* Hacks to install Guix packages without root
@ 2017-10-26 21:46 Ricardo Wurmus
2017-10-27 0:48 ` Ludovic Courtès
` (2 more replies)
0 siblings, 3 replies; 9+ messages in thread
From: Ricardo Wurmus @ 2017-10-26 21:46 UTC (permalink / raw)
To: guix-devel; +Cc: Pjotr Prins
Hi,
this blog post contains many great examples of how to deploy Guix
applications without root access:
http://guix-hpc.bordeaux.inria.fr/blog/2017/10/using-guix-without-being-root/
I think that all of these methods should be wrapped up by Guix itself,
so that none of this has to be done manually. I’d also like to include
Pjotr’s hack in this, which involves rewriting /gnu/store references.
It’s icky but effective and one of the reasons why Conda is so popular
(they rewrite references in their binaries as well, but less principled
than, say, grafts).
How about an extension of “guix pack” that will rewrite the /gnu/store
references to a user-provided directory before bundling things up in a
tarball? I’d *really* like to be able to just use the tarball bundle
“guix pack” produces by default, but currently deploying it requires
root access or proot shenanigans at runtime.
How about making manual hacking with unshare and chroot obsolete by
including a simple executable in the pack that handles this rewriting
for the user…? With that we would be one step closer to the user
experience of Docker — without having a runtime dependency on Docker.
What do you think?
--
Ricardo
GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
https://elephly.net
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Hacks to install Guix packages without root
2017-10-26 21:46 Hacks to install Guix packages without root Ricardo Wurmus
@ 2017-10-27 0:48 ` Ludovic Courtès
2017-10-27 8:27 ` Pjotr Prins
2017-10-27 6:53 ` Konrad Hinsen
2017-10-27 8:17 ` Pjotr Prins
2 siblings, 1 reply; 9+ messages in thread
From: Ludovic Courtès @ 2017-10-27 0:48 UTC (permalink / raw)
To: Ricardo Wurmus; +Cc: guix-devel, Pjotr Prins
Hi!
Ricardo Wurmus <rekado@elephly.net> skribis:
> How about an extension of “guix pack” that will rewrite the /gnu/store
> references to a user-provided directory before bundling things up in a
> tarball?
I’ve thought about this (we have rewriting machinery in (guix build
grafts) that we could adjust and use), but then I thought that maybe
PRoot, unshare, and all the rest are good enough?
> I’d *really* like to be able to just use the tarball bundle “guix
> pack” produces by default, but currently deploying it requires root
> access or proot shenanigans at runtime.
>
> How about making manual hacking with unshare and chroot obsolete by
> including a simple executable in the pack that handles this rewriting
> for the user…?
The tarballs could include proot-static and another statically-linked
program that essentially tries to call unshare(2). Would that make
sense?
> With that we would be one step closer to the user experience of Docker
> — without having a runtime dependency on Docker.
It’s also fine to use Docker when it’s available, I think.
Thoughts?
Ludo’.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Hacks to install Guix packages without root
2017-10-26 21:46 Hacks to install Guix packages without root Ricardo Wurmus
2017-10-27 0:48 ` Ludovic Courtès
@ 2017-10-27 6:53 ` Konrad Hinsen
2017-10-27 8:17 ` Pjotr Prins
2 siblings, 0 replies; 9+ messages in thread
From: Konrad Hinsen @ 2017-10-27 6:53 UTC (permalink / raw)
To: guix-devel
On 26/10/2017 23:46, Ricardo Wurmus wrote:
> How about an extension of “guix pack” that will rewrite the /gnu/store
> references to a user-provided directory before bundling things up in a
> tarball? I’d *really* like to be able to just use the tarball bundle
> “guix pack” produces by default, but currently deploying it requires
> root access or proot shenanigans at runtime.
That would be nice indeed as a deployment option. In particular for
distributing binaries to less experienced users.
On 27/10/2017 02:48, Ludovic Courtès wrote:
> The tarballs could include proot-static and another statically-linked
> program that essentially tries to call unshare(2). Would that make
> sense?
That's perhaps good enough as well. Suggestion: try to write the user
instructions for deploying these tarballs first, and pick the method
that is easiest to describe.
I see basically two usage scenarios. One is a form of software
installation: users download a tarball, follow the instruction
procedure, and than have some additional commands in their PATH. The
other scenario is the creation of a somewhat isolated environment, with
users wanting a shell for working in just that environment. For that
second scenario, proot is probably just fine, but I am less convinced
about the first one.
Konrad.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Hacks to install Guix packages without root
2017-10-26 21:46 Hacks to install Guix packages without root Ricardo Wurmus
2017-10-27 0:48 ` Ludovic Courtès
2017-10-27 6:53 ` Konrad Hinsen
@ 2017-10-27 8:17 ` Pjotr Prins
2 siblings, 0 replies; 9+ messages in thread
From: Pjotr Prins @ 2017-10-27 8:17 UTC (permalink / raw)
To: Ricardo Wurmus; +Cc: guix-devel
On Thu, Oct 26, 2017 at 11:46:52PM +0200, Ricardo Wurmus wrote:
> Hi,
>
> this blog post contains many great examples of how to deploy Guix
> applications without root access:
>
> http://guix-hpc.bordeaux.inria.fr/blog/2017/10/using-guix-without-being-root/
>
> I think that all of these methods should be wrapped up by Guix itself,
> so that none of this has to be done manually. I’d also like to include
> Pjotr’s hack in this, which involves rewriting /gnu/store references.
> It’s icky but effective and one of the reasons why Conda is so popular
> (they rewrite references in their binaries as well, but less principled
> than, say, grafts).
>
> How about an extension of “guix pack” that will rewrite the /gnu/store
> references to a user-provided directory before bundling things up in a
> tarball? I’d *really* like to be able to just use the tarball bundle
> “guix pack” produces by default, but currently deploying it requires
> root access or proot shenanigans at runtime.
>
> How about making manual hacking with unshare and chroot obsolete by
> including a simple executable in the pack that handles this rewriting
> for the user…? With that we would be one step closer to the user
> experience of Docker — without having a runtime dependency on Docker.
I wrote a fast executable in D that does that
https://gitlab.com/pjotrp/guix-relocate/blob/master/src/main.d
It is part of my installer which I wrote in Ruby (sorry, I know ;)
https://gitlab.com/pjotrp/gnu-install-bin/blob/master/bin/gnu-install-bin
Note it first uses Nix's patchelf and then the D program - I could
have linked the two, but did not bother. The logic is here:
https://gitlab.com/pjotrp/gnu-install-bin/blob/master/lib/installer.rb
I remember sweating over this in a dark hotel in Zanzibar last winter.
There was a heat wave and the airco was ineffective. It was a fun
thing to do, even so.
Pj
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Hacks to install Guix packages without root
2017-10-27 0:48 ` Ludovic Courtès
@ 2017-10-27 8:27 ` Pjotr Prins
2017-10-31 14:19 ` Dave Love
0 siblings, 1 reply; 9+ messages in thread
From: Pjotr Prins @ 2017-10-27 8:27 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: guix-devel
On Thu, Oct 26, 2017 at 05:48:20PM -0700, Ludovic Courtès wrote:
> Hi!
>
> Ricardo Wurmus <rekado@elephly.net> skribis:
>
> > How about an extension of “guix pack” that will rewrite the /gnu/store
> > references to a user-provided directory before bundling things up in a
> > tarball?
>
> I’ve thought about this (we have rewriting machinery in (guix build
> grafts) that we could adjust and use), but then I thought that maybe
> PRoot, unshare, and all the rest are good enough?
PRoot is too slow for most HPC purposes but can be used to build
non-proot binaries, as I do here:
https://gitlab.com/pjotrp/guix-notes/blob/master/GUIX-NO-ROOT.org
But it is a roundabout way and too much for most people to handle.
Also we are not reusing Guix binaries that way.
> The tarballs could include proot-static and another statically-linked
> program that essentially tries to call unshare(2). Would that make
> sense?
proot is a no-go for actual use involving IO.
> > With that we would be one step closer to the user experience of Docker
> > — without having a runtime dependency on Docker.
>
> It’s also fine to use Docker when it’s available, I think.
Docker is a no-go on 90% HPC's out there (that number may go down
slowly). Also Docker is a royal pain to deal with: every time I have
to install it somewhere it gives me some grief. I don't think it is
that useful for distributing software.
I think if we have a proper replacement for Docker - like Conda does -
the need for Docker will actually go away.
+1 for providing relocatable packages as far as I am concerned.
Pj.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Hacks to install Guix packages without root
2017-10-27 8:27 ` Pjotr Prins
@ 2017-10-31 14:19 ` Dave Love
2017-11-03 11:54 ` Pjotr Prins
0 siblings, 1 reply; 9+ messages in thread
From: Dave Love @ 2017-10-31 14:19 UTC (permalink / raw)
To: Pjotr Prins; +Cc: guix-devel
Pjotr Prins <pjotr.public12@thebird.nl> writes:
> PRoot is too slow for most HPC purposes but can be used to build
> non-proot binaries, as I do here:
>
> https://gitlab.com/pjotrp/guix-notes/blob/master/GUIX-NO-ROOT.org
I've never tried to measure it, but how does it affect most HPC
purposes? It's not as if they're going to be using a lot of syscalls.
(However, it's not clear to me how PRoot wins over fakeroot+fakechroot.)
>> The tarballs could include proot-static and another statically-linked
>> program that essentially tries to call unshare(2). Would that make
>> sense?
>
> proot is a no-go for actual use involving IO.
Presumably that depends on the i/o (amount and type, which might just be
in userspace).
>> > With that we would be one step closer to the user experience of Docker
>> > — without having a runtime dependency on Docker.
>>
>> It’s also fine to use Docker when it’s available, I think.
>
> Docker is a no-go on 90% HPC's out there (that number may go down
> slowly).
[Perhaps not as many as it should be no go...]
> Also Docker is a royal pain to deal with: every time I have
> to install it somewhere it gives me some grief. I don't think it is
> that useful for distributing software.
>
> I think if we have a proper replacement for Docker - like Conda does -
> the need for Docker will actually go away.
What would a proper replacement do that existing solutions don't? Also,
what does Conda provide? I don't remember seeing anything like that
with it.
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Hacks to install Guix packages without root
2017-10-31 14:19 ` Dave Love
@ 2017-11-03 11:54 ` Pjotr Prins
2017-11-06 15:03 ` Dave Love
0 siblings, 1 reply; 9+ messages in thread
From: Pjotr Prins @ 2017-11-03 11:54 UTC (permalink / raw)
To: Dave Love; +Cc: guix-devel
On Tue, Oct 31, 2017 at 02:19:55PM +0000, Dave Love wrote:
> Pjotr Prins <pjotr.public12@thebird.nl> writes:
>
> > PRoot is too slow for most HPC purposes but can be used to build
> > non-proot binaries, as I do here:
> >
> > https://gitlab.com/pjotrp/guix-notes/blob/master/GUIX-NO-ROOT.org
>
> I've never tried to measure it, but how does it affect most HPC
> purposes? It's not as if they're going to be using a lot of syscalls.
> (However, it's not clear to me how PRoot wins over fakeroot+fakechroot.)
Best to try for the specific use case. For bioinformatics it won't
work.
> >> The tarballs could include proot-static and another statically-linked
> >> program that essentially tries to call unshare(2). Would that make
> >> sense?
> >
> > proot is a no-go for actual use involving IO.
>
> Presumably that depends on the i/o (amount and type, which might just be
> in userspace).
yes
> >> > With that we would be one step closer to the user experience of Docker
> >> > — without having a runtime dependency on Docker.
> >>
> >> It’s also fine to use Docker when it’s available, I think.
> >
> > Docker is a no-go on 90% HPC's out there (that number may go down
> > slowly).
>
> [Perhaps not as many as it should be no go...]
>
> > Also Docker is a royal pain to deal with: every time I have
> > to install it somewhere it gives me some grief. I don't think it is
> > that useful for distributing software.
> >
> > I think if we have a proper replacement for Docker - like Conda does -
> > the need for Docker will actually go away.
>
> What would a proper replacement do that existing solutions don't? Also,
> what does Conda provide? I don't remember seeing anything like that
> with it.
I was not clear. Conda essentially is a light replacement for Docker
if you just think of Docker as a deployment option *only*. Docker
is overkill for just deploying software. Guix proves that. Conda
proves that too though it is less robust than Guix and less well at
handling dependencies. Both have support for containers thrown in.
In other words, in my area, quite a few people started preferring Conda over
Docker and replacing it in practise. That is what I meant to say.
Docker is not going away, mind. We may end up putting Conda and Guix
in Docker containers ;)
Pj.
--
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Hacks to install Guix packages without root
2017-11-03 11:54 ` Pjotr Prins
@ 2017-11-06 15:03 ` Dave Love
2017-11-06 16:13 ` Pjotr Prins
0 siblings, 1 reply; 9+ messages in thread
From: Dave Love @ 2017-11-06 15:03 UTC (permalink / raw)
To: Pjotr Prins; +Cc: guix-devel
Pjotr Prins <pjotr.public12@thebird.nl> writes:
> On Tue, Oct 31, 2017 at 02:19:55PM +0000, Dave Love wrote:
>> Pjotr Prins <pjotr.public12@thebird.nl> writes:
>>
>> > PRoot is too slow for most HPC purposes but can be used to build
>> > non-proot binaries, as I do here:
>> >
>> > https://gitlab.com/pjotrp/guix-notes/blob/master/GUIX-NO-ROOT.org
>>
>> I've never tried to measure it, but how does it affect most HPC
>> purposes? It's not as if they're going to be using a lot of syscalls.
>> (However, it's not clear to me how PRoot wins over fakeroot+fakechroot.)
>
> Best to try for the specific use case. For bioinformatics it won't
> work.
This may be a bit off-topic, but perhaps it helps in packaging: I don't
know whether that refers to using PRoot or fakechroot, but anyway,
what specifically is the problem in bioinformatics?
By the way, I measured compressed tar/untar under PRoot on CentOS 6 of
the CentOS root image. It's around a factor of two slower than native
on untar and about 40% slower on tar.
>> What would a proper replacement do that existing solutions don't? Also,
>> what does Conda provide? I don't remember seeing anything like that
>> with it.
>
> I was not clear. Conda essentially is a light replacement for Docker
> if you just think of Docker as a deployment option *only*. Docker
> is overkill for just deploying software. Guix proves that.
Oh, sure, and there are longer standing solutions anyhow, if OS packages
are out.
> Conda
> proves that too though it is less robust than Guix and less well at
> handling dependencies. Both have support for containers thrown in.
[I didn't realize conda had containers built in, but it seems
Python-centric anyway.]
> In other words, in my area, quite a few people started preferring Conda over
> Docker and replacing it in practise. That is what I meant to say.
>
> Docker is not going away, mind. We may end up putting Conda and Guix
> in Docker containers ;)
Does that mean containers or images? (The way the terminology has gone
is rather unhelpful...) Docker is a nightmare for use with HPC-type
resource managers, but you can run from OCI-type images more sanely, of
course.
I probably basically agree!
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Hacks to install Guix packages without root
2017-11-06 15:03 ` Dave Love
@ 2017-11-06 16:13 ` Pjotr Prins
0 siblings, 0 replies; 9+ messages in thread
From: Pjotr Prins @ 2017-11-06 16:13 UTC (permalink / raw)
To: Dave Love; +Cc: guix-devel
On Mon, Nov 06, 2017 at 03:03:30PM +0000, Dave Love wrote:
> > Best to try for the specific use case. For bioinformatics it won't
> > work.
>
> This may be a bit off-topic, but perhaps it helps in packaging: I don't
> know whether that refers to using PRoot or fakechroot, but anyway,
> what specifically is the problem in bioinformatics?
Large data sets. Many files.
> By the way, I measured compressed tar/untar under PRoot on CentOS 6 of
> the CentOS root image. It's around a factor of two slower than native
> on untar and about 40% slower on tar.
Exactly. Too slow when IO is already the bottleneck.
> > Docker is not going away, mind. We may end up putting Conda and Guix
> > in Docker containers ;)
>
> Does that mean containers or images? (The way the terminology has gone
> is rather unhelpful...)
Containers.
> Docker is a nightmare for use with HPC-type
> resource managers, but you can run from OCI-type images more sanely, of
> course.
There is no love between Docker and me ;)
> I probably basically agree!
Probably :)
--
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2017-11-06 16:15 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-10-26 21:46 Hacks to install Guix packages without root Ricardo Wurmus
2017-10-27 0:48 ` Ludovic Courtès
2017-10-27 8:27 ` Pjotr Prins
2017-10-31 14:19 ` Dave Love
2017-11-03 11:54 ` Pjotr Prins
2017-11-06 15:03 ` Dave Love
2017-11-06 16:13 ` Pjotr Prins
2017-10-27 6:53 ` Konrad Hinsen
2017-10-27 8:17 ` Pjotr Prins
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).