* How to install guix without root permission @ 2017-01-06 0:59 rohit yadav 2017-01-06 13:49 ` Ludovic Courtès 0 siblings, 1 reply; 8+ messages in thread From: rohit yadav @ 2017-01-06 0:59 UTC (permalink / raw) To: help-guix [-- Attachment #1: Type: text/plain, Size: 210 bytes --] Hi, I am using guix for sometime now and I must admit, it is very clean compared to nix. However, I want to install it on system where I do not have root permission. Is is possible? If so, how? Thanks, Rohit [-- Attachment #2: Type: text/html, Size: 895 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: How to install guix without root permission 2017-01-06 0:59 How to install guix without root permission rohit yadav @ 2017-01-06 13:49 ` Ludovic Courtès 2017-01-06 13:59 ` rohit yadav 0 siblings, 1 reply; 8+ messages in thread From: Ludovic Courtès @ 2017-01-06 13:49 UTC (permalink / raw) To: rohit yadav; +Cc: help-guix Hello! rohit yadav <rohityadav@utexas.edu> skribis: > I am using guix for sometime now and I must admit, it is very clean > compared to nix. However, I want to install it on system where I do not > have root permission. Is is possible? If so, how? It is possible, but currently inconvenient and brittle, as noted at the bottom of: https://gnu.org/software/guix/manual/html_node/Build-Environment-Setup.html The problems are: 1. you’d be producing binaries for, say, /home/rohit/gnu/store instead of /gnu/store, so you’d have to build everything by yourself since the substitutes from hydra.gnu.org are for use in /gnu/store; 2. you’d have no build isolation and long file names, which is likely to break builds here and there (things will use stuff from /usr/bin and /lib, shebangs will be longer than the kernel-imposed limit, etc.) There have been discussions to improve the situation, and work in that direction will hopefully start this year¹. The preferred approach will be the “user namespace” feature of the kernel Linux; does your system support it, out of curiosity? Thanks, Ludo’. ¹ See the discussion that starts at <https://lists.gnu.org/archive/html/guix-devel/2016-10/msg00947.html>. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: How to install guix without root permission 2017-01-06 13:49 ` Ludovic Courtès @ 2017-01-06 13:59 ` rohit yadav 2017-01-06 14:18 ` Tobias Geerinckx-Rice 2017-01-06 15:18 ` Ludovic Courtès 0 siblings, 2 replies; 8+ messages in thread From: rohit yadav @ 2017-01-06 13:59 UTC (permalink / raw) To: Ludovic Courtès; +Cc: help-guix [-- Attachment #1: Type: text/plain, Size: 1809 bytes --] Thanks for the reply. The proot (https://proot-me.github.io/) project allows you to map $HOME/gnu/store to /gnu/store etc. However, where I am struggling is the guixbuild users and group creation, and running guix daemon. I am using kernel 4+, which supports namespaces. This reminds if there is any effort to provide a lxc container for guixSD. Thanks, Rohit On Fri, Jan 6, 2017 at 7:49 AM, Ludovic Courtès <ludo@gnu.org> wrote: > Hello! > > rohit yadav <rohityadav@utexas.edu> skribis: > > > I am using guix for sometime now and I must admit, it is very clean > > compared to nix. However, I want to install it on system where I do not > > have root permission. Is is possible? If so, how? > > It is possible, but currently inconvenient and brittle, as noted at the > bottom of: > > https://gnu.org/software/guix/manual/html_node/Build- > Environment-Setup.html > > The problems are: > > 1. you’d be producing binaries for, say, /home/rohit/gnu/store instead > of /gnu/store, so you’d have to build everything by yourself since > the substitutes from hydra.gnu.org are for use in /gnu/store; > > 2. you’d have no build isolation and long file names, which is likely > to break builds here and there (things will use stuff from /usr/bin > and /lib, shebangs will be longer than the kernel-imposed limit, > etc.) > > There have been discussions to improve the situation, and work in that > direction will hopefully start this year¹. The preferred approach will > be the “user namespace” feature of the kernel Linux; does your system > support it, out of curiosity? > > Thanks, > Ludo’. > > ¹ See the discussion that starts at > <https://lists.gnu.org/archive/html/guix-devel/2016-10/msg00947.html>. > [-- Attachment #2: Type: text/html, Size: 3312 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: How to install guix without root permission 2017-01-06 13:59 ` rohit yadav @ 2017-01-06 14:18 ` Tobias Geerinckx-Rice 2017-01-06 15:53 ` Ludovic Courtès 2017-01-06 15:18 ` Ludovic Courtès 1 sibling, 1 reply; 8+ messages in thread From: Tobias Geerinckx-Rice @ 2017-01-06 14:18 UTC (permalink / raw) To: rohityadav; +Cc: help-guix [-- Attachment #1.1: Type: text/plain, Size: 760 bytes --] Hullo, On 06/01/17 14:59, rohit yadav wrote: > Thanks for the reply. The proot (https://proot-me.github.io/) project > allows you to map $HOME/gnu/store to /gnu/store etc. However, where I am > struggling is the guixbuild users and group creation, and running guix > daemon. I do exactly that as regular user on a shared shell server. I haven't used it for a while, so I'll have to take another look at how exactly. Not today. Try it, I'd say. It's possible. It's a heck of a hack, but it works, and it's fun! :-) It avoids the drawbacks mentioned by Ludo', except for the lack of hard build isolation: I just used --disable-chroot to side-step the build user group issue. There may be ways around that too. Good luck, T G-R [-- Attachment #2: OpenPGP digital signature --] [-- Type: application/pgp-signature, Size: 476 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: How to install guix without root permission 2017-01-06 14:18 ` Tobias Geerinckx-Rice @ 2017-01-06 15:53 ` Ludovic Courtès 0 siblings, 0 replies; 8+ messages in thread From: Ludovic Courtès @ 2017-01-06 15:53 UTC (permalink / raw) To: Tobias Geerinckx-Rice; +Cc: help-guix Tobias Geerinckx-Rice <me@tobias.gr> skribis: > On 06/01/17 14:59, rohit yadav wrote: >> Thanks for the reply. The proot (https://proot-me.github.io/) project >> allows you to map $HOME/gnu/store to /gnu/store etc. However, where I am >> struggling is the guixbuild users and group creation, and running guix >> daemon. > > I do exactly that as regular user on a shared shell server. Oh, cool! > It avoids the drawbacks mentioned by Ludo', except for the lack of hard > build isolation: I just used --disable-chroot to side-step the build > user group issue. There may be ways around that too. OTOH, PRoot can presumably provide some level of isolation already, by simply having /gnu/store visible to the guix-daemon process, and not /usr/bin etc. Good to hear that it works for you, I’ll have to give it a try! Ludo’. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: How to install guix without root permission 2017-01-06 13:59 ` rohit yadav 2017-01-06 14:18 ` Tobias Geerinckx-Rice @ 2017-01-06 15:18 ` Ludovic Courtès 2017-01-06 23:26 ` rohit yadav 1 sibling, 1 reply; 8+ messages in thread From: Ludovic Courtès @ 2017-01-06 15:18 UTC (permalink / raw) To: rohit yadav; +Cc: help-guix rohit yadav <rohityadav@utexas.edu> skribis: > Thanks for the reply. The proot (https://proot-me.github.io/) project > allows you to map $HOME/gnu/store to /gnu/store etc. However, where I am > struggling is the guixbuild users and group creation, and running guix > daemon. Yes, though PRoot relies on syscall interception using ptrace(2), which is inefficient (which may or may not be a problem, depending on the application). > I am using kernel 4+, which supports namespaces. Yes, but some distributions compile it out or turn it off by default. See <http://git.savannah.gnu.org/cgit/guix.git/tree/guix/scripts/environment.scm#n517>, for a way to check whether user namespaces are enabled. > This reminds if there is any effort to provide a lxc container for > guixSD. Not that I know of, but I don’t think it would help the non-root use case. Ludo’. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: How to install guix without root permission 2017-01-06 15:18 ` Ludovic Courtès @ 2017-01-06 23:26 ` rohit yadav 2017-01-07 21:06 ` Ludovic Courtès 0 siblings, 1 reply; 8+ messages in thread From: rohit yadav @ 2017-01-06 23:26 UTC (permalink / raw) To: Ludovic Courtès; +Cc: help-guix [-- Attachment #1: Type: text/plain, Size: 1764 bytes --] On Fri, Jan 6, 2017 at 9:18 AM, Ludovic Courtès <ludo@gnu.org> wrote: > rohit yadav <rohityadav@utexas.edu> skribis: > > > Thanks for the reply. The proot (https://proot-me.github.io/) project > > allows you to map $HOME/gnu/store to /gnu/store etc. However, where I am > > struggling is the guixbuild users and group creation, and running guix > > daemon. > > Yes, though PRoot relies on syscall interception using ptrace(2), which > is inefficient (which may or may not be a problem, depending on the > application). > > I am not greatly familiar with the lower level details of linux kernel yet. How lot of these useful utilities work is not clear to me. I will probably work on it sometime (any references?). For now, the performance is not an issue. However, the main issue how to create guixbuild group and users? > > I am using kernel 4+, which supports namespaces. > > How should I check it? Currently I believe that ubuntu 16.04 LTS (host os) supports cgroup for LXD (LXC containers). > Yes, but some distributions compile it out or turn it off by default. > See > <http://git.savannah.gnu.org/cgit/guix.git/tree/guix/ > scripts/environment.scm#n517>, > for a way to check whether user namespaces are enabled. > > > This reminds if there is any effort to provide a lxc container for > > guixSD. > > Not that I know of, but I don’t think it would help the non-root use > case. > Yes, I agree, it would make it really easy for people wanting to try guixsd and infact use in production inside lxc container. Also, from testing point it will be really easy. beside container utility provided by guix. May be not the highest priority for the developers right now. > > Ludo’. > [-- Attachment #2: Type: text/html, Size: 3267 bytes --] ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: How to install guix without root permission 2017-01-06 23:26 ` rohit yadav @ 2017-01-07 21:06 ` Ludovic Courtès 0 siblings, 0 replies; 8+ messages in thread From: Ludovic Courtès @ 2017-01-07 21:06 UTC (permalink / raw) To: rohit yadav; +Cc: help-guix rohit yadav <rohityadav@utexas.edu> skribis: > > On Fri, Jan 6, 2017 at 9:18 AM, Ludovic Courtès <ludo@gnu.org> wrote: > > rohit yadav <rohityadav@utexas.edu> skribis: > > > Thanks for the reply. The proot (https://proot-me.github.io/) project > > allows you to map $HOME/gnu/store to /gnu/store etc. However, where I am > > struggling is the guixbuild users and group creation, and running guix > > daemon. > > Yes, though PRoot relies on syscall interception using ptrace(2), which > is inefficient (which may or may not be a problem, depending on the > application). > > I am not greatly familiar with the lower level details of linux kernel yet. How lot of these useful utilities work is not clear to me. I will probably work on it sometime (any references?). For now, the performance > is not an issue. However, the main issue how to create guixbuild group and users? As I wrote to Tobias, it’s probably OK to use --disable-chroot (which alleviates the need for build users) and ask PRoot to restrict file system access to /gnu/store. Still not as good as what you get by running guix-daemon as root (separate UIDs, access to specific /gnu/store items), but probably “good enough” as a first approximation. > > I am using kernel 4+, which supports namespaces. > > How should I check it? Like this: > Yes, but some distributions compile it out or turn it off by default. > See > <http://git.savannah.gnu.org/cgit/guix.git/tree/guix/scripts/environment.scm#n517>, > for a way to check whether user namespaces are enabled. HTH! Ludo’. ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2017-01-07 21:07 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-01-06 0:59 How to install guix without root permission rohit yadav 2017-01-06 13:49 ` Ludovic Courtès 2017-01-06 13:59 ` rohit yadav 2017-01-06 14:18 ` Tobias Geerinckx-Rice 2017-01-06 15:53 ` Ludovic Courtès 2017-01-06 15:18 ` Ludovic Courtès 2017-01-06 23:26 ` rohit yadav 2017-01-07 21:06 ` Ludovic Courtès
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).