dotfiles
dotfiles copied to clipboard
daviwil
Please don't use sudo -E
Hi! Thank you very much for this great Guix resource, it's been very useful to get everything set up.
I suggest you stop using sudo -E in your config and examples. It will make the Guile auto-compiler use the user's home directory to write caches for the system.scm (~/.cache). This means these files will be created with the root user.
The bad part is, if ~/.cache/guix or even just ~/.cache don't already exist, these directories will also be created with the root user and be owned and only writeable by them. As you can imagine, this becomes a problem.
EDIT: Try find ~ -user root to list all root-owned files to see what I mean :P
It took me quite a while to understand why guile would complain all the time when trying to run Scheme scripts, and I just realized it's because it was unable to write the compiled code to the cache. Luckily I haven't had problems with other programs, but I think that's because the ~/.cache directory is created by default (or I've just been really lucky).
So, I suggest you stop using it in examples and in your own code too. This is not the first time sudo -E has caused me problems, so I really discourage it. (sudo -E $EDITOR is also a common use, and it's just as harmful! If your editor downloads any plugins or creates any folders inside $HOME, they will have the exact same problem as the Guile compiler above).
Again, thank you for this resource. The use of org-mode (or whatever other emacs magic is involved :s) to make the self-describing files in a nice format is amazing and very easy to follow.
Thanks! That does sound like it could become a problem but strangely I've never had an issue with it (yet).
What do you use instead of sudo -E for the specific case of guix system reconfigure? I believe the reason I started using it was because Guix wasn't finding something it needed until I dropped my user environment in with -E.
sudo guix system reconfigure ~/.config/guix/system.scm without the -E works just fine for me and I've been using it for some time now.
Was it maybe a sudo guix pull? Where you wanted your user's ~/.config/guix/channels.scm but got root's instead? That's the only command I can think of that would use $HOME directly. (And yikes this one seems to also fill ~/.cache and even ~/.config with root owned files).
AFAIK guix pull shouldn't really ever be needed to run as root. Just guix pull with the regular user and then sudo guix system reconfigure.
Yeah, I never use guix pull with sudo. I think the reason I was using sudo -E was to make sure that my own channel file was being used for reconfiguring the system instead of the root user's channel file. At the time I started using sudo -E, guix time-machine didn't exist, so I should probably use time-machine to consume my own channel file at this point.
IIRC from past discussions, the exact behaviour of sudo depends on the distribution you are using and for some the -E is the default or such.
Relevant comment from guix/scripts/pull.scm:
;; XXX: Ubuntu's 'sudo' preserves $HOME by default, and thus the second ;; condition below is always false when one runs "sudo guix pull". As a ;; workaround, skip this code when $SUDO_USER is set. See ;; https://bugs.gnu.org/36785.
@emixa-d I gotta agree with Ludovic Courtès there regarding it being a bug-like behavior from part of Ubuntu. IMO this patch/PR still applies, especially since the configuration in this repo is aimed at Guix System which uses unpatched sudo (unlike Ubuntu, which seems to be the only distro messing with sudo).