Hi Konrad,
Konrad Hinsen <[email protected]> skribis:
>> Specifically, you’d have to run something along these lines as root:
>>
>> strace -f -p $(pidof guix-daemon) -o log
>>
>> and then, as root or non-root (it doesn’t matter), run, say:
>>
>> guix build curl -S --no-substitutes
>
> The log file (compressed) is attached.
>
> In doing this I noticed that I have two guix-daemon processes running:
>
> root 1583 0.0 0.0 33156 2412 ? Ss 08:55 0:00
> /root/.config/guix/current/bin/guix-daemon --build-users-group=guixbuild
> root 13003 0.0 0.0 36028 6256 ? Ss 11:28 0:00
> /root/.config/guix/current/bin/guix-daemon 12770
>
> I ran strace on the first one.
Ooh, I see. The log shows this:
--8<---------------cut here---------------start------------->8---
13795 setgroups(1, [999]) = 0
13795 setgid(999) = 0
13795 getgid() = 999
13795 getegid() = 999
13795 setuid(499) = 0
13795 getuid() = 499
13795 geteuid() = 499
[...]
13795
execve("/gnu/store/sf84mb2y5vcykwq9fv02l2nipp34qng2-guix-daemon-0.15.0-3.3d43017/libexec/guix/download",
["download", "/gnu/store/j3swd19y4wzv6nrr13bv7"...,
"/gnu/store/rdlndkf50sn0jq7bqkbhm"...], 0xa26f60 /* 17 vars */) = 0
[...]
13795 execve("/root/.config/guix/current/bin/guix",
["/root/.config/guix/current/bin/g"..., "perform-download",
"/gnu/store/j3swd19y4wzv6nrr13bv7"..., "/gnu/store/rdlndkf50sn0jq7bqkbhm"...],
0x6c0530 /* 19 vars */) = -1 EACCES (Permission denied)
13795 stat("/root/.config/guix/current/bin/guix", 0x7fffffffe1d0) = -1 EACCES
(Permission denied)
--8<---------------cut here---------------end--------------->8---
The download process is running as a build user, not as root, hence the
permission issue (silly me!).
Now we need to find a way to use ‘guix’ from root’s
~/.config/guix/current. A solution may be to expose that profile under
/var/guix/profiles. Needs more thought…
Thanks for helping out!
Ludo’.
