Conda 22.9.0 needs "sudo" as dependency

  • Open
  • quality assurance status badge
Details
2 participants
  • Hugo Buddelmeijer
  • Tobias Geerinckx-Rice
Owner
unassigned
Submitted by
Hugo Buddelmeijer
Severity
normal
H
H
Hugo Buddelmeijer wrote on 2 Dec 2022 12:36
(address . bug-guix@gnu.org)
CA+Jv8O2oMwhj2zotckKQhqrTqqm5yUebU4udX81GATx3-koyHg@mail.gmail.com
Hi all,

Conda 22.9.0 needs "sudo" as a dependency:

$ guix shell -C conda

[env]$ conda --version
conda 22.9.0

[env]$ conda init bash
[...]
Traceback (most recent call last):
[...]
File
"/gnu/store/lvip6h5pamjwmvnkwg60sjb63ph8698k-python-3.9.9/lib/python3.9/subprocess.py",
line 18
21, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'sudo'


The problem goes away when sudo is added to the guix shell command. This
results in another error though; I'll report another bug for that.

As for why sudo is needed, I don't know. (Not sure I want to know.)

Background: if conda works well in guix, then we can get more conda users
and package maintainers on board with guix.

Greetings,
Hugo
Attachment: file
T
T
Tobias Geerinckx-Rice wrote on 2 Dec 2022 12:47
(name . Hugo Buddelmeijer)(address . hugo@buddelmeijer.nl)
87359y3tqn.fsf@nckx
Hi Hugo,

Hugo Buddelmeijer ???
Toggle quote (3 lines)
> As for why sudo is needed, I don't know. (Not sure I want to
> know.)

Indeed, this sounds like something to report and fix upstream.

Toggle quote (2 lines)
> $ guix shell -C conda sudo

Won't work, because sudo needs to be setuid — that is, provided by
the OS.

On Guix Systems, that means /run/setuid-programs/sudo. It cannot
be run from the store, where setuid programmes are not allowed.

I tried --expose'ing /run/setuid-programs, but then sudo fails to
find libsudo_util.so.0. I didn't test further but don't expect
that to suffice: sudo simply makes too many assumptions about the
system, because of the special job it needs to do.

While it would be nice to figure out how to provide
setuid-programs to a containers, Conda's pointless use of sudo is
the bug here.

Kind regards,

T G-R
-----BEGIN PGP SIGNATURE-----

iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCY4nnsA0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15bBkBAMzzB4Y9lO1Kd5qSaJnAG7JfZLYZc358m6LL2Et9
ZWJUAQDoo3N9sV5aA64FS7jswU5j7VqbHXNgahVTpRlKIqXOBw==
=6HLi
-----END PGP SIGNATURE-----

H
H
Hugo Buddelmeijer wrote on 3 Dec 2022 20:11
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)
CA+Jv8O3TaHY42q4hgxXYvdfCq2CKrnu5fEo+4RmCSC8K4k2h2Q@mail.gmail.com
Hi T G-R,

Won't work, because sudo needs to be setuid — that is, provided by
Toggle quote (6 lines)
> the OS.
>
> On Guix Systems, that means /run/setuid-programs/sudo. It cannot
> be run from the store, where setuid programmes are not allowed.
>

Thanks. I did not notice that there are two different sudo's. It does make
sense.

Note that I did not intend (or try) to actually run anything with root
access; it seemed that the problem went away if sudo was merely available,
but that is not true. I believe that bug 59772 (the next one) is a direct
result of sudo not behaving as conda expects. I do believe this bug and
59772 to ultimately be conda bugs, because "conda init" worked fine on guix
in the past; I'll investigate and raise it with them.

But maybe 59771 (this bug), 59772 (also due to sudo), and 59776 (hardcoded
paths), all three could be resolved in a more guix-y way. The problem in
these three bugs is that "conda init" wants to add something to ~/.bashrc
that adds some bash functions to the environment (and the sole purpose of
those bash functions seems to be to update PS1). However, I was wondering,
would it be possible to have guix itself add those bash functions to the
environment?

As in, we add some code to the guix conda package that ensures that if guix
enters an environment with conda, that it somehow adds the necessary bash
functions to the environment. So "conda init" and changes to ~/.bashrc
would not even be necessary (thus fixing these bugs). That is, that the
shell spawned through "guix shell -C conda" would have these bash functions
directly in the environment. Would something like this be possible?

Something simpler would be a guix package that updates an environment
variable. But I can't find one quickly, so maybe this is not something that
is possible in guix? E.g. the conda openjdk package sets JAVA_HOME, but the
guix openjdk package does not.

Greetings,
Hugo











On Fri, 2 Dec 2022 at 12:47, Tobias Geerinckx-Rice <me@tobias.gr> wrote:

Toggle quote (29 lines)
> Hi Hugo,
>
> Hugo Buddelmeijer ???
> > As for why sudo is needed, I don't know. (Not sure I want to
> > know.)
>
> Indeed, this sounds like something to report and fix upstream.
>
> > $ guix shell -C conda sudo
>
> Won't work, because sudo needs to be setuid — that is, provided by
> the OS.
>
> On Guix Systems, that means /run/setuid-programs/sudo. It cannot
> be run from the store, where setuid programmes are not allowed.
>
> I tried --expose'ing /run/setuid-programs, but then sudo fails to
> find libsudo_util.so.0. I didn't test further but don't expect
> that to suffice: sudo simply makes too many assumptions about the
> system, because of the special job it needs to do.
>
> While it would be nice to figure out how to provide
> setuid-programs to a containers, Conda's pointless use of sudo is
> the bug here.
>
> Kind regards,
>
> T G-R
>
Attachment: file
H
H
Hugo Buddelmeijer wrote on 4 Dec 2022 22:08
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)
CA+Jv8O2Ny1TtjGu7MGhqvULPw09Lz5jJj9mHz572oOXMfJ3y4w@mail.gmail.com
On Sat, 3 Dec 2022 at 20:11, Hugo Buddelmeijer <hugo@buddelmeijer.nl> wrote:

Toggle quote (17 lines)
>
> But maybe 59771 (this bug), 59772 (also due to sudo), and 59776 (hardcoded
> paths), all three could be resolved in a more guix-y way. The problem in
> these three bugs is that "conda init" wants to add something to ~/.bashrc
> that adds some bash functions to the environment (and the sole purpose of
> those bash functions seems to be to update PS1). However, I was wondering,
> would it be possible to have guix itself add those bash functions to the
> environment?
>
> As in, we add some code to the guix conda package that ensures that if
> guix enters an environment with conda, that it somehow adds the necessary
> bash functions to the environment. So "conda init" and changes to ~/.bashrc
> would not even be necessary (thus fixing these bugs). That is, that the
> shell spawned through "guix shell -C conda" would have these bash functions
> directly in the environment. Would something like this be possible?
>

No, adding bash functions automatically to a Guix environment seems
impossible. The guile function load-profile allows packages to add
path-like environment variables through the search-path-specification
declaration, but not any other environment variables, let alone shell
functions.

That seems reasonable enough. One reason I'd like to move away from conda
is that I don't think the way conda handles environment variables is
tenable. So maybe it is worthwhile to make sure that "conda init" does what
it is expected to do (that is, add the code that loads these bash functions
to .bashrc), even though it is not really guix-y.
Attachment: file
?