GNU bug report logs -
#57016
[PATCH] scripts: Bail out when running pull/package commands as root.
Previous Next
Reported by: "(" <paren <at> disroot.org>
Date: Sat, 6 Aug 2022 11:43:01 UTC
Severity: normal
Tags: patch
Done: "(" <paren <at> disroot.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Hi (,
"( via Guix-patches" via 写道:
> A pretty common beginner mistake, it seems, is assuming that
> since
> every other package manager you've used requires root for
> installing,
> removing, and upgrading packages, Guix must too.
>
> This is an especially dangerous assumption when applied to `guix
> pull`,
Running ‘guix pull’ as root is fine. There was danger in running
‘sudo guix pull’ (with Guix System defaulting to ‘sudo -E’), but
that was addressed in 7c52cad0464175370c44bd4695e4c01a62b8268f.
If it doesn't trigger reliably, let's fix that.
Running ‘guix package’ and ‘guix upgrade’ as root is also fine.
If improper use of sudo/doas/… is the real issue, address *that*,
not this loose proxy.
Ludo' factored out some of the bits in
9be470b5d2bab7ad2048c95815fee2916d45f4ad. It could make sense to
factor it out further to check, e.g., whether the effective UID
matches that of the profile's parent directory. Why should
OpenBSD packages get to hoard all the pedantic ownership checks?
> since I seem to recall
A good trigger to go investigate; not sufficient to (wrongly)
imply ‘root bad’ and throw fatal errors at perfectly legitimate
use(r)s.
Conversely, if we reliably detect and report the true issue,
there's no need for ‘--allow-root’, which by the logic of this
patch would knowingly break things. We do not provide such
options.
Huge NAK on v2 I'm afraid, but looking forward to your thoughts,
T G-R
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 2 years and 289 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.