From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: Guix binary tarball Date: Fri, 15 May 2015 19:14:04 +0200 Message-ID: <87382xwyoz.fsf@gnu.org> References: <20150515164602.GA13539@debian> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:35710) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YtJBe-0005pl-7E for guix-devel@gnu.org; Fri, 15 May 2015 13:14:15 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1YtJBY-0000Ju-UV for guix-devel@gnu.org; Fri, 15 May 2015 13:14:14 -0400 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:50299) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1YtJBY-0000JZ-Ra for guix-devel@gnu.org; Fri, 15 May 2015 13:14:08 -0400 In-Reply-To: <20150515164602.GA13539@debian> (Andreas Enge's message of "Fri, 15 May 2015 18:46:02 +0200") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Andreas Enge Cc: guix-devel@gnu.org Andreas Enge skribis: > - The files all have owner nixbld and group nixbld, whereas on my own mac= hine, > they are either both root (for /var/guix, /root and /store) or user roo= t, > group guix-builder (for /gnu/store). As that user and group do not exist > on the target system, the numerical values 30000 and 30001 are used ins= tead. > Would it be possible to create the tarball with the correct file owner? > One would then need to modify the documentation, since one needs to fir= st > create the guix-builder group and add root to it _before_ unpacking the > tarball, so that the correct owner will be chosen instead of the numeri= cal > value. Argh, good point. Yes, it would be possible to use the =E2=80=9Cguix-build= er=E2=80=9D user and group names. I=E2=80=99ve deployed the tarball before on a machine and didn=E2=80=99t no= tice that because it Just Worked. I guess the reason is that 30000 and 30001 work as long as guix-build{,er} are the first system group and user accounts created on the system. What were the symptoms on your machine? Did guix-build{,er} turn out to have different UID/GID? > - The tarball also contains /, /root and /var. When unpacking it, the own= er > and permissions are changed on the system. Oops, indeed. > As a consequence, we could not ssh into the machine any more > (!). I don=E2=80=99t see how this could happen. > Could these directories be left out of the tarball and only their > contents be kept in? No. Maybe we can fix it by using two tar invocations with different --owner. > Another point, which might simply lead to modifications in the documentat= ion: > > - /root/.guix-profile does not need to be accessed by a normal user. I th= ink > that it is better to do > # cd /usr/local/bin > # ln -s /var/guix/profiles/per-user/root/guix-profile/bin/guix > instead of > # ln -s /root/.guix-profile/bin/guix > This unravels one layer of symbolic links, and does not force to change > the permissions of /root. OK, patch welcome. :-) A couple of days earlier would have been even better, but thanks for the detailed feedback! ;-) Ludo=E2=80=99.