From mboxrd@z Thu Jan 1 00:00:00 1970 From: Maxim Cournoyer Subject: bug#36785: Impossible to pull on foreign distro Date: Sat, 21 Sep 2019 21:31:16 +0900 Message-ID: <87pnjt6dbf.fsf@gmail.com> References: <6733C9AB-E5C1-4B63-8F0E-04CD1BB32338@lepiller.eu> <874l39ra37.fsf@gnu.org> <3DC355B8-FE36-4C4E-BBC9-EEC5F580AF0D@lepiller.eu> <87tvb9qktd.fsf@gnu.org> <87woe6fune.fsf@gnu.org> <87pnjv73sg.fsf@gmail.com> <87woe3otut.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:55068) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iBeYW-0006rq-5R for bug-guix@gnu.org; Sat, 21 Sep 2019 08:32:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iBeYU-00089I-HU for bug-guix@gnu.org; Sat, 21 Sep 2019 08:32:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50488) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1iBeYU-00089C-EC for bug-guix@gnu.org; Sat, 21 Sep 2019 08:32:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1iBeYU-0000s8-93 for bug-guix@gnu.org; Sat, 21 Sep 2019 08:32:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87woe3otut.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Fri, 20 Sep 2019 17:44:26 +0200") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 36785@debbugs.gnu.org --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello, Ludovic Court=C3=A8s writes: > Maxim Cournoyer skribis: > >> Indeed, the default recommended invocation to update the root's guix >> could be changed to be 'sudo -i guix pull', which should work on all >> systems including Ubuntu. > > Oh right. Could you make this change in the manual? > > Thanks, > Ludo=E2=80=99. I looked at what was in the manual, and became less sure, thought maybe 'sudo -E' could be better, so I've done the following little experiment using Docker to test an Ubuntu enviroment: Here's the Dockerfile, with instructions to reproduce in it: =2D-8<---------------cut here---------------start------------->8--- FROM ubuntu RUN apt-get update && apt-get install sudo RUN useradd -ms /bin/bash user RUN usermod -aG sudo user RUN echo user:user | chpasswd USER user CMD bash # To test (in the directory where this file is written as 'Dockerfile'): # docker build . # docker run -it --rm # Then run the following commands: # export PATH=3Dextra-stuff:$PATH # sudo -E sh -c 'echo -e "env when using -E: \n$(env)\n\n"' # sudo -i sh -c 'echo -e "env when using -i: \n$(env)\n\n"' # sudo sh -c 'echo -e "env with plain sudo: $(env)\n\n"' =2D-8<---------------cut here---------------end--------------->8--- And the result: =2D-8<---------------cut here---------------start------------->8--- echo $PATH echo $PATH extra-stuff:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 0;user@e538556bf337: /=07user@e538556bf337:/$ sudo -E sh -c 'echo -e "env w= hen using -E: \n$(env)\n\n"' sudo -E sh -c 'echo -e "env when using -E: \n$(env)\n\n"' =2De env when using -E: SUDO_GID=3D1000 USER=3Droot HOSTNAME=3De538556bf337 SHLVL=3D1 HOME=3D/home/user SUDO_UID=3D1000 LOGNAME=3Droot _=3D/usr/bin/sudo TERM=3Dxterm USERNAME=3Droot PATH=3D/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/b= in LS_COLORS=3Drs=3D0:di=3D01;34:[...] SUDO_COMMAND=3D/bin/sh -c echo -e "env when using -E: $(env) " SHELL=3D/bin/bash SUDO_USER=3Duser PWD=3D/ 0;user@e538556bf337: /=07user@e538556bf337:/$ sudo -i sh -c 'echo -e "env w= hen using -i: \n$(env)\n\n"' sudo -i sh -c 'echo -e "env when using -i: \n$(env)\n\n"' =2De env when using -i: SUDO_GID=3D1000 MAIL=3D/var/mail/root USER=3Droot HOSTNAME=3De538556bf337 SHLVL=3D1 HOME=3D/root SUDO_UID=3D1000 LOGNAME=3Droot _=3D/bin/sh USERNAME=3Droot TERM=3Dxterm PATH=3D/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/b= in LS_COLORS=3Drs=3D0:di=3D01;34:ln=3D01;36: [...] $(env) " SHELL=3D/bin/bash SUDO_USER=3Duser PWD=3D/root user@e538556bf337: /=07user@e538556bf337:/$ sudo sh -c 'echo -e "env with p= lain sudo: $(env)\n\n"' sudo sh -c 'echo -e "env with plain sudo: $(env)\n\n"' =2De env with plain sudo: SUDO_GID=3D1000 MAIL=3D/var/mail/root USER=3Droot HOSTNAME=3De538556bf337 HOME=3D/home/user SUDO_UID=3D1000 LOGNAME=3Droot TERM=3Dxterm USERNAME=3Droot PATH=3D/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/b= in LS_COLORS=3Drs=3D0:di=3D01;34:ln=3D01;36: [...] SUDO_COMMAND=3D/bin/sh -c echo -e "env with plain sudo: $(env) " SHELL=3D/bin/bash SUDO_USER=3Duser PWD=3D/ =2D-8<---------------cut here---------------end--------------->8--- What do we get from this? Well, first, the user's PATH is *not* preserved when using 'sudo', at least on Debian and Ubuntu. These are configured out of the box to reset the PATH to a 'safe' value, even when using the -E option of sudo. We also see, as Ludovic found out, that the user's HOME is preserved for the normal invocation of sudo on Ubuntu. In light of this, I suggest the attached patch to our documentation. It's a bit sub-optimal in that it modifies a section of the 'Guix System', which behaved as described; but given that it's the only place where we mention of 'sudo guix pull', better safe than sorry, I'd say (foreign distribution users might read it, thinking it also applies to themselves). Does that seem worthwile/reasonable? --=-=-= Content-Type: text/x-patch Content-Disposition: attachment; filename=0001-doc-Adapt-the-guix-pull-command-recommendation.patch Content-Transfer-Encoding: quoted-printable From=20bfa2f754592a00fefa4fcd20080582268b6273dd Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Sat, 21 Sep 2019 20:36:04 +0900 Subject: [PATCH] doc: Adapt the guix pull command recommendation. This change follows the discussion for issue #36785 (see: https://bugs.gnu.org/36785). * doc/guix.texi (After System Installation): Add the '-i' sudo option to the suggested commands used to keep a Guix System up-to-date. Although this section is specific to Guix System, it is likely to be read by users of foreign GNU/Linux distributions as well. Remove the note, given that sudo doesn't preserve the user's PATH on foreign distributions such as Debian. =2D-- doc/guix.texi | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 0ed59072c9..3690e3b152 100644 =2D-- a/doc/guix.texi +++ b/doc/guix.texi @@ -2387,8 +2387,8 @@ Success, you've now booted into Guix System! From th= en on, you can update the system whenever you want by running, say: =20 @example =2Dguix pull =2Dsudo guix system reconfigure /etc/config.scm +sudo -i guix pull +sudo -i guix system reconfigure /etc/config.scm @end example =20 @noindent @@ -2396,14 +2396,6 @@ This builds a new system generation with the latest = packages and services (@pxref{Invoking guix system}). We recommend doing that regularly so that your system includes the latest security updates (@pxref{Security Updates}= ). =20 =2D@c See . =2D@quotation Note =2D@cindex sudo vs. @command{guix pull} =2DNote that @command{sudo guix} runs your user's @command{guix} command and =2D@emph{not} root's, because @command{sudo} leaves @code{PATH} unchanged. = To =2Dexplicitly run root's @command{guix}, type @command{sudo -i guix @dots{}= }. =2D@end quotation =2D Join us on @code{#guix} on the Freenode IRC network or on @email{guix-devel@@gnu.org} to share your experience! =20 =2D-=20 2.23.0 --=-=-= Content-Type: text/plain Thanks, Maxim --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEJ9WGpPiQCFQyn/CfEmDkZILmNWIFAl2GGBQACgkQEmDkZILm NWLV9BAAkGt82u3y+MSaNkr8coJCT3W7f5MSd+caCBd/GGp/wP4jyO9ALal7ATuk Yu5ClnphDf3Q5KTJBaFkVolckyAKuXLVFdwvm3z78RZzYecSkgaKQtlOxcAdB/rU 4awBjkHb89S0V1ogHhJwj+UcJ4z3D/Mk1MiA5WmqUamPlRaQJisQsUWpm42S4F5E jbBBxzTW6IANssVTzbXiuxdqnyug1qraQjq8gmSAD9Thd7Kxnr5f49nSSJp93Glg fZP7LxNgnBPFVhgE9urQSGvTCg6SgSi1VVREcJQZ7pHcZerRjbSJ8QA8zd1EWijR /Z1k3hlP6xo3EpTFrAMTep7xK+oI8JL+4CUw+vL7/m/uv+3JrcqzEX2M6p3I23NW KB8DmkUlh6mzZ270YhGsgmqkujMSuZK9Z8tcVf80ZbIVkZZYDpJTGR4CXYP3zhDW BR6Qad51kqGEQjdvAZIXHF79zvpbOvQfV+iKMy4mqIK5rP2c+oYHWGU4A6nwjA+m mSSBb5ssBm8JF4p9w6uv68m+bD9lOzacHf8QXSeF8ga5VURYqp9S3clGRE2TJL40 /gD3Bxdal5LqlWE4d+5PCHFIsee3BF9/mBw9wwnxK53ZX7xc9Tp+b9rYtvbiCVYi OhEHyBcT7k6YMF+TG5SWtw7yjLihhvYcjyRP2fF0l0zcKAp78Hg= =fDx5 -----END PGP SIGNATURE----- --==-=-=--