From mboxrd@z Thu Jan  1 00:00:00 1970
From: Thomas Schwinge <thomas@codesourcery.com>
Subject: Re: Guix binary tarball
Date: Sun, 7 Jun 2015 14:39:20 +0200
Message-ID: <87d217itfr.fsf@kepler.schwinge.homeip.net>
References: <20150515164602.GA13539@debian>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1;
	protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51708)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Thomas_Schwinge@mentor.com>) id 1Z1Zrp-00067h-Ta
	for guix-devel@gnu.org; Sun, 07 Jun 2015 08:39:59 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Thomas_Schwinge@mentor.com>) id 1Z1Zrm-0001FQ-NC
	for guix-devel@gnu.org; Sun, 07 Jun 2015 08:39:57 -0400
Received: from relay1.mentorg.com ([192.94.38.131]:43374)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Thomas_Schwinge@mentor.com>) id 1Z1Zrm-000157-HD
	for guix-devel@gnu.org; Sun, 07 Jun 2015 08:39:54 -0400
Received: from svr-orw-fem-03.mgc.mentorg.com ([147.34.97.39])
	by relay1.mentorg.com with esmtp
	id 1Z1Zre-0004HG-Up from Thomas_Schwinge@mentor.com
	for guix-devel@gnu.org; Sun, 07 Jun 2015 05:39:46 -0700
In-Reply-To: <20150515164602.GA13539@debian>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: guix-devel@gnu.org

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi!

In context of
<http://news.gmane.org/find-root.php?message_id=3D%3C87lhg2je9j.fsf%40keple=
r.schwinge.homeip.net%3E>,
I'm now installing Guix (GNU Guix 0.8.2 Binary) for the first time.  I
noticed a few issues that have been raised in this thread already (I have
not yet read every message in detail); so I'm hijacking this thread but
will now just dump here what I wrote down during installation, and if
there remains anything still to be sorted out, we can work on that later.

<http://www.gnu.org/software/guix/download/>.

    $ wget 'ftp://alpha.gnu.org/gnu/guix/guix-binary-0.8.2.x86_64-linux.tar=
.xz' 'ftp://alpha.gnu.org/gnu/guix/guix-binary-0.8.2.x86_64-linux.tar.xz.si=
g'
    $ gpg --verify guix-binary-0.8.2.x86_64-linux.tar.xz.sig

<http://www.gnu.org/software/guix/manual/html_node/Binary-Installation.html=
>.

    $ cd /
    $ sudo tar --skip-old-files -xJ < ~/tmp/guix/guix-binary-0.8.2.x86_64-l=
inux.tar.xz

I'm not a fan of extracting tarballs inside populated directories; so I'm
in favor on the suggested change to extract inside a temporary directory,
and then move everything in place as a separate step.

    $ sudo ls -ld /root/.guix-profile /var/guix /gnu
    drwxr-xr-x 3 30001 30000 4096 Mai 14 10:36 /gnu
    lrwxrwxrwx 1 30001 30000   45 Mai 14 10:36 /root/.guix-profile -> /var/=
guix/profiles/per-user/root/guix-profile
    drwxr-xr-x 6 30001 30000 4096 Mai 14 10:36 /var/guix

Should the tarball be packed such that it uses UID:GID 0:0, which -- I
think? -- is always expected to map to root:root?  Which UID:GID should I
now chown the files to?

It's very common, but I don't think there's a hard requirement for the
root user's home directory to be /root.  Maybe instead of shipping it in
the tarball, the symbolic link should be created by an explicit command?

    $ sudo ln -sf /var/guix/profiles/per-user/root/guix-profile ~root/.guix=
-profile

<http://www.gnu.org/software/guix/manual/html_node/Build-Environment-Setup.=
html>.

    $ sudo groupadd --system guix-builder
    $ for i in `seq 1 10`; do sudo useradd -g guix-builder -G guix-builder =
-d /var/empty -s `which nologin` -c "Guix build user $i" --system guix-buil=
der$i; done

Please describe why ten is a good amount of Guix build users.

For reference, the GID and UIDs this created on my system:

    $ getent group | grep -i guix
    guix-builder:x:998:guix-builder1,guix-builder2,guix-builder3,guix-build=
er4,guix-builder5,guix-builder6,guix-builder7,guix-builder8,guix-builder9,g=
uix-builder10
    $ getent passwd | grep -i guix
    guix-builder1:x:999:998:Guix build user 1:/var/empty:/usr/sbin/nologin
    guix-builder2:x:998:998:Guix build user 2:/var/empty:/usr/sbin/nologin
    guix-builder3:x:997:998:Guix build user 3:/var/empty:/usr/sbin/nologin
    guix-builder4:x:996:998:Guix build user 4:/var/empty:/usr/sbin/nologin
    guix-builder5:x:995:998:Guix build user 5:/var/empty:/usr/sbin/nologin
    guix-builder6:x:994:998:Guix build user 6:/var/empty:/usr/sbin/nologin
    guix-builder7:x:993:998:Guix build user 7:/var/empty:/usr/sbin/nologin
    guix-builder8:x:992:998:Guix build user 8:/var/empty:/usr/sbin/nologin
    guix-builder9:x:991:998:Guix build user 9:/var/empty:/usr/sbin/nologin
    guix-builder10:x:990:998:Guix build user 10:/var/empty:/usr/sbin/nologin


Gr=C3=BC=C3=9Fe,
 Thomas

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJVdDt4AAoJEK3/DN1sMFFt7wIH/1xbQ5JStlgRTva4aJiRgHZx
fZKugkfD4X4foVwQuYAq1aKGHllg1V2DQSdvbmWmnTwv9YRBfbiBfpJBVwBXZ4Rb
PaJ9ptcApIkLZxo9P2vUPnDo0uMoDvqZohDLnCEoOEhyo0D/awUHpob0BUoi448m
Jf/ZO2CS5oL7uyS5LZGYw8dF4TQzftb1fkGSupGOuLSYktQJgj7w478ZMBqMBtrO
yQD7RMALr4nigwsHROPTilQnU4sUbgqP6QiGr2I2FwT8PbB12VZ1rk1vO7OcbitK
LiRbC5lnbEmZLWhMCCCJ5BAdprUGrI0glULmRgOKrwFL2GTY+g9c45zGTe4c2uM=
=QVA4
-----END PGP SIGNATURE-----
--=-=-=--