From unknown Sat Jun 21 10:28:04 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#45295 <45295@debbugs.gnu.org> To: bug#45295 <45295@debbugs.gnu.org> Subject: Status: =?UTF-8?Q?=E2=80=9Csudo?= guix system =?UTF-8?Q?reconfigure=E2=80=9D?= triggers re-clone/update of Git checkout Reply-To: bug#45295 <45295@debbugs.gnu.org> Date: Sat, 21 Jun 2025 17:28:04 +0000 retitle 45295 =E2=80=9Csudo guix system reconfigure=E2=80=9D triggers re-cl= one/update of Git checkout reassign 45295 guix submitter 45295 Ludovic Court=C3=A8s severity 45295 important thanks From debbugs-submit-bounces@debbugs.gnu.org Thu Dec 17 09:01:51 2020 Received: (at submit) by debbugs.gnu.org; 17 Dec 2020 14:01:51 +0000 Received: from localhost ([127.0.0.1]:35108 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kptqp-00032d-Fh for submit@debbugs.gnu.org; Thu, 17 Dec 2020 09:01:51 -0500 Received: from lists.gnu.org ([209.51.188.17]:45058) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kptqn-00032V-74 for submit@debbugs.gnu.org; Thu, 17 Dec 2020 09:01:49 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:50538) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kptql-0001LZ-Tr for bug-guix@gnu.org; Thu, 17 Dec 2020 09:01:47 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:52205) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kptql-0004f7-Me for bug-guix@gnu.org; Thu, 17 Dec 2020 09:01:47 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=40154 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kptqj-0006Hn-Ct for bug-guix@gnu.org; Thu, 17 Dec 2020 09:01:47 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: bug-guix@gnu.org Subject: =?utf-8?Q?=E2=80=9Csudo?= guix system =?utf-8?Q?reconfigure?= =?utf-8?Q?=E2=80=9D?= triggers re-clone/update of Git checkout X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 27 Frimaire an 229 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 17 Dec 2020 15:01:43 +0100 Message-ID: <87mtycila0.fsf@inria.fr> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi! If you do, as a regular user: guix pull sudo guix system reconfigure =E2=80=A6 the =E2=80=98guix system reconfigure=E2=80=99, as part of the downgrade-det= ection machinery, triggers an update of the channel checkout(s) in ~root/.cache, even though ~USER/.cache is already up-to-date. One way to avoid it might be to special-case the checkout cache directory for when =E2=80=98SUDO_USER=E2=80=99 is set. Thoughts? Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Dec 23 18:16:11 2020 Received: (at control) by debbugs.gnu.org; 23 Dec 2020 23:16:11 +0000 Received: from localhost ([127.0.0.1]:54368 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ksDMW-0004r3-Py for submit@debbugs.gnu.org; Wed, 23 Dec 2020 18:16:11 -0500 Received: from eggs.gnu.org ([209.51.188.92]:49288) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ksDMR-0004qL-5T for control@debbugs.gnu.org; Wed, 23 Dec 2020 18:16:07 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:59831) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ksDMM-0006eH-1Z for control@debbugs.gnu.org; Wed, 23 Dec 2020 18:15:58 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=46724 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1ksDML-0008Go-Hh for control@debbugs.gnu.org; Wed, 23 Dec 2020 18:15:57 -0500 Date: Thu, 24 Dec 2020 00:15:55 +0100 Message-Id: <87sg7wun9w.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #45295 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) severity 45295 important quit From debbugs-submit-bounces@debbugs.gnu.org Sun Jan 17 17:06:22 2021 Received: (at 45295) by debbugs.gnu.org; 17 Jan 2021 22:06:22 +0000 Received: from localhost ([127.0.0.1]:45852 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1l1GBh-0000Pb-Vk for submit@debbugs.gnu.org; Sun, 17 Jan 2021 17:06:22 -0500 Received: from eggs.gnu.org ([209.51.188.92]:40802) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1l1GBf-0000PN-00 for 45295@debbugs.gnu.org; Sun, 17 Jan 2021 17:06:20 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:43481) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1l1GBZ-0001kd-Rs for 45295@debbugs.gnu.org; Sun, 17 Jan 2021 17:06:13 -0500 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=47788 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1l1GBY-0005xy-QT for 45295@debbugs.gnu.org; Sun, 17 Jan 2021 17:06:13 -0500 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: 45295@debbugs.gnu.org Subject: Re: bug#45295: =?utf-8?Q?=E2=80=9Csudo?= guix system =?utf-8?Q?re?= =?utf-8?Q?configure=E2=80=9D?= triggers re-clone/update of Git checkout References: <87mtycila0.fsf@inria.fr> Date: Sun, 17 Jan 2021 23:06:11 +0100 In-Reply-To: <87mtycila0.fsf@inria.fr> ("Ludovic =?utf-8?Q?Court=C3=A8s=22?= =?utf-8?Q?'s?= message of "Thu, 17 Dec 2020 15:01:43 +0100") Message-ID: <87bldnusks.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 45295 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s skribis: > If you do, as a regular user: > > guix pull > sudo guix system reconfigure =E2=80=A6 > > the =E2=80=98guix system reconfigure=E2=80=99, as part of the downgrade-d= etection > machinery, triggers an update of the channel checkout(s) in > ~root/.cache, even though ~USER/.cache is already up-to-date. > > One way to avoid it might be to special-case the checkout cache > directory for when =E2=80=98SUDO_USER=E2=80=99 is set. Attached is a prototype that first clones/fetches from ~USER/.cache into ~root/.cache, in the hope that this avoids the need to access the upstream repo. (It requires =E2=80=98set-remote-url!=E2=80=99, which is on= ly in Guile-Git =E2=80=98master=E2=80=99.) It=E2=80=99s a bit hacky but I can=E2=80=99t think of a better way to addre= ss this issue. In particular, having root use ~USER/.cache directly is not an option: it could end up creating root-owned files there. Thoughts? Ludo=E2=80=99. --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/guix/git.scm b/guix/git.scm index a5103547d3..467d199e37 100644 --- a/guix/git.scm +++ b/guix/git.scm @@ -346,10 +346,7 @@ definitely available in REPOSITORY, false otherwise." (check-out? #t) starting-commit (log-port (%make-void-port "w")) - (cache-directory - (url-cache-directory - url (%repository-cache-directory) - #:recursive? recursive?))) + (cache-directory *unspecified*)) "Update the cached checkout of URL to REF in CACHE-DIRECTORY. Return three values: the cache directory name, and the SHA1 commit (a string) corresponding to REF, and the relation of the new commit relative to STARTING-COMMIT (if @@ -381,12 +378,41 @@ it unchanged." (string-append "origin/" branch)))) (_ ref))) + (define default-cache-directory + (url-cache-directory url (%repository-cache-directory) + #:recursive? recursive?)) + + (when (and (zero? (getuid)) (getenv "SUDO_USER") + (unspecified? cache-directory)) + ;; Fetch from the sudoer's cache before attempting to reach URL. + (let* ((home (and=> (false-if-exception (getpwnam (getenv "SUDO_USER"))) + passwd:dir)) + (peer (and home (url-cache-directory + url (string-append home "/.cache/guix/checkouts") + #:recursive? recursive?)))) + (when (and peer (file-exists? peer)) + ;; Fetch from PEER. After that, the "origin" remote points to PEER, + ;; but we change it back to URL below. + (update-cached-checkout (pk 'update peer) + #:ref ref + #:recursive? recursive? + #:check-out? #f + #:cache-directory + default-cache-directory)))) + (with-libgit2 - (let* ((cache-exists? (openable-repository? cache-directory)) - (repository (if cache-exists? - (repository-open cache-directory) - (clone* url cache-directory)))) + (let* ((cache-directory (if (unspecified? cache-directory) + default-cache-directory + cache-directory)) + (cache-exists? (openable-repository? cache-directory)) + (repository (if cache-exists? + (repository-open cache-directory) + (clone* url cache-directory)))) + ;; Ensure the "origin" remote points to URL. + (set-remote-url! repository "origin" url) + ;; Only fetch remote if it has not been cloned just before. + (pk 'x cache-directory 'avail? (reference-available? repository ref)) (when (and cache-exists? (not (reference-available? repository ref))) (let ((auth-method (%make-auth-ssh-agent))) @@ -433,8 +459,6 @@ it unchanged." #:key recursive? (log-port (%make-void-port "w")) - (cache-directory - (%repository-cache-directory)) (ref '(branch . "master"))) "Return two values: the content of the git repository at URL copied into a store directory and the sha1 of the top level commit in this directory. The @@ -464,10 +488,6 @@ Log progress and checkout info to LOG-PORT." (update-cached-checkout url #:recursive? recursive? #:ref ref - #:cache-directory - (url-cache-directory url cache-directory - #:recursive? - recursive?) #:log-port log-port)) ((name) (url+commit->name url commit))) --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sun Jan 09 14:56:08 2022 Received: (at 45295) by debbugs.gnu.org; 9 Jan 2022 19:56:08 +0000 Received: from localhost ([127.0.0.1]:51387 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n6eIR-0000RQ-Qe for submit@debbugs.gnu.org; Sun, 09 Jan 2022 14:56:07 -0500 Received: from mail-wm1-f51.google.com ([209.85.128.51]:37786) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n6eIR-0000R6-2n for 45295@debbugs.gnu.org; Sun, 09 Jan 2022 14:56:07 -0500 Received: by mail-wm1-f51.google.com with SMTP id l12-20020a7bc34c000000b003467c58cbdfso8078416wmj.2 for <45295@debbugs.gnu.org>; Sun, 09 Jan 2022 11:56:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:subject:date:message-id:mime-version; bh=GsagONiRX56JP4EBwysFs1GnAkXX6v+gGGLrLPj2EsI=; b=MXLv93bm00p1ljoNo0CWOXR1VIzlAAcWhyVKFBtpYCQcg1mYxIQmnfYo59DYnTvmCg RhpM44YRLMKHUuQr1YfL7iSdYobdeNekpJ3fzi3cELT969mxkcifdGeTfsdPdfhsQbXm 0bVw+KZzP/El7T5dmdidiJRoJBH6vSwRJRe5wIePmHnX5D7myGT/WyIRQ/y2LOkBbd6Y 1niSWbG/rpHjRx7Gt03Ke0dVCUv/gYYYviUYG+3fGZZT/6apVGTTRlnYcFqdCsKy+Zae gkvU3dEVQhPYWjQFIVt0jlT0DeB3+X3sTGFxj3jamvoOndKm2eH6eDjVx32N2veUaKlX XQXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:mime-version; bh=GsagONiRX56JP4EBwysFs1GnAkXX6v+gGGLrLPj2EsI=; b=5SyxpRtNxRui0zkmypE3yvlN+SacsZb/A2ICU6tYAHFMyDvxunmTDJsv3zSEmeWVGw UKLABWq0ieirabUtkIFuXk8zAC4qcINJ4lPRONrt50sC/n4f6vfMR/FHtDnUMXoHgCYI 3Xz1alA1uQr8cJRCyCtznkDZDMhG3MdEEzOwjJZ5b+Oy5vb1R/zdcleVeZIbwqMvkvC8 h7DOOx0OsRrW3N0Z9lXCVrnCGyjeTysagSOb7y2VCQJ/5aZTGdD1VT/iPhwSDzuuqmLW RBWvFR33t3ABjnoGlUZrwXdtRfDvtgrq8nBqRvIDQexlcv+i9yPDXS2NcsMUOCUuAudf K0vQ== X-Gm-Message-State: AOAM530+uh3ctbtzGBFBCacrJdLVcY18GQOoGhrJCYzuJ7tLo0bDsGZW g8/YUiJUpQFivI/ZRIXiMww5bjlDoHZWaQ== X-Google-Smtp-Source: ABdhPJxOCoj1kNUpBGSdRwbJ7b2xyAszJA9mlJ76AztcC/bQboLtJSkWhTdubOV6Xp/Bzh0Dxm6X1A== X-Received: by 2002:a05:600c:4e4a:: with SMTP id e10mr18957785wmq.15.1641758161019; Sun, 09 Jan 2022 11:56:01 -0800 (PST) Received: from mbp ([185.39.42.151]) by smtp.gmail.com with ESMTPSA id r62sm4743960wmr.35.2022.01.09.11.56.00 for <45295@debbugs.gnu.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 09 Jan 2022 11:56:00 -0800 (PST) From: Jorge Acereda To: 45295@debbugs.gnu.org Subject: Alternative Date: Sun, 09 Jan 2022 20:55:59 +0100 Message-ID: <87r19gy980.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 45295 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi, New user here, so maybe I'm talking BS. I'm wondering if getting rid of sudo for reconfiguration is an option. What if instead of running all the process as root, it invoked sudo (or doas) in the final stage, so it can perform the bits that require permissions? That way, it would use the user channel directly and this issue would not exist. Regards, Jorge From debbugs-submit-bounces@debbugs.gnu.org Sun Jan 09 15:18:05 2022 Received: (at 45295) by debbugs.gnu.org; 9 Jan 2022 20:18:05 +0000 Received: from localhost ([127.0.0.1]:51397 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n6edg-0000wm-Q6 for submit@debbugs.gnu.org; Sun, 09 Jan 2022 15:18:05 -0500 Received: from michel.telenet-ops.be ([195.130.137.88]:33576) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n6eda-0000w5-4u for 45295@debbugs.gnu.org; Sun, 09 Jan 2022 15:18:02 -0500 Received: from [172.20.10.5] ([188.188.14.77]) by michel.telenet-ops.be with bizsmtp id gkHv2600D1flEHY06kHwhl; Sun, 09 Jan 2022 21:17:56 +0100 Message-ID: Subject: Re: bug#45295: Alternative From: Maxime Devos To: Jorge Acereda , 45295@debbugs.gnu.org Date: Sun, 09 Jan 2022 21:17:49 +0100 In-Reply-To: <87r19gy980.fsf@gmail.com> References: <87mtycila0.fsf@inria.fr> <87r19gy980.fsf@gmail.com> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-8oP91rAmE7P0fguo/fwW" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1641759476; bh=CYP7oCPOP7fDUmgqeN85ubevXPqawInjJjEJiDhPAyU=; h=Subject:From:To:Date:In-Reply-To:References; b=mNUlT0a31GXPQ2aPiy2fy43XhFyZbisdJVmI10UKgWeucN8qyP108RXXq3LupetMr Y7eStYYbnoMFn6U7JuPY8SAm+Mw1lvpTLuNCfsGIUVPv6mSmk04fkf/PMWwsNsttAW lOKO+51sYkIfoEG5HhCFaDuk433q03vGKMLF+KGx75jt8rX4vPZ0ReExzfQyVqg7Y2 J9qWaqMzASkuAg1k26PiVOR5AsZJkzCVIkNRqS/KMEc8GopB6HVrN0gfyMzgXiIgfJ zuHBCv3oYEX58DTThHO6AGr+GA3CZHH6xuZ4rPyrA42uI9CaZZCbwMPQaKZZWGoLKb bTcorVp2pzRCA== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 45295 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-8oP91rAmE7P0fguo/fwW Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Jorge Acereda schreef op zo 09-01-2022 om 20:55 [+0100]: > Hi, >=20 > New user here, so maybe I'm talking BS.=20 >=20 > I'm wondering if getting rid of sudo for reconfiguration is an option. >=20 > What if instead of running all the process as root, it invoked sudo (or > doas) in the final stage, so it can perform the bits that require > permissions? A problem here is that this assumes sudo, so "guix system reconfigure" needs to guess whether to use "su", "sudo", "sudo -E", "doas", ... Looking at guix/scripts/system.scm, it appears that "guix system reconfigure" interacts with shepherd directly, so "guix system reconfigure" needs to be run as root to work; at least currently it cannot delegate this to a separate process to be run under "sudo" or the like. Greetings, Maxime. --=-8oP91rAmE7P0fguo/fwW Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYdtC7RccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7mF6AQCFx/jqBi75yR2LpdVBQiOqNhEN qDrSIHy8Kblp9Q2yVQD9HVl1T+Uc4ZvgHhNFNczmehQZuhlPNmIFAj/TDlBddQk= =Rkz0 -----END PGP SIGNATURE----- --=-8oP91rAmE7P0fguo/fwW-- From debbugs-submit-bounces@debbugs.gnu.org Sun Jan 09 15:19:50 2022 Received: (at 45295) by debbugs.gnu.org; 9 Jan 2022 20:19:50 +0000 Received: from localhost ([127.0.0.1]:51404 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n6efO-0000zI-8K for submit@debbugs.gnu.org; Sun, 09 Jan 2022 15:19:50 -0500 Received: from michel.telenet-ops.be ([195.130.137.88]:35598) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n6efM-0000zA-72 for 45295@debbugs.gnu.org; Sun, 09 Jan 2022 15:19:48 -0500 Received: from [172.20.10.5] ([188.188.14.77]) by michel.telenet-ops.be with bizsmtp id gkKm2600S1flEHY06kKnrl; Sun, 09 Jan 2022 21:19:47 +0100 Message-ID: <26055d1f5d06f05f96f04a6cec8a6909cd6e5fce.camel@telenet.be> Subject: Re: bug#45295: Alternative From: Maxime Devos To: Jorge Acereda , 45295@debbugs.gnu.org Date: Sun, 09 Jan 2022 21:19:46 +0100 In-Reply-To: <87r19gy980.fsf@gmail.com> References: <87mtycila0.fsf@inria.fr> <87r19gy980.fsf@gmail.com> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-iNp++vvL4jkZ5La/F1oM" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1641759587; bh=1a5EHncrahceieVG5CLHri7Gllg3E6mWI5D3poxPeuk=; h=Subject:From:To:Date:In-Reply-To:References; b=YK/BhNOyvMTJBOTiozv+lTfrN0m1x9nv/1ccU/AzOcEe0QouCLhZACmHfzK4ByfsX Hl9l77oFT47Wbbu/NOECt3TIy+DkepYegeoygSM+15Jbtywho/XdHDIWBDVYib0x8/ LjqqvhCNQCDuBvtaut6VUnN7BhHuddDQRKLQVSpbEGB3ALqFe2dXaltzvF8SYKPsW0 8v6ta+ZLs/umMBhOScKRgMj7ovysSabrdHCAnbowjhqp0vCjh2wxCz9trmwtdyMkzc 8lZ70DrNEnlFKvxHPpLGOSE1Qb5ZV8SurytRAuKttjrRaV0JhDnOYs7hfBY+M0w3v4 ZeiJ5bURbzSrg== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 45295 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-iNp++vvL4jkZ5La/F1oM Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Jorge Acereda schreef op zo 09-01-2022 om 20:55 [+0100]: > Hi, >=20 > New user here, so maybe I'm talking BS.=20 >=20 > I'm wondering if getting rid of sudo for reconfiguration is an option. >=20 > What if instead of running all the process as root, it invoked sudo (or > doas) in the final stage, so it can perform the bits that require > permissions? A problem here is that this assumes sudo, so "guix system reconfigure" needs to guess whether to use "su", "sudo", "sudo -E", "doas", ... Looking at guix/scripts/system.scm, it appears that "guix system reconfigure" interacts with shepherd directly, so "guix system reconfigure" needs to be run as root to work; at least currently it cannot delegate this to a separate process to be run under "sudo" or the like. Greetings, Maxime. --=-iNp++vvL4jkZ5La/F1oM Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYdtDYhccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7m9ZAP48/6ma8QDzW0dm9w4czoiX838T pkT0bTRpqTN5VInfUwEApPHleiKSRQRsL0IjcmseWs3UHOfF5v5ciNO3gQNYLAs= =f2av -----END PGP SIGNATURE----- --=-iNp++vvL4jkZ5La/F1oM--