"sudo -E guix pull" breaks ~/.config/guix/current for regular user

  • Open
  • quality assurance status badge
Details
4 participants
  • Bengt Richter
  • Danny Milosavljevic
  • Leo Famulari
  • Ludovic Courtès
Owner
unassigned
Submitted by
Danny Milosavljevic
Severity
normal
D
D
Danny Milosavljevic wrote on 22 Aug 2020 12:27
(address . bug-guix@gnu.org)
20200822122750.78ddc111@scratchpost.org
Hello,

Paul <paul@denknerd.org> reported on IRC that his guix behaved strangely. Upon
investigation we found that the following happens (on a Guix system), when logged
in as regular user (not root):

$ readlink ~/.config/guix/current
/var/guix/profiles/per-user/dannym/current-guix
$ sudo -E guix pull
$ readlink ~/.config/guix/current
/var/guix/profiles/per-user/root/current-guix

You can also rm -f ~/.config/guix/current after that and do everything above
again and it will happen again. It even happens when guix pull has nothing to
do.

That doesn't seem right. We should at least try to prevent this from happening,
or warn or something.

The guix package manager that did that is:

$ sudo -E guix describe
Generation 64 Aug 22 2020 11:41:04 (current)
guix dad963a
branch: master
commit: dad963a4393ea51409baa63817b26b449ed58338
heads 50b97d4
branch: wip-musl
commit: 50b97d446ebafd0be7a0e19d87cd236882093244

$ sudo -i
# guix describe
Generation 64 22. August 2020 11:41:04 (aktuell)
guix dad963a
Branch: master
Commit: dad963a4393ea51409baa63817b26b449ed58338
heads 50b97d4
Branch: wip-musl
Commit: 50b97d446ebafd0be7a0e19d87cd236882093244
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl9A8yYACgkQ5xo1VCww
uqULaQf9GIfBH86NSavxsMh6Snv+NBgfYZljjwegB9v8S9i7Ws317cnb7SIt1RIP
kmFfovcF1WYgtwc/YxBdlVDUMwDqof9FxMjDwqtgDASfYWHiu4u9PR5Gx3zenIqt
Modr6FY68NoqzjCyErn2qP1LXguIyZPoBYiKs3YwwWFhEtP+Mbj6q+4tL6nP+FHg
LOVUnDOrmKpmm5ZOyBno4gtw3EYakWhoNDwte3pTUce4IQOMtQiY7KBGoH1V4qUZ
ruXojCUuZsCxtovV1dHhTUlVy9sukQx0LUQeB/iOcY3RpuMnfUJpxrclFFk7aNpH
m1eYysmE3xrz2tP7+fdxpIAW2zVa6A==
=/A12
-----END PGP SIGNATURE-----


B
B
Bengt Richter wrote on 22 Aug 2020 18:20
(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 42983@debbugs.gnu.org)
20200822162009.GA2810@LionPure
Hi,

On +2020-08-22 12:27:50 +0200, Danny Milosavljevic wrote:
Toggle quote (20 lines)
> Hello,
>
> Paul <paul@denknerd.org> reported on IRC that his guix behaved strangely. Upon
> investigation we found that the following happens (on a Guix system), when logged
> in as regular user (not root):
>
> $ readlink ~/.config/guix/current
> /var/guix/profiles/per-user/dannym/current-guix
> $ sudo -E guix pull
> $ readlink ~/.config/guix/current
> /var/guix/profiles/per-user/root/current-guix
>
> You can also rm -f ~/.config/guix/current after that and do everything above
> again and it will happen again. It even happens when guix pull has nothing to
> do.
>
> That doesn't seem right. We should at least try to prevent this from happening,
> or warn or something.
>

ISTM it looks like a bug that should be fixed[1], urgently, not just warned about :)
[1] eliminated from the possibility of happening :)

Toggle quote (25 lines)
> The guix package manager that did that is:
>
> $ sudo -E guix describe
> Generation 64 Aug 22 2020 11:41:04 (current)
> guix dad963a
> repository URL: https://git.savannah.gnu.org/git/guix.git
> branch: master
> commit: dad963a4393ea51409baa63817b26b449ed58338
> heads 50b97d4
> repository URL: https://github.com/daym/heads-guix.git
> branch: wip-musl
> commit: 50b97d446ebafd0be7a0e19d87cd236882093244
>
> $ sudo -i
> # guix describe
> Generation 64 22. August 2020 11:41:04 (aktuell)
> guix dad963a
> Repository-URL: https://git.savannah.gnu.org/git/guix.git
> Branch: master
> Commit: dad963a4393ea51409baa63817b26b449ed58338
> heads 50b97d4
> Repository-URL: https://github.com/daym/heads-guix.git
> Branch: wip-musl
> Commit: 50b97d446ebafd0be7a0e19d87cd236882093244

I find it peculiar that root (sudo -i) looks like it's using swedish locale
("aktuell" is swedish for "current") with the rest of the output identical.
(Hm, maybe that's also Norwegian ;-)

If describe is describing two things that are identical end values of
readlink -f thing{1..2}, I think it would be helpful to show the thing{1..2}
profile links it's using.

BTW, what would sudo guix describe without the -E (preserving user environment) have produced?

--
Regards,
Bengt Richter
L
L
Leo Famulari wrote on 22 Aug 2020 18:22
(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 42983@debbugs.gnu.org)
20200822162241.GA5895@jasmine.lan
On Sat, Aug 22, 2020 at 12:27:50PM +0200, Danny Milosavljevic wrote:
Toggle quote (10 lines)
> Paul <paul@denknerd.org> reported on IRC that his guix behaved strangely. Upon
> investigation we found that the following happens (on a Guix system), when logged
> in as regular user (not root):
>
> $ readlink ~/.config/guix/current
> /var/guix/profiles/per-user/dannym/current-guix
> $ sudo -E guix pull
> $ readlink ~/.config/guix/current
> /var/guix/profiles/per-user/root/current-guix

What is expected to happen in this case? Why would one want to use an
unprivileged environment with privileges to do `guix pull`, which is a
per-user operation?
D
D
Danny Milosavljevic wrote on 23 Aug 2020 23:24
(name . Leo Famulari)(address . leo@famulari.name)(address . 42983@debbugs.gnu.org)
20200823232429.13c8c10e@scratchpost.org
Hi Leo,

On Sat, 22 Aug 2020 12:22:41 -0400
Leo Famulari <leo@famulari.name> wrote:

Toggle quote (4 lines)
> What is expected to happen in this case? Why would one want to use an
> unprivileged environment with privileges to do `guix pull`, which is a
> per-user operation?

Paul did not know that it is a per-user operation.

I did almost exactly the same thing when I was a new guix user.
That's pretty much what one is used to from Debian etc.

I don't really know whether it should do anything useful, but the current
situation is seriously weird.
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl9C3psACgkQ5xo1VCww
uqVSOAf+OKBNZ0XnIVGeobivRJwXzEiho2NphqX72TfFHaxLBx/78UhKbrSAkUKW
BwAtny/QmfXD6QDsLS1TNskn1Gqux+CTDbXCppBOprtGZFB2vb57TCy5XmyBEWvx
y0/rSImsPX1bs8FxvsGaLuJLBPOONCv/zoXxKWoZXmXIGLwOgYmkuQPu+41x8fRV
fxmbNYHVLZsCEKnHftiwCTlnGsZ2XPernvGhCLJnmKyeJAb6EeI2jJV17xCqcWUt
IkI4AGhyaFkf1PDwnTWcz8ZOuHjVrDK3bPwMf24tXpCIgYa/Du9AI1NcuDVBoO6q
i466wA2cFstfokALoFRP0EqVvl/vAg==
=POZD
-----END PGP SIGNATURE-----


L
L
Leo Famulari wrote on 23 Aug 2020 23:45
(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 42983@debbugs.gnu.org)
20200823214547.GA30907@jasmine.lan
On Sun, Aug 23, 2020 at 11:24:43PM +0200, Danny Milosavljevic wrote:
Toggle quote (5 lines)
> Paul did not know that it is a per-user operation.
>
> I did almost exactly the same thing when I was a new guix user.
> That's pretty much what one is used to from Debian etc.

I see. Coming from Debian, I also had trouble learning the differences
between various options of sudo, and also the differences between login
shells, interactive shells, etc. They don't matter on Debian, but they
do matter for Guix.

Toggle quote (3 lines)
> I don't really know whether it should do anything useful, but the current
> situation is seriously weird.

Considering how often people stumble on this, I've been wondering if
Guix should handle privilege escalation internally, rather than asking
users to learn these arcane details of Unix.

Systemd does that. For example, given an operation that requires
privileges, if I attempt to run it without privileges, it will use
polkit (I think) to escalate safely. It's optional and not all distros
enable it by default. It looks like this:

------
$ systemctl restart guix-daemon
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to restart 'guix-daemon.service'.
Authenticating as: leo,,, (leo)
Password:
==== AUTHENTICATION COMPLETE ===
------
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAl9C44sACgkQJkb6MLrK
fwh9iA//c3lD8Q73bJ6+qMUdIzL9yTyqQKGP1ZamIvyvtNluJ73xQfSGu5n93BBm
O5K/kCjeA7bBG08uSTXPULQV7wCnwmdeVusm9+39qFE2mr7w1XlLPULU66K0cTXq
M2Ir1vNxknUsgJ1aLBeN87HbJcwhyy5IjWiBio52+vOrAcnpMD5dWox1iO1Sje/2
kZj6wdSXW7yLpFvpH3nl3A7CHNOFaWH2R0SMUHrsCZMDX3AA3t/pvGfYPTAyZxeO
24U87arxY7z4j1qbXl8LQgGy7YiWN/+85dWFemtnWIFOKjBfaIPD74hJ8ChCyoQc
8pSYPszcQ75SQnhlNX24qK1iZbunCLXTD3uqw6lkvJmr139Wgld87U8b8FMYdbcn
1dQEceE9AVHvrPuH0wWfRLWdkEvr3QCg9zqTIYDMXnbCwGBtHY38CDRb9gbcAgyK
fw069+lnm8rwMRQdAtB88/s7EVUW3hOadsLPTegjJn9Cxy69xcEZrcNfY0za9L7U
B8GZqPxSGGiF7xTavjfzDUuYc5DLnLRRzoYZOoD15CHQ6t1phhhHu5RZkHPphJl+
EoERdVJ8S7AX0ArkJrNjELmQPEHammAWaJDBE20cJ45BESeq8xCLoelyCIPA0Zi6
tXvynFOC5PX+0/G+7K6TW9ONw3JoW6/R7hfJWNGiOyoUxIqHMwM=
=SM4L
-----END PGP SIGNATURE-----


D
D
Danny Milosavljevic wrote on 24 Aug 2020 01:53
(name . Bengt Richter)(address . bokr@bokr.com)(address . 42983@debbugs.gnu.org)
20200824015320.669fb70c@scratchpost.org
Hi,

On Sat, 22 Aug 2020 18:20:09 +0200
Bengt Richter <bokr@bokr.com> wrote:

Toggle quote (2 lines)
> BTW, what would sudo guix describe without the -E (preserving user environment) have produced?

I've tried it again (it's 100% reproducible) and I get (after "sudo -E guix pull"):

dannym@dayas ~$ export LC_ALL=C
dannym@dayas ~$ sudo -E guix describe
Generation 65 Aug 23 2020 23:44:26 (current)
guix 9e2a49d
branch: master
commit: 9e2a49db8ce70068644cecdfda4c198d4c09e36e
heads 50b97d4
branch: wip-musl
commit: 50b97d446ebafd0be7a0e19d87cd236882093244
dannym@dayas ~$ sudo guix describe
Generation 65 Aug 23 2020 23:44:26 (current)
guix 9e2a49d
branch: master
commit: 9e2a49db8ce70068644cecdfda4c198d4c09e36e
heads 50b97d4
branch: wip-musl
commit: 50b97d446ebafd0be7a0e19d87cd236882093244
dannym@dayas ~$ guix describe
guix 9e2a49d
branch: master
commit: 9e2a49db8ce70068644cecdfda4c198d4c09e36e
heads 50b97d4
branch: wip-musl
commit: 50b97d446ebafd0be7a0e19d87cd236882093244
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl9DAXAACgkQ5xo1VCww
uqVzIgf+N1nfNk6ZMkVY4YH4F7dXvFpZ2BEXO1ucKWhMc57g5HSoeEY1nhPhmznK
SOQAhVvbKJxQ3CWhAvb4438MBAEIKwWqXgTD0cnyqdzFZ9pw3dxcylQUTuHYqopM
np+XR112FTRsk19jcGKlSwzyIOcCKkBwh72xxIb4V8Cn4l6t9c521GBLhzCSsPbT
OJrA8P5JlnvwjgeXi/47ZTSSuJl7oPXICEh82+Gs17AwVdN0GBV5BXeF6Rj+ZlxK
hLmCAc/YajtrETtCv1qJ6asqbWZ7Lf+HFDxPt+s1iqsYKAjpPcByWrrQBnCMpkNc
bDbWDympIrFne9vcVIlmK11aCdKeaw==
=19MO
-----END PGP SIGNATURE-----


D
D
Danny Milosavljevic wrote on 24 Aug 2020 02:11
Re: "sudo -E guix pull" breaks ~/.config/guix/current for regular user
(address . 42983@debbugs.gnu.org)
20200824021113.71a79f10@scratchpost.org
On Sat, 22 Aug 2020 12:27:50 +0200
Danny Milosavljevic <dannym@scratchpost.org> wrote:

Toggle quote (2 lines)
> /var/guix/profiles/per-user/dannym/current-guix

Follow-up errors (translated to English manually):

dannym@dayas ~$ guix pull
Migrating profile generations to „/var/guix/profiles/per-user/dannym“ …
guix pull: error: symlink: file exists: "/var/guix/profiles/per-user/dannym/current-guix"
1 dannym@dayas ~$ rm ~/.config/guix/current
dannym@dayas ~$ cd .config/guix/
dannym@dayas ~/.config/guix$ ln -s /var/guix/profiles/per-user/dannym/current-guix current
dannym@dayas ~/.config/guix$ guix pull
Refreshing channel „guix“ from Git-Repository „https://git.savannah.gnu.org/git/guix.git“
guix pull: error: Git-Error: failed open - '/home/dannym/.cache/guix/checkouts/pjmkglp4t7znuugeurpurzikxq3tnlaywmisyr27shj7apsnalwq/.git/FETCH_HEAD' is locked: Permission denied

That's some weird guix pull state.

The culprit, I think, is this:

(define (ensure-default-profile)
(ensure-profile-directory)

;; In 0.15.0+ we'd create ~/.config/guix/current-[0-9]*-link symlinks. Move
;; them to %PROFILE-DIRECTORY.
;;
;; XXX: Ubuntu's 'sudo' preserves $HOME by default, and thus the second
;; condition below is always false when one runs "sudo guix pull". As a
;; workaround, skip this code when $SUDO_USER is set. See
(unless (or (getenv "SUDO_USER")
(string=? %profile-directory
(dirname
(canonicalize-profile %user-profile-directory))))
(migrate-generations %user-profile-directory %profile-directory))

where

%profile-directory = "/var/guix/profiles/per-user/dannym"
%user-profile-directory = "/home/dannym/.config/guix/current" (which is a
symlink to /var/guix/profiles/per-user/root/current-guix)
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl9DBaEACgkQ5xo1VCww
uqWiMwf+II/z5OwbmOAELsuZc7REnUj53HpyjvaYLc8Y3tXPvEemo5XX/G/pgfwH
lBGMvLvLhLzMXuQCclkimUmaYM5IyFyGpB6Ykc1WDzabMxjW3UUmntUY3sIoKS4V
SHvla70Mf+CbClFZ2VHb3roBP/Q9WSSlKuJuG6EseNnLLzpyKRtylYBGGgRYIgLH
KWRkmF2pe5mutb+JUMyhMxexRytXg+jxLf5LXnxc1skZ5xlM23MjSLyiIjS+VntH
cPDLdO2NZp/CsA5gPzCXwRYf3njDwOWA+2GPGoPzl0OTA4fc1L+nvhj5dTl+RLVQ
xnoabBGUl7nNAMIlZr256kLTTLGsOw==
=gPgG
-----END PGP SIGNATURE-----


D
D
Danny Milosavljevic wrote on 25 Aug 2020 10:43
Re: bug#42983: "sudo -E guix pull" breaks ~/.config/guix/current for regular user
20200825104246.2f92dbcc@scratchpost.org
Hi,

On Mon, 24 Aug 2020 04:38:29 +0200
Bengt Richter <bokr@bokr.com> wrote:

Toggle quote (16 lines)
> On +2020-08-24 01:53:20 +0200, Danny Milosavljevic wrote:
> > Hi,
> >
> > On Sat, 22 Aug 2020 18:20:09 +0200
> > Bengt Richter <bokr@bokr.com> wrote:
> >
> > > BTW, what would sudo guix describe without the -E (preserving user environment) have produced?
> ^^^^^^^^^^^^^^
> ^^^^^^^
> >
> > I've tried it again (it's 100% reproducible) and I get (after "sudo -E guix pull"):
> >
> > dannym@dayas ~$ export LC_ALL=C
> > dannym@dayas ~$ sudo -E guix describe
> ^^^^^^^-- ??

Ohh, yeah, sudo without "-E" works fine (sudo guix pull, too).

$ sudo guix describe
Passwort:
guix 3d9fddb
Branch: master
Commit: 3d9fddb2683790df26c53e18d4ff9468442e2368
heads 50b97d4
Branch: wip-musl
Commit: 50b97d446ebafd0be7a0e19d87cd236882093244

Toggle quote (3 lines)
> Maybe it would throw some light to try
> sudo -iu root env

SHELL=/gnu/store/87kif0bpf0anwbsaw0jvg8fyciw4sz67-bash-5.0.16/bin/bash
XDG_CONFIG_DIRS=/root/.guix-profile/etc/xdg:/run/current-system/profile/etc/xdg
SUDO_GID=998
BASH_LOADABLES_PATH=/run/current-system/profile/lib/bash
LINUX_MODULE_DIRECTORY=/run/booted-system/kernel/lib/modules
XCURSOR_PATH=/root/.icons:/root/.guix-profile/share/icons:/run/current-system/profile/share/icons
SUDO_COMMAND=/gnu/store/87kif0bpf0anwbsaw0jvg8fyciw4sz67-bash-5.0.16/bin/bash -c env
NM_VPN_PLUGIN_DIR=/gnu/store/mnq8x522qp0f0dd6v9p85xqrsx9pjx4a-network-manager-vpn-plugins/lib/NetworkManager/VPN
SUDO_USER=dannym
GTK_DATA_PREFIX=/run/current-system/profile
PWD=/root
LOGNAME=root
MANPATH=/run/current-system/profile/share/man:/root/.guix-profile/share/man:/run/current-system/profile/share/man
GUILE_LOAD_PATH=/run/current-system/profile/share/guile/site/3.0
XAUTHORITY=/run/user/27481/gdm/Xauthority
HOME=/root
GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt
LANG=de_AT.utf8
COLUMNS=1600
SSL_CERT_DIR=/etc/ssl/certs
GIO_EXTRA_MODULES=/run/current-system/profile/lib/gio/modules
PULSE_CLIENTCONFIG=/gnu/store/zc4dsmvdabi00nvisrjhi9w00ff4igs7-client.conf
GUILE_LOAD_COMPILED_PATH=/run/current-system/profile/lib/guile/3.0/site-ccache:/run/current-system/profile/share/guile/site/3.0
INFOPATH=/root/.config/guix/current/share/info:/run/current-system/profile/share/info:/root/.guix-profile/share/info:/run/current-system/profile/share/info
DICPATH=/root/.guix-profile/share/hunspell:/run/current-system/profile/share/hunspell
DBUS_FATAL_WARNINGS=0
PYTHONPATH=/root/.guix-profile/lib/python3.7/site-packages
TERM=xterm
USER=root
TZDIR=/gnu/store/pyk3skinp1f72afpd2xdjdi2j80xngr0-tzdata-2020a/share/zoneinfo
DISPLAY=:1.0
SHLVL=0
GUIX_LOCPATH=/run/current-system/locale
LC_MEASUREMENT=de_DE.utf8
GST_PLUGIN_PATH=/root/.guix-profile/lib/gstreamer-1.0
SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
NODE_PATH=/root/.guix-profile/lib/node_modules
LC_TIME=de_DE.utf8
LC_ALL=de_DE.utf8
PULSE_CONFIG=/gnu/store/i90b7c63gxd7jf8jqvw2giry88jy3hx0-daemon.conf
XDG_DATA_DIRS=/run/current-system/profile/share:/root/.guix-profile/share:/run/current-system/profile/share
PATH=/run/setuid-programs:/root/.config/guix/current/bin:/root/.guix-profile/bin:/root/.guix-profile/sbin:/run/current-system/profile/bin:/run/current-system/profile/sbin
SUDO_UID=27481
MAIL=/var/mail/root
GUIX_GTK3_PATH=/run/current-system/profile/lib/gtk-3.0
_=/run/current-system/profile/bin/env

Toggle quote (3 lines)
> vs
> sudo -u root env

XAUTHORITY=/run/user/27481/gdm/Xauthority
LANG=de_AT.utf8
TERM=xterm
DISPLAY=:1.0
LC_MEASUREMENT=de_DE.utf8
PS1=${?#0} \u@\h \w\$
LC_TIME=de_DE.utf8
LC_ALL=de_DE.utf8
PATH=/home/dannym/.meteor:/home/dannym/.local/scala/bin:/home/dannym/.local/bin:/home/dannym/.local/rust/bin:/home/dannym/.meteor:/home/dannym/.local/scala/bin:/home/dannym/.local/bin:/home/dannym/.local/rust/bin:/run/setuid-programs:/home/dannym/.config/guix/current/bin:/home/dannym/.guix-profile/bin:/home/dannym/.guix-profile/sbin:/run/current-system/profile/bin:/run/current-system/profile/sbin
MAIL=/var/mail/root
LOGNAME=root
USER=root
HOME=/root
SHELL=/gnu/store/87kif0bpf0anwbsaw0jvg8fyciw4sz67-bash-5.0.16/bin/bash
SUDO_COMMAND=/run/current-system/profile/bin/env
SUDO_USER=dannym
SUDO_UID=27481
SUDO_GID=998
TZDIR=/gnu/store/pyk3skinp1f72afpd2xdjdi2j80xngr0-tzdata-2020a/share/zoneinfo
LINUX_MODULE_DIRECTORY=/run/booted-system/kernel/lib/modules
SSL_CERT_DIR=/etc/ssl/certs
SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt
GTK_DATA_PREFIX=/run/current-system/profile
DBUS_FATAL_WARNINGS=0
GUIX_LOCPATH=/run/current-system/locale
PULSE_CONFIG=/gnu/store/i90b7c63gxd7jf8jqvw2giry88jy3hx0-daemon.conf
PULSE_CLIENTCONFIG=/gnu/store/zc4dsmvdabi00nvisrjhi9w00ff4igs7-client.conf
NM_VPN_PLUGIN_DIR=/gnu/store/mnq8x522qp0f0dd6v9p85xqrsx9pjx4a-network-manager-vpn-plugins/lib/NetworkManager/VPN

Toggle quote (2 lines)
># should most likely be the same as sudo env

It is.

Toggle quote (2 lines)
>, and maybe also same as sudo -E env

No.

SHELL=/gnu/store/87kif0bpf0anwbsaw0jvg8fyciw4sz67-bash-5.0.16/bin/bash
WINDOWID=48234509
XDG_CONFIG_DIRS=/home/dannym/.guix-profile/etc/xdg:/run/current-system/profile/etc/xdg
GTK_IM_MODULE=uim
XTERM_VERSION=XTerm(353)
HISTSIZE=
BASH_LOADABLES_PATH=/run/current-system/profile/lib/bash
SSH_AUTH_SOCK=/tmp/ssh-LxjFPNecF9So/agent.886
KICAD_TEMPLATE_DIR=/home/dannym/.guix-profile/share/kicad/template
LINUX_MODULE_DIRECTORY=/run/booted-system/kernel/lib/modules
PACKAGEPATH=/home/dannym/.local/guix/gnu/packages
XMODIFIERS=@im=uim
DESKTOP_SESSION=mate
SSH_AGENT_PID=994
NM_VPN_PLUGIN_DIR=/gnu/store/mnq8x522qp0f0dd6v9p85xqrsx9pjx4a-network-manager-vpn-plugins/lib/NetworkManager/VPN
XTERM_SHELL=/gnu/store/87kif0bpf0anwbsaw0jvg8fyciw4sz67-bash-5.0.16/bin/bash
GDM_DBUS_DAEMON=/gnu/store/c34bs9dzcw2nblcmjpvaq97a95ywqbps-gdm-dbus-wrapper
GTK_DATA_PREFIX=/run/current-system/profile
EDITOR=nano -w
XDG_SEAT=seat0
PWD=/home/dannym
PURPLE_PLUGIN_PATH=/home/dannym/.guix-profile/lib/purple-2:/home/dannym/.guix-profile/lib/pidgin
LOGNAME=root
XDG_SESSION_DESKTOP=mate
XDG_SESSION_TYPE=x11
MANPATH=/run/current-system/profile/share/man:/home/dannym/.guix-profile/share/man:/run/current-system/profile/share/man
R_LIBS_SITE=/home/dannym/.guix-profile/site-library/
GUILE_LOAD_PATH=/run/current-system/profile/share/guile/site/3.0
XAUTHORITY=/run/user/27481/gdm/Xauthority
WINDOWPATH=8
GDM_LANG=de_AT.utf8
GIT_EXEC_PATH=/home/dannym/.guix-profile/libexec/git-core
GI_TYPELIB_PATH=/home/dannym/.guix-profile/lib/girepository-1.0
HOME=/home/dannym
USERNAME=dannym
GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt
LANG=de_AT.utf8
XDG_CURRENT_DESKTOP=MATE
SSL_CERT_DIR=/etc/ssl/certs
GIO_EXTRA_MODULES=/home/dannym/.guix-profile/lib/gio/modules:/run/current-system/profile/lib/gio/modules:/gnu/store/nsxp18n8yk2k773719a5qc5h6l11f1yq-dconf-0.34.0/lib/gio/modules
PROMPT_COMMAND=export PREV_COMMAND=""
PULSE_CLIENTCONFIG=/gnu/store/zc4dsmvdabi00nvisrjhi9w00ff4igs7-client.conf
XTERM_LOCALE=de_DE.utf8
GUILE_LOAD_COMPILED_PATH=/run/current-system/profile/lib/guile/3.0/site-ccache:/run/current-system/profile/share/guile/site/3.0
INFOPATH=/home/dannym/.config/guix/current/share/info:/home/dannym/.guix-profile/share/info:/run/current-system/profile/share/info:/home/dannym/.guix-profile/share/info:/run/current-system/profile/share/info
DICPATH=/home/dannym/.guix-profile/share/hunspell:/run/current-system/profile/share/hunspell
GDM_X_SESSION=/gnu/store/q8bc2cv7dcbx97ka6lq82dbkg4v2v283-xinitrc
GDM_CUSTOM_CONF=/gnu/store/x9jrhvajqpdfk4hhkw5bxplg7fisx6pg-gdm-custom.conf
XDG_SESSION_CLASS=user
DBUS_FATAL_WARNINGS=0
TERM=xterm
GTK_PATH=/gnu/store/c4dspf0c3p445rx4hsddsd2dv962i4b1-libcanberra-0.30/lib/gtk-3.0:/gnu/store/067bymbx50ng0fll7zi3mpmsjwbrlja4-gtk+-3.24.20/lib/gtk-3.0
CPLUS_INCLUDE_PATH=/home/dannym/.guix-profile/include/c++:/home/dannym/.guix-profile/include
USER=root
LIBRARY_PATH=/home/dannym/.guix-profile/lib
PYTHONIOENCODING=utf-8
DISPLAY=:1.0
SHLVL=1
GUIX_LOCPATH=/run/current-system/locale
QT_IM_MODULE=uim
LC_MEASUREMENT=de_DE.utf8
XDG_VTNR=8
XDG_SESSION_ID=c2
GST_PLUGIN_PATH=/home/dannym/.guix-profile/lib/gstreamer-1.0
XDG_RUNTIME_DIR=/run/user/27481
SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
PREV_COMMAND=
PS1=${?#0} \u@\h \w\$
NODE_PATH=/home/dannym/.guix-profile/lib/node_modules
LC_TIME=de_DE.utf8
GST_PLUGIN_SYSTEM_PATH=/home/dannym/.guix-profile/lib/gstreamer-1.0
LC_ALL=de_DE.utf8
PULSE_CONFIG=/gnu/store/i90b7c63gxd7jf8jqvw2giry88jy3hx0-daemon.conf
XDG_DATA_DIRS=/home/dannym/.guix-profile/share:/run/current-system/profile/share:/home/dannym/.guix-profile/share:/run/current-system/profile/share
BROWSER=icecat
PATH=/home/dannym/.meteor:/home/dannym/.local/scala/bin:/home/dannym/.local/bin:/home/dannym/.local/rust/bin:/home/dannym/.meteor:/home/dannym/.local/scala/bin:/home/dannym/.local/bin:/home/dannym/.local/rust/bin:/run/setuid-programs:/home/dannym/.config/guix/current/bin:/home/dannym/.guix-profile/bin:/home/dannym/.guix-profile/sbin:/run/current-system/profile/bin:/run/current-system/profile/sbin
GDMSESSION=mate
GHC_PACKAGE_PATH=/home/dannym/.guix-profile/lib/ghc-8.6.5/package.conf.d
GDM_X_SERVER=/gnu/store/1lcxxwl5rmbqqvbr8rbfyhyc7v10s27l-X-wrapper
DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-dRjt5ThTHH,guid=5feb1b57970b7afe5fea4e5b5f39031f
C_INCLUDE_PATH=/home/dannym/.guix-profile/include
EMACSLOADPATH=/home/dannym/.guix-profile/share/emacs/site-lisp:/home/dannym/.guix-profile/share/emacs/26.3/lisp
GUIX_GTK3_PATH=/home/dannym/.guix-profile/lib/gtk-3.0:/run/current-system/profile/lib/gtk-3.0
MICRO_TRUECOLOR=1
_=/run/setuid-programs/sudo
SUDO_COMMAND=/run/current-system/profile/bin/env
SUDO_USER=dannym
SUDO_UID=27481
SUDO_GID=998
TZDIR=/gnu/store/pyk3skinp1f72afpd2xdjdi2j80xngr0-tzdata-2020a/share/zoneinfo
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEds7GsXJ0tGXALbPZ5xo1VCwwuqUFAl9EzzsACgkQ5xo1VCww
uqXp9wf/RRz41DswZoIQootVi4WZPWAlu9htctDV8IGLqLUpNRdLt7FDJD7UTPq5
Hg5O5+kaoJVjHs+jnZiv3kbK0Sw6LziKdptouFaYcK1z0zaUiUb2/Nk3MtzXuJkD
Wm10y2ztG0ODcmKnSkFmj0kGQdkDTRrzfFpm2rNK8BQmiYMeiaGGVfkeNSkbF/ZL
hsI2ppcwXRG29fMCX0Eavl4cJiiwFcMvLlXSWHcL+hAzlSPLj0IRkVg8GhhO+2l6
Okj7Eg76CYU7Xs6BdCUJBrVX0GBpVL0c3/8MmFCvvxUD+L7E4VEEGrPMlpPHZX/b
JjxBaPkOUu6GZmXsp1Z7Gg5Kdz9F9Q==
=76oW
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 28 Aug 2020 15:41
(name . Danny Milosavljevic)(address . dannym@scratchpost.org)(address . 42983@debbugs.gnu.org)
87sgc6q45q.fsf@gnu.org
Hi Danny,

Danny Milosavljevic <dannym@scratchpost.org> skribis:

Toggle quote (24 lines)
> The culprit, I think, is this:
>
> (define (ensure-default-profile)
> (ensure-profile-directory)
>
> ;; In 0.15.0+ we'd create ~/.config/guix/current-[0-9]*-link symlinks. Move
> ;; them to %PROFILE-DIRECTORY.
> ;;
> ;; XXX: Ubuntu's 'sudo' preserves $HOME by default, and thus the second
> ;; condition below is always false when one runs "sudo guix pull". As a
> ;; workaround, skip this code when $SUDO_USER is set. See
> ;; <https://bugs.gnu.org/36785>.
> (unless (or (getenv "SUDO_USER")
> (string=? %profile-directory
> (dirname
> (canonicalize-profile %user-profile-directory))))
> (migrate-generations %user-profile-directory %profile-directory))
>
> where
>
> %profile-directory = "/var/guix/profiles/per-user/dannym"
> %user-profile-directory = "/home/dannym/.config/guix/current" (which is a
> symlink to /var/guix/profiles/per-user/root/current-guix)

We could detect such inconsistencies and emit a warning/hint. I’m
unsure just how far we need to go in trying to prevent users from
shooting themselves in the foot, though. Thoughts?

Toggle quote (2 lines)
> Ohh, yeah, sudo without "-E" works fine (sudo guix pull, too).

Yes.

Ludo’.
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 42983@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 42983
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch