0.0.1]:52842 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1p1Xuz-0000Dr-Ft for submit@debbugs.gnu.org; Sat, 03 Dec 2022 14:11:22 -0500 Received: from lists.gnu.org ([209.51.188.17]:50534) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1p1Xuw-0000Df-QN for submit@debbugs.gnu.org; Sat, 03 Dec 2022 14:11:20 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1p1Xuw-0003wB-Le for bug-guix@gnu.org; Sat, 03 Dec 2022 14:11:18 -0500 Received: from mail-ej1-f44.google.com ([209.85.218.44]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1p1Xuu-0001ne-CJ for bug-guix@gnu.org; Sat, 03 Dec 2022 14:11:18 -0500 Received: by mail-ej1-f44.google.com with SMTP id vp12so18752379ejc.8 for ; Sat, 03 Dec 2022 11:11:15 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=FNXABJiRBNPTrxq5Yw2Hbt0XTRP6h5/dIDHEFEWeuNE=; b=43DjGSRy9Bktx/WbTA6LEc65Y55DEqAOeRRzrffku/Y1SqOIp8pv5MPxHDdp9jpVAp FUK9hlmBAPzFGpN1rvxt6LBkssfTn/+tIFpUkFd0N84folcfUNqE3CiKGNfhMfOrJ7bs oJ/CDLTl3yMxWpygCbTZgxDkBaCoVvGo8DId8z11068vSxXWQgXSuRLNElMyooWjS97n P/K0I7tc6GHZSldahfWP4J2bly4GjleycMli0a1VbBtngoOzCcXX82+jApri3b8gnuDt VNawv/U8ncjgFQHkf/2yV40qYAFZMgWZ57esFBbGd3dR7oO2X2fkN26Id1JrHwLL0VPV fw8w== X-Gm-Message-State: ANoB5pmPSukbYyPBPqEFyMnjCcY3fPcGxqREoS6gD83HL76sjw/hTTUb p488afRRAtru/S/89wdPThRQM/c/F/oaJ9MS+Tg= X-Google-Smtp-Source: AA0mqf5tx+78Kc8+lPcjgusqmDX3gO5VfQVzwuVHSkBqiCavbMABP5Riz/jR4PMmV2Vf8qxKq+H7pced0pYm9zEAFqc= X-Received: by 2002:a17:906:65c4:b0:7ad:d250:b907 with SMTP id z4-20020a17090665c400b007add250b907mr63492448ejn.737.1670094674058; Sat, 03 Dec 2022 11:11:14 -0800 (PST) MIME-Version: 1.0 References: <87359y3tqn.fsf@nckx> In-Reply-To: <87359y3tqn.fsf@nckx> From: Hugo Buddelmeijer Date: Sat, 3 Dec 2022 20:11:02 +0100 Message-ID: Content-Type: multipart/alternative; boundary="000000000000c9e49b05eef137cb" Received-SPF: pass client-ip=209.85.218.44; envelope-from=blackshift@gmail.com; helo=mail-ej1-f44.google.com X-Spam_score_int: -15 X-Spam_score: -1.6 X-Spam_bar: - X-Spam_report: (-1.6 / 5.0 requ) BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: bug-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1670094747; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post; bh=FNXABJiRBNPTrxq5Yw2Hbt0XTRP6h5/dIDHEFEWeuNE=; b=ng6y2IWZJOC8uZ51EutzExg28V/AJQGfiD8PLG15CKTl9qZmRmEzi8SMQnjaA3zM2+GmKW 3cWsrul68yDO4nvT0EFILGLy9Q6hONkVWWExgBf4Yis3OVKiWSexSgdKRKzMoBzKZ4PI2d MtUqVXeJvlEDPJg7b9Z+nmIEUB84F/JCFL022NjD7+StiyrnEovjS8R7NkSbNJAd7VE5Jh x0HsK5WkzbsSO97LygB5On+fru45UwLtQ4yWQd1BmmyaT9ubWOyaCDv6fimum/8141tOar RAWTRWATvhZ3Znoy3jSl8F+LDk03RujobXbh0bVnM/1BTAutZrth+ZlK+pPHNQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1670094747; a=rsa-sha256; cv=none; b=lwAG8BUAn0EvDG6wsEaKK5SHwetU/p8s/oxzeyqHgItRt6Ew88WNDxAP7z+ilgx5xqU+k8 /uSJ4YbjY5/jGerERaEjsvGaQmyLYysUyaSWFocELEJ4rizbAY61dwgcXaoXw7eY8DyjaE 8ABNi5RlehnIIDz+C6wxgyXwOXAZSE8rw/uDOOnABU0lyIjozdD6qQJlCZeijjq2c+qMcz Ie1s2sXNsAQ8DMW7yWN8hdNs9mMXq/S58jjuSg0qnlAE95TiJxTfb1DdafmJ3tApvc2XoY amGRPBTVHd2MFXsaxvmuGGjz+mzaG31w3batjVNCw11mW9MQU4nU7l74z326jw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.46 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: EDB3D9102 X-Spam-Score: -3.46 X-Migadu-Scanner: scn0.migadu.com X-TUID: QaCTM4bVpBW6 --000000000000c9e49b05eef137cb Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi T G-R, Won't work, because sudo needs to be setuid =E2=80=94 that is, provided by > the OS. > > On Guix Systems, that means /run/setuid-programs/sudo. It cannot > be run from the store, where setuid programmes are not allowed. > Thanks. I did not notice that there are two different sudo's. It does make sense. Note that I did not intend (or try) to actually run anything with root access; it seemed that the problem went away if sudo was merely available, but that is not true. I believe that bug 59772 (the next one) is a direct result of sudo not behaving as conda expects. I do believe this bug and 59772 to ultimately be conda bugs, because "conda init" worked fine on guix in the past; I'll investigate and raise it with them. But maybe 59771 (this bug), 59772 (also due to sudo), and 59776 (hardcoded paths), all three could be resolved in a more guix-y way. The problem in these three bugs is that "conda init" wants to add something to ~/.bashrc that adds some bash functions to the environment (and the sole purpose of those bash functions seems to be to update PS1). However, I was wondering, would it be possible to have guix itself add those bash functions to the environment? As in, we add some code to the guix conda package that ensures that if guix enters an environment with conda, that it somehow adds the necessary bash functions to the environment. So "conda init" and changes to ~/.bashrc would not even be necessary (thus fixing these bugs). That is, that the shell spawned through "guix shell -C conda" would have these bash functions directly in the environment. Would something like this be possible? Something simpler would be a guix package that updates an environment variable. But I can't find one quickly, so maybe this is not something that is possible in guix? E.g. the conda openjdk package sets JAVA_HOME, but the guix openjdk package does not. Greetings, Hugo On Fri, 2 Dec 2022 at 12:47, Tobias Geerinckx-Rice wrote: > Hi Hugo, > > Hugo Buddelmeijer =E5=86=99=E9=81=93=EF=BC=9A > > As for why sudo is needed, I don't know. (Not sure I want to > > know.) > > Indeed, this sounds like something to report and fix upstream. > > > $ guix shell -C conda sudo > > Won't work, because sudo needs to be setuid =E2=80=94 that is, provided b= y > the OS. > > On Guix Systems, that means /run/setuid-programs/sudo. It cannot > be run from the store, where setuid programmes are not allowed. > > I tried --expose'ing /run/setuid-programs, but then sudo fails to > find libsudo_util.so.0. I didn't test further but don't expect > that to suffice: sudo simply makes too many assumptions about the > system, because of the special job it needs to do. > > While it would be nice to figure out how to provide > setuid-programs to a containers, Conda's pointless use of sudo is > the bug here. > > Kind regards, > > T G-R > --000000000000c9e49b05eef137cb Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi T G-R,

Won't work, because sudo needs to be se= tuid =E2=80=94 that is, provided by
the OS.

On Guix Systems, that means /run/setuid-programs/sudo.=C2=A0 It cannot
be run from the store, where setuid programmes are not allowed.

Thanks. I did not notice that there = are two different sudo's. It does make sense.

<= div>Note that I did not intend (or try) to actually run anything with root = access; it seemed that the problem went away if sudo was merely available, = but that is not true. I believe that bug 59772 (the next one) is a direct r= esult of sudo not behaving as conda expects. I do believe this bug and 5977= 2 to ultimately be conda bugs, because "conda init" worked fine o= n guix in the past; I'll investigate and raise it with them.
<= div>
But maybe 59771 (this bug), 59772 (also due to sudo), an= d 59776 (hardcoded paths), all three could be resolved in a more guix-y way= . The problem in these three bugs is that "conda init" wants to a= dd something to ~/.bashrc that adds some bash functions to the environment = (and the sole purpose of those bash functions seems to be to update PS1). H= owever, I was wondering, would it be possible to have guix itself add those= bash functions to the environment?

As in, we add = some code to the guix conda package that ensures that if guix enters an env= ironment with conda, that it somehow adds the necessary bash functions to t= he environment. So "conda init" and changes to ~/.bashrc would no= t even be necessary (thus fixing these bugs). That is, that the shell spawn= ed through "guix shell -C conda" would have these bash functions = directly in the environment. Would something like this be possible?

Something simpler would be a guix package that updates an= environment variable. But I can't find one quickly, so maybe this is n= ot something that is possible in guix? E.g. the conda openjdk package sets = JAVA_HOME, but the guix openjdk package does not.

= Greetings,
Hugo









<= /div>


On Fri, 2 Dec 2022 at 12:47, Tobias Geerinckx-Rice <= me@tobias.gr> wrote:
Hi Hugo,

Hugo Buddelmeijer =E5=86=99=E9=81=93=EF=BC=9A
> As for why sudo is needed, I don't know. (Not sure I want to
> know.)

Indeed, this sounds like something to report and fix upstream.

> $ guix shell -C conda sudo

Won't work, because sudo needs to be setuid =E2=80=94 that is, provided= by
the OS.

On Guix Systems, that means /run/setuid-programs/sudo.=C2=A0 It cannot
be run from the store, where setuid programmes are not allowed.

I tried --expose'ing /run/setuid-programs, but then sudo fails to
find libsudo_util.so.0.=C2=A0 I didn't test further but don't expec= t
that to suffice: sudo simply makes too many assumptions about the
system, because of the special job it needs to do.

While it would be nice to figure out how to provide
setuid-programs to a containers, Conda's pointless use of sudo is
the bug here.

Kind regards,

T G-R
--000000000000c9e49b05eef137cb--