From: ludo@gnu.org (Ludovic Courtès)
To: Ricardo Wurmus <ricardo.wurmus@mdc-berlin.de>
Cc: guix-devel@gnu.org
Subject: Re: rootless Guix
Date: Mon, 08 Oct 2018 15:43:26 +0200 [thread overview]
Message-ID: <87va6cy2o1.fsf@gnu.org> (raw)
In-Reply-To: <87y3b9qzrj.fsf@mdc-berlin.de> (Ricardo Wurmus's message of "Sun, 7 Oct 2018 22:15:44 +0200")
Hello!
Ricardo Wurmus <ricardo.wurmus@mdc-berlin.de> skribis:
> it would be nice if we could simplify the case where a user does not
> have root access, but the system supports user namespaces.
>
> Currently, a user would have to perform a number of non-obvious steps to
> somehow run the Guix daemon in an environment where the filesystem is
> virtualized. It would be great if we could better support this case,
> maybe even simplify it to a point where the user does not have to even
> start the daemon by themselves.
For the record, here’s what needs to be done to run guix-daemon and guix
as produced by ‘guix pack --relocatable guix’:
https://lists.gnu.org/archive/html/guix-devel/2018-05/msg00139.html
We could certainly arrange so that users don’t have to fiddle with
$NIX_STATE_DIR etc.
> A user operating in this mode would lose the ability to share with other
> users on the same system, of course. By default Guix could store
> everything in a subdirectory of ~/.local and map that to /gnu/store in
> the container context. Applications would also need to be run from
> within that container context to ensure that /gnu/store file names are
> resolved properly.
Right, I’m not sure what to do with binaries installed with this
relocatable Guix: either we let the user run them from a relocatable
shell that maps /gnu/store appropriately (as in the message above),
which works but is inconvenient, or we somehow instruct ‘guix package’
to make everything relocatable before adding it to the profile (like
what ‘guix pack -R’ does.)
As for spawning guix-daemon automatically, I’m not sure. I’d rather
have the ‘guile-daemon’ branch ready and merged, and then use that as a
library, rather than having to spawn a full guix-daemon process behind
the scenes. Though of course, that’s a longer-term effort.
> I think this would be especially useful for situations where “guix pack”
> is not sufficient. “guix pack” produces one-shot bundles, but it cannot
> be composed. A daemon+store-in-container setup would be extensible.
>
> What do you think about this? Can we automate the setup necessary for
> this scenario and add better defaults?
I think it takes some reasonable effort, it would be nice, but I’m not
entirely sure if it’s worth the effort (maybe it is, I really don’t
know.)
WDYT?
Thanks,
Ludo’.
next prev parent reply other threads:[~2018-10-08 13:43 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-07 20:15 rootless Guix Ricardo Wurmus
2018-10-07 20:40 ` Pierre Neidhardt
2018-10-08 13:43 ` Ludovic Courtès [this message]
2018-10-13 21:45 ` Ricardo Wurmus
2018-10-15 10:02 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87va6cy2o1.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=guix-devel@gnu.org \
--cc=ricardo.wurmus@mdc-berlin.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).