From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id kKaLKdKA2WLcUQAAbAwnHQ (envelope-from ) for ; Thu, 21 Jul 2022 18:37:38 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id wFCYKdKA2WKlBAAA9RJhRA (envelope-from ) for ; Thu, 21 Jul 2022 18:37:38 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 6E1EA3F376 for ; Thu, 21 Jul 2022 18:37:38 +0200 (CEST) Received: from localhost ([::1]:35690 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oEYtf-0000VN-HB for larch@yhetil.org; Thu, 21 Jul 2022 12:19:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:42256) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oEYt2-0000TJ-R0 for guix-devel@gnu.org; Thu, 21 Jul 2022 12:18:52 -0400 Received: from albert.telenet-ops.be ([2a02:1800:110:4::f00:1a]:50696) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oEYt0-00041e-AR for guix-devel@gnu.org; Thu, 21 Jul 2022 12:18:52 -0400 Received: from [IPV6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16] ([IPv6:2a02:1811:8c09:9d00:5dba:d409:33f7:a16]) by albert.telenet-ops.be with bizsmtp id xsJf2700A20ykKC06sJfmH; Thu, 21 Jul 2022 18:18:41 +0200 Message-ID: Date: Thu, 21 Jul 2022 18:18:38 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: Re: Building, packaging and updating Guix with confidence Content-Language: en-US To: Josselin Poiret , bokr@bokr.com Cc: Zhu Zihao , guix-devel@gnu.org References: <87let6roxo.fsf@jpoiret.xyz> <867d4pjedm.fsf@163.com> <87h73trnyu.fsf@jpoiret.xyz> <20220717165219.GA19816@LionPure> <871quezbsi.fsf@jpoiret.xyz> From: Maxime Devos In-Reply-To: <871quezbsi.fsf@jpoiret.xyz> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------VZNopvynVlLO4jXfMjdPFQ2D" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1658420321; bh=rMqrDBzhyTuM7jrpd7XrI3KcqYiyw3xVA47BhAD3OZ4=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=fBm0Pl7sk1+FEpg92WIzAG40RFniGAe+evmHu4i1Htp/2lXB5ZgYVV8RWXHkRzxem PCaWSWqkv+v6x5QJB7cQ2J1mwNkUJzDjxjTGHdYPBbSeH0ILCBKKyavWfgtz87XUSW uXQqVx2FAjfLIm0nRcMr4okgMsHfY1G38mH3CwtZnxAyms67zjziKOOtSuKevlSA88 ABvcbv/cJOFl1nUyHmn+NWGOgt9d7yKWuyzgpNyCbnmDesGaS79nAsSgPX+T6wAOWf BXbkRMPyKmlpZkgWWLBr7UcHoPmiWfcGhtzghWtJOL1vltG4TQKqfhf974OKvfB0RZ EyMN6O0tLhiSA== Received-SPF: pass client-ip=2a02:1800:110:4::f00:1a; envelope-from=maximedevos@telenet.be; helo=albert.telenet-ops.be X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1658421458; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=1u/NA8VKoo8QKN41DjFpbE23kddgD9/hQBBTthaqubM=; b=MAuYRGyGUtlFJoXrmirM8lRnM6re4KEr/s3nccRL/bPP4UWJrN/KCG4wd7c+PJ12IwBZ15 jKc4xWcT2+FNKeh7pNcjivExo+zpDJl7rUgrzTJlmxpD/dyqqEl6Exo0tplFlz19WX7iUU wuS7uEKpPOaMQ1gcP8sV8oF6t/G+6nOJtRuLNE96rHfE8w3ruKn0EM91dqKe0JwKY4wwi3 ZoTCKmjeskAeU8pMSHYH1gr7pI+nXPfdzkJWdAJODKbG/MIqQsDnQwvpktY8JtqHkxJp5i SatNYR6aSUL2IKrgj43kI9MFK5EL/5ny/knWQ9GI2c4B+X408Yly12QtYQzibQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1658421458; a=rsa-sha256; cv=none; b=IAQ2Zynx8MfnkV8QutWcUh3yJ18GiC3dVVc2Bt2v1oUbnyq9SUAs7m50EbO6UUZS8EIaTR WRa3uWwVdgaMwhOW2qpiaoO1a8iCpfHXF/lICGRuXBLNh0V9n73ug7Oh+5fipMBGhyeiYc DF/5cAhwNT6xi3raJdd8RRz0cHXM9iKEpsecio4HNXqVyvb5o7Ze1YLMNh6F7A4XAdHLaY Fiq1jV1SZ5Co25IS+Nn4rNgFaC4Sogi2/r0DS4JK7cj1g8zE+BUWM8arksuBn0KSs/E2Si zWf9vMftjWckdqA0ArrlHyD67ZFqeiWy1Sd1qzmEyk2zZWyUecvJUOC7nUwNfQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=telenet.be header.s=r22 header.b=fBm0Pl7s; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 4.46 Authentication-Results: aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=telenet.be header.s=r22 header.b=fBm0Pl7s; dmarc=fail reason="SPF not aligned (relaxed)" header.from=telenet.be (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 6E1EA3F376 X-Spam-Score: 4.46 X-Migadu-Scanner: scn0.migadu.com X-TUID: jlK2pm6afWXm This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------VZNopvynVlLO4jXfMjdPFQ2D Content-Type: multipart/mixed; boundary="------------GGeFeXFon6YAqJW2sxAc3ddI"; protected-headers="v1" From: Maxime Devos To: Josselin Poiret , bokr@bokr.com Cc: Zhu Zihao , guix-devel@gnu.org Message-ID: Subject: Re: Building, packaging and updating Guix with confidence References: <87let6roxo.fsf@jpoiret.xyz> <867d4pjedm.fsf@163.com> <87h73trnyu.fsf@jpoiret.xyz> <20220717165219.GA19816@LionPure> <871quezbsi.fsf@jpoiret.xyz> In-Reply-To: <871quezbsi.fsf@jpoiret.xyz> --------------GGeFeXFon6YAqJW2sxAc3ddI Content-Type: multipart/mixed; boundary="------------0t6SepIeSm03PAfpAG7n4F06" --------------0t6SepIeSm03PAfpAG7n4F06 Content-Type: multipart/alternative; boundary="------------fYn5uhj9shaYEcIkOZRuwVHU" --------------fYn5uhj9shaYEcIkOZRuwVHU Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 T24gMjEtMDctMjAyMiAxODoxMCwgSm9zc2VsaW4gUG9pcmV0IHdyb3RlOg0KDQo+IGJva3JA Ym9rci5jb20gIHdyaXRlczoNCj4+IE5haXZlbHk6DQo+Pg0KPj4gV2h5IGRvZXMgInRoZSIg Z3VpeCBkYWVtb24gcGVyIHNlIG5lZWQgcm9vdCBhY2Nlc3MgYXQgYWxsPw0KPiBUaGUgbWFp biB0aGluZyBpcyB0aGF0IGFsbCBmaWxlcyBpbiB0aGUgc3RvcmUgZW5kIHVwIGJlaW5nIHdy aXR0ZW4gYnkNCj4gdGhlIGd1aXggZGFlbW9uIHVzZXIuICBTbyBpZiB3ZSB3YW50IHRoZSBm aWxlcyB0byBiZSBlYXNpbHkNCj4gc3Vic3RpdHV0YWJsZSwgdGhleSdkIG5lZWQgdG8gaGF2 ZSBhIGZpeGVkIHVpZC9naWQsIGFuZCB0aGUgb25seSBvbmUgd2UNCj4gY2FuIGd1YXJhbnRl ZSBpcyByb290LiAgT3RoZXIgdGhhbiB0aGF0LCBpdCBuZWVkcyB0byB1c2UgYSBidW5jaCBv Zg0KPiBMaW51eCBuYW1lc3BhY2VzIHRvIGlzb2xhdGUgdGhlIGJ1aWxkcyBmcm9tIHRoZSBy ZXN0IG9mIHRoZSBzeXN0ZW0sDQo+IHdoaWNoIGRlcGVuZGluZyBvbiB0aGUga2VybmVsIGJ1 aWxkLXRpbWUgY29uZmlndXJhdGlvbiBtaWdodCBub3QgYmUNCj4gcG9zc2libGUgd2hlbiB1 bnByaXZpbGVnZWQuDQoNCkFsc28sIHJlc291cmNlIHNhdmluZ3Mgb24gbXVsdGktdXNlciBz eXN0ZW1zLiBBbmQgaWYgdGhlIGd1aXggZGFlbW9uIGlzIA0KcnVuIGFzIHRoZSByZWd1bGFy IHVzZXIsIHRoZW4gYWxsIG90aGVyIGRhZW1vbnMgKG9uIEd1aXggU3lzdGVtKSB3b3VsZCAN Cm5lZWQgdG8gYmUgcnVuIGFzIHRoYXQgdXNlciBvciBhcyByb290IHRvIGJlIGFibGUgdG8g YWNjZXNzIHRoZWlyc2VsdmVzLCANCndoaWNoIGlzIGJhZCBmcm9tIGEgc2VjdXJpdHkgcGVy c3BlY3RpdmUuDQoNCkdyZWV0aW5ncywNCk1heGltZS4NCg0K --------------fYn5uhj9shaYEcIkOZRuwVHU Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

On 21-07-2022 18:10, Josselin Poiret wrote:

bokr@bokr.com writes:

Naively:

Why does "the" guix daemon per se need root access at all?

The main thing is that all f=
iles in the store end up being written by
the guix daemon user.  So if we want the files to be easily
substitutable, they'd need to have a fixed uid/gid, and the only one we
can guarantee is root.  Other than that, it needs to use a bunch of
Linux namespaces to isolate the builds from the rest of the system,
which depending on the kernel build-time configuration might not be
possible when unprivileged.

Also, resource savings on multi-user systems. And if the guix daemon is run as the regular user, then all other daemons (on Guix System) would need to be run as that user or as root to be able to access theirselves, which is bad from a security perspective.

Greetings,
Maxime.

--------------fYn5uhj9shaYEcIkOZRuwVHU-- --------------0t6SepIeSm03PAfpAG7n4F06 Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc" Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2 ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc /gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4 LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0 k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D =3DOVqp -----END PGP PUBLIC KEY BLOCK----- --------------0t6SepIeSm03PAfpAG7n4F06-- --------------GGeFeXFon6YAqJW2sxAc3ddI-- --------------VZNopvynVlLO4jXfMjdPFQ2D Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYtl8XgUDAAAAAAAKCRBJ4+4iGRcl7jXK AQDL6hOeRhiZ1BmWaf5vw5ViZh+5a+JBq+yIz9e9t15IsQD/VjeMyi0N4wU8YPbq+ZOCVD8riak4 v97Yi4fvShAzWg4= =0m9P -----END PGP SIGNATURE----- --------------VZNopvynVlLO4jXfMjdPFQ2D--