From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: Unprivileged /gnu/store with PRoot - or relocate
Date: Sat, 13 May 2017 16:12:13 +0200
Message-ID: <8737c83kxu.fsf@gnu.org>
References: <87d1beoyvi.fsf@gnu.org> <20170513053859.GA19841@thebird.nl>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49162)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1d9XmN-00057a-FG
	for guix-devel@gnu.org; Sat, 13 May 2017 10:12:20 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1d9XmK-0002zn-Bz
	for guix-devel@gnu.org; Sat, 13 May 2017 10:12:19 -0400
In-Reply-To: <20170513053859.GA19841@thebird.nl> (Pjotr Prins's message of
	"Sat, 13 May 2017 07:38:59 +0200")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Pjotr Prins <pjotr.public12@thebird.nl>
Cc: guix-devel <guix-devel@gnu.org>

Hello!

Pjotr Prins <pjotr.public12@thebird.nl> skribis:

> I explored this and actually built Nix/Guix on proot in the past for the
> same reasons
>
>   https://github.com/pjotrp/nix-no-root

Right, thanks for the reminder!

Back then the target was mostly to run a full Nix/Guix under PRoot,
right?  I suppose running guix-daemon & co. under PRoot would be
terribly slow, especially when building stuff.

> Mind, it *is* slow. That is why I came up with relocatable Guix which
> works much better. No performance loss. Just an extra installation
> step. Relocatable Guix works great, but it requires effort to make it
> user friendly. We can automate creating relocatable packages with guix
> pack. All it needs is an additional installer that rewrites the paths.
> The other limitation is that the installer prefix can be no longer
> than ~50 characters because it gobbles up the Guix store path + hash.
>
> I have written all the code for that. The installer is fast.
>
> Anyone interested in that type of solution? We can make it work, even
> as automated builds. I think it would be great for HPC and can even be
> part of non-root packagers, such as brew and conda.

Definitely.  As discussed before, my personal preference for the
technical solutions to this problem is, in this order:

  1. user namespaces (unfortunately rarely available, at least on HPC);

  2. PRoot, provided the performance is okay for the target workload;

  3. relocation as you presented it at FOSDEM.

When #1 is available that=E2=80=99s good.  In other cases, one has to choose
between #2 and #3 depending on performance and other tradeoffs.

Each of these approaches has its pros and cons.  We all know that the
one true solution to file system virtualization is GNU/Hurd=E2=80=A6 but we=
=E2=80=99re
not there yet!  :-)

Ludo=E2=80=99.