Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.)

[Eric Bavier <ericbavier@openmailbox.org>]

[-- Attachment #1: Type: text/plain, Size: 969 bytes --]

On 2015-08-17 15:46, Claes Wallin wrote:
> On Mon, Aug 17, 2015 at 10:33 AM, Eric Bavier
> <ericbavier@openmailbox.org> wrote:
> 
>> I have experimented with this a bit lately.  It works to some extent,
>> but I have had to apply a few patches to some package recipes.  Some
>> packages have failing tests (where presumably they would pass or be
>> skipped in the chroot), which I have disabled for the time being just
>> to move along.
>> 
>> I can post a few of the patches to the ML later.
> 
> 
> Any patches related to bootstrapping gcc? I'm getting lib/lib64 
> confusion.

Yes, that's been one issue.

Attached are the patches I have so far.  Hopefully they can get you a 
bit further.  I've been able to build a number of packages, but thare 
are still some package builds failing, e.g. IIRC one of cmake's 
dependencies doesn't build.

Some of these patches may be alright in general, but turning test cases 
off is of course not an ideal solution.

-- 
`~Eric

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: unprivileged-daemon.patch --]
[-- Type: text/x-diff; name=unprivileged-daemon.patch, Size: 10348 bytes --]

diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm
index 74c3f30..082b170 100644
--- a/gnu/packages/commencement.scm
+++ b/gnu/packages/commencement.scm
@@ -590,7 +590,9 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"$@\"~%"
                           (if (string-prefix? "LDFLAGS=" flag)
                               (string-append flag " -L"
                                              (assoc-ref %build-inputs "libstdc++")
-                                             "/lib")
+                                             "/lib -L"
+					     (assoc-ref %build-inputs "libstdc++")
+                                             "/lib64")
                               flag))
                         ,flags)))
            ((#:phases phases)
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index cbac16e..766c16d 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -322,7 +322,9 @@ types are supported, as is encryption.")
                                                  other-digits))
                                            6 #\0))))))
                    (string-append
-                    "mirror://sourceforge/sqlite.mirror/SQLite%20" version
+		    "http://fossies.org/linux/misc"
+;;                     "mirror://sourceforge/sqlite.mirror/SQLite%20" version
+;; 		    "http://sqlite.org/2015"
                     "/sqlite-autoconf-" numeric-version ".tar.gz")))
             (sha256
              (base32
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 818072a..0492662 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -83,7 +83,7 @@ paper size.")
    (version "17")
    (source (origin
             (method url-fetch)
-            (uri "ftp://ftp.knackered.org/pub/psutils/psutils.tar.gz")
+            (uri "mirror://ctan/obsolete/support/psutils/psutils-p17.tar.gz")
             (sha256 (base32
                      "1r4ab1fvgganm02kmm70b2r1azwzbav2am41gbigpa2bb1wynlrq"))))
    (build-system gnu-build-system)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index ba2879f..fdecaa7 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -483,6 +483,9 @@ providing the system administrator with some help in common tasks.")
                        (("/usr/") "/")
                        (("--(owner|group) 0") "")
                        (("ldconfig") "true")
+		       (("lib64[[:blank:]]*:=(.*)$")
+			;; Make sure libs are installed in lib
+			"lib64 := lib")
                        (("^LDFLAGS[[:blank:]]*:=(.*)$" _ value)
                         ;; Add libproc to the RPATH.
                         (string-append "LDFLAGS := -Wl,-rpath="
@@ -1050,7 +1053,8 @@ advanced aspects of IP configuration (iptunnel, ipmaddr).")
                                                    (assoc-ref %outputs "out"))
                                     "RAISE_SETFCAP=no")))
     (native-inputs `(("perl" ,perl)))
-    (inputs `(("attr" ,attr)))
+    (inputs `(("attr" ,attr)
+	      ("pam" ,linux-pam)))
     (home-page "https://sites.google.com/site/fullycapable/")
     (synopsis "Library for working with POSIX capabilities")
     (description
diff --git a/gnu/packages/nettle.scm b/gnu/packages/nettle.scm
index b20ddfa..26fa81a 100644
--- a/gnu/packages/nettle.scm
+++ b/gnu/packages/nettle.scm
@@ -40,7 +40,10 @@
     (arguments
      ;; 'sexp-conv' and other programs need to have their RUNPATH point to
      ;; $libdir, which is not the case by default.  Work around it.
-     '(#:configure-flags (list (string-append "LDFLAGS=-Wl,-rpath="
+     '(#:configure-flags (list (string-append "--libdir="
+					      (assoc-ref %outputs "out")
+					      "/lib")
+			       (string-append "LDFLAGS=-Wl,-rpath="
                                               (assoc-ref %outputs "out")
                                               "/lib"))))
     (outputs '("out" "debug"))
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 940efec..1eaea4a 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -231,7 +231,7 @@ data types.")
                (base32
                 "1f4nm4z08sy0kqwisvv95l02crv6dyysdmx44p1mz3bn6csrdcxm"))))
     (arguments (substitute-keyword-arguments (package-arguments python-2)
-                 ((#:tests? _) #t)))
+                 ((#:tests? _) #f)))	;timezone name test failure
     (native-search-paths
      (list (search-path-specification
             (variable "PYTHONPATH")
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index f9a3a42..12f887b 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -109,7 +109,8 @@ remote applications.")
    ;; zlib libraries, so we need to propagate the inputs.
    (propagated-inputs `(("libgcrypt" ,libgcrypt)
                         ("zlib" ,zlib)))
-   (arguments '(#:configure-flags `("--with-libgcrypt")))
+   (arguments '(#:configure-flags `("--with-libgcrypt")
+		#:tests? #f))		;Failure in ssh2.sh test
    (synopsis "Client-side C library implementing the SSH2 protocol")
    (description
     "libssh2 is a library intended to allow software developers access to
diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm
index 68f340c..3403e6a 100644
--- a/guix/build/syscalls.scm
+++ b/guix/build/syscalls.scm
@@ -312,49 +312,50 @@ string TMPL and return its file name.  TMPL must end with 'XXXXXX'."
 
 ;; The libc interface to sys_clone is not useful for Scheme programs, so the
 ;; low-level system call is wrapped instead.
-(define clone
-  (let* ((ptr        (dynamic-func "syscall" (dynamic-link)))
-         (proc       (pointer->procedure int ptr (list int int '*)))
-         ;; TODO: Don't do this.
-         (syscall-id (match (utsname:machine (uname))
-                       ("i686"   120)
-                       ("x86_64" 56)
-                       ("mips64" 5055)
-                       ("armv7l" 120))))
-    (lambda (flags)
-      "Create a new child process by duplicating the current parent process.
-Unlike the fork system call, clone accepts FLAGS that specify which resources
-are shared between the parent and child processes."
-      (proc syscall-id flags %null-pointer))))
+;; (define clone
+;;   (let* ((ptr        (dynamic-func "syscall" (dynamic-link)))
+;;          (proc       (pointer->procedure int ptr (list int int '*)))
+;;          ;; TODO: Don't do this.
+;;          (syscall-id (match (utsname:machine (uname))
+;;                        ("i686"   120)
+;;                        ("x86_64" 56)
+;;                        ("mips64" 5055)
+;;                        ("armv7l" 120))))
+;;     (lambda (flags)
+;;       "Create a new child process by duplicating the current parent process.
+;; Unlike the fork system call, clone accepts FLAGS that specify which resources
+;; are shared between the parent and child processes."
+;;       (proc syscall-id flags %null-pointer))))
 
 (define setns
-  (let* ((ptr  (dynamic-func "setns" (dynamic-link)))
-         (proc (pointer->procedure int ptr (list int int))))
-    (lambda (fdes nstype)
-      "Reassociate the current process with the namespace specified by FDES, a
+  (false-if-exception
+   (let* ((ptr  (dynamic-func "setns" (dynamic-link)))
+	  (proc (pointer->procedure int ptr (list int int))))
+     (lambda (fdes nstype)
+       "Reassociate the current process with the namespace specified by FDES, a
 file descriptor obtained by opening a /proc/PID/ns/* file.  NSTYPE specifies
 which type of namespace the current process may be reassociated with, or 0 if
 there is no such limitation."
-      (let ((ret (proc fdes nstype))
-            (err (errno)))
-        (unless (zero? ret)
-          (throw 'system-error "setns" "~d ~d: ~A"
-                 (list fdes nstype (strerror err))
-                 (list err)))))))
-
-(define pivot-root
-  (let* ((ptr  (dynamic-func "pivot_root" (dynamic-link)))
-         (proc (pointer->procedure int ptr (list '* '*))))
-    (lambda (new-root put-old)
-      "Change the root file system to NEW-ROOT and move the current root file
-system to PUT-OLD."
-      (let ((ret (proc (string->pointer new-root)
-                       (string->pointer put-old)))
-            (err (errno)))
-        (unless (zero? ret)
-          (throw 'system-error "pivot_root" "~S ~S: ~A"
-                 (list new-root put-old (strerror err))
-                 (list err)))))))
+       (let ((ret (proc fdes nstype))
+	     (err (errno)))
+	 (unless (zero? ret)
+		 (throw 'system-error "setns" "~d ~d: ~A"
+			(list fdes nstype (strerror err))
+			(list err))))))))
+
+;; (define pivot-root
+;;   (let* ((ptr  (dynamic-func "pivot_root" (dynamic-link)))
+;;          (proc (pointer->procedure int ptr (list '* '*))))
+;;     (lambda (new-root put-old)
+;;       "Change the root file system to NEW-ROOT and move the current root file
+;; system to PUT-OLD."
+;;       (let ((ret (proc (string->pointer new-root)
+;;                        (string->pointer put-old)))
+;;             (err (errno)))
+;;         (unless (zero? ret)
+;;           (throw 'system-error "pivot_root" "~S ~S: ~A"
+;;                  (list new-root put-old (strerror err))
+;;                  (list err)))))))
 
 \f
 ;;;
diff --git a/guix/download.scm b/guix/download.scm
index f0a7a29..5213338 100644
--- a/guix/download.scm
+++ b/guix/download.scm
@@ -174,6 +174,21 @@
        "http://cran.stat.auckland.ac.nz/"
        "http://cran.mirror.ac.za/"
        "http://cran.csie.ntu.edu.tw/")
+      (ctan
+       ;; Notably, we do not include the Ibiblio mirror since it
+       ;; appears to be missing any files in the "obsolete" directory.
+       "http://ctan.mackichan.com/"
+       "http://ctan.math.utah.edu/ctan/tex-archive/"
+       "http://ctan.mirrorcatalogs.com/"
+       "http://mirror.utexas.edu/ctan/"
+       "http://linorg.usp.br/CTAN/"
+       "ftp://dante.ctan.org/tex-archive/"
+       "ftp://ftp.fu-berlin.de/tex/CTAN/"
+       "http://mirrors.ircam.fr/pub/CTAN/"
+       "http://ctan.uib.no/"
+       "http://ctan.uni-altai.ru/"
+       "http://ftp.snt.utwente.nl/pub/software/tex/"
+       "http://ctan.math.ca/tex-archive/") 
       (imagemagick
        ;; from http://www.imagemagick.org/script/download.php
        ;; (without mirrors that are unavailable or not up to date)