Chrooting into GuixSD

Chrooting into GuixSD

[swedebugia]

[-- Attachment #1: Type: text/plain, Size: 378 bytes --]

Hi

I have an old GuixSD unencrypted installation from when I started learning and experimenting in 2016.

I completely forgot the username and password for the installation.

I succeeded to chrooting into the system and set a new password. I used an arch-image on an USB. 

Is this ability to chroot into GuixSD worth mentioning in the manual? 
-- 
Cheers Swedebugia 

[-- Attachment #2: Type: text/html, Size: 418 bytes --]

Re: Chrooting into GuixSD

[Hartmut Goebel]

Am 13.06.2018 um 06:04 schrieb swedebugia:
> I succeeded to chrooting into the system and set a new password. I
> used an arch-image on an USB.
>
> Is this ability to chroot into GuixSD worth mentioning in the manual? 

IMHO it is not worth to be mentioned in the manual, as it is the same as
for all Linux systems.

-- 
Regards
Hartmut Goebel

| Hartmut Goebel          | h.goebel@crazy-compilers.com               |
| www.crazy-compilers.com | compilers which you thought are impossible |

Re: Chrooting into GuixSD

[Nils Gillmann]

Hartmut Goebel transcribed 493 bytes:
> Am 13.06.2018 um 06:04 schrieb swedebugia:
> > I succeeded to chrooting into the system and set a new password. I
> > used an arch-image on an USB.
> >
> > Is this ability to chroot into GuixSD worth mentioning in the manual? 
> 
> IMHO it is not worth to be mentioned in the manual, as it is the same as
> for all Linux systems.

Not really, since you can not *fully* chroot a GuixSD. Some functions
will not work, like interacting with the daemon or what it was. Last
time I tried this was at least 1.5 years ago.

> 
> -- 
> Regards
> Hartmut Goebel
> 
> | Hartmut Goebel          | h.goebel@crazy-compilers.com               |
> | www.crazy-compilers.com | compilers which you thought are impossible |
> 
> 

Re: Chrooting into GuixSD

[Thorsten Wilms]

On 13.06.2018 10:13, Nils Gillmann wrote:
>>> Is this ability to chroot into GuixSD worth mentioning in the manual?
>> IMHO it is not worth to be mentioned in the manual, as it is the same as
>> for all Linux systems.
> Not really, since you can not*fully*  chroot a GuixSD. Some functions
> will not work, like interacting with the daemon or what it was. Last
> time I tried this was at least 1.5 years ago.

You can interact with the daemon:

   cd /path/to/guix/root
   sudo mount --bind /dev dev
   sudo mount --bind /proc proc
   sudo mount --bind /sys sys
   sudo unshare -m sudo chroot . /run/current-system/profile/bin/bash
   source /etc/profile

   guix-daemon --build-users-group=guixbuild &

If you then `su` to a plain user, do `source /etc/profile` again.

I think all of `guix pull`. `reconfigure` and `package` search, install 
and update worked here with that approach. `guix download` failed due to 
nss certificates, until I added:
   export SSL_CERT_DIR="$HOME/.guix-profile/etc/ssl/certs"
   export 
SSL_CERT_FILE="$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt"
   export GIT_SSL_CAINFO="$SSL_CERT_FILE"



-- 
Thorsten Wilms

thorwil's design for free software:
http://thorwil.wordpress.com/

Re: Chrooting into GuixSD

[Nils Gillmann]

Thorsten Wilms transcribed 1.2K bytes:
> On 13.06.2018 10:13, Nils Gillmann wrote:
> > > > Is this ability to chroot into GuixSD worth mentioning in the manual?
> > > IMHO it is not worth to be mentioned in the manual, as it is the same as
> > > for all Linux systems.
> > Not really, since you can not*fully*  chroot a GuixSD. Some functions
> > will not work, like interacting with the daemon or what it was. Last
> > time I tried this was at least 1.5 years ago.
> 
> You can interact with the daemon:
> 
>   cd /path/to/guix/root
>   sudo mount --bind /dev dev
>   sudo mount --bind /proc proc
>   sudo mount --bind /sys sys
>   sudo unshare -m sudo chroot . /run/current-system/profile/bin/bash
>   source /etc/profile
> 
>   guix-daemon --build-users-group=guixbuild &
> 
> If you then `su` to a plain user, do `source /etc/profile` again.
> 
> I think all of `guix pull`. `reconfigure` and `package` search, install and
> update worked here with that approach. `guix download` failed due to nss
> certificates, until I added:
>   export SSL_CERT_DIR="$HOME/.guix-profile/etc/ssl/certs"
>   export
> SSL_CERT_FILE="$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt"
>   export GIT_SSL_CAINFO="$SSL_CERT_FILE"

Huh. Okay, cool. Thanks for documeting this at least on the mailing list :)

Re: Chrooting into GuixSD

[Ricardo Wurmus]

Nils Gillmann <ng0@n0.is> writes:

> Thorsten Wilms transcribed 1.2K bytes:
>> On 13.06.2018 10:13, Nils Gillmann wrote:
>> > > > Is this ability to chroot into GuixSD worth mentioning in the manual?
>> > > IMHO it is not worth to be mentioned in the manual, as it is the same as
>> > > for all Linux systems.
>> > Not really, since you can not*fully*  chroot a GuixSD. Some functions
>> > will not work, like interacting with the daemon or what it was. Last
>> > time I tried this was at least 1.5 years ago.
>>
>> You can interact with the daemon:
>>
>>   cd /path/to/guix/root
>>   sudo mount --bind /dev dev
>>   sudo mount --bind /proc proc
>>   sudo mount --bind /sys sys
>>   sudo unshare -m sudo chroot . /run/current-system/profile/bin/bash
>>   source /etc/profile
>>
>>   guix-daemon --build-users-group=guixbuild &
>>
>> If you then `su` to a plain user, do `source /etc/profile` again.
>>
>> I think all of `guix pull`. `reconfigure` and `package` search, install and
>> update worked here with that approach. `guix download` failed due to nss
>> certificates, until I added:
>>   export SSL_CERT_DIR="$HOME/.guix-profile/etc/ssl/certs"
>>   export
>> SSL_CERT_FILE="$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt"
>>   export GIT_SSL_CAINFO="$SSL_CERT_FILE"
>
> Huh. Okay, cool. Thanks for documeting this at least on the mailing list :)

Would any of you like to document this in the manual?

I see that the manual does not mention the rescue REPL, bournish, or
anything really about how to recover from failure.  I think it would be
good to have a sub-section in the manual under section “6 GNU
Distribution”, after “System Configuration” maybe?

The section could first mention recovery by booting into a previous
generation of the system in GRUB, explain the use of the rescue REPL,
and finally introduce how to recover the system with chroot by booting
from the installer disk image.

What do you think?

--
Ricardo

Re: Chrooting into GuixSD

[Oleg Pykhalov]

[-- Attachment #1: Type: text/plain, Size: 1593 bytes --]

Hello,

Ricardo Wurmus <rekado@elephly.net> writes:

> Nils Gillmann <ng0@n0.is> writes:
>
>> Thorsten Wilms transcribed 1.2K bytes:
>>> On 13.06.2018 10:13, Nils Gillmann wrote:

[…]

>>> You can interact with the daemon:
>>>
>>>   cd /path/to/guix/root
>>>   sudo mount --bind /dev dev
>>>   sudo mount --bind /proc proc
>>>   sudo mount --bind /sys sys
>>>   sudo unshare -m sudo chroot . /run/current-system/profile/bin/bash
>>>   source /etc/profile
>>>
>>>   guix-daemon --build-users-group=guixbuild &
>>>
>>> If you then `su` to a plain user, do `source /etc/profile` again.
>>>
>>> I think all of `guix pull`. `reconfigure` and `package` search, install and
>>> update worked here with that approach. `guix download` failed due to nss
>>> certificates, until I added:
>>>   export SSL_CERT_DIR="$HOME/.guix-profile/etc/ssl/certs"
>>>   export
>>> SSL_CERT_FILE="$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt"
>>>   export GIT_SSL_CAINFO="$SSL_CERT_FILE"
>>
>> Huh. Okay, cool. Thanks for documeting this at least on the mailing list :)
>
> Would any of you like to document this in the manual?

I would because I posted articles like the current one sometime ago.

Maybe a separate ‘users-stories.texi’ should be as was discussed
somewhere on a mailing list (as I remember)?

https://lists.nongnu.org/archive/cgi-bin/namazu.cgi?query=Reinstall+GuixSD+from+another+distribution+with+chroot+%28Recover+Grub%29&submit=Search&idxname=help-guix

https://lists.gnu.org/archive/html/help-guix/2017-10/msg00035.html

[…]

Oleg.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

Re: Chrooting into GuixSD

[Ricardo Wurmus]

Oleg Pykhalov <go.wigust@gmail.com> writes:

>> Would any of you like to document this in the manual?
>
> I would because I posted articles like the current one sometime ago.

Excellent!

> Maybe a separate ‘users-stories.texi’ should be as was discussed
> somewhere on a mailing list (as I remember)?

I think that this particular section on tools that Guix provides to
recover a broken system (and the peculiarities of chrooting into a
GuixSD system) can go right into the manual.  This does not preclude the
option to have a more detailed step by step guide in a
“user-stories.texi”.

--
Ricardo

Re: Chrooting into GuixSD

[swedebugia]

On 2018-06-14 17:01, Ricardo Wurmus wrote:
> Oleg Pykhalov <go.wigust@gmail.com> writes:
>
>>> Would any of you like to document this in the manual?
>> I would because I posted articles like the current one sometime ago.
> Excellent!
>
>> Maybe a separate ‘users-stories.texi’ should be as was discussed
>> somewhere on a mailing list (as I remember)?
> I think that this particular section on tools that Guix provides to
> recover a broken system (and the peculiarities of chrooting into a
> GuixSD system) can go right into the manual.  This does not preclude the
> option to have a more detailed step by step guide in a
> “user-stories.texi”.
+1

Does GuixSD by the way support dropping to a root shell by passing 
"single" as a kernel parameter? I once used a distro that had a feature 
like that.

Ubuntu supports dropping to a root shell (and memtesting RAM?) among 
more options if "recovery" is choosen in the grub menu. I like that 
feature. If something like that had been possible on this old 
GuixSD-installation I would not have had to resort to chrooting.

-- 
---
Swedebugia

Re: Chrooting into GuixSD

[Ludovic Courtès]

Hello,

Thorsten Wilms <t_w_@freenet.de> skribis:

> You can interact with the daemon:
>
>   cd /path/to/guix/root
>   sudo mount --bind /dev dev
>   sudo mount --bind /proc proc
>   sudo mount --bind /sys sys
>   sudo unshare -m sudo chroot . /run/current-system/profile/bin/bash
>   source /etc/profile
>
>   guix-daemon --build-users-group=guixbuild &
>
> If you then `su` to a plain user, do `source /etc/profile` again.
>
> I think all of `guix pull`. `reconfigure` and `package` search,
> install and update worked here with that approach. `guix download`
> failed due to nss certificates, until I added:
>   export SSL_CERT_DIR="$HOME/.guix-profile/etc/ssl/certs"
>   export
> SSL_CERT_FILE="$HOME/.guix-profile/etc/ssl/certs/ca-certificates.crt"
>   export GIT_SSL_CAINFO="$SSL_CERT_FILE"

I haven’t tried, but something that would be equivalent to booting into
the system is:

  chroot /path/to/guixsd
  /gnu/store/*-guile-2.0.3/bin/guile /run/current-system/boot

It may interfere badly with the running system (like when it tries to
bring up ttys), but maybe it’s OK?

Ludo’.

Re: Chrooting into GuixSD

[Thorsten Wilms]

On 15.06.2018 17:01, Ludovic Courtès wrote:
> I haven’t tried, but something that would be equivalent to booting into
> the system is:
> 
>    chroot /path/to/guixsd
>    /gnu/store/*-guile-2.0.3/bin/guile /run/current-system/boot
> 
> It may interfere badly with the running system (like when it tries to
> bring up ttys), but maybe it’s OK?

Well, I tried:

   cd /path/to/guixsd
   chroot . /run/current-system/profile/bin/bash
   source /etc/profile
   guile /run/current-system/boot

---
guile: warning: failed to install locale
GC Warning: pthread_getattr_np or pthread_attr_getstack failed for main 
thread
GC Warning: Couldn't read /proc/stat
;;; note: auto-compilation is enabled, set GUILE_AUTO_COMPILE=0
;;;       or pass the --no-auto-compile argument to disable.
;;; compiling /run/current-system/boot
;;; compiled 
/home/thorwil/.cache/guile/ccache/2.2-LE-8-3.A/gnu/store/8m935f33cg4qzlr9d44ibqmcrwn5c1r4-boot.go
Backtrace:
           12 (apply-smob/1 #<catch-closure 1c799c0>)
In ice-9/boot-9.scm:
     705:2 11 (call-with-prompt _ _ #<procedure default-prompt-handle?>)
In ice-9/eval.scm:
     619:8 10 (_ #(#(#<directory (guile-user) 1d26140>)))
In ice-9/boot-9.scm:
    2312:4  9 (save-module-excursion _)
   3822:12  8 (_)
In /run/current-system/boot:
     1:761  7 (_)
In unknown file:
            6 (primitive-load "/gnu/store/llka25n1x5l1nj82mr7xs8pi1if?")
In ice-9/eval.scm:
     619:8  5 (_ #f)
In ./gnu/build/activation.scm:
    439:33  4 (activate-current-system _)
    435:31  3 (boot-time-system)
In ./gnu/build/linux-boot.scm:
      90:3  2 (linux-command-line)
In ice-9/ports.scm:
    439:11  1 (call-with-input-file "/proc/cmdline" #<procedure get-?> ?)
In unknown file:
            0 (open-file "/proc/cmdline" "r" #:encoding #f # #f)

ERROR: In procedure open-file:
In procedure open-file: No such file or directory: "/proc/cmdline"
---

I _guess_ if I'd bind proc, I would then find out dev and sys has to be 
taken care of, too, leading back to what I had already.


-- 
Thorsten Wilms

thorwil's design for free software:
http://thorwil.wordpress.com/

Re: Chrooting into GuixSD

[Ludovic Courtès]

Hi!

Thorsten Wilms <t_w_@freenet.de> skribis:

> Well, I tried:
>
>   cd /path/to/guixsd
>   chroot . /run/current-system/profile/bin/bash
>   source /etc/profile
>   guile /run/current-system/boot

[...]

> In ./gnu/build/linux-boot.scm:
>      90:3  2 (linux-command-line)
> In ice-9/ports.scm:
>    439:11  1 (call-with-input-file "/proc/cmdline" #<procedure get-?> ?)
> In unknown file:
>            0 (open-file "/proc/cmdline" "r" #:encoding #f # #f)
>
> ERROR: In procedure open-file:
> In procedure open-file: No such file or directory: "/proc/cmdline"
> ---
>
> I _guess_ if I'd bind proc, I would then find out dev and sys has to
> be taken care of, too, leading back to what I had already.

Indeed.  This is normally taken care of by the ‘init’ script that’s in
the initrd.  A crude way to do that would be:

  guile --no-auto-compile \
    $(guix build $(guix gc -R $(guix gc --derivers $(readlink -f /run/current-system/))|grep -e '-init\.drv$'))

The ‘guix’ commands won’t work initially in the chroot though.
Alternately, you could extract the initrd somewhere:

  gunzip -c /target/run/current-system/initrd | cpio -iv

and run:

  guile --no-auto-compile ./init

Then again we could also just arrange for ‘guix system build’ to include
an ‘enter’ script that would do everything needed to chroot into the
system.  Food for thought…

Ludo’.

Re: Chrooting into GuixSD

[Chris Marusich]

[-- Attachment #1: Type: text/plain, Size: 1373 bytes --]

swedebugia <swedebugia@riseup.net> writes:

> On 2018-06-14 17:01, Ricardo Wurmus wrote:
>> Oleg Pykhalov <go.wigust@gmail.com> writes:
>>
>>>> Would any of you like to document this in the manual?
>>> I would because I posted articles like the current one sometime ago.
>> Excellent!
>>
>>> Maybe a separate ‘users-stories.texi’ should be as was discussed
>>> somewhere on a mailing list (as I remember)?
>> I think that this particular section on tools that Guix provides to
>> recover a broken system (and the peculiarities of chrooting into a
>> GuixSD system) can go right into the manual.  This does not preclude the
>> option to have a more detailed step by step guide in a
>> “user-stories.texi”.
> +1
>
> Does GuixSD by the way support dropping to a root shell by passing
> "single" as a kernel parameter? I once used a distro that had a
> feature like that.
>
> Ubuntu supports dropping to a root shell (and memtesting RAM?) among
> more options if "recovery" is choosen in the grub menu. I like that
> feature. If something like that had been possible on this old
> GuixSD-installation I would not have had to resort to chrooting.

If you pass the "--repl" option on the Linux kernel command line (e.g.,
from the GRUB menu), I believe you can do this.  See "(guix) Initial RAM
Disk" in the manual for details.

-- 
Chris

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]