GNU bug report logs - #36957
[PATCH] machine: Allow non-root users to deploy.

Previous Next

Full log

View this message in rfc822 format

From: zerodaysfordays <at> sdf.lonestar.org (Jakob L. Kreuze)
To: Ricardo Wurmus <rekado <at> elephly.net>
Cc: Christopher Lemmer Webber <cwebber <at> dustycloud.org>, 36957 <at> debbugs.gnu.org
Subject: [bug#36957] [PATCH v2] machine: Allow non-root users to deploy.
Date: Thu, 08 Aug 2019 16:24:47 -0400

[Message part 1 (text/plain, inline)]

Hey Ricardo,

Ricardo Wurmus <rekado <at> elephly.net> writes:

> Perhaps also wrap “NOPASSWD” in @code{…}.

Got it, thanks!

> This is a comment for future changes only: currently, we can assume that
> the remote machine already runs Guix System.  In the future “guix
> deploy” should probably also be able to initialize a system.  In that
> case “sudo” may have to be searched on the target or otherwise be
> provided.

Ah, that's a good point. I'd imagine that would involve changing a few
other things with how the REPL is spawned, too.

> (What happens if /run/setuid-programs/sudo is not available on the
> target machine?)

I'm a bit short on time before boarding this flight, so I can't test it
out at the moment, but I'm pretty sure the "failed to run..." message
condition would be thrown. I'll check and get back to you.

> I’m just stumbling upon “socket-name”.  “/var/guix” is not guaranteed to
> be the localstatedir.  It would be better to use (guix config) to
> determine the configured value.
>
> This doesn’t block this patch, of course, but it would be good to change
> this in the future.

Right, yeah. I may submit a separate patch for it shortly since it
should be a simple change.

Regards,
Jakob

[signature.asc (application/pgp-signature, inline)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.