From mboxrd@z Thu Jan  1 00:00:00 1970
From: Chris Marusich <cmmarusich@gmail.com>
Subject: bug#30728: guix-install.sh doesn't work if run with "sudo"
Date: Tue, 27 Mar 2018 18:08:40 +0200
Message-ID: <87k1txwlfb.fsf@gmail.com>
References: <87zi3lh6mb.fsf@lassieur.org> <871sgbdj2x.fsf@lassieur.org>
	<87d0zsn391.fsf@gmail.com> <87efk79s81.fsf@lassieur.org>
	<87woxyez9t.fsf@elephly.net> <87lgedx4qf.fsf@lassieur.org>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:46957)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1f0r9l-0005vL-QD
	for bug-guix@gnu.org; Tue, 27 Mar 2018 12:09:07 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1f0r9i-00052b-Tw
	for bug-guix@gnu.org; Tue, 27 Mar 2018 12:09:05 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:48266)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1f0r9i-00052R-OZ
	for bug-guix@gnu.org; Tue, 27 Mar 2018 12:09:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1f0r9i-0001oC-Cg
	for bug-guix@gnu.org; Tue, 27 Mar 2018 12:09:02 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.30728.B30728.15221669356940@debbugs.gnu.org>
In-Reply-To: <87lgedx4qf.fsf@lassieur.org> ("=?UTF-8?Q?Cl=C3=A9ment?=
	Lassieur"'s message of "Tue, 27 Mar 2018 11:11:36 +0200")
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: =?UTF-8?Q?Cl=C3=A9ment?= Lassieur <clement@lassieur.org>
Cc: 30728@debbugs.gnu.org

--==-=-=
Content-Type: multipart/mixed; boundary="=-=-="

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Cl=C3=A9ment Lassieur <clement@lassieur.org> writes:

> Ricardo Wurmus <rekado@elephly.net> writes:
>
>> Cl=C3=A9ment Lassieur <clement@lassieur.org> writes:
>>
>>>> The manual says (see: (guix) Binary Installation):
>>>>
>>>>   3. Make =E2=80=98root=E2=80=99=E2=80=99s profile available under =E2=
=80=98~/.guix-profile=E2=80=99:
>>>>
>>>>           # ln -sf /var/guix/profiles/per-user/root/guix-profile \
>>>>                    ~root/.guix-profile
>>>
>>> I think the manual is wrong here.  This only makes sense if the user is
>>> 'root'.  Otherwise, the user would expect Guix to be installed in their
>>> home, not in root's home.
>>
>> Step 2 says =E2=80=9CAs root, run: [=E2=80=A6]=E2=80=9D.  =E2=80=9C~root=
=E2=80=9D resolves to =E2=80=9C/root=E2=80=9D, not to
>> =E2=80=9C$HOME/root=E2=80=9D, so it even works when run as a regular use=
r.
>>
>> The manual seems correct to me and this is what the script aims to
>> implement.
>
> But ~/.guix-profile may resolve to /home/user/.guix-profile.  So it
> should be ~root/.guix-profile instead of ~/.guix-profile.

Ah, I think I now see the cause of our miscommunication.

It's possible to interpret the manual's use of ~ and $HOME to mean "the
unprivileged user's home directory", instead of "root's home directory".
I think that's a mistake in the manual, since the "ln" clearly makes
root's profile available under root's home directory, and the step
involving $HOME doesn't make sense unless $HOME expands to root's home
directory.

I've updated my patch; it now also changes the following line...

  3. Make =E2=80=98root=E2=80=99=E2=80=99s profile available under =E2=80=
=98~/.guix-profile=E2=80=99:

...to this:

  3. Make =E2=80=98root=E2=80=99=E2=80=99s profile available under =E2=80=
=98~root/.guix-profile=E2=80=99:

How does that sound?

=2D-=20
Chris

--=-=-=
Content-Type: text/x-patch
Content-Disposition: attachment;
 filename=0001-guix-install.sh-Explicitly-set-root-s-home-directory.patch
Content-Transfer-Encoding: quoted-printable

From=208e23b7ee5a3b5c600fcd5e29f08458f33cf37c66 Mon Sep 17 00:00:00 2001
From: Chris Marusich <cmmarusich@gmail.com>
Date: Sun, 25 Mar 2018 06:47:42 +0200
Subject: [PATCH] guix-install.sh: Explicitly set root's home directory.

* etc/guix-install.sh (ROOT_HOME): New variable.
  (sys_create_store, sys_enable_guix_daemon, sys_authorize_build_farms):
  Use ROOT_HOME instead of ~root or the HOME environment variable.
* doc/guix.texi (Binary Installation): Instead of assuming that ~ and
  $HOME refer to root's directory simply because commands are being run
  as root, explicilty refer to it via ~root.

Fixes: <https://bugs.gnu.org/30728>
=2D--
 doc/guix.texi       |  4 ++--
 etc/guix-install.sh | 19 ++++++++++++-------
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 49b3dd10d..aab3a7273 100644
=2D-- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -471,7 +471,7 @@ archive content is independent of its creation time, th=
us making it
 reproducible.
=20
 @item
=2DMake @code{root}'s profile available under @file{~/.guix-profile}:
+Make @code{root}'s profile available under @file{~root/.guix-profile}:
=20
 @example
 # ln -sf /var/guix/profiles/per-user/root/guix-profile \
@@ -482,7 +482,7 @@ Source @file{etc/profile} to augment @code{PATH} and ot=
her relevant
 environment variables:
=20
 @example
=2D# GUIX_PROFILE=3D$HOME/.guix-profile ; \
+# GUIX_PROFILE=3D"`echo ~root`/.guix-profile" ; \
   source $GUIX_PROFILE/etc/profile
 @end example
=20
diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index 933492a33..78cd7580b 100755
=2D-- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -50,6 +50,11 @@ DEBUG=3D0
 GNU_URL=3D"https://alpha.gnu.org/gnu/guix/"
 OPENPGP_SIGNING_KEY_ID=3D"3CE464558A84FDC69DB40CFB090B11993D9AEBB5"
=20
+# This script needs to know where root's home directory is.  However, we
+# cannot simply use the HOME environment variable, since there is no guara=
ntee
+# that it points to root's home directory.
+ROOT_HOME=3D"$(echo ~root)"
+
 # ------------------------------------------------------------------------=
------
 #+UTILITIES
=20
@@ -264,9 +269,9 @@ sys_create_store()
=20
     _msg "${INF}Linking the root user's profile"
     ln -sf /var/guix/profiles/per-user/root/guix-profile \
=2D       ~root/.guix-profile
+       "${ROOT_HOME}/.guix-profile"
=20
=2D    GUIX_PROFILE=3D"${HOME}/.guix-profile"
+    GUIX_PROFILE=3D"${ROOT_HOME}/.guix-profile"
     source "${GUIX_PROFILE}/etc/profile"
     _msg "${PAS}activated root profile at /root/.guix-profile"
 }
@@ -316,13 +321,13 @@ sys_enable_guix_daemon()
     case "$INIT_SYS" in
         upstart)
             { initctl reload-configuration;
=2D              cp ~root/.guix-profile/lib/upstart/system/guix-daemon.conf=
 \
+              cp "${ROOT_HOME}/.guix-profile/lib/upstart/system/guix-daemo=
n.conf" \
                  /etc/init/ &&
                   start guix-daemon; } &&
                 _msg "${PAS}enabled Guix daemon via upstart"
             ;;
         systemd)
=2D            { cp ~root/.guix-profile/lib/systemd/system/guix-daemon.serv=
ice \
+            { cp "${ROOT_HOME}/.guix-profile/lib/systemd/system/guix-daemo=
n.service" \
                  /etc/systemd/system/;
               chmod 664 /etc/systemd/system/guix-daemon.service;
               systemctl daemon-reload &&
@@ -332,7 +337,7 @@ sys_enable_guix_daemon()
             ;;
         NA|*)
             _msg "${ERR}unsupported init system; run the daemon manually:"
=2D            echo "  ~root/.guix-profile/bin/guix-daemon --build-users-gr=
oup=3Dguixbuild"
+            echo "  ${ROOT_HOME}/.guix-profile/bin/guix-daemon --build-use=
rs-group=3Dguixbuild"
             ;;
     esac
=20
@@ -352,9 +357,9 @@ sys_authorize_build_farms()
     while true; do
         read -p "Permit downloading pre-built package binaries from the pr=
oject's build farms? (yes/no) " yn
         case $yn in
=2D            [Yy]*) guix archive --authorize < ~root/.guix-profile/share/=
guix/hydra.gnu.org.pub &&
+            [Yy]*) guix archive --authorize < "${ROOT_HOME}/.guix-profile/=
share/guix/hydra.gnu.org.pub" &&
                          _msg "${PAS}Authorized public key for hydra.gnu.o=
rg";
=2D                   guix archive --authorize < ~root/.guix-profile/share/=
guix/berlin.guixsd.org.pub &&
+                   guix archive --authorize < "${ROOT_HOME}/.guix-profile/=
share/guix/berlin.guixsd.org.pub" &&
                        _msg "${PAS}Authorized public key for berlin.guixsd=
.org";
                    break;;
             [Nn]*) _msg "${INF}Skipped authorizing build farm public keys"
=2D-=20
2.15.1


--=-=-=--

--==-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlq6bIgACgkQ3UCaFdgi
Rp0e0w/8Cjlz4MXAPguU45L3U8eG0e9MDvvD+NseCmWtQh9NbqdOEBpwKEra2n5H
q5Iz/Ja9I1tR5kIjkGAsDM9dU2kKceekHG1H9gtPIPPhaxLuYwwMzpTx37026ruA
Xj7v6ubXf/zyW7n6Y9qkiJG18pfoHn2lcDZgjaTc+atrAg3l7eiTT3IglJ/+khcw
Nd+ox7Dxd1PAl7Uf/5hkifo+puxTtuGgWZaEiLrIQFFp+X3NkiO7WZ4vL/rS2V23
Mlgte7PdIVWWpx8U/mS0nRF82b8VCUteIHxaHSW6LjaCPV1al7czDJ7gSNmMYvay
Z7lFc4zDde1P9KS5fVF56Rjhv2UJ9+Tp8Vs3c6jyczotc3+e2oC/3EN4wqRHQYpj
dDkXfYW2mZETceKSmjf/ZsSU2nVEaj8G7dHmrUNb/ZU2b+aco1XXRic4Tlwlxk0+
+oM50YxQSVVvcqjaLgKxiCmJK4FqmA/3+i5ctOR2ND/+BycDhCF7dAiBRjStkhUJ
NBh7RUaAw1qcx23OjsfoVnFSS64JcM2hmRp3/ipoM2oRUJI8FDwDrgJGljFhkcof
LCI8xUil8BNbORbeqxHDMHrYbuShVZit9qSMb4P+5o2j2jCf2NH2jJTbZufmOYFO
IShsbx3SDHTevo/dx3cWLBfUZi1LSJGtViQ0AipRhGsmy+LOia8=
=iixW
-----END PGP SIGNATURE-----
--==-=-=--