bug#30728: guix-install.sh doesn't work if run with "sudo"

bug#30728: guix-install.sh doesn't work if run with "sudo"

[Clément Lassieur]

Clément Lassieur <clement@lassieur.org> writes:

> Hi,
>
> My system is Ubuntu 16.04.
>
> I ran './guix-install.sh' and got the message: "This script must be run
> as root.".  So I ran 'sudo ./guix-install.sh' and got an error message
> saying that:
>
>     GUIX_PROFILE="${HOME}/.guix-profile"
>     source "${GUIX_PROFILE}/etc/profile"
>
> the 'source' command doesn't work because ${GUIX_PROFILE} was never
> created, ${HOME} being /home/clement, not /root.
>
> To recover from this I had to manually delete /var/guix and /gnu, log as
> root with 'su', and start again.
>
> Clément

I believe the script should install Guix in the user's home directory,
not in ~root.

bug#30728: guix-install.sh doesn't work if run with "sudo"

[Chris Marusich]

[-- Attachment #1.1: Type: text/plain, Size: 2146 bytes --]

Clément Lassieur <clement@lassieur.org> writes:

> Clément Lassieur <clement@lassieur.org> writes:
>
>> Hi,
>>
>> My system is Ubuntu 16.04.
>>
>> I ran './guix-install.sh' and got the message: "This script must be run
>> as root.".  So I ran 'sudo ./guix-install.sh' and got an error message
>> saying that:
>>
>>     GUIX_PROFILE="${HOME}/.guix-profile"
>>     source "${GUIX_PROFILE}/etc/profile"
>>
>> the 'source' command doesn't work because ${GUIX_PROFILE} was never
>> created, ${HOME} being /home/clement, not /root.
>>
>> To recover from this I had to manually delete /var/guix and /gnu, log as
>> root with 'su', and start again.
>>
>> Clément
>
> I believe the script should install Guix in the user's home directory,
> not in ~root.

The manual says (see: (guix) Binary Installation):

  3. Make ‘root’’s profile available under ‘~/.guix-profile’:

          # ln -sf /var/guix/profiles/per-user/root/guix-profile \
                   ~root/.guix-profile

     Source ‘etc/profile’ to augment ‘PATH’ and other relevant
     environment variables:

          # GUIX_PROFILE=$HOME/.guix-profile ; \
            source $GUIX_PROFILE/etc/profile

I believe the expectation here is that $HOME will expand to root's home
directory.  Look at the previous ln invocation: we set up a symlink for
the .guix-profile in root's home directory, so it's pretty clear that
$HOME/.guix-profile is supposed to point to that profile.

I think there is a tacit assumption in the manual and the
guix-install.sh script that the HOME environment variable will refer to
root's home directory, which is not always true.  For example, on
current Ubuntu, if you run sudo with no arguments, you will find that
the HOME environment variable still points to your unprivileged user's
home directory, not to root's home directory.  This is because sudo can
be configured in many ways, and on Ubuntu, they have chosen to configure
it in that way.  On other systems, it might behave differently.

I've attached a patch which should fix this.  Can you confirm whether it
works?

-- 
Chris

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: 0001-guix-install.sh-Explicitly-set-root-s-home-directory.patch --]
[-- Type: text/x-patch, Size: 4310 bytes --]

From 3a774d199a59308c3a8e423b6093cd174c9384e4 Mon Sep 17 00:00:00 2001
From: Chris Marusich <cmmarusich@gmail.com>
Date: Sun, 25 Mar 2018 06:47:42 +0200
Subject: [PATCH] guix-install.sh: Explicitly set root's home directory.

* etc/guix-install.sh (ROOT_HOME): New variable.
  (sys_create_store, sys_enable_guix_daemon, sys_authorize_build_farms):
  Use ROOT_HOME instead of ~root or the HOME environment variable.
* doc/guix.texi (Binary Installation): Instead of assuming that $HOME
  refers to root's directory simply because commands are being run as
  root, explicilty refer to it via ~root.

Fixes: <https://bugs.gnu.org/30728>
---
 doc/guix.texi       |  2 +-
 etc/guix-install.sh | 19 ++++++++++++-------
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 49b3dd10d..285f0c300 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -482,7 +482,7 @@ Source @file{etc/profile} to augment @code{PATH} and other relevant
 environment variables:
 
 @example
-# GUIX_PROFILE=$HOME/.guix-profile ; \
+# GUIX_PROFILE="`echo ~root`/.guix-profile" ; \
   source $GUIX_PROFILE/etc/profile
 @end example
 
diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index 933492a33..78cd7580b 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -50,6 +50,11 @@ DEBUG=0
 GNU_URL="https://alpha.gnu.org/gnu/guix/"
 OPENPGP_SIGNING_KEY_ID="3CE464558A84FDC69DB40CFB090B11993D9AEBB5"
 
+# This script needs to know where root's home directory is.  However, we
+# cannot simply use the HOME environment variable, since there is no guarantee
+# that it points to root's home directory.
+ROOT_HOME="$(echo ~root)"
+
 # ------------------------------------------------------------------------------
 #+UTILITIES
 
@@ -264,9 +269,9 @@ sys_create_store()
 
     _msg "${INF}Linking the root user's profile"
     ln -sf /var/guix/profiles/per-user/root/guix-profile \
-       ~root/.guix-profile
+       "${ROOT_HOME}/.guix-profile"
 
-    GUIX_PROFILE="${HOME}/.guix-profile"
+    GUIX_PROFILE="${ROOT_HOME}/.guix-profile"
     source "${GUIX_PROFILE}/etc/profile"
     _msg "${PAS}activated root profile at /root/.guix-profile"
 }
@@ -316,13 +321,13 @@ sys_enable_guix_daemon()
     case "$INIT_SYS" in
         upstart)
             { initctl reload-configuration;
-              cp ~root/.guix-profile/lib/upstart/system/guix-daemon.conf \
+              cp "${ROOT_HOME}/.guix-profile/lib/upstart/system/guix-daemon.conf" \
                  /etc/init/ &&
                   start guix-daemon; } &&
                 _msg "${PAS}enabled Guix daemon via upstart"
             ;;
         systemd)
-            { cp ~root/.guix-profile/lib/systemd/system/guix-daemon.service \
+            { cp "${ROOT_HOME}/.guix-profile/lib/systemd/system/guix-daemon.service" \
                  /etc/systemd/system/;
               chmod 664 /etc/systemd/system/guix-daemon.service;
               systemctl daemon-reload &&
@@ -332,7 +337,7 @@ sys_enable_guix_daemon()
             ;;
         NA|*)
             _msg "${ERR}unsupported init system; run the daemon manually:"
-            echo "  ~root/.guix-profile/bin/guix-daemon --build-users-group=guixbuild"
+            echo "  ${ROOT_HOME}/.guix-profile/bin/guix-daemon --build-users-group=guixbuild"
             ;;
     esac
 
@@ -352,9 +357,9 @@ sys_authorize_build_farms()
     while true; do
         read -p "Permit downloading pre-built package binaries from the project's build farms? (yes/no) " yn
         case $yn in
-            [Yy]*) guix archive --authorize < ~root/.guix-profile/share/guix/hydra.gnu.org.pub &&
+            [Yy]*) guix archive --authorize < "${ROOT_HOME}/.guix-profile/share/guix/hydra.gnu.org.pub" &&
                          _msg "${PAS}Authorized public key for hydra.gnu.org";
-                   guix archive --authorize < ~root/.guix-profile/share/guix/berlin.guixsd.org.pub &&
+                   guix archive --authorize < "${ROOT_HOME}/.guix-profile/share/guix/berlin.guixsd.org.pub" &&
                        _msg "${PAS}Authorized public key for berlin.guixsd.org";
                    break;;
             [Nn]*) _msg "${INF}Skipped authorizing build farm public keys"
-- 
2.15.1


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

bug#30728: guix-install.sh doesn't work if run with "sudo"

[Clément Lassieur]

Hi Chris,

Chris Marusich <cmmarusich@gmail.com> writes:

> Clément Lassieur <clement@lassieur.org> writes:
>
>> Clément Lassieur <clement@lassieur.org> writes:
>>
>>> Hi,
>>>
>>> My system is Ubuntu 16.04.
>>>
>>> I ran './guix-install.sh' and got the message: "This script must be run
>>> as root.".  So I ran 'sudo ./guix-install.sh' and got an error message
>>> saying that:
>>>
>>>     GUIX_PROFILE="${HOME}/.guix-profile"
>>>     source "${GUIX_PROFILE}/etc/profile"
>>>
>>> the 'source' command doesn't work because ${GUIX_PROFILE} was never
>>> created, ${HOME} being /home/clement, not /root.
>>>
>>> To recover from this I had to manually delete /var/guix and /gnu, log as
>>> root with 'su', and start again.
>>>
>>> Clément
>>
>> I believe the script should install Guix in the user's home directory,
>> not in ~root.
>
> The manual says (see: (guix) Binary Installation):
>
>   3. Make ‘root’’s profile available under ‘~/.guix-profile’:
>
>           # ln -sf /var/guix/profiles/per-user/root/guix-profile \
>                    ~root/.guix-profile

I think the manual is wrong here.  This only makes sense if the user is
'root'.  Otherwise, the user would expect Guix to be installed in their
home, not in root's home.  We could use the HOME and USER environment
variables like this:

  # ln -sf /var/guix/profiles/per-user/$USER/guix-profile $HOME/.guix-profile

Thus, even if 'sudo' decides to change these environment variables, it
will still be consistent.

>      Source ‘etc/profile’ to augment ‘PATH’ and other relevant
>      environment variables:
>
>           # GUIX_PROFILE=$HOME/.guix-profile ; \
>             source $GUIX_PROFILE/etc/profile
>
> I believe the expectation here is that $HOME will expand to root's home
> directory.  Look at the previous ln invocation: we set up a symlink for
> the .guix-profile in root's home directory, so it's pretty clear that
> $HOME/.guix-profile is supposed to point to that profile.
>
> I think there is a tacit assumption in the manual and the
> guix-install.sh script that the HOME environment variable will refer to
> root's home directory, which is not always true.  For example, on
> current Ubuntu, if you run sudo with no arguments, you will find that
> the HOME environment variable still points to your unprivileged user's
> home directory, not to root's home directory.  This is because sudo can
> be configured in many ways, and on Ubuntu, they have chosen to configure
> it in that way.  On other systems, it might behave differently.

bug#30728: guix-install.sh doesn't work if run with "sudo"

[Marius Bakke]

[-- Attachment #1: Type: text/plain, Size: 1985 bytes --]

Clément Lassieur <clement@lassieur.org> writes:

> Hi Chris,
>
> Chris Marusich <cmmarusich@gmail.com> writes:
>
>> Clément Lassieur <clement@lassieur.org> writes:
>>
>>> Clément Lassieur <clement@lassieur.org> writes:
>>>
>>>> Hi,
>>>>
>>>> My system is Ubuntu 16.04.
>>>>
>>>> I ran './guix-install.sh' and got the message: "This script must be run
>>>> as root.".  So I ran 'sudo ./guix-install.sh' and got an error message
>>>> saying that:
>>>>
>>>>     GUIX_PROFILE="${HOME}/.guix-profile"
>>>>     source "${GUIX_PROFILE}/etc/profile"
>>>>
>>>> the 'source' command doesn't work because ${GUIX_PROFILE} was never
>>>> created, ${HOME} being /home/clement, not /root.
>>>>
>>>> To recover from this I had to manually delete /var/guix and /gnu, log as
>>>> root with 'su', and start again.
>>>>
>>>> Clément
>>>
>>> I believe the script should install Guix in the user's home directory,
>>> not in ~root.
>>
>> The manual says (see: (guix) Binary Installation):
>>
>>   3. Make ‘root’’s profile available under ‘~/.guix-profile’:
>>
>>           # ln -sf /var/guix/profiles/per-user/root/guix-profile \
>>                    ~root/.guix-profile
>
> I think the manual is wrong here.  This only makes sense if the user is
> 'root'.  Otherwise, the user would expect Guix to be installed in their
> home, not in root's home.  We could use the HOME and USER environment
> variables like this:
>
>   # ln -sf /var/guix/profiles/per-user/$USER/guix-profile $HOME/.guix-profile
>
> Thus, even if 'sudo' decides to change these environment variables, it
> will still be consistent.

The binary installation tarball only comes with a profile for 'root'.
The problem is that the installation script assumes $HOME will expand to
~root when sourcing the profile, but as you found that isn't always the
case.

~root/.guix-profile is "hard-coded" many other places in the script, so
Tatianas solution seems sensible to me.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

bug#30728: guix-install.sh doesn't work if run with "sudo"

[Ricardo Wurmus]

Clément Lassieur <clement@lassieur.org> writes:

>> The manual says (see: (guix) Binary Installation):
>>
>>   3. Make ‘root’’s profile available under ‘~/.guix-profile’:
>>
>>           # ln -sf /var/guix/profiles/per-user/root/guix-profile \
>>                    ~root/.guix-profile
>
> I think the manual is wrong here.  This only makes sense if the user is
> 'root'.  Otherwise, the user would expect Guix to be installed in their
> home, not in root's home.

Step 2 says “As root, run: […]”.  “~root” resolves to “/root”, not to
“$HOME/root”, so it even works when run as a regular user.

The manual seems correct to me and this is what the script aims to
implement.

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net

bug#30728: guix-install.sh doesn't work if run with "sudo"

[Clément Lassieur]

Ricardo Wurmus <rekado@elephly.net> writes:

> Clément Lassieur <clement@lassieur.org> writes:
>
>>> The manual says (see: (guix) Binary Installation):
>>>
>>>   3. Make ‘root’’s profile available under ‘~/.guix-profile’:
>>>
>>>           # ln -sf /var/guix/profiles/per-user/root/guix-profile \
>>>                    ~root/.guix-profile
>>
>> I think the manual is wrong here.  This only makes sense if the user is
>> 'root'.  Otherwise, the user would expect Guix to be installed in their
>> home, not in root's home.
>
> Step 2 says “As root, run: […]”.  “~root” resolves to “/root”, not to
> “$HOME/root”, so it even works when run as a regular user.
>
> The manual seems correct to me and this is what the script aims to
> implement.

But ~/.guix-profile may resolve to /home/user/.guix-profile.  So it
should be ~root/.guix-profile instead of ~/.guix-profile.

bug#30728: guix-install.sh doesn't work if run with "sudo"

[Chris Marusich]

[-- Attachment #1.1: Type: text/plain, Size: 1704 bytes --]

Clément Lassieur <clement@lassieur.org> writes:

> Ricardo Wurmus <rekado@elephly.net> writes:
>
>> Clément Lassieur <clement@lassieur.org> writes:
>>
>>>> The manual says (see: (guix) Binary Installation):
>>>>
>>>>   3. Make ‘root’’s profile available under ‘~/.guix-profile’:
>>>>
>>>>           # ln -sf /var/guix/profiles/per-user/root/guix-profile \
>>>>                    ~root/.guix-profile
>>>
>>> I think the manual is wrong here.  This only makes sense if the user is
>>> 'root'.  Otherwise, the user would expect Guix to be installed in their
>>> home, not in root's home.
>>
>> Step 2 says “As root, run: […]”.  “~root” resolves to “/root”, not to
>> “$HOME/root”, so it even works when run as a regular user.
>>
>> The manual seems correct to me and this is what the script aims to
>> implement.
>
> But ~/.guix-profile may resolve to /home/user/.guix-profile.  So it
> should be ~root/.guix-profile instead of ~/.guix-profile.

Ah, I think I now see the cause of our miscommunication.

It's possible to interpret the manual's use of ~ and $HOME to mean "the
unprivileged user's home directory", instead of "root's home directory".
I think that's a mistake in the manual, since the "ln" clearly makes
root's profile available under root's home directory, and the step
involving $HOME doesn't make sense unless $HOME expands to root's home
directory.

I've updated my patch; it now also changes the following line...

  3. Make ‘root’’s profile available under ‘~/.guix-profile’:

...to this:

  3. Make ‘root’’s profile available under ‘~root/.guix-profile’:

How does that sound?

-- 
Chris

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: 0001-guix-install.sh-Explicitly-set-root-s-home-directory.patch --]
[-- Type: text/x-patch, Size: 4648 bytes --]

From 8e23b7ee5a3b5c600fcd5e29f08458f33cf37c66 Mon Sep 17 00:00:00 2001
From: Chris Marusich <cmmarusich@gmail.com>
Date: Sun, 25 Mar 2018 06:47:42 +0200
Subject: [PATCH] guix-install.sh: Explicitly set root's home directory.

* etc/guix-install.sh (ROOT_HOME): New variable.
  (sys_create_store, sys_enable_guix_daemon, sys_authorize_build_farms):
  Use ROOT_HOME instead of ~root or the HOME environment variable.
* doc/guix.texi (Binary Installation): Instead of assuming that ~ and
  $HOME refer to root's directory simply because commands are being run
  as root, explicilty refer to it via ~root.

Fixes: <https://bugs.gnu.org/30728>
---
 doc/guix.texi       |  4 ++--
 etc/guix-install.sh | 19 ++++++++++++-------
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 49b3dd10d..aab3a7273 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -471,7 +471,7 @@ archive content is independent of its creation time, thus making it
 reproducible.
 
 @item
-Make @code{root}'s profile available under @file{~/.guix-profile}:
+Make @code{root}'s profile available under @file{~root/.guix-profile}:
 
 @example
 # ln -sf /var/guix/profiles/per-user/root/guix-profile \
@@ -482,7 +482,7 @@ Source @file{etc/profile} to augment @code{PATH} and other relevant
 environment variables:
 
 @example
-# GUIX_PROFILE=$HOME/.guix-profile ; \
+# GUIX_PROFILE="`echo ~root`/.guix-profile" ; \
   source $GUIX_PROFILE/etc/profile
 @end example
 
diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index 933492a33..78cd7580b 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -50,6 +50,11 @@ DEBUG=0
 GNU_URL="https://alpha.gnu.org/gnu/guix/"
 OPENPGP_SIGNING_KEY_ID="3CE464558A84FDC69DB40CFB090B11993D9AEBB5"
 
+# This script needs to know where root's home directory is.  However, we
+# cannot simply use the HOME environment variable, since there is no guarantee
+# that it points to root's home directory.
+ROOT_HOME="$(echo ~root)"
+
 # ------------------------------------------------------------------------------
 #+UTILITIES
 
@@ -264,9 +269,9 @@ sys_create_store()
 
     _msg "${INF}Linking the root user's profile"
     ln -sf /var/guix/profiles/per-user/root/guix-profile \
-       ~root/.guix-profile
+       "${ROOT_HOME}/.guix-profile"
 
-    GUIX_PROFILE="${HOME}/.guix-profile"
+    GUIX_PROFILE="${ROOT_HOME}/.guix-profile"
     source "${GUIX_PROFILE}/etc/profile"
     _msg "${PAS}activated root profile at /root/.guix-profile"
 }
@@ -316,13 +321,13 @@ sys_enable_guix_daemon()
     case "$INIT_SYS" in
         upstart)
             { initctl reload-configuration;
-              cp ~root/.guix-profile/lib/upstart/system/guix-daemon.conf \
+              cp "${ROOT_HOME}/.guix-profile/lib/upstart/system/guix-daemon.conf" \
                  /etc/init/ &&
                   start guix-daemon; } &&
                 _msg "${PAS}enabled Guix daemon via upstart"
             ;;
         systemd)
-            { cp ~root/.guix-profile/lib/systemd/system/guix-daemon.service \
+            { cp "${ROOT_HOME}/.guix-profile/lib/systemd/system/guix-daemon.service" \
                  /etc/systemd/system/;
               chmod 664 /etc/systemd/system/guix-daemon.service;
               systemctl daemon-reload &&
@@ -332,7 +337,7 @@ sys_enable_guix_daemon()
             ;;
         NA|*)
             _msg "${ERR}unsupported init system; run the daemon manually:"
-            echo "  ~root/.guix-profile/bin/guix-daemon --build-users-group=guixbuild"
+            echo "  ${ROOT_HOME}/.guix-profile/bin/guix-daemon --build-users-group=guixbuild"
             ;;
     esac
 
@@ -352,9 +357,9 @@ sys_authorize_build_farms()
     while true; do
         read -p "Permit downloading pre-built package binaries from the project's build farms? (yes/no) " yn
         case $yn in
-            [Yy]*) guix archive --authorize < ~root/.guix-profile/share/guix/hydra.gnu.org.pub &&
+            [Yy]*) guix archive --authorize < "${ROOT_HOME}/.guix-profile/share/guix/hydra.gnu.org.pub" &&
                          _msg "${PAS}Authorized public key for hydra.gnu.org";
-                   guix archive --authorize < ~root/.guix-profile/share/guix/berlin.guixsd.org.pub &&
+                   guix archive --authorize < "${ROOT_HOME}/.guix-profile/share/guix/berlin.guixsd.org.pub" &&
                        _msg "${PAS}Authorized public key for berlin.guixsd.org";
                    break;;
             [Nn]*) _msg "${INF}Skipped authorizing build farm public keys"
-- 
2.15.1


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

bug#30728: guix-install.sh doesn't work if run with "sudo"

[Ricardo Wurmus]

Hi Chris,

> I've updated my patch; it now also changes the following line...
>
>   3. Make ‘root’’s profile available under ‘~/.guix-profile’:
>
> ...to this:
>
>   3. Make ‘root’’s profile available under ‘~root/.guix-profile’:
>
> How does that sound?

This looks good to me.  Thank you!

-- 
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net

bug#30728: guix-install.sh doesn't work if run with "sudo"

[Chris Marusich]

[-- Attachment #1: Type: text/plain, Size: 415 bytes --]

Hi everyone,

Ricardo Wurmus <rekado@elephly.net> writes:

> This looks good to me.  Thank you!

I've committed this as 3cd4447f5639f45b7d833f6fb2adce11ea15ba1d.  If
anybody has additional concerns about the installation script or the
installation instructions, please open a new bug report for it and we
can discuss the topic further there.

Thank you for reporting this issue, Clément!

-- 
Chris

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 832 bytes --]

bug#30728: guix-install.sh doesn't work if run with "sudo"

[Clément Lassieur]

Ricardo Wurmus <rekado@elephly.net> writes:

> Hi Chris,
>
>> I've updated my patch; it now also changes the following line...
>>
>>   3. Make ‘root’’s profile available under ‘~/.guix-profile’:
>>
>> ...to this:
>>
>>   3. Make ‘root’’s profile available under ‘~root/.guix-profile’:
>>
>> How does that sound?
>
> This looks good to me.  Thank you!

I am surprised that you didn't comment on
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=30728#32 (where I explain
to you why I disagree with Guix being installed in ~root) before saying
LGTM.

bug#30728: guix-install.sh doesn't work if run with "sudo"

[Clément Lassieur]

Chris Marusich <cmmarusich@gmail.com> writes:

> Clément Lassieur <clement@lassieur.org> writes:
>
>> Ricardo Wurmus <rekado@elephly.net> writes:
>>
>>> Clément Lassieur <clement@lassieur.org> writes:
>>>
>>>>> The manual says (see: (guix) Binary Installation):
>>>>>
>>>>>   3. Make ‘root’’s profile available under ‘~/.guix-profile’:
>>>>>
>>>>>           # ln -sf /var/guix/profiles/per-user/root/guix-profile \
>>>>>                    ~root/.guix-profile
>>>>
>>>> I think the manual is wrong here.  This only makes sense if the user is
>>>> 'root'.  Otherwise, the user would expect Guix to be installed in their
>>>> home, not in root's home.
>>>
>>> Step 2 says “As root, run: […]”.  “~root” resolves to “/root”, not to
>>> “$HOME/root”, so it even works when run as a regular user.
>>>
>>> The manual seems correct to me and this is what the script aims to
>>> implement.
>>
>> But ~/.guix-profile may resolve to /home/user/.guix-profile.  So it
>> should be ~root/.guix-profile instead of ~/.guix-profile.
>
> Ah, I think I now see the cause of our miscommunication.
>
> It's possible to interpret the manual's use of ~ and $HOME to mean "the
> unprivileged user's home directory", instead of "root's home directory".
> I think that's a mistake in the manual, since the "ln" clearly makes
> root's profile available under root's home directory, and the step
> involving $HOME doesn't make sense unless $HOME expands to root's home
> directory.
>
> I've updated my patch; it now also changes the following line...
>
>   3. Make ‘root’’s profile available under ‘~/.guix-profile’:
>
> ...to this:
>
>   3. Make ‘root’’s profile available under ‘~root/.guix-profile’:
>
> How does that sound?

This fixes the documentation inconsistency, but I still think Guix
shouldn't be installed in ~root (as I explain there:
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=30728#32).

bug#30728: guix-install.sh doesn't work if run with "sudo"

[Clément Lassieur]

Chris Marusich <cmmarusich@gmail.com> writes:

> Hi everyone,
>
> Ricardo Wurmus <rekado@elephly.net> writes:
>
>> This looks good to me.  Thank you!
>
> I've committed this as 3cd4447f5639f45b7d833f6fb2adce11ea15ba1d.  If
> anybody has additional concerns about the installation script or the
> installation instructions, please open a new bug report for it and we
> can discuss the topic further there.
>
> Thank you for reporting this issue, Clément!

You're welcome Chris, thanks for the patch. :-)

bug#30728: guix-install.sh doesn't work if run with "sudo"

[Ricardo Wurmus]

Hi Clément,

> I am surprised that you didn't comment on
> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=30728#32 (where I explain
> to you why I disagree with Guix being installed in ~root) before saying
> LGTM.

Don’t be surprised: there are too many emails and I’m bound to forget
about some.  My apologies for not repyling to your email earlier.

I read your mail but I disagree with the conclusions.  It is not the job
of the installer script to install Guix for a particular user.  It is
for a site-wide installation, including the set up of the daemon and a
service script.  These things must happen as root.  The idea is that
Guix is installed for the whole site and made available to all users.

Individual users can then choose to use “guix pull” to control their own
version of Guix.

I consider it inelegant and dangerous to make the Guix installation of
an unprivileged user the variant of Guix that is used by all users on
the system.  Having it managed by the root user avoids surprises, even
on single-user systems, because the implication is that changes to the
root user’s Guix installation have system-wide effects.

The proposed patch is small and fixes the bug with regard to the
intention behind the script, so I’m happy to accept it.

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net

bug#30728: guix-install.sh doesn't work if run with "sudo"

[Clément Lassieur]

Hi Ricardo,

Ricardo Wurmus <rekado@elephly.net> writes:

> Hi Clément,
>
>> I am surprised that you didn't comment on
>> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=30728#32 (where I explain
>> to you why I disagree with Guix being installed in ~root) before saying
>> LGTM.
>
> Don’t be surprised: there are too many emails and I’m bound to forget
> about some.  My apologies for not repyling to your email earlier.

Thank you for your reply. :-)  I definitely understand.

> I read your mail but I disagree with the conclusions.  It is not the job
> of the installer script to install Guix for a particular user.  It is
> for a site-wide installation, including the set up of the daemon and a
> service script.  These things must happen as root.  The idea is that
> Guix is installed for the whole site and made available to all users.

The installation must happen with root privileges, but that doesn't mean
that Guix should be installed in ~root, because root is a particular
user.  See http://www.linfo.org/root.html:

    "/root contains configuration files for the root account, just as
    each ordinary user's home directory."

Thus I don't think things in ~root should be site-wide, and I have never
seen such things.  Site-wide stuff is usually in /var, /etc, etc.
(Which is not what I'm asking for, but in the long term it would be
better, in my opinion.)

> Individual users can then choose to use “guix pull” to control their own
> version of Guix.

And they will typically forget to update the daemon (and the site-wide
Guix).  Allowing a user to be responsible for updating Guix makes it
more likely to be updated.  Much more likely if the user doesn't need to
handle two different Guix installations.

> I consider it inelegant and dangerous to make the Guix installation of
> an unprivileged user the variant of Guix that is used by all users on
> the system.  Having it managed by the root user avoids surprises, even
> on single-user systems, because the implication is that changes to the
> root user’s Guix installation have system-wide effects.

I agree that those system-wide effects are not ideal, but I don't think
it's worse than the system-wide effects from ~root.  The implication you
are talking about isn't obvious to me, because root is a user as every
other, the only difference being its power.  Things root does shouldn't
have system-wide effects either.

And I wasn't asking to install Guix in the user's home, rather to let
them choose between two imperfect solutions.  In other words, to give
them more freedom.  For example if the user does 'sudo -E
./guix-install.sh', Guix would be installed in their home, whereas if
the user does 'sudo -H ./guix-install.sh', Guix would be installed in
~root.

Your script is very useful anyway, thank you for it!

Clément