"sudo -E guix pull" breaks ~/.config/guix/current for regular user

Hello,

Paul <paul@denknerd.org> reported on IRC that his guix behaved strangely. Upon

investigation we found that the following happens (on a Guix system), when logged

in as regular user (not root):

$ readlink ~/.config/guix/current

/var/guix/profiles/per-user/dannym/current-guix

$ sudo -E guix pull

$ readlink ~/.config/guix/current

/var/guix/profiles/per-user/root/current-guix

You can also rm -f ~/.config/guix/current after that and do everything above

again and it will happen again. It even happens when guix pull has nothing to

do.

That doesn't seem right. We should at least try to prevent this from happening,

or warn or something.

The guix package manager that did that is:

$ sudo -E guix describe

Generation 64 Aug 22 2020 11:41:04 (current)

guix dad963a

repository URL: https://git.savannah.gnu.org/git/guix.git

branch: master

commit: dad963a4393ea51409baa63817b26b449ed58338

heads 50b97d4

repository URL: https://github.com/daym/heads-guix.git

branch: wip-musl

commit: 50b97d446ebafd0be7a0e19d87cd236882093244

$ sudo -i

# guix describe

Generation 64 22. August 2020 11:41:04 (aktuell)

guix dad963a

Repository-URL: https://git.savannah.gnu.org/git/guix.git

Branch: master

Commit: dad963a4393ea51409baa63817b26b449ed58338

heads 50b97d4

Repository-URL: https://github.com/daym/heads-guix.git

Branch: wip-musl

Commit: 50b97d446ebafd0be7a0e19d87cd236882093244

Hi,

On +2020-08-22 12:27:50 +0200, Danny Milosavljevic wrote:

ISTM it looks like a bug that should be fixed[1], urgently, not just warned about :)

[1] eliminated from the possibility of happening :)

I find it peculiar that root (sudo -i) looks like it's using swedish locale

("aktuell" is swedish for "current") with the rest of the output identical.

(Hm, maybe that's also Norwegian ;-)

If describe is describing two things that are identical end values of

readlink -f thing{1..2}, I think it would be helpful to show the thing{1..2}

profile links it's using.

BTW, what would sudo guix describe without the -E (preserving user environment) have produced?

--

Regards,

Bengt Richter

On Sat, Aug 22, 2020 at 12:27:50PM +0200, Danny Milosavljevic wrote:

What is expected to happen in this case? Why would one want to use an

unprivileged environment with privileges to do `guix pull`, which is a

per-user operation?

Hi Leo,

On Sat, 22 Aug 2020 12:22:41 -0400

Leo Famulari <leo@famulari.name> wrote:

Paul did not know that it is a per-user operation.

I did almost exactly the same thing when I was a new guix user.

That's pretty much what one is used to from Debian etc.

I don't really know whether it should do anything useful, but the current

situation is seriously weird.

On Sun, Aug 23, 2020 at 11:24:43PM +0200, Danny Milosavljevic wrote:

I see. Coming from Debian, I also had trouble learning the differences

between various options of sudo, and also the differences between login

shells, interactive shells, etc. They don't matter on Debian, but they

do matter for Guix.

Considering how often people stumble on this, I've been wondering if

Guix should handle privilege escalation internally, rather than asking

users to learn these arcane details of Unix.

Systemd does that. For example, given an operation that requires

privileges, if I attempt to run it without privileges, it will use

polkit (I think) to escalate safely. It's optional and not all distros

enable it by default. It looks like this:

------

$ systemctl restart guix-daemon

==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===

Authentication is required to restart 'guix-daemon.service'.

Authenticating as: leo,,, (leo)

Password:

==== AUTHENTICATION COMPLETE ===

------

Hi,

On Sat, 22 Aug 2020 18:20:09 +0200

Bengt Richter <bokr@bokr.com> wrote:

I've tried it again (it's 100% reproducible) and I get (after "sudo -E guix pull"):

dannym@dayas ~$ export LC_ALL=C

dannym@dayas ~$ sudo -E guix describe

Generation 65 Aug 23 2020 23:44:26 (current)

guix 9e2a49d

repository URL: https://git.savannah.gnu.org/git/guix.git

branch: master

commit: 9e2a49db8ce70068644cecdfda4c198d4c09e36e

heads 50b97d4

repository URL: https://github.com/daym/heads-guix.git

branch: wip-musl

commit: 50b97d446ebafd0be7a0e19d87cd236882093244

dannym@dayas ~$ sudo guix describe

Generation 65 Aug 23 2020 23:44:26 (current)

guix 9e2a49d

repository URL: https://git.savannah.gnu.org/git/guix.git

branch: master

commit: 9e2a49db8ce70068644cecdfda4c198d4c09e36e

heads 50b97d4

repository URL: https://github.com/daym/heads-guix.git

branch: wip-musl

commit: 50b97d446ebafd0be7a0e19d87cd236882093244

dannym@dayas ~$ guix describe

guix 9e2a49d

repository URL: https://git.savannah.gnu.org/git/guix.git

branch: master

commit: 9e2a49db8ce70068644cecdfda4c198d4c09e36e

heads 50b97d4

repository URL: https://github.com/daym/heads-guix.git

branch: wip-musl

commit: 50b97d446ebafd0be7a0e19d87cd236882093244

On Sat, 22 Aug 2020 12:27:50 +0200

Danny Milosavljevic <dannym@scratchpost.org> wrote:

Follow-up errors (translated to English manually):

dannym@dayas ~$ guix pull

Migrating profile generations to „/var/guix/profiles/per-user/dannym“ …

guix pull: error: symlink: file exists: "/var/guix/profiles/per-user/dannym/current-guix"

1 dannym@dayas ~$ rm ~/.config/guix/current

dannym@dayas ~$ cd .config/guix/

dannym@dayas ~/.config/guix$ ln -s /var/guix/profiles/per-user/dannym/current-guix current

dannym@dayas ~/.config/guix$ guix pull

Refreshing channel „guix“ from Git-Repository „https://git.savannah.gnu.org/git/guix.git“…

guix pull: error: Git-Error: failed open - '/home/dannym/.cache/guix/checkouts/pjmkglp4t7znuugeurpurzikxq3tnlaywmisyr27shj7apsnalwq/.git/FETCH_HEAD' is locked: Permission denied

That's some weird guix pull state.

The culprit, I think, is this:

(define (ensure-default-profile)

(ensure-profile-directory)

;; In 0.15.0+ we'd create ~/.config/guix/current-[0-9]*-link symlinks. Move

;; them to %PROFILE-DIRECTORY.

;;

;; XXX: Ubuntu's 'sudo' preserves $HOME by default, and thus the second

;; condition below is always false when one runs "sudo guix pull". As a

;; workaround, skip this code when $SUDO_USER is set. See

;; https://bugs.gnu.org/36785.

(unless (or (getenv "SUDO_USER")

(string=? %profile-directory

(dirname

(canonicalize-profile %user-profile-directory))))

(migrate-generations %user-profile-directory %profile-directory))

where

%profile-directory = "/var/guix/profiles/per-user/dannym"

%user-profile-directory = "/home/dannym/.config/guix/current" (which is a

symlink to /var/guix/profiles/per-user/root/current-guix)

Hi,

On Mon, 24 Aug 2020 04:38:29 +0200

Bengt Richter <bokr@bokr.com> wrote:

Ohh, yeah, sudo without "-E" works fine (sudo guix pull, too).

$ sudo guix describe

Passwort:

guix 3d9fddb

Repository-URL: https://git.savannah.gnu.org/git/guix.git

Branch: master

Commit: 3d9fddb2683790df26c53e18d4ff9468442e2368

heads 50b97d4

Repository-URL: https://github.com/daym/heads-guix.git

Branch: wip-musl

Commit: 50b97d446ebafd0be7a0e19d87cd236882093244

SHELL=/gnu/store/87kif0bpf0anwbsaw0jvg8fyciw4sz67-bash-5.0.16/bin/bash

XDG_CONFIG_DIRS=/root/.guix-profile/etc/xdg:/run/current-system/profile/etc/xdg

SUDO_GID=998

BASH_LOADABLES_PATH=/run/current-system/profile/lib/bash

LINUX_MODULE_DIRECTORY=/run/booted-system/kernel/lib/modules

XCURSOR_PATH=/root/.icons:/root/.guix-profile/share/icons:/run/current-system/profile/share/icons

SUDO_COMMAND=/gnu/store/87kif0bpf0anwbsaw0jvg8fyciw4sz67-bash-5.0.16/bin/bash -c env

NM_VPN_PLUGIN_DIR=/gnu/store/mnq8x522qp0f0dd6v9p85xqrsx9pjx4a-network-manager-vpn-plugins/lib/NetworkManager/VPN

SUDO_USER=dannym

GTK_DATA_PREFIX=/run/current-system/profile

PWD=/root

LOGNAME=root

MANPATH=/run/current-system/profile/share/man:/root/.guix-profile/share/man:/run/current-system/profile/share/man

GUILE_LOAD_PATH=/run/current-system/profile/share/guile/site/3.0

XAUTHORITY=/run/user/27481/gdm/Xauthority

HOME=/root

GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt

LANG=de_AT.utf8

COLUMNS=1600

SSL_CERT_DIR=/etc/ssl/certs

GIO_EXTRA_MODULES=/run/current-system/profile/lib/gio/modules

PULSE_CLIENTCONFIG=/gnu/store/zc4dsmvdabi00nvisrjhi9w00ff4igs7-client.conf

GUILE_LOAD_COMPILED_PATH=/run/current-system/profile/lib/guile/3.0/site-ccache:/run/current-system/profile/share/guile/site/3.0

INFOPATH=/root/.config/guix/current/share/info:/run/current-system/profile/share/info:/root/.guix-profile/share/info:/run/current-system/profile/share/info

DICPATH=/root/.guix-profile/share/hunspell:/run/current-system/profile/share/hunspell

DBUS_FATAL_WARNINGS=0

PYTHONPATH=/root/.guix-profile/lib/python3.7/site-packages

TERM=xterm

USER=root

TZDIR=/gnu/store/pyk3skinp1f72afpd2xdjdi2j80xngr0-tzdata-2020a/share/zoneinfo

DISPLAY=:1.0

SHLVL=0

GUIX_LOCPATH=/run/current-system/locale

LC_MEASUREMENT=de_DE.utf8

GST_PLUGIN_PATH=/root/.guix-profile/lib/gstreamer-1.0

SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt

NODE_PATH=/root/.guix-profile/lib/node_modules

LC_TIME=de_DE.utf8

LC_ALL=de_DE.utf8

PULSE_CONFIG=/gnu/store/i90b7c63gxd7jf8jqvw2giry88jy3hx0-daemon.conf

XDG_DATA_DIRS=/run/current-system/profile/share:/root/.guix-profile/share:/run/current-system/profile/share

PATH=/run/setuid-programs:/root/.config/guix/current/bin:/root/.guix-profile/bin:/root/.guix-profile/sbin:/run/current-system/profile/bin:/run/current-system/profile/sbin

SUDO_UID=27481

MAIL=/var/mail/root

GUIX_GTK3_PATH=/run/current-system/profile/lib/gtk-3.0

_=/run/current-system/profile/bin/env

XAUTHORITY=/run/user/27481/gdm/Xauthority

LANG=de_AT.utf8

TERM=xterm

DISPLAY=:1.0

LC_MEASUREMENT=de_DE.utf8

PS1=${?#0} \u@\h \w\$

LC_TIME=de_DE.utf8

LC_ALL=de_DE.utf8

PATH=/home/dannym/.meteor:/home/dannym/.local/scala/bin:/home/dannym/.local/bin:/home/dannym/.local/rust/bin:/home/dannym/.meteor:/home/dannym/.local/scala/bin:/home/dannym/.local/bin:/home/dannym/.local/rust/bin:/run/setuid-programs:/home/dannym/.config/guix/current/bin:/home/dannym/.guix-profile/bin:/home/dannym/.guix-profile/sbin:/run/current-system/profile/bin:/run/current-system/profile/sbin

MAIL=/var/mail/root

LOGNAME=root

USER=root

HOME=/root

SHELL=/gnu/store/87kif0bpf0anwbsaw0jvg8fyciw4sz67-bash-5.0.16/bin/bash

SUDO_COMMAND=/run/current-system/profile/bin/env

SUDO_USER=dannym

SUDO_UID=27481

SUDO_GID=998

TZDIR=/gnu/store/pyk3skinp1f72afpd2xdjdi2j80xngr0-tzdata-2020a/share/zoneinfo

LINUX_MODULE_DIRECTORY=/run/booted-system/kernel/lib/modules

SSL_CERT_DIR=/etc/ssl/certs

SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt

GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt

GTK_DATA_PREFIX=/run/current-system/profile

DBUS_FATAL_WARNINGS=0

GUIX_LOCPATH=/run/current-system/locale

PULSE_CONFIG=/gnu/store/i90b7c63gxd7jf8jqvw2giry88jy3hx0-daemon.conf

PULSE_CLIENTCONFIG=/gnu/store/zc4dsmvdabi00nvisrjhi9w00ff4igs7-client.conf

NM_VPN_PLUGIN_DIR=/gnu/store/mnq8x522qp0f0dd6v9p85xqrsx9pjx4a-network-manager-vpn-plugins/lib/NetworkManager/VPN

It is.

No.

SHELL=/gnu/store/87kif0bpf0anwbsaw0jvg8fyciw4sz67-bash-5.0.16/bin/bash

WINDOWID=48234509

XDG_CONFIG_DIRS=/home/dannym/.guix-profile/etc/xdg:/run/current-system/profile/etc/xdg

GTK_IM_MODULE=uim

XTERM_VERSION=XTerm(353)

HISTSIZE=

BASH_LOADABLES_PATH=/run/current-system/profile/lib/bash

SSH_AUTH_SOCK=/tmp/ssh-LxjFPNecF9So/agent.886

KICAD_TEMPLATE_DIR=/home/dannym/.guix-profile/share/kicad/template

LINUX_MODULE_DIRECTORY=/run/booted-system/kernel/lib/modules

PACKAGEPATH=/home/dannym/.local/guix/gnu/packages

XMODIFIERS=@im=uim

DESKTOP_SESSION=mate

SSH_AGENT_PID=994

NM_VPN_PLUGIN_DIR=/gnu/store/mnq8x522qp0f0dd6v9p85xqrsx9pjx4a-network-manager-vpn-plugins/lib/NetworkManager/VPN

XTERM_SHELL=/gnu/store/87kif0bpf0anwbsaw0jvg8fyciw4sz67-bash-5.0.16/bin/bash

GDM_DBUS_DAEMON=/gnu/store/c34bs9dzcw2nblcmjpvaq97a95ywqbps-gdm-dbus-wrapper

GTK_DATA_PREFIX=/run/current-system/profile

EDITOR=nano -w

XDG_SEAT=seat0

PWD=/home/dannym

PURPLE_PLUGIN_PATH=/home/dannym/.guix-profile/lib/purple-2:/home/dannym/.guix-profile/lib/pidgin

LOGNAME=root

XDG_SESSION_DESKTOP=mate

XDG_SESSION_TYPE=x11

MANPATH=/run/current-system/profile/share/man:/home/dannym/.guix-profile/share/man:/run/current-system/profile/share/man

R_LIBS_SITE=/home/dannym/.guix-profile/site-library/

GUILE_LOAD_PATH=/run/current-system/profile/share/guile/site/3.0

XAUTHORITY=/run/user/27481/gdm/Xauthority

WINDOWPATH=8

GDM_LANG=de_AT.utf8

GIT_EXEC_PATH=/home/dannym/.guix-profile/libexec/git-core

GI_TYPELIB_PATH=/home/dannym/.guix-profile/lib/girepository-1.0

HOME=/home/dannym

USERNAME=dannym

GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt

LANG=de_AT.utf8

XDG_CURRENT_DESKTOP=MATE

SSL_CERT_DIR=/etc/ssl/certs

GIO_EXTRA_MODULES=/home/dannym/.guix-profile/lib/gio/modules:/run/current-system/profile/lib/gio/modules:/gnu/store/nsxp18n8yk2k773719a5qc5h6l11f1yq-dconf-0.34.0/lib/gio/modules

PROMPT_COMMAND=export PREV_COMMAND=""

PULSE_CLIENTCONFIG=/gnu/store/zc4dsmvdabi00nvisrjhi9w00ff4igs7-client.conf

XTERM_LOCALE=de_DE.utf8

GUILE_LOAD_COMPILED_PATH=/run/current-system/profile/lib/guile/3.0/site-ccache:/run/current-system/profile/share/guile/site/3.0

INFOPATH=/home/dannym/.config/guix/current/share/info:/home/dannym/.guix-profile/share/info:/run/current-system/profile/share/info:/home/dannym/.guix-profile/share/info:/run/current-system/profile/share/info

DICPATH=/home/dannym/.guix-profile/share/hunspell:/run/current-system/profile/share/hunspell

GDM_X_SESSION=/gnu/store/q8bc2cv7dcbx97ka6lq82dbkg4v2v283-xinitrc

GDM_CUSTOM_CONF=/gnu/store/x9jrhvajqpdfk4hhkw5bxplg7fisx6pg-gdm-custom.conf

XDG_SESSION_CLASS=user

DBUS_FATAL_WARNINGS=0

TERM=xterm

GTK_PATH=/gnu/store/c4dspf0c3p445rx4hsddsd2dv962i4b1-libcanberra-0.30/lib/gtk-3.0:/gnu/store/067bymbx50ng0fll7zi3mpmsjwbrlja4-gtk+-3.24.20/lib/gtk-3.0

CPLUS_INCLUDE_PATH=/home/dannym/.guix-profile/include/c++:/home/dannym/.guix-profile/include

USER=root

LIBRARY_PATH=/home/dannym/.guix-profile/lib

PYTHONIOENCODING=utf-8

DISPLAY=:1.0

SHLVL=1

GUIX_LOCPATH=/run/current-system/locale

QT_IM_MODULE=uim

LC_MEASUREMENT=de_DE.utf8

XDG_VTNR=8

XDG_SESSION_ID=c2

GST_PLUGIN_PATH=/home/dannym/.guix-profile/lib/gstreamer-1.0

XDG_RUNTIME_DIR=/run/user/27481

SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt

PREV_COMMAND=

PS1=${?#0} \u@\h \w\$

NODE_PATH=/home/dannym/.guix-profile/lib/node_modules

LC_TIME=de_DE.utf8

GST_PLUGIN_SYSTEM_PATH=/home/dannym/.guix-profile/lib/gstreamer-1.0

LC_ALL=de_DE.utf8

PULSE_CONFIG=/gnu/store/i90b7c63gxd7jf8jqvw2giry88jy3hx0-daemon.conf

XDG_DATA_DIRS=/home/dannym/.guix-profile/share:/run/current-system/profile/share:/home/dannym/.guix-profile/share:/run/current-system/profile/share

BROWSER=icecat

PATH=/home/dannym/.meteor:/home/dannym/.local/scala/bin:/home/dannym/.local/bin:/home/dannym/.local/rust/bin:/home/dannym/.meteor:/home/dannym/.local/scala/bin:/home/dannym/.local/bin:/home/dannym/.local/rust/bin:/run/setuid-programs:/home/dannym/.config/guix/current/bin:/home/dannym/.guix-profile/bin:/home/dannym/.guix-profile/sbin:/run/current-system/profile/bin:/run/current-system/profile/sbin

GDMSESSION=mate

GHC_PACKAGE_PATH=/home/dannym/.guix-profile/lib/ghc-8.6.5/package.conf.d

GDM_X_SERVER=/gnu/store/1lcxxwl5rmbqqvbr8rbfyhyc7v10s27l-X-wrapper

DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-dRjt5ThTHH,guid=5feb1b57970b7afe5fea4e5b5f39031f

C_INCLUDE_PATH=/home/dannym/.guix-profile/include

EMACSLOADPATH=/home/dannym/.guix-profile/share/emacs/site-lisp:/home/dannym/.guix-profile/share/emacs/26.3/lisp

GUIX_GTK3_PATH=/home/dannym/.guix-profile/lib/gtk-3.0:/run/current-system/profile/lib/gtk-3.0

MICRO_TRUECOLOR=1

_=/run/setuid-programs/sudo

SUDO_COMMAND=/run/current-system/profile/bin/env

SUDO_USER=dannym

SUDO_UID=27481

SUDO_GID=998

TZDIR=/gnu/store/pyk3skinp1f72afpd2xdjdi2j80xngr0-tzdata-2020a/share/zoneinfo

Hi Danny,

Danny Milosavljevic <dannym@scratchpost.org> skribis:

We could detect such inconsistencies and emit a warning/hint. I’m

unsure just how far we need to go in trying to prevent users from

shooting themselves in the foot, though. Thoughts?

Yes.

Ludo’.