From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: Hacks to install Guix packages without root
Date: Thu, 26 Oct 2017 17:48:20 -0700
Message-ID: <87a80dbeln.fsf@gnu.org>
References: <874lqlmvjn.fsf@elephly.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:55215)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1e7sp3-0008Ju-Gw
	for guix-devel@gnu.org; Thu, 26 Oct 2017 20:48:30 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1e7sp0-0006uy-E9
	for guix-devel@gnu.org; Thu, 26 Oct 2017 20:48:29 -0400
Received: from hera.aquilenet.fr ([2a01:474::1]:39454)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <ludo@gnu.org>) id 1e7sp0-0006p1-7Q
	for guix-devel@gnu.org; Thu, 26 Oct 2017 20:48:26 -0400
In-Reply-To: <874lqlmvjn.fsf@elephly.net> (Ricardo Wurmus's message of "Thu,
	26 Oct 2017 23:46:52 +0200")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Ricardo Wurmus <rekado@elephly.net>
Cc: guix-devel@gnu.org, Pjotr Prins <pjotr2017@thebird.nl>

Hi!

Ricardo Wurmus <rekado@elephly.net> skribis:

> How about an extension of =E2=80=9Cguix pack=E2=80=9D that will rewrite t=
he /gnu/store
> references to a user-provided directory before bundling things up in a
> tarball?

I=E2=80=99ve thought about this (we have rewriting machinery in (guix build
grafts) that we could adjust and use), but then I thought that maybe
PRoot, unshare, and all the rest are good enough?

> I=E2=80=99d *really* like to be able to just use the tarball bundle =E2=
=80=9Cguix
> pack=E2=80=9D produces by default, but currently deploying it requires ro=
ot
> access or proot shenanigans at runtime.
>
> How about making manual hacking with unshare and chroot obsolete by
> including a simple executable in the pack that handles this rewriting
> for the user=E2=80=A6?

The tarballs could include proot-static and another statically-linked
program that essentially tries to call unshare(2).  Would that make
sense?

> With that we would be one step closer to the user experience of Docker
> =E2=80=94 without having a runtime dependency on Docker.

It=E2=80=99s also fine to use Docker when it=E2=80=99s available, I think.

Thoughts?

Ludo=E2=80=99.