From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp10.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms5.migadu.com with LMTPS
	id mO1zFScYUGMuHQEAbAwnHQ
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 19 Oct 2022 17:30:47 +0200
Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp10.migadu.com with LMTPS
	id 2GWAFCcYUGPVXQAAG6o9tA
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Wed, 19 Oct 2022 17:30:47 +0200
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id BA65224484
	for <larch@yhetil.org>; Wed, 19 Oct 2022 17:30:46 +0200 (CEST)
Received: from localhost ([::1]:34006 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	id 1olB1p-0003Y3-UE
	for larch@yhetil.org; Wed, 19 Oct 2022 11:30:45 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:44806)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>) id 1olB1S-0003Xs-Kz
 for guix-devel@gnu.org; Wed, 19 Oct 2022 11:30:23 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:48362)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1olB1P-00049w-Kx; Wed, 19 Oct 2022 11:30:20 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
 From; bh=3FvV4nqJgIhKTcYBzD8ByJ8W9QtS6ciQvgC6RWbndiI=; b=ZXEmIs1Ul2ucl7RL/BJO
 PX+VaDDWGE+a2ZxJ7zLR1tWzX2qiGF3NI0HZY1Kvpy5bjXv1fnC/Gskz1yBhkp07uhRAvglH1mFuj
 dOVGF4U5B9FEgCAmGpevHKjHhxhvi/p9G/aVT3wdgGNTDjWeTd17FOpGaMIbsolzChxB7H/51VGLV
 u/W2V6iHqV5r2T95GM8W0CnK98CSUcvSHMY3QLy2rGJ7B22QBkfBlR4ZrznCcH9Fygo9Sda178l9B
 UGELDRY5I3WYY5TIUDOHv5HlfyVeyxxvozH4hbebRVXOF5c2SqoJpTC7OC1JtVdDrEqrOW1ATW509
 Mc0qkYV4soWl+w==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:64263
 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1olB1N-0000Tp-Ku; Wed, 19 Oct 2022 11:30:19 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: Philip McGrath <philip@philipmcgrath.com>
Cc: guix <guix-devel@gnu.org>,  Maxime Devos <maximedevos@telenet.be>,
 Liliana Marie Prikler <liliana.prikler@gmail.com>,  Liliana Marie Prikler
 <liliana.prikler@ist.tugraz.at>
Subject: Re: What 'sh' should 'system' use?
References: <2284386.8hzESeGDPO@bastet> <87fsg7cwn0.fsf@gnu.org>
 <4651725.rnE6jSC6OK@bastet>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: Octidi 28 =?utf-8?Q?Vend=C3=A9miaire?= an 231 de la
 =?utf-8?Q?R=C3=A9volution=2C?= jour de la Tomate
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Wed, 19 Oct 2022 17:30:14 +0200
In-Reply-To: <4651725.rnE6jSC6OK@bastet> (Philip McGrath's message of "Sat, 15
 Oct 2022 19:23:29 -0400")
Message-ID: <87h6zzj0ft.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-Country: US
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1666193447;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post:dkim-signature;
	bh=3FvV4nqJgIhKTcYBzD8ByJ8W9QtS6ciQvgC6RWbndiI=;
	b=mXl5S27uyESZuDvzf8RYZFxFGhO4Un+G/8AJLTqO0OC+vSzlZGedJhFnMxhqTNZDRDVXUf
	wSc3+p+O3iecUvu5bVUxYWfPSHeeWwX7MJDnTJ/n4TXEYefBJLaRvfBCH3J2QCihe4Nv/a
	gFRErdKO0G0PZHvtNJS61cxbBTMrg5LSARamZd6MV+DimHivLFSZrFyXmm5/QqhU72/dTy
	1aHxYiCpXkn+LKqKSWXtcmjWzvTs0fe9dE0biX/SNKULLcTry1yoQoc+13wFvlrEuoCV0Z
	OWDAxoBzCQ5gFPpe90+UrTvsvT4LeQ5mXmSl5Au22oT0qo+jXPOlfcEZwsxqWw==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1666193447; a=rsa-sha256; cv=none;
	b=o2rP3HV7VkO0AiSIwPKFQD5tB0aeAXzYZ6/n6eFS5/Iw3ii4NOsznC/BbOPVAEG44ok1NB
	TKyyKOKSz8l+QpnA607CmJByDVSeiRUz/7cwGkWR2rbbszeIhQtb4uNzkHXqZad9+KE/mP
	OdirwiKK/PtTFQbOy1RtfOR4VUKCGv9OQMTC/IOVLyZKDFFSR9ngGDB8nqXe4//0ssWOso
	dz080rlMmHg/9ot12hDetrq8rLn4hai0sOuPyIqe7RlLzbVjXKF3vyaWe9csCmikMXQvTE
	YbZnjulwPm9NBM7U6FfX05UXaO8VS9thW/5Y10HGvjXXGmsecpczqTmpxKZkew==
ARC-Authentication-Results: i=1;
	aspmx1.migadu.com;
	dkim=pass header.d=gnu.org header.s=fencepost-gnu-org header.b=ZXEmIs1U;
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Spam-Score: -1.13
Authentication-Results: aspmx1.migadu.com;
	dkim=pass header.d=gnu.org header.s=fencepost-gnu-org header.b=ZXEmIs1U;
	dmarc=pass (policy=none) header.from=gnu.org;
	spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"
X-Migadu-Queue-Id: BA65224484
X-Spam-Score: -1.13
X-Migadu-Scanner: scn1.migadu.com
X-TUID: hkS4wr3aJiC+

Hi,

Philip McGrath <philip@philipmcgrath.com> skribis:

> This makes sense as far as using 'bash-static' in Glibc. The aspects I'm =
unsure
> of are:
>
>  1. If I'm packaging software that implements a function like 'system'
>     (e.g. Racket, SML/NJ, Chez Scheme, etc.), should I use 'bash-minimal'=
 or
>     'bash-static'?
>
>  2. Do we really need 'bash-minimal' at all? Why not just replace it with
>     'bash-static'?

Rather =E2=80=98bash-minimal=E2=80=99 (so it can benefit from grafts), but =
in practice
it doesn=E2=80=99t matter all that much.

> In particular, AFAICT, 'bash-minimal' currently has a reference to
> 'bash-static' via Glibc:
>
> $ guix size bash-minimal=20
> store item                                                       total   =
 self
> /gnu/store/5h2w4qi9hk1qzzgi1w83220ydslinr4s-glibc-2.33              38.3 =
   36.6  50.4%
> /gnu/store/094bbaq6glba86h1d4cj16xhdi6fk2jl-gcc-10.3.0-lib          71.7 =
   33.4  45.9%
> /gnu/store/720rj90bch716isd8z7lcwrnvz28ap4y-bash-static-5.1.8        1.7 =
    1.7   2.3%
> /gnu/store/chfwin3a4qp1znnpsjbmydr2jbzk0d6y-bash-minimal-5.1.8      72.7 =
    1.0   1.4%
> total: 72.7 MiB

True; at least it=E2=80=99s a small part of the closure size.

>> > 2) If we want to make 'sh' a weak/dynamic reference, I think we should
>> > strongly consider arranging to make it available at '/bin/sh' when
>> > present. I expect this option would require less patching of other
>> > packages *by far* than any other approach.
>>=20
>> This is not a viable option because build containers lack /bin/sh.
>>=20
>
> Right, this option would depend on making /bin/sh exist in the build
> environment.

And this won=E2=80=99t happen: it=E2=80=99s important that the contents of =
build
environments be stable over time.  That is the foundation of
reproducible builds in Guix.

> I'd hoped this might be possible without having to change the daemon, but=
 the
> ways I've tried so far haven't worked. I tried `(mkdir-p "/bin")`, but the
> build user apparently doesn't have sufficient permissions. Then I tried
> creating a nested container using `call-with-container` in which I could
> bind-mound the directory from 'bash-static' at '/bin', but I hit permissi=
ons
> errors that way, too. I also thought there might be a way to pass the dae=
mon
> options like 'build-chroot-dirs' to have it set up /bin/sh before it drops
> privileges, but I couldn't figure out how to do that.

For the record, /bin/sh was dropped on purpose early on in Guix (unlike
in Nix) to have a limited and well-defined build environment:

  https://lists.gnu.org/archive/html/bug-guix/2013-01/msg00041.html

> The patching itself isn't so bad, and, as you say, it's limited to at lea=
st
> a relatively small number of packages. However, the fact that Glibc retai=
ns a
> reference to 'bash-static' affects nearly every package. It doesn't affec=
t them
> very much, to be sure! But I think it does prevent using
> `guix shell --container` to create containers without a shell, and it lik=
ewise
> seems difficult to experiment with different shells. Or maybe it's really=
 just
> that it disturbs my sense of aesthetics.

The choice was made for =E2=80=98guix shell -C=E2=80=99 to always provide /=
bin/sh but
purely for convenience (I can=E2=80=99t find the reference); it=E2=80=99s n=
ot strictly
necessary.

Now, it=E2=80=99s true that currently =E2=80=98guix shell -C=E2=80=99 alway=
s uses Bash as
/bin/sh.  Are you saying that it would be nice to be able to use a
different shell?  In =E2=80=98guix home container=E2=80=99, we made a diffe=
rent, which
is to honor $SHELL (see =E2=80=98user-shell=E2=80=99 in guix/scripts/home.s=
cm).

Thanks,
Ludo=E2=80=99.