non-root store

non-root store

[Ricardo Wurmus]

Hi Guix,

recently I’ve been playing with “guix pack -RR” and I’m very happy to
see how well it works.  Now I wonder if we could use the very same
mechanism to wrap guix-daemon and let it manage a store directory that
is not located at /gnu/store.

Surely somebody has already tried this?

A common complaint about Guix is that it requires root permissions to
install, which is “scary” and may seem unnecessary on single-user
systems.  By wrapping guix-daemon so that it uses file system
virtualization (via user namespaces, proot, or the glibc debug hack) we
could eliminate this obstacle.

What do you think?  Am I missing something obvious?

-- 
Ricardo

Re: non-root store

[Pjotr Prins]

On Sun, Dec 06, 2020 at 03:57:00PM +0100, Ricardo Wurmus wrote:
> A common complaint about Guix is that it requires root permissions to
> install, which is “scary” and may seem unnecessary on single-user
> systems.  By wrapping guix-daemon so that it uses file system
> virtualization (via user namespaces, proot, or the glibc debug hack) we
> could eliminate this obstacle.

We have started providing Guix built Docker containers. Works for many
users. But yes, a native install would be much nicer.

> What do you think?  Am I missing something obvious?

I have run the guix-daemon with proot as a user in the past. So it
should be possible with user namespaces.

https://github.com/pjotrp/guix-notes/blob/master/GUIX-NO-ROOT.org#run-guix-daemon-in-proot

Once you have it in proot you can install software and even build
binaries on a relative path.

It is just a bit too much for the average user. 

Pj.

Re: non-root store

[Ludovic Courtès]

Hi!

Ricardo Wurmus <rekado@elephly.net> skribis:

> recently I’ve been playing with “guix pack -RR” and I’m very happy to
> see how well it works.  Now I wonder if we could use the very same
> mechanism to wrap guix-daemon and let it manage a store directory that
> is not located at /gnu/store.

Yesss!

> Surely somebody has already tried this?

I did some time ago:

  https://lists.gnu.org/archive/html/guix-devel/2018-05/msg00139.html

The environment variable names changed in the meantime, I guess you’d
need to set GUIX_STATE_DIRECTORY now.

> A common complaint about Guix is that it requires root permissions to
> install, which is “scary” and may seem unnecessary on single-user
> systems.  By wrapping guix-daemon so that it uses file system
> virtualization (via user namespaces, proot, or the glibc debug hack) we
> could eliminate this obstacle.
>
> What do you think?  Am I missing something obvious?

I think it’d be great to streamline this use case.  We could even ship a
-RR tarball in the future, though we need to think about all the
implications.

One of them is that we’d probably need to include a shell in the bundle,
so that users can “enter” the file system view that includes /gnu/store.

Alternatively, we could provide a package transformation option that
“relocatable-wraps” executables, using ‘wrapped-package’ from (guix
scripts pack).

Thoughts?

Ludo’.