From mboxrd@z Thu Jan 1 00:00:00 1970 From: Chris Marusich Subject: Re: Updating Packages Date: Sun, 05 May 2019 12:12:39 -0700 Message-ID: <87v9yozpeg.fsf@gmail.com> References: <878swb2jdv.fsf@ambrevar.xyz> <0d7504fdf7ec27bfed13ac504f8365f4@disroot.org> <0dfe5f7b9451b518f4d8bd4717efcb25@disroot.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([209.51.188.92]:58132) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hNMZ6-0005fJ-WD for help-guix@gnu.org; Sun, 05 May 2019 15:12:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hNMZ5-0004Rh-UI for help-guix@gnu.org; Sun, 05 May 2019 15:12:48 -0400 Received: from mail-pf1-x436.google.com ([2607:f8b0:4864:20::436]:36385) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hNMZ5-0004Nr-Kp for help-guix@gnu.org; Sun, 05 May 2019 15:12:47 -0400 Received: by mail-pf1-x436.google.com with SMTP id v80so5549752pfa.3 for ; Sun, 05 May 2019 12:12:46 -0700 (PDT) In-Reply-To: <0dfe5f7b9451b518f4d8bd4717efcb25@disroot.org> (Raghav Gururajan's message of "Tue, 16 Apr 2019 04:36:47 +0000") List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: Raghav Gururajan Cc: help-guix@gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi Raghav, "Raghav Gururajan" writes: > Hmm. Okay. > > Thank you. > > April 15, 2019 3:22 PM, "Pierre Neidhardt" wrote: > >> Maybe not what you are asking but what about >>=20 >> guix system reconfigure ... && guix package -u >>=20 >> ? First, just a reminder: on this email list, please avoid top-posting. Most people bottom-post or reply in-line. It's fine to cut out text that is not relevant to your response. Now, as to your question: Pierre has given the answer. There is not currently a way to upgrade the system and the user profiles in a single transaction. This might make one ask, "Why is that?" I want to offer an explanation why. Guix System follows the functional software deployment model and is designed to put the users (even unprivileged users) in control of their own software, as well as their own Guix installation. It is designed so that a system administrator can upgrade the system software and services without interfering with what the users have installed. Likewise, users can upgrade their own software without interfering with the system's underlying software. This is a good feature. It separates concerns and gives more control to users and administrators both. Remember, an administrator has full access to the system, so they can still forcibly upgrade user profiles if they choose to do so. In a traditional GNU/Linux distribution, you generally need special privileges (e.g., sudo or root access) in order to use the system's package manager to install/remove any software. On such systems, the package manager does not provide any way for any users (privileged or not) to manage "their own" software; all software is effectively "system" software, and it must be managed by a privileged user. On these systems, upgrading the system software upgrades software for all users. Guix provides more fine-grained control than this. At first blush, it might seem like it isn't good that we can't upgrade all the software in a single transaction, but from the perspective of ensuring correct deployment of software, it actually isn't a problem. If Bob upgrades his profile, it won't interfere with software that Alice has installed, and it won't interfere with any system software, either. Likewise, if the system is upgraded, it won't interfere with any software that Alice or Bob have installed, since their profiles are "self-contained" thanks to the functional model. From=20a security perspective, it may be undesirable to allow old profiles containing software with security vulnerabilities to exist, but that can be fixed by upgrading the stale profiles. The task of enforcing that every profile is "up to date" is arguably outside the scope of Guix; Guix just provides the mechanisms to make it possible for you to upgrade all that software in a safe fashion. I hope that helps explain why it makes sense that the task of "upgrading a user's profile" and "upgrading the system's software" are independent of each other in Guix System. =2D-=20 Chris --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlzPNagACgkQ3UCaFdgi Rp0OgRAAvXnMHybdWcZw2uZYEv4FHPpXRB8t9GhAOKB0ikm5DqAyoExUJQkG/2lV su7UPOr8gPkQZbEXiLdWu4uYlWAY9U6x/SGAbX7BCe0Vm8zGqpvIAobfgdW8pDeu PDTNF2uvqb5ZeGt4Gupl56h2K36vknU45oHiAndODIOKEnQFpxezzMJwx9jjwp4a FAyyAR/p4I0y+BFlAym9+D+DJc/+Ov5+6duNU85JdoszG9CkatwEop31jx+XsK+f S/dw7rfkGX91VE9v4yscmIFci6OD976amgdVbgcQVw/6Rd136Qc3b1O9M4PiOGEg 5670E3ONqzKjobi8ZGDjIyjOd7qSMygLkDXW5p6XX6K900asmoNzlr3MJqGl6E7S rZoqgyu2oZPwCCYfU6NqusyycyLjo4J2EVcZ/v84WM2EIDMxXMyt2MuidCtDrxIK gfBe1EhQCwI1fK4Ii5kSfz/D2Ob5E13D2Tz4C3CUoRc9DaSiLPTkS4qynD+OSxo2 7RNrvO/NGaLFmuYuG8OIuBypB6IRN2kkboWV1+0mZHxKvAejFxknBWdfyha7Sczt jgy7L3KvJSqEbJT8we/TE8XeBBMXRVjdHdsb4INZG6HkxWG2qcfpe3MLkEbj6ArN 44KfL3gDKWepz97QWWt263CKSy3H0u8rAgDO/qnuyaibUqz9kRE= =rfL3 -----END PGP SIGNATURE----- --=-=-=--