On Sun, Dec 04, 2016 at 10:05:48PM +0100, Ludovic Courtès wrote: > Leo Famulari skribis: > The main difference is that downloads are performed by the daemon itself > (via the ‘guix perform-download’ internal command), which was not the > case before (see .) Okay, I'll investigate this change. > > Starting download of /gnu/store/hbdalsf5lpf01x4dcknwx6xbn6n5km6k-hello-2.10.tar.gz > > From http://ftpmirror.gnu.org/hello/hello-2.10.tar.gz... > > following redirection to `http://mirrors.ibiblio.org/pub/mirrors/gnu/ftp/gnu/hello/hello-2.10.tar.gz'... > > following redirection to `http://mirrors.ibiblio.org/gnu/ftp/gnu/hello/hello-2.10.tar.gz'... > > ERROR: In procedure open-file: Permission denied: "/gnu/store/hbdalsf5lpf01x4dcknwx6xbn6n5km6k-hello-2.10.tar.gz" > > It should definitely have write permission on the output file. > > Could you ‘strace -f’ guix-daemon or something like that to see under > what UID ‘guix perform-download’ executes? It’s expected to be running > as a build user, but not in a chroot. It does appear to be running as a build user. I realized that I can, in fact, build source derivations, but I can't --check them. I use `guix build --source --check foo` to make sure a package has the right source URL. So my original report was misleading, sorry. I can reproduce this on GuixSD, after reconfiguring my system based on 8243951ef1b9d (gnu: guix: Update development snapshot.). Can you try reproducing it like this? $ guix build hello --source && guix build hello --source --check I've attached gzip compressed strace logs, created with `strace -f -p PID -o FILE`.