From: ludo@gnu.org (Ludovic Courtès)
To: Andreas Enge <andreas@enge.fr>
Cc: guix-devel@gnu.org
Subject: Re: Guix binary tarball
Date: Fri, 15 May 2015 19:14:04 +0200 [thread overview]
Message-ID: <87382xwyoz.fsf@gnu.org> (raw)
In-Reply-To: <20150515164602.GA13539@debian> (Andreas Enge's message of "Fri, 15 May 2015 18:46:02 +0200")
Andreas Enge <andreas@enge.fr> skribis:
> - The files all have owner nixbld and group nixbld, whereas on my own machine,
> they are either both root (for /var/guix, /root and /store) or user root,
> group guix-builder (for /gnu/store). As that user and group do not exist
> on the target system, the numerical values 30000 and 30001 are used instead.
> Would it be possible to create the tarball with the correct file owner?
> One would then need to modify the documentation, since one needs to first
> create the guix-builder group and add root to it _before_ unpacking the
> tarball, so that the correct owner will be chosen instead of the numerical
> value.
Argh, good point. Yes, it would be possible to use the “guix-builder”
user and group names.
I’ve deployed the tarball before on a machine and didn’t notice that
because it Just Worked. I guess the reason is that 30000 and 30001 work
as long as guix-build{,er} are the first system group and user accounts
created on the system.
What were the symptoms on your machine? Did guix-build{,er} turn out
to have different UID/GID?
> - The tarball also contains /, /root and /var. When unpacking it, the owner
> and permissions are changed on the system.
Oops, indeed.
> As a consequence, we could not ssh into the machine any more
> (!).
I don’t see how this could happen.
> Could these directories be left out of the tarball and only their
> contents be kept in?
No. Maybe we can fix it by using two tar invocations with different
--owner.
> Another point, which might simply lead to modifications in the documentation:
>
> - /root/.guix-profile does not need to be accessed by a normal user. I think
> that it is better to do
> # cd /usr/local/bin
> # ln -s /var/guix/profiles/per-user/root/guix-profile/bin/guix
> instead of
> # ln -s /root/.guix-profile/bin/guix
> This unravels one layer of symbolic links, and does not force to change
> the permissions of /root.
OK, patch welcome. :-)
A couple of days earlier would have been even better, but thanks for the
detailed feedback! ;-)
Ludo’.
next prev parent reply other threads:[~2015-05-15 17:14 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-15 16:46 Guix binary tarball Andreas Enge
2015-05-15 17:14 ` Ludovic Courtès [this message]
2015-05-15 17:37 ` Andreas Enge
2015-05-15 19:45 ` Taylan Ulrich Bayırlı/Kammer
2015-05-16 18:55 ` Ludovic Courtès
2015-05-16 2:53 ` Mark H Weaver
2015-05-17 21:34 ` Ludovic Courtès
2015-05-16 6:47 ` Andreas Enge
2015-05-16 18:57 ` Ludovic Courtès
2015-05-17 22:15 ` Ludovic Courtès
2015-05-17 22:45 ` Ludovic Courtès
2015-05-18 11:34 ` Andreas Enge
2015-05-18 19:38 ` Ludovic Courtès
2015-05-19 23:03 ` Mark H Weaver
2015-05-20 8:10 ` Andreas Enge
2015-05-20 10:19 ` Ludovic Courtès
2015-05-20 19:12 ` Mark H Weaver
2015-05-21 8:16 ` Ludovic Courtès
2015-06-07 12:39 ` Thomas Schwinge
2015-06-07 13:16 ` /run/current-system (was: Guix binary tarball) Thomas Schwinge
2015-06-07 16:19 ` /run/current-system Ludovic Courtès
2015-06-07 16:14 ` Guix binary tarball Ludovic Courtès
2015-06-08 9:34 ` Alex Kost
2015-06-08 21:33 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87382xwyoz.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=andreas@enge.fr \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).