bug#30728: guix-install.sh doesn't work if run with "sudo"

[Chris Marusich <cmmarusich@gmail.com>]

[-- Attachment #1.1: Type: text/plain, Size: 2146 bytes --]

Clément Lassieur <clement@lassieur.org> writes:

> Clément Lassieur <clement@lassieur.org> writes:
>
>> Hi,
>>
>> My system is Ubuntu 16.04.
>>
>> I ran './guix-install.sh' and got the message: "This script must be run
>> as root.".  So I ran 'sudo ./guix-install.sh' and got an error message
>> saying that:
>>
>>     GUIX_PROFILE="${HOME}/.guix-profile"
>>     source "${GUIX_PROFILE}/etc/profile"
>>
>> the 'source' command doesn't work because ${GUIX_PROFILE} was never
>> created, ${HOME} being /home/clement, not /root.
>>
>> To recover from this I had to manually delete /var/guix and /gnu, log as
>> root with 'su', and start again.
>>
>> Clément
>
> I believe the script should install Guix in the user's home directory,
> not in ~root.

The manual says (see: (guix) Binary Installation):

  3. Make ‘root’’s profile available under ‘~/.guix-profile’:

          # ln -sf /var/guix/profiles/per-user/root/guix-profile \
                   ~root/.guix-profile

     Source ‘etc/profile’ to augment ‘PATH’ and other relevant
     environment variables:

          # GUIX_PROFILE=$HOME/.guix-profile ; \
            source $GUIX_PROFILE/etc/profile

I believe the expectation here is that $HOME will expand to root's home
directory.  Look at the previous ln invocation: we set up a symlink for
the .guix-profile in root's home directory, so it's pretty clear that
$HOME/.guix-profile is supposed to point to that profile.

I think there is a tacit assumption in the manual and the
guix-install.sh script that the HOME environment variable will refer to
root's home directory, which is not always true.  For example, on
current Ubuntu, if you run sudo with no arguments, you will find that
the HOME environment variable still points to your unprivileged user's
home directory, not to root's home directory.  This is because sudo can
be configured in many ways, and on Ubuntu, they have chosen to configure
it in that way.  On other systems, it might behave differently.

I've attached a patch which should fix this.  Can you confirm whether it
works?

-- 
Chris

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: 0001-guix-install.sh-Explicitly-set-root-s-home-directory.patch --]
[-- Type: text/x-patch, Size: 4310 bytes --]

From 3a774d199a59308c3a8e423b6093cd174c9384e4 Mon Sep 17 00:00:00 2001
From: Chris Marusich <cmmarusich@gmail.com>
Date: Sun, 25 Mar 2018 06:47:42 +0200
Subject: [PATCH] guix-install.sh: Explicitly set root's home directory.

* etc/guix-install.sh (ROOT_HOME): New variable.
  (sys_create_store, sys_enable_guix_daemon, sys_authorize_build_farms):
  Use ROOT_HOME instead of ~root or the HOME environment variable.
* doc/guix.texi (Binary Installation): Instead of assuming that $HOME
  refers to root's directory simply because commands are being run as
  root, explicilty refer to it via ~root.

Fixes: <https://bugs.gnu.org/30728>
---
 doc/guix.texi       |  2 +-
 etc/guix-install.sh | 19 ++++++++++++-------
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 49b3dd10d..285f0c300 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -482,7 +482,7 @@ Source @file{etc/profile} to augment @code{PATH} and other relevant
 environment variables:
 
 @example
-# GUIX_PROFILE=$HOME/.guix-profile ; \
+# GUIX_PROFILE="`echo ~root`/.guix-profile" ; \
   source $GUIX_PROFILE/etc/profile
 @end example
 
diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index 933492a33..78cd7580b 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -50,6 +50,11 @@ DEBUG=0
 GNU_URL="https://alpha.gnu.org/gnu/guix/"
 OPENPGP_SIGNING_KEY_ID="3CE464558A84FDC69DB40CFB090B11993D9AEBB5"
 
+# This script needs to know where root's home directory is.  However, we
+# cannot simply use the HOME environment variable, since there is no guarantee
+# that it points to root's home directory.
+ROOT_HOME="$(echo ~root)"
+
 # ------------------------------------------------------------------------------
 #+UTILITIES
 
@@ -264,9 +269,9 @@ sys_create_store()
 
     _msg "${INF}Linking the root user's profile"
     ln -sf /var/guix/profiles/per-user/root/guix-profile \
-       ~root/.guix-profile
+       "${ROOT_HOME}/.guix-profile"
 
-    GUIX_PROFILE="${HOME}/.guix-profile"
+    GUIX_PROFILE="${ROOT_HOME}/.guix-profile"
     source "${GUIX_PROFILE}/etc/profile"
     _msg "${PAS}activated root profile at /root/.guix-profile"
 }
@@ -316,13 +321,13 @@ sys_enable_guix_daemon()
     case "$INIT_SYS" in
         upstart)
             { initctl reload-configuration;
-              cp ~root/.guix-profile/lib/upstart/system/guix-daemon.conf \
+              cp "${ROOT_HOME}/.guix-profile/lib/upstart/system/guix-daemon.conf" \
                  /etc/init/ &&
                   start guix-daemon; } &&
                 _msg "${PAS}enabled Guix daemon via upstart"
             ;;
         systemd)
-            { cp ~root/.guix-profile/lib/systemd/system/guix-daemon.service \
+            { cp "${ROOT_HOME}/.guix-profile/lib/systemd/system/guix-daemon.service" \
                  /etc/systemd/system/;
               chmod 664 /etc/systemd/system/guix-daemon.service;
               systemctl daemon-reload &&
@@ -332,7 +337,7 @@ sys_enable_guix_daemon()
             ;;
         NA|*)
             _msg "${ERR}unsupported init system; run the daemon manually:"
-            echo "  ~root/.guix-profile/bin/guix-daemon --build-users-group=guixbuild"
+            echo "  ${ROOT_HOME}/.guix-profile/bin/guix-daemon --build-users-group=guixbuild"
             ;;
     esac
 
@@ -352,9 +357,9 @@ sys_authorize_build_farms()
     while true; do
         read -p "Permit downloading pre-built package binaries from the project's build farms? (yes/no) " yn
         case $yn in
-            [Yy]*) guix archive --authorize < ~root/.guix-profile/share/guix/hydra.gnu.org.pub &&
+            [Yy]*) guix archive --authorize < "${ROOT_HOME}/.guix-profile/share/guix/hydra.gnu.org.pub" &&
                          _msg "${PAS}Authorized public key for hydra.gnu.org";
-                   guix archive --authorize < ~root/.guix-profile/share/guix/berlin.guixsd.org.pub &&
+                   guix archive --authorize < "${ROOT_HOME}/.guix-profile/share/guix/berlin.guixsd.org.pub" &&
                        _msg "${PAS}Authorized public key for berlin.guixsd.org";
                    break;;
             [Nn]*) _msg "${INF}Skipped authorizing build farm public keys"
-- 
2.15.1


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]