From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 6ItwL1pV/mL4AgAAbAwnHQ (envelope-from ) for ; Thu, 18 Aug 2022 17:06:02 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id uESSL1pV/mLZbgAA9RJhRA (envelope-from ) for ; Thu, 18 Aug 2022 17:06:02 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id B2798457F0 for ; Thu, 18 Aug 2022 17:06:00 +0200 (CEST) Received: from localhost ([::1]:35170 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oOh5r-00005E-NG for larch@yhetil.org; Thu, 18 Aug 2022 11:05:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34544) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oOh0z-0003b3-23 for guix-devel@gnu.org; Thu, 18 Aug 2022 11:00:58 -0400 Received: from mail-wr1-x42f.google.com ([2a00:1450:4864:20::42f]:46835) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oOh0x-00047n-G4 for guix-devel@gnu.org; Thu, 18 Aug 2022 11:00:56 -0400 Received: by mail-wr1-x42f.google.com with SMTP id e20so1556507wri.13 for ; Thu, 18 Aug 2022 08:00:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:from:to:cc; bh=kwVcZijz/1z0/U4AnsUeJF4kWmZDL2JCmAhF2MjZOug=; b=Npbe1xzrfNjEesiAeHJy3xo+Tzqoek82U4F4hlNftfnik9/osVH7ekxpeDUKb9nUeR 6OY75mEBLmWK4w+ejry5DcHBxwj1Rg043dZqGMW4aKi3CG9Z7gXGvKF4cD2VmdsPyTWk tD/aKrrOmU/8jeRfmi434xMaBICVYxeLqZfingH25wbzMd7xdqygDoCYsTcv7SuB/n7b zQ1XgbdPD4pjUeSwgR8z5rxAhZcgG6s7Bvm+kB/jAdSwZjR4U3Sg1mr2uzaSdIlfZUP3 Yc1EwtereORdSbmUMcq1i9f7jmVkee9viogXZcbYWY1HgJ+h2Xd7c3YWVBZDwjbDb1MX mCEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:message-id:date:references :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc; bh=kwVcZijz/1z0/U4AnsUeJF4kWmZDL2JCmAhF2MjZOug=; b=I6dguhIQ4QUh6BGX8Msy91MqLW07NASLD/kPb7HsBBBYg53Rbg22ZjqrFWtpmMjDFx M3z/aQuAkv+Jy79GleFgFqJ8580dYwKx94BbZf7pln66Bvj+Brsa7vXSMsth4gI9Rl9W AojUrevSqJwe+LrtkMzCH9PyqbVwvaYL0E6wq6tH5BHE0vkcj2NPJL920CDWwcPPc9qk hHaj191x/WdP/Q6h4s9G5OwKF1PwL4AnKdtRdoUWEZDGkaztT4Mh1zsma8v1xwvJRpc9 z23B63owtlGnFjBajYeiVTp3L/8KVKn4oln5vCvFhMOmQAcg8iUuxYsot8QLocioZsjo g9UQ== X-Gm-Message-State: ACgBeo3BqOTavQ0ywJlo4tB7a2ORbnVnliyNBb1YGc13V/B63JVRI2Sx mzpYOJ3yDAtvKkDB0kahFcvWmaIvUmA= X-Google-Smtp-Source: AA6agR6CJcttknoGQcgqkZ6NjCQb0a4QOPLhVnyMVSXETpurt2OT/mRcbL7Am1a5MUUxzDqCD3tXNw== X-Received: by 2002:a5d:4009:0:b0:225:2609:27bc with SMTP id n9-20020a5d4009000000b00225260927bcmr1882389wrp.75.1660834853980; Thu, 18 Aug 2022 08:00:53 -0700 (PDT) Received: from pfiuh07 ([193.48.40.241]) by smtp.gmail.com with ESMTPSA id be13-20020a05600c1e8d00b003a511e92abcsm2356602wmb.34.2022.08.18.08.00.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Aug 2022 08:00:53 -0700 (PDT) From: zimoun To: Bengt Richter , Josselin Poiret Cc: Zhu Zihao , guix-devel@gnu.org Subject: Re: Building, packaging and updating Guix with confidence In-Reply-To: <20220726010958.GA7490@LionPure> References: <87let6roxo.fsf@jpoiret.xyz> <867d4pjedm.fsf@163.com> <87h73trnyu.fsf@jpoiret.xyz> <20220717165219.GA19816@LionPure> <871quezbsi.fsf@jpoiret.xyz> <20220726010958.GA7490@LionPure> Date: Thu, 18 Aug 2022 15:19:01 +0200 Message-ID: <87a6817kqi.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=2a00:1450:4864:20::42f; envelope-from=zimon.toutoune@gmail.com; helo=mail-wr1-x42f.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1660835160; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=kwVcZijz/1z0/U4AnsUeJF4kWmZDL2JCmAhF2MjZOug=; b=sh50AmpurWC4NiCNZqLDBnAQVZk/ap1xarShKtCuX/J2nNjyBI0XZ/QkUl6IlD6sbI4RgD G9gHpvLMcTCaM9FsvODFDcFDczWbW0G4D4qyAr5WklMzo9lOHqx6sAu0mDz2tPBLwM58Yi ghEmXRUJ2+Zr1mHM0+upPlxXACm54WnPwKOgHgHXjuluXmtE+RXWH2qFySTPLp9SlOPKsq JFrGXzwaMBvm5TOLU7mw3Y1v6ICNLrPy4cCQ3LcdbL3ODtQ0lYnm6PIiIZwOpbucBiRZfh 4FaL/WnyKwmyCSycNTAB/l79MvP7I+Zxbt8PbkSgkef8cgWJs2ZlwqgXYZ+VlA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1660835160; a=rsa-sha256; cv=none; b=fwVh9D51K+iFRaeUuUiMzBRTU8jFG1Xk9cz6hzQ16qiYU6fqvLvoA6JFhsIAOhYqxbC7qa IpNcZ9Xvb5pnR/6SSZtWRFlIpjyAFyEF5N2axb/z2UEoHtsCTPmLoiMp9a0NuCf7yF7M6v McZsfhKl4wtHHJgRXSK/Fj5zBB1qeIX09N+f6brWLX2gAg3wtdElVkhRcYu+nl3cwvWh09 6UQcQSbipQcftcb6UZ7kiSl9Gj+G1rXAdCiWH3TdDsWzEPXY1Uz9RAHsd5E/yZumVXDiKZ 9uXT+raymK2begiJzrGHVDxBcQHpBkGRlk+YtwOpI8RN5bMEP31kBmnQodmptg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=Npbe1xzr; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.86 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=Npbe1xzr; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: B2798457F0 X-Spam-Score: -3.86 X-Migadu-Scanner: scn1.migadu.com X-TUID: S7O2OwWJ9rsa Hi Bengt, On mar., 26 juil. 2022 at 03:09, Bengt Richter wrote: > I naively don't buy the rationale against a non-root guix daemon :) For sure, we can imagine many other designs than the current implemented one. However, at one point or the other, =E2=80=9Csomething with privilege= s=E2=80=9D is required, no? I mean, consider that the user named Alice installs the package =E2=80=99fo= o=E2=80=99 and the user named Bob installs the package =E2=80=99foo=E2=80=99 too, then= , to have a shared store, =E2=80=9Csomething=E2=80=9D needs to know that =E2=80=99foo= =E2=80=99 is installed by Alice *and* Bob. I mean, the paths contained by the binaries need to be hard-coded (for reproducibility), so a common location is required and this common location requires special privileges to be manipulated. Moreover, this =E2=80=9Csomething=E2=80=9D also requires some privileges to= run isolated environments (build, etc.), Well, at the end, this =E2=80=9Csomething=E2=80=9D needs the same privilege= s as =E2=80=99root=E2=80=99, no? I mean, it appears to me the simplest; especially to configure on various foreign distros. Pjotr wrote, some time ago, some explanations [1] for running Guix with non-root daemon. 1: Cheers, simon