* permission denied: /gnu/store/...guile... @ 2015-05-20 7:06 rekado 2015-05-20 8:17 ` Andreas Enge ` (3 more replies) 0 siblings, 4 replies; 16+ messages in thread From: rekado @ 2015-05-20 7:06 UTC (permalink / raw) To: guix-devel Hi Guix, my apologies for this badly formatted email. I'm using a webmail interface because I have not been able to set up my email through Emacs on GuixSD as I cannot build custom packages. Here's what happens when I try to build a custom package from a git checkout of the guix repository: ~~~~~~ rekado@banana guix $ ./pre-inst-env guix build ibus-pinyin The following derivations will be built: /gnu/store/gbdfw3z89dxw5nh3qw5gq3y2p5i2l1a2-ibus-pinyin-1.5.0.drv /gnu/store/9pcjzs7g87vg2pc6ag877kxlmzg1v241-pyzy-0.1.0.tar.gz.drv /gnu/store/ni0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv /gnu/store/k2qwb22f1jzb9wr1cvkqv9bhdhmpyaqy-pyzy-0.1.0.drv The following file will be downloaded: /gnu/store/7vrb932gf6lzsh5q0sskzgmjm2bwr91x-libtool-2.4.6 @ build-started /gnu/store/ni0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv - x86_64-linux /var/log/guix/drvs/ni//0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv.bz2 build error: executing `/gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile': Permission denied builder for `/gnu/store/ni0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv' failed with exit code 1 @ build-failed /gnu/store/ni0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv - 1 builder for `/gnu/store/ni0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv' failed with exit code 1 cannot build derivation `/gnu/store/gbdfw3z89dxw5nh3qw5gq3y2p5i2l1a2-ibus-pinyin-1.5.0.drv': 1 dependencies couldn't be built killing process 2391 guix build: error: build failed: build of `/gnu/store/gbdfw3z89dxw5nh3qw5gq3y2p5i2l1a2-ibus-pinyin-1.5.0.drv' failed rekado@banana guix $ ~~~~~~ I have confirmed that this particular guile binary can be executed, so I don't know what permission problem it encounters. I attached strace to the guix-daemon and it produced a long log which I have uploaded here: http://elephly.net/downies/guile-permission-denied.txt The failing derivation is this: ~~~~~~ Derive([("out","/gnu/store/vvs2c9zzl9zwrq0zwrayjlih9cpwjbcq-ibus-pinyin-1.5.0.tar.gz","sha256","a85d458dcc51ea9fd65849e63002428b3fcb3b39adcbea9214b5cb4a4cbdbc96")],[("/gnu/store/479gki04zgbysxipcb1wdl56mh1bldbx-guile-2.0.11.drv",["out"]),("/gnu/store/p20cih7k80cpqka6f06100j1ycgf3fl1-module-import.drv",["out"]),("/gnu/store/s8bacxxryg87p2ag6gl46qz6jvpdm5qs-gnutls-3.4.0.drv",["out"]),("/gnu/store/w9g2dqsfgr6n8pslwmm2lgbka96qwig4-module-import-compiled.drv",["out"])],["/gnu/store/yhds5m08mgp3a3yb2gj9imn7pkap0fc1-ibus-pinyin-1.5.0.tar.gz-builder"],"x86_64-linux","/gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile",["--no-auto-compile","-L","/gnu/store/6fnbs4j7dsn6rc598d72caay00yggvh7-module-import","-C","/gnu/store/ww9kwrbs4h468vll6a3swg6dc3hr9f8i-module-import-compiled","/gnu/ store/yhds5m08mgp3a3yb2gj9imn7pkap0fc1-ibus-pinyin-1.5.0.tar.gz-builder"],[("impureEnvVars","http_proxy https_proxy"),("out","/gnu/store/vvs2c9zzl9zwrq0zwrayjlih9cpwjbcq-ibus-pinyin-1.5.0.tar.gz")]) ~~~~~~ I have installed GuixSD from the 0.8.2 USB image onto a new, empty partition. I'm reusing only my home directory, which is located on a luks LVM. I have pulled the latest version of Guix and reconfigured the system a few hours ago. Permissions on various store directories: drwxrwxr-t 751 root guixbuild 479232 May 20 08:26 /gnu/store/ dr-xr-xr-x 6 root root 4096 Jan 1 1970 /gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/ -r-xr-xr-x 1 root root 10912 Jan 1 1970 /gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile I would appreciate any help, as I cannot hack on Guix as long as this problem persists. ~~ Ricardo ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: permission denied: /gnu/store/...guile... 2015-05-20 7:06 permission denied: /gnu/store/...guile rekado @ 2015-05-20 8:17 ` Andreas Enge 2015-05-20 11:24 ` Daniel Pimentel ` (2 subsequent siblings) 3 siblings, 0 replies; 16+ messages in thread From: Andreas Enge @ 2015-05-20 8:17 UTC (permalink / raw) To: rekado; +Cc: guix-devel Hello Recado, this may not at all be helpful, but whenever I encounter a mysterious problem such as this, I usually do a "make distclean; ./configure; make install". Or better yet, have it precede by "./bootstrap" and "rm -rf INSTALL_DIRECTORY/share/guile". Sometimes that solves the issue, but it probably only makes sense if you have installed guix on top of another distro. Andreas ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: permission denied: /gnu/store/...guile... 2015-05-20 7:06 permission denied: /gnu/store/...guile rekado 2015-05-20 8:17 ` Andreas Enge @ 2015-05-20 11:24 ` Daniel Pimentel 2015-05-20 12:24 ` Ludovic Courtès 2015-05-20 12:18 ` permission denied: /gnu/store/...guile Ludovic Courtès 2015-05-22 20:15 ` Mark H Weaver 3 siblings, 1 reply; 16+ messages in thread From: Daniel Pimentel @ 2015-05-20 11:24 UTC (permalink / raw) To: rekado; +Cc: guix-devel, guix-devel-bounces+d4n1=opmbx.org On 2015-05-20 04:06, rekado wrote: > Hi Guix, > > my apologies for this badly formatted email. I'm using a webmail > interface because I have not been able to set up my email through > Emacs on GuixSD as I cannot build custom packages. > > Here's what happens when I try to build a custom package from a git > checkout of the guix repository: > > ~~~~~~ > rekado@banana guix $ ./pre-inst-env guix build ibus-pinyin > The following derivations will be built: > /gnu/store/gbdfw3z89dxw5nh3qw5gq3y2p5i2l1a2-ibus-pinyin-1.5.0.drv > /gnu/store/9pcjzs7g87vg2pc6ag877kxlmzg1v241-pyzy-0.1.0.tar.gz.drv > > /gnu/store/ni0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv > /gnu/store/k2qwb22f1jzb9wr1cvkqv9bhdhmpyaqy-pyzy-0.1.0.drv > The following file will be downloaded: > /gnu/store/7vrb932gf6lzsh5q0sskzgmjm2bwr91x-libtool-2.4.6 > @ build-started > /gnu/store/ni0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv > - x86_64-linux > /var/log/guix/drvs/ni//0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv.bz2 > build error: executing > `/gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile': > Permission denied > builder for > `/gnu/store/ni0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv' > failed with exit code 1 > @ build-failed > /gnu/store/ni0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv > - 1 builder for > `/gnu/store/ni0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv' > failed with exit code 1 > cannot build derivation > `/gnu/store/gbdfw3z89dxw5nh3qw5gq3y2p5i2l1a2-ibus-pinyin-1.5.0.drv': 1 > dependencies couldn't be built > killing process 2391 > guix build: error: build failed: build of > `/gnu/store/gbdfw3z89dxw5nh3qw5gq3y2p5i2l1a2-ibus-pinyin-1.5.0.drv' > failed > rekado@banana guix $ > ~~~~~~ > > I have confirmed that this particular guile binary can be executed, so > I don't know what permission problem it encounters. I attached strace > to the guix-daemon and it produced a long log which I have uploaded > here: http://elephly.net/downies/guile-permission-denied.txt > > The failing derivation is this: > > ~~~~~~ > Derive([("out","/gnu/store/vvs2c9zzl9zwrq0zwrayjlih9cpwjbcq-ibus-pinyin-1.5.0.tar.gz","sha256","a85d458dcc51ea9fd65849e63002428b3fcb3b39adcbea9214b5cb4a4cbdbc96")],[("/gnu/store/479gki04zgbysxipcb1wdl56mh1bldbx-guile-2.0.11.drv",["out"]),("/gnu/store/p20cih7k80cpqka6f06100j1ycgf3fl1-module-import.drv",["out"]),("/gnu/store/s8bacxxryg87p2ag6gl46qz6jvpdm5qs-gnutls-3.4.0.drv",["out"]),("/gnu/store/w9g2dqsfgr6n8pslwmm2lgbka96qwig4-module-import-compiled.drv",["out"])],["/gnu/store/yhds5m08mgp3a3yb2gj9imn7pkap0fc1-ibus-pinyin-1.5.0.tar.gz-builder"],"x86_64-linux","/gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile",["--no-auto-compile","-L","/gnu/store/6fnbs4j7dsn6rc598d72caay00yggvh7-module-import","-C","/gnu/store/ww9kwrbs4h468vll6a3swg6dc3hr9f8i-module-import-compiled","/gn u/store/yhds5m08mgp3a3yb2gj9imn7pkap0fc1-ibus-pinyin-1.5.0.tar.gz-builder"],[("impureEnvVars","http_proxy > https_proxy"),("out","/gnu/store/vvs2c9zzl9zwrq0zwrayjlih9cpwjbcq-ibus-pinyin-1.5.0.tar.gz")]) > ~~~~~~ > > I have installed GuixSD from the 0.8.2 USB image onto a new, empty > partition. I'm reusing only my home directory, which is located on a > luks LVM. I have pulled the latest version of Guix and reconfigured > the system a few hours ago. > > Permissions on various store directories: > > drwxrwxr-t 751 root guixbuild 479232 May 20 08:26 /gnu/store/ > dr-xr-xr-x 6 root root 4096 Jan 1 1970 > /gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/ > -r-xr-xr-x 1 root root 10912 Jan 1 1970 > /gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile > > I would appreciate any help, as I cannot hack on Guix as long as this > problem persists. > > ~~ Ricardo I have similar problem, I think. My problem was permission to write (using sudo) in /gnu/store/ when I needed to enable my correct synaptics (I copied 50-synaptics.conf file to /gnu/store/.../xorg.conf.d/), so I needed remount /gnu/store/ (sudo mount -o remount,rw /gnu/store) to copy this file. -- Daniel Pimentel (d4n1) #GnuPG: 0B1A1914 #FSF: 13054 ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: permission denied: /gnu/store/...guile... 2015-05-20 11:24 ` Daniel Pimentel @ 2015-05-20 12:24 ` Ludovic Courtès 2015-05-20 13:12 ` Daniel Pimentel 0 siblings, 1 reply; 16+ messages in thread From: Ludovic Courtès @ 2015-05-20 12:24 UTC (permalink / raw) To: Daniel Pimentel; +Cc: guix-devel, guix-devel-bounces+d4n1=opmbx.org Daniel Pimentel <d4n1@openmailbox.org> skribis: > I have similar problem, I think. My problem was permission to write > (using sudo) in /gnu/store/ when I needed to enable my correct > synaptics (I copied 50-synaptics.conf file to > /gnu/store/.../xorg.conf.d/), so I needed remount /gnu/store/ (sudo > mount -o remount,rw /gnu/store) to copy this file. Files in /gnu/store must never be modified, because the whole system assumes it is indeed immutable. For this reason, /gnu/store is a read-only bind-mount on GuixSD. The solution for Synaptics would be to augment the Xorg service definition in (gnu services xorg) so that it does the right thing. What exactly is needed? Ludo’. ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: permission denied: /gnu/store/...guile... 2015-05-20 12:24 ` Ludovic Courtès @ 2015-05-20 13:12 ` Daniel Pimentel 2015-05-20 17:24 ` Alex Kost 0 siblings, 1 reply; 16+ messages in thread From: Daniel Pimentel @ 2015-05-20 13:12 UTC (permalink / raw) To: ludo; +Cc: guix-devel, guix-devel-bounces+d4n1=opmbx.org On 2015-05-20 09:24, ludo@gnu.org wrote: > Daniel Pimentel <d4n1@openmailbox.org> skribis: > >> I have similar problem, I think. My problem was permission to write >> (using sudo) in /gnu/store/ when I needed to enable my correct >> synaptics (I copied 50-synaptics.conf file to >> /gnu/store/.../xorg.conf.d/), so I needed remount /gnu/store/ (sudo >> mount -o remount,rw /gnu/store) to copy this file. > > Files in /gnu/store must never be modified, because the whole system > assumes it is indeed immutable. For this reason, /gnu/store is a > read-only bind-mount on GuixSD. > > The solution for Synaptics would be to augment the Xorg service > definition in (gnu services xorg) so that it does the right thing. > What exactly is needed? > > Ludo’. Allright, so I needed to add this code to my touchpad work well: Section "InputClass" Identifier "touchpad catchall" Driver "synaptics" MatchIsTouchpad "on" Option "TapButton1" "1" Option "TapButton2" "-1" Option "TapButton3" "3" Option "VertEdgeScroll" "on" Option "HorizTwoFingerScroll" "on" EndSection What's solution? Add it to config.scm (is very long code to it?)? Thanks, -- Daniel Pimentel (d4n1) GnuPG (0B1A1914) FSF (13054) ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: permission denied: /gnu/store/...guile... 2015-05-20 13:12 ` Daniel Pimentel @ 2015-05-20 17:24 ` Alex Kost 2015-05-21 20:40 ` Synaptics & libinput driver Ludovic Courtès 0 siblings, 1 reply; 16+ messages in thread From: Alex Kost @ 2015-05-20 17:24 UTC (permalink / raw) To: Daniel Pimentel; +Cc: guix-devel Daniel Pimentel (2015-05-20 16:12 +0300) wrote: > On 2015-05-20 09:24, ludo@gnu.org wrote: >> Daniel Pimentel <d4n1@openmailbox.org> skribis: >> >>> I have similar problem, I think. My problem was permission to write >>> (using sudo) in /gnu/store/ when I needed to enable my correct >>> synaptics (I copied 50-synaptics.conf file to >>> /gnu/store/.../xorg.conf.d/), so I needed remount /gnu/store/ (sudo >>> mount -o remount,rw /gnu/store) to copy this file. >> >> Files in /gnu/store must never be modified, because the whole system >> assumes it is indeed immutable. For this reason, /gnu/store is a >> read-only bind-mount on GuixSD. >> >> The solution for Synaptics would be to augment the Xorg service >> definition in (gnu services xorg) so that it does the right thing. >> What exactly is needed? >> >> Ludo’. > > Allright, so I needed to add this code to my touchpad work well: > > Section "InputClass" > Identifier "touchpad catchall" > Driver "synaptics" > MatchIsTouchpad "on" > Option "TapButton1" "1" > Option "TapButton2" "-1" > Option "TapButton3" "3" > Option "VertEdgeScroll" "on" > Option "HorizTwoFingerScroll" "on" > EndSection > > What's solution? Add it to config.scm (is very long code to it?)? It's probably not a solution for you, but what I do is: I have Xorg server and required modules (xf86-input-evdev, …) installed in my user profile; and I start it with "-configdir /path/to/my/xorg.conf.d" option. -- Alex ^ permalink raw reply [flat|nested] 16+ messages in thread
* Synaptics & libinput driver 2015-05-20 17:24 ` Alex Kost @ 2015-05-21 20:40 ` Ludovic Courtès 0 siblings, 0 replies; 16+ messages in thread From: Ludovic Courtès @ 2015-05-21 20:40 UTC (permalink / raw) To: Alex Kost; +Cc: guix-devel Alex Kost <alezost@gmail.com> skribis: > Daniel Pimentel (2015-05-20 16:12 +0300) wrote: > >> On 2015-05-20 09:24, ludo@gnu.org wrote: >>> Daniel Pimentel <d4n1@openmailbox.org> skribis: [...] >> Allright, so I needed to add this code to my touchpad work well: >> >> Section "InputClass" >> Identifier "touchpad catchall" >> Driver "synaptics" >> MatchIsTouchpad "on" >> Option "TapButton1" "1" >> Option "TapButton2" "-1" >> Option "TapButton3" "3" >> Option "VertEdgeScroll" "on" >> Option "HorizTwoFingerScroll" "on" >> EndSection >> >> What's solution? Add it to config.scm (is very long code to it?)? > > It's probably not a solution for you, but what I do is: I have Xorg > server and required modules (xf86-input-evdev, …) installed in my > user profile; and I start it with "-configdir /path/to/my/xorg.conf.d" > option. Commit d1cdd7b adds a more pleasant solution whereby one can specify text to be added verbatim to the Xorg config file, like: (define input-class "Section \"InputClass" ...") (define (my-slim-service) (mlet %store-monad ((config (xorg-configuration-file #:extra-config (list input-class))) (startx (xorg-start-command #:configuration-file config))) (slim-service #:startx startx))) (operating-system ;; ... (services (cons (my-slim-service) ...))) But more importantly, it seems to be that these things are supposed to work out-of-the-box nowadays. Commit c2ee19e adds the libinput Xorg driver in the server configuration file, which might help. It is described as the “future” of input drivers: http://who-t.blogspot.fr/2015/01/xf86-input-libinput-compatibility-with.html Ludo’. ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: permission denied: /gnu/store/...guile... 2015-05-20 7:06 permission denied: /gnu/store/...guile rekado 2015-05-20 8:17 ` Andreas Enge 2015-05-20 11:24 ` Daniel Pimentel @ 2015-05-20 12:18 ` Ludovic Courtès 2015-05-20 20:56 ` rekado 2015-05-22 20:15 ` Mark H Weaver 3 siblings, 1 reply; 16+ messages in thread From: Ludovic Courtès @ 2015-05-20 12:18 UTC (permalink / raw) To: rekado; +Cc: guix-devel rekado <rekado@elephly.net> skribis: > build error: executing `/gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile': Permission denied > builder for `/gnu/store/ni0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv' failed with exit code 1 > @ build-failed /gnu/store/ni0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv - 1 builder for `/gnu/store/ni0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv' failed with exit code 1 > cannot build derivation `/gnu/store/gbdfw3z89dxw5nh3qw5gq3y2p5i2l1a2-ibus-pinyin-1.5.0.drv': 1 dependencies couldn't be built > killing process 2391 > guix build: error: build failed: build of `/gnu/store/gbdfw3z89dxw5nh3qw5gq3y2p5i2l1a2-ibus-pinyin-1.5.0.drv' failed > rekado@banana guix $ > ~~~~~~ > > I have confirmed that this particular guile binary can be executed, so I don't know what permission problem it encounters. I attached strace to the guix-daemon and it produced a long log which I have uploaded here: http://elephly.net/downies/guile-permission-denied.txt So this happens only with this derivation? Looking at the strace output, I can’t see anything suspicious; everything seems to happen as expected, namely this part: --8<---------------cut here---------------start------------->8--- [pid 16379] statfs("/gnu/store", {f_type="EXT2_SUPER_MAGIC", f_bsize=4096, f_blocks=6417799, f_bfree=4940413, f_bavail=4608638, f_files=1641600, f_ffree=1378343, f_fsid={-557300761, 437310106}, f_namelen=255, f_frsize=4096}) = 0 [pid 16379] unshare(CLONE_NEWNS) = 0 [pid 16379] mount(NULL, "/gnu/store", NULL, MS_REMOUNT|MS_BIND, NULL) = 0 --8<---------------cut here---------------end--------------->8--- The only thing that could go wrong is if the store somehow ended up being mounted with MS_NOEXEC, but I don’t see that happening here. I suppose you’re on Linux-libre 4.0.2, right? > I have installed GuixSD from the 0.8.2 USB image onto a new, empty partition. I'm reusing only my home directory, which is located on a luks LVM. I have pulled the latest version of Guix and reconfigured the system a few hours ago. ... which means that other derivations build just fine, right? > Derive([("out","/gnu/store/vvs2c9zzl9zwrq0zwrayjlih9cpwjbcq-ibus-pinyin-1.5.0.tar.gz","sha256","a85d458dcc51ea9fd65849e63002428b3fcb3b39adcbea9214b5cb4a4cbdbc96")],[("/gnu/store/479gki04zgbysxipcb1wdl56mh1bldbx-guile-2.0.11.drv",["out"]),("/gnu/store/p20cih7k80cpqka6f06100j1ycgf3fl1-module-import.drv",["out"]),("/gnu/store/s8bacxxryg87p2ag6gl46qz6jvpdm5qs-gnutls-3.4.0.drv",["out"]),("/gnu/store/w9g2dqsfgr6n8pslwmm2lgbka96qwig4-module-import-compiled.drv",["out"])],["/gnu/store/yhds5m08mgp3a3yb2gj9imn7pkap0fc1-ibus-pinyin-1.5.0.tar.gz-builder"],"x86_64-linux","/gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile",["--no-auto-compile","-L","/gnu/store/6fnbs4j7dsn6rc598d72caay00yggvh7-module-import","-C","/gnu/store/ww9kwrbs4h468vll6a3swg6dc3hr9f8i-module-import-compiled","/gnu/store/yhds5m08mgp3a3yb2gj9imn7pkap0fc1-ibus-pinyin-1.5.0.tar.gz-builder"],[("impureEnvVars","http_proxy https_proxy"),("out","/gnu/store/vvs2c9zzl9zwrq0zwrayjlih9cpwjbcq-ibus-pinyin-1.5.0.tar.gz")]) However I don’t see this derivation mention in the strace log. Could you try to strace again the daemon, but this time just run: guix build -S ibus-pinyin ? Thanks, Ludo’. ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: permission denied: /gnu/store/...guile... 2015-05-20 12:18 ` permission denied: /gnu/store/...guile Ludovic Courtès @ 2015-05-20 20:56 ` rekado 2015-05-21 8:03 ` Ludovic Courtès 0 siblings, 1 reply; 16+ messages in thread From: rekado @ 2015-05-20 20:56 UTC (permalink / raw) To: Ludovic Courtès; +Cc: guix-devel ---- On Wed, 20 May 2015 20:18:31 +0800 Ludovic Courtès wrote ---- >So this happens only with this derivation? No. It happens whenever I build something without substitutes. There are no substitutes for packages that are still in development (like my ibus-pinyin draft). >I suppose you’re on Linux-libre 4.0.2, right? I'm on Linux-libre 4.0.4. "uname -a" says this: Linux banana 4.0.4-gnu #1 SMP Mon May 18 21:33:05 UTC 2015 x86_64 GNU/Linux >> I have installed GuixSD from the 0.8.2 USB image onto a new, empty partition. I'm reusing only my home directory, which is located on a luks LVM. I have pulled the latest version of Guix and reconfigured the system a few hours ago. > >... which means that other derivations build just fine, right? When substitutes are involved everything works fine, as far as I can tell. >> Derive([("out","/gnu/store/vvs2c9zzl9zwrq0zwrayjlih9cpwjbcq-ibus-pinyin-1.5.0.tar.gz","sha256","a85d458dcc51ea9fd65849e63002428b3fcb3b39adcbea9214b5cb4a4cbdbc96")],[("/gnu/store/479gki04zgbysxipcb1wdl56mh1bldbx-guile-2.0.11.drv",["out"]),("/gnu/store/p20cih7k80cpqka6f06100j1ycgf3fl1-module-import.drv",["out"]),("/gnu/store/s8bacxxryg87p2ag6gl46qz6jvpdm5qs-gnutls-3.4.0.drv",["out"]),("/gnu/store/w9g2dqsfgr6n8pslwmm2lgbka96qwig4-module-import-compiled.drv",["out"])],["/gnu/store/yhds5m08mgp3a3yb2gj9imn7pkap0fc1-ibus-pinyin-1.5.0.tar.gz-builder"],"x86_64-linux","/gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile",["--no-auto-compile","-L","/gnu/store/6fnbs4j7dsn6rc598d72caay00yggvh7-module-import","-C","/gnu/store/ww9kwrbs4h468vll6a3swg6dc3hr9f8i-module-import-compiled","/gnu/store/yhds5m08mgp3a3yb2gj9imn7pkap0fc1-ibus-pinyin-1.5.0.tar.gz-builder"],[("impureEnvVars","http_proxy https_proxy"),("out","/gnu/store/vvs2c9zzl9zwrq0zwrayjlih9cpwjbcq-ibus-pinyin-1.5.0.tar.gz")]) > >However I don’t see this derivation mention in the strace log. Oh, right. The strace log shows the output for another package I'm working on, "gnome-keyring". There are only two things it has in common with "ibus-pinyin": there is no binary substitute available and I get the same error about "permission denied" when executing guile. > Could >you try to strace again the daemon, but this time just run: > > guix build -S ibus-pinyin Here's the client output: ~~~~~~~~ rekado@banana guix $ ./pre-inst-env guix build -S ibus-pinyin substitute: updating list of substitutes from 'http://hydra.gnu.org'... 100.0% The following derivation will be built: /gnu/store/ni0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv @ build-started /gnu/store/ni0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv - x86_64-linux /var/log/guix/drvs/ni//0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv.bz2 build error: executing `/gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile': Permission denied builder for `/gnu/store/ni0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv' failed with exit code 1 @ build-failed /gnu/store/ni0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv - 1 builder for `/gnu/store/ni0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv' failed with exit code 1 killing process 2209 guix build: error: build failed: build of `/gnu/store/ni0hz29nyd051fsp2n73icjnwx28fajz-ibus-pinyin-1.5.0.tar.gz.drv' failed rekado@banana guix $ ~~~~~~~~ The strace log is here: http://elephly.net/downies/guile-permission-denied2.txt I think I should also mention that I'm encountering another "permission denied" problem, which may or may not be related. "sudo" is not working: ~~~~~~~~ rekado@banana guix $ sudo ls sudo: unable to stat /etc/sudoers: Permission denied sudo: no valid sudoers sources found, quitting sudo: unable to initialize policy plugin rekado@banana guix $ ~~~~~~~~ The output of "strace sudo ls" is here: http://elephly.net/downies/sudo.txt The store is of course not mounted with "nosetuid" flag. Thank you all for offering assistance! I appreciate it. ~~ Ricardo ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: permission denied: /gnu/store/...guile... 2015-05-20 20:56 ` rekado @ 2015-05-21 8:03 ` Ludovic Courtès 0 siblings, 0 replies; 16+ messages in thread From: Ludovic Courtès @ 2015-05-21 8:03 UTC (permalink / raw) To: rekado; +Cc: guix-devel rekado <rekado@elephly.net> skribis: >>> Derive([("out","/gnu/store/vvs2c9zzl9zwrq0zwrayjlih9cpwjbcq-ibus-pinyin-1.5.0.tar.gz","sha256","a85d458dcc51ea9fd65849e63002428b3fcb3b39adcbea9214b5cb4a4cbdbc96")],[("/gnu/store/479gki04zgbysxipcb1wdl56mh1bldbx-guile-2.0.11.drv",["out"]),("/gnu/store/p20cih7k80cpqka6f06100j1ycgf3fl1-module-import.drv",["out"]),("/gnu/store/s8bacxxryg87p2ag6gl46qz6jvpdm5qs-gnutls-3.4.0.drv",["out"]),("/gnu/store/w9g2dqsfgr6n8pslwmm2lgbka96qwig4-module-import-compiled.drv",["out"])],["/gnu/store/yhds5m08mgp3a3yb2gj9imn7pkap0fc1-ibus-pinyin-1.5.0.tar.gz-builder"],"x86_64-linux","/gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile",["--no-auto-compile","-L","/gnu/store/6fnbs4j7dsn6rc598d72caay00yggvh7-module-import","-C","/gnu/store/ww9kwrbs4h468vll6a3swg6dc3hr9f8i-module-import-compiled","/gnu/store/yhds5m08mgp3a3yb2gj9imn7pkap0fc1-ibus-pinyin-1.5.0.tar.gz-builder"],[("impureEnvVars","http_proxy https_proxy"),("out","/gnu/store/vvs2c9zzl9zwrq0zwrayjlih9cpwjbcq-ibus-pinyin-1.5.0.tar.gz")]) >> >>However I don’t see this derivation mention in the strace log. > > Oh, right. The strace log shows the output for another package I'm working on, "gnome-keyring". There are only two things it has in common with "ibus-pinyin": there is no binary substitute available and I get the same error about "permission denied" when executing guile. Could you post the output of “stat /gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile”? What do the following return at the Guile REPL: (getgr 30000) (getpw 30001) ? > The strace log is here: http://elephly.net/downies/guile-permission-denied2.txt Note that here, since it’s a fixed-output derivation, there’s no chroot, unshare, etc., so it’s really just UID 30001 running that file. Something equivalent to: # su guixbuilder01 $ /gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/guile > ~~~~~~~~ > rekado@banana guix $ sudo ls > sudo: unable to stat /etc/sudoers: Permission denied > sudo: no valid sudoers sources found, quitting > sudo: unable to initialize policy plugin Same with: /run/setuid-programs/sudo ls ? Does /run/setuid-programs/sudo have the same inode as $(guix build sudo)/bin/sudo? stat -c '%i' /run/setuid-programs/sudo \ $(guix build sudo)/bin/sudo The only partitions are / and /home, right? Thanks, Ludo’. ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: permission denied: /gnu/store/...guile... 2015-05-20 7:06 permission denied: /gnu/store/...guile rekado ` (2 preceding siblings ...) 2015-05-20 12:18 ` permission denied: /gnu/store/...guile Ludovic Courtès @ 2015-05-22 20:15 ` Mark H Weaver 2015-05-22 20:21 ` Mark H Weaver 2015-05-23 14:22 ` Ludovic Courtès 3 siblings, 2 replies; 16+ messages in thread From: Mark H Weaver @ 2015-05-22 20:15 UTC (permalink / raw) To: rekado; +Cc: guix-devel The problem turned out to be that on rekado's system, / was owned by user "rekado" with mode 700. Mark ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: permission denied: /gnu/store/...guile... 2015-05-22 20:15 ` Mark H Weaver @ 2015-05-22 20:21 ` Mark H Weaver 2015-05-23 9:41 ` rekado 2015-05-23 14:22 ` Ludovic Courtès 1 sibling, 1 reply; 16+ messages in thread From: Mark H Weaver @ 2015-05-22 20:21 UTC (permalink / raw) To: rekado; +Cc: guix-devel Mark H Weaver <mhw@netris.org> writes: > The problem turned out to be that on rekado's system, / was owned by > user "rekado" with mode 700. One possibility is that he created this filesystem from some nice GUI disk utility from Fedora, before running our USB installer. Perhaps 'guix system init' should explicitly set the ownership and permissions on the target root directory? Mark ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: Re: permission denied: /gnu/store/...guile... 2015-05-22 20:21 ` Mark H Weaver @ 2015-05-23 9:41 ` rekado 0 siblings, 0 replies; 16+ messages in thread From: rekado @ 2015-05-23 9:41 UTC (permalink / raw) To: Mark H Weaver; +Cc: guix-devel ---- On Sat, 23 May 2015 04:21:40 +0800 Mark H Weaver wrote ---- >Mark H Weaver <mhw@netris.org> writes: > >> The problem turned out to be that on rekado's system, / was owned by >> user "rekado" with mode 700. > >One possibility is that he created this filesystem from some nice GUI >disk utility from Fedora, before running our USB installer. He did not :) I did use rsync on the freshly formatted disk to move a couple of directories. This probably resulted in a change of ownership of the root on that partition. >Perhaps 'guix system init' should explicitly set the ownership and >permissions on the target root directory? That would be much appreciated. ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: permission denied: /gnu/store/...guile... 2015-05-22 20:15 ` Mark H Weaver 2015-05-22 20:21 ` Mark H Weaver @ 2015-05-23 14:22 ` Ludovic Courtès 2015-05-23 16:26 ` Mark H Weaver 1 sibling, 1 reply; 16+ messages in thread From: Ludovic Courtès @ 2015-05-23 14:22 UTC (permalink / raw) To: Mark H Weaver; +Cc: guix-devel [-- Attachment #1: Type: text/plain, Size: 501 bytes --] Mark H Weaver <mhw@netris.org> skribis: > The problem turned out to be that on rekado's system, / was owned by > user "rekado" with mode 700. Oh, I see. I would never have thought of this! > Perhaps 'guix system init' should explicitly set the ownership and > permissions on the target root directory? Here’s a tentative patch. I wonder if the activation code shouldn’t systematically do (chown "/" 0 0) as well. Thoughts? Thank you both for investigating! Ludo’. [-- Warning: decoded text below may be mangled, UTF-8 assumed --] [-- Attachment #2: Type: text/x-patch, Size: 804 bytes --] diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm index 8d5fbe5..2cf6a43 100644 --- a/guix/scripts/system.scm +++ b/guix/scripts/system.scm @@ -145,6 +145,14 @@ When GRUB? is true, install GRUB on DEVICE, using GRUB.CFG." ;; Copy items to the new store. (copy-closure to-copy target #:log-port log-port))))) + ;; Make sure TARGET is root-owned when running as root, but still allow + ;; non-root uses (useful for testing.) + (if (zero? (getuid)) + (chown target 0 0) + (warning (_ "not running as 'root', so \ +the ownership of '~a' may be incorrect!~%") + target)) + (let ((os-dir (derivation->output-path os-drv)) (format (lift format %store-monad)) (populate (lift2 populate-root-file-system %store-monad))) ^ permalink raw reply related [flat|nested] 16+ messages in thread
* Re: permission denied: /gnu/store/...guile... 2015-05-23 14:22 ` Ludovic Courtès @ 2015-05-23 16:26 ` Mark H Weaver 2015-05-23 22:28 ` Ludovic Courtès 0 siblings, 1 reply; 16+ messages in thread From: Mark H Weaver @ 2015-05-23 16:26 UTC (permalink / raw) To: Ludovic Courtès; +Cc: guix-devel ludo@gnu.org (Ludovic Courtès) writes: > Mark H Weaver <mhw@netris.org> skribis: > >> The problem turned out to be that on rekado's system, / was owned by >> user "rekado" with mode 700. > > Oh, I see. I would never have thought of this! > >> Perhaps 'guix system init' should explicitly set the ownership and >> permissions on the target root directory? > > Here’s a tentative patch. [...] > diff --git a/guix/scripts/system.scm b/guix/scripts/system.scm > index 8d5fbe5..2cf6a43 100644 > --- a/guix/scripts/system.scm > +++ b/guix/scripts/system.scm > @@ -145,6 +145,14 @@ When GRUB? is true, install GRUB on DEVICE, using GRUB.CFG." > ;; Copy items to the new store. > (copy-closure to-copy target #:log-port log-port))))) > > + ;; Make sure TARGET is root-owned when running as root, but still allow > + ;; non-root uses (useful for testing.) > + (if (zero? (getuid)) > + (chown target 0 0) I would suggest using (geteuid) instead. Also, we should set the mode. In this particular case, if we had changed the owner without also changing the mode, rekado's system still would have been quite broken. > I wonder if the activation code shouldn’t systematically do > (chown "/" 0 0) as well. > > Thoughts? I'm not sure. Trying to fix individual things during activation that might have been broken is a slippery slope. We cannot hope to fix everything that might have been broken using this approach, and on the other hand we might undo some change that the user made intentionally. For now, I would probably do this only from 'guix system init', but I don't feel strongly either way. Thanks! Mark ^ permalink raw reply [flat|nested] 16+ messages in thread
* Re: permission denied: /gnu/store/...guile... 2015-05-23 16:26 ` Mark H Weaver @ 2015-05-23 22:28 ` Ludovic Courtès 0 siblings, 0 replies; 16+ messages in thread From: Ludovic Courtès @ 2015-05-23 22:28 UTC (permalink / raw) To: Mark H Weaver; +Cc: guix-devel Mark H Weaver <mhw@netris.org> skribis: > ludo@gnu.org (Ludovic Courtès) writes: > >> Mark H Weaver <mhw@netris.org> skribis: [...] > I would suggest using (geteuid) instead. Also, we should set the mode. > In this particular case, if we had changed the owner without also > changing the mode, rekado's system still would have been quite broken. Good points. I have taken these into accounts and committed as 4a35a86. >> I wonder if the activation code shouldn’t systematically do >> (chown "/" 0 0) as well. >> >> Thoughts? > > I'm not sure. Trying to fix individual things during activation that > might have been broken is a slippery slope. We cannot hope to fix > everything that might have been broken using this approach, and on the > other hand we might undo some change that the user made intentionally. Yeah, makes sense to me. Thanks! Ludo’. ^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2015-05-23 22:28 UTC | newest] Thread overview: 16+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-05-20 7:06 permission denied: /gnu/store/...guile rekado 2015-05-20 8:17 ` Andreas Enge 2015-05-20 11:24 ` Daniel Pimentel 2015-05-20 12:24 ` Ludovic Courtès 2015-05-20 13:12 ` Daniel Pimentel 2015-05-20 17:24 ` Alex Kost 2015-05-21 20:40 ` Synaptics & libinput driver Ludovic Courtès 2015-05-20 12:18 ` permission denied: /gnu/store/...guile Ludovic Courtès 2015-05-20 20:56 ` rekado 2015-05-21 8:03 ` Ludovic Courtès 2015-05-22 20:15 ` Mark H Weaver 2015-05-22 20:21 ` Mark H Weaver 2015-05-23 9:41 ` rekado 2015-05-23 14:22 ` Ludovic Courtès 2015-05-23 16:26 ` Mark H Weaver 2015-05-23 22:28 ` Ludovic Courtès
Code repositories for project(s) associated with this external index https://git.savannah.gnu.org/cgit/guix.git This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.