GNU bug report logs - #77288
[PATCH 0/6] Rootless guix-daemon on Guix System

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Wed, 26 Mar 2025 16:50:01 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>
Cc: Julien Lepiller <julien <at> lepiller.eu>, 77288 <at> debbugs.gnu.org
Subject: [bug#77288] [PATCH v2 8/8] DRAFT news: Add entry about unprivileged guix-daemon on Guix System.
Date: Fri, 18 Apr 2025 19:04:35 +0200

Hello Florian,

"pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de> writes:

> I try on Guix System the (privileged? #f) and get an error
>
> florian <at> florianhp ~/src/guix$ sudo guix system reconfigure /etc/config.scm --allow-downgrades
> guix system: error: the group `guixbuild' specified in `build-users-group' does not exist
>
> It may have been that there were messages before like
>
>
> The following derivation will be built:
>   /gnu/store/w2bx5x6ms3drrcpyysc2jj5lzyjnxyf0-grub.cfg.drv
>
> I temporarily added guixbuild with groupadd, but
>
> substitute: looking for substitutes on 'https://substitutes.nonguix.org'... 100.0%
> substitute: looking for substitutes on 'https://bordeaux.guix.gnu.org'... 100.0%
> substitute: looking for substitutes on 'https://ci.guix.gnu.org'... 100.0%
> The following derivations will be built:
>   /gnu/store/s2xpbc0qy7nkwfca3cjy15ccbinz3lis-provenance.drv
>   /gnu/store/sl57i03xygqc87q4853n6g3mmys066lm-system.drv
>   /gnu/store/awwrr72s7z43nvrfp74wgqihr5qsa272-grub.cfg.drv
>
> guix system: error: the group `guixbuild' specified in `build-users-group' does not exist

That’s actually a message from guix-daemon (from ‘build.cc’).

Oh, I see where this is coming from: when running ‘guix system
reconfigure’, the activation snippet creating accounts and groups
immediately runs, thereby deleting ‘guixbuild’ and all the build users.

But at that point, we’re still running the privileged daemon.  So when
attempting a derivation after that, like ‘provenance.drv’ above, it
errors out because the build group and accounts are gone.

Problem is that this happens before the new generation has been added to
‘grub.cfg’.  So if you reboot, you’ll reboot into the previous
generation.

The safest way to work around that is to keep those accounts/groups
unconditionally.  It’s less pleasant to the eye, but it doesn’t hurt.
I guess I’ll have to send v3!

> Anyway.  Could you add this German translation?

Will do.

Thanks for testing & for updating the translation!

Ludo’.
This bug report was last modified 90 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.