From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ben Woodcroft Subject: Non-privileged daemons and offloading Date: Sun, 19 Jun 2016 23:07:38 +1000 Message-ID: <5766991A.1020505@uq.edu.au> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="------------010008070403070106070700" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:48229) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bEcSF-0006VG-JI for help-guix@gnu.org; Sun, 19 Jun 2016 09:08:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bEcSA-0006Ry-GA for help-guix@gnu.org; Sun, 19 Jun 2016 09:07:58 -0400 Received: from mailhub2.soe.uq.edu.au ([130.102.132.209]:55347 helo=newmailhub.uq.edu.au) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bEcS9-0006Pp-Sk for help-guix@gnu.org; Sun, 19 Jun 2016 09:07:54 -0400 Received: from smtp1.soe.uq.edu.au (smtp1.soe.uq.edu.au [10.138.113.40]) by newmailhub.uq.edu.au (8.14.5/8.14.5) with ESMTP id u5JD7gPS028502 for ; Sun, 19 Jun 2016 23:07:43 +1000 Received: from [192.168.1.105] (static.customers.nuskope.com.au [103.25.181.216] (may be forged)) (authenticated bits=0) by smtp1.soe.uq.edu.au (8.14.5/8.14.5) with ESMTP id u5JD7ejw001838 (version=TLSv1.2 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Sun, 19 Jun 2016 23:07:42 +1000 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: help-guix This is a multi-part message in MIME format. --------------010008070403070106070700 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Hi there, I've recently gotten access to a supercomputer where I don't have sudo, and I'm trying to hatch a plan to run guix packaged programs. Unfortunately, I don't have anything substantial like a container-based build environment to add here, only a potential workaround idea. I could run the daemon normally as a regular user, but I'm afraid of the issues that arise due to inability to chroot as described in the manual. Instead, I'm considering offloading the builds to a separate machine, where a guix-daemon runs as sudo and so can run builds in the chroot. IIUC, this gets around the issue of impurities in builds while not requiring sudo. One hole the plan I can see is that at least according to the manual, offloads are defined in "/etc/guix/machines.scm" which as a regular user I cannot modify. Is there any other way to specify offload machines e.g. via an argument to 'guix-daemon'? Is there any better ways to go about this whole thing in general? Thanks, ben --------------010008070403070106070700 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: 7bit Hi there,

I've recently gotten access to a supercomputer where I don't have sudo, and I'm trying to hatch a plan to run guix packaged programs. Unfortunately, I don't have anything substantial like a container-based build environment to add here, only a potential workaround idea.

I could run the daemon normally as a regular user, but I'm afraid of the issues that arise due to inability to chroot as described in the manual. Instead, I'm considering offloading the builds to a separate machine, where a guix-daemon runs as sudo and so can run builds in the chroot. IIUC, this gets around the issue of impurities in builds while not requiring sudo.

One hole the plan I can see is that at least according to the manual, offloads are defined in "/etc/guix/machines.scm" which as a regular user I cannot modify. Is there any other way to specify offload machines e.g. via an argument to 'guix-daemon'? Is there any better ways to go about this whole thing in general?

Thanks,
ben
--------------010008070403070106070700--