From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ricardo Wurmus <rekado@elephly.net>
Subject: Re: [Non-root Guix]: Unable to build guix
Date: Sun, 05 May 2019 10:03:00 +0200
Message-ID: <87r29dxr9n.fsf@elephly.net>
References: <CAGKZdmb5rcAP8P14HR9jVO5ebSFCvPMi76s2akhsyT3w_5C3Pw@mail.gmail.com>
	<87ftpwwq9l.fsf@elephly.net>
	<CAGKZdmbh2XJRWKh22fcHeKE71gVnN1DOogWrLK0agMADnORnAw@mail.gmail.com>
	<87a7g4wmvf.fsf@elephly.net> <87h8a9vini.fsf@netris.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([209.51.188.92]:51964)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rekado@elephly.net>) id 1hNC79-0001sY-BT
	for guix-devel@gnu.org; Sun, 05 May 2019 04:03:16 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <rekado@elephly.net>) id 1hNC78-0000LA-Ar
	for guix-devel@gnu.org; Sun, 05 May 2019 04:03:15 -0400
Received: from sender4-of-o53.zoho.com ([136.143.188.53]:21393)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <rekado@elephly.net>) id 1hNC77-0000Cb-RK
	for guix-devel@gnu.org; Sun, 05 May 2019 04:03:14 -0400
In-reply-to: <87h8a9vini.fsf@netris.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Mark H Weaver <mhw@netris.org>
Cc: guix-devel@gnu.org


Mark H Weaver <mhw@netris.org> writes:
[=E2=80=A6]
> Ricardo Wurmus <rekado@elephly.net> writes:
[=E2=80=A6]
>> I see.  Unfortunately you will end up having to compile everything from
>> source, C library, GCC,=E2=80=A6 =E2=80=94 all of it.  When using a diff=
erent store
>> location it is impossible to use pre-built binaries, unfortunately.
>
> If one is able to obtain write access to any directory accessible via an
> absolute path name of no more than 10 bytes, e.g. "/tmp/xxxxx",
> "/var/tmp/x", "/home/xx/x", or possibly even "/home/xxxx" or
> "/home/xxx", then it may be possible to avoid compiling everything from
> source code.

I think it=E2=80=99s worth supporting prefix rewrites. On a system where the
user does not have root access and no user namespaces the daemon will
not be able to build anything in isolation.  The best case here is to
*only* use substitutes and to limit the local operations to rewriting
the prefix.

This requires modifying store items before unpacking them.  Since root
is not involved this should only ever affect one user.

--
Ricardo