Attic Hermit <[email protected]> writes: > I use Guix, but not GuixSD, only on the non-privileged user and there's > no package installed but guix on the root user.
I see. I incorrectly assumed you were using GuixSD. It sounds like you've followed the steps described in the manual under "(guix) Binary Installation". I see that you're running Guix on a foreign distro. > Then the reason that I should pull and upgrade the guix profile of the > root user is for implicit executions of the guix as the root user. And > the package definition is one of that implicit executions... Is it > right? The reason you should still run "guix pull" as root in this case is to ensure that when your system boots and starts guix-daemon, it starts an up-to-date version of the daemon, including any security patches and the like for any dependencies guix-daemon uses. If you've followed the manual correctly, then I believe your system should be starting the guix-daemon executable that is installed in root's profile. Because the executable lives in root's profile, if you don't run "guix pull" as root and then run "guix package -u ." (or equivalent) as root to update the guix-daemon that is installed there, you will never wind up using a more up-to-date version of guix-daemon. The package definitions are independent of which version of the guix-daemon is being used. When a non-privileged user alice runs a command like "guix package -i hello" to install GNU Hello, she is using the package definitions that were installed by the latest "guix pull" that was run as the alice user (these package definitions live in the store, in a directory pointed to by the ~alice/.config/guix/latest symlink). When alice invokes the guix command to install the hello package, the guix command essentially translates the package definition into a derivation, and then asks the guix-daemon (via remote procedure calls) to build that derivation. The translation from package definition to derivation happens in alice's "guix" process, which is independent of the "guix-daemon" process. Her "guix" process communicates only via remote procedure calls with the "guix-daemon" process. The guix-daemon has no knowledge of the "package" abstraction, and it doesn't need to know about packages. For this reason, the guix-daemon doesn't necessarily need to be updated in order to build more up-to-date packages. The guix-daemon just knows how to do basic things related to the store like add files, build derivations, perform garbage collection, etc. It is the package definitions that are deployed to alice's home directory (via her latest invocation of "guix pull") that will determine which versions of packages get installed when alice runs "guix package -i", regardless of which version of the guix-daemon happens to be running. The same is true for any other user (including root, actually). > Then I should run `guix pull && guix package -u' _as the root user_ > *before* have done it as a non-privileged user, because when the > packages are upgraded, the package definitions should be up to date. No, the order does not matter. If alice runs those commands before root does, then alice will simply be able to install up-to-date packages before root can. That is normal and expected for the reasons described above. With Guix, each user independently manages their own installation of Guix. If two users run "guix pull" at different times, they might very well wind up using different package definitions. The ability for two different un-privileged users to independently install different versions of software at the same time without conflict is a feature of Guix (and Nix) that other package managers usually don't provide. > And the system should be *rebooted* or *restart* the guix build daemon > which, in fact, is using the guix binary that the root user has. Yes, you should restart the guix-daemon process. One way to do that is to reboot. However, for the reasons described above, alice will be able to install up-to-date software after running "guix pull" even if the guix-daemon process is old or hasn't yet been restarted. And the only reason you ought to run "guix pull && guix package -u ." as root is to ensure that the guix-daemon - which happens to be installed in root's profile - is up-to-date. If root had zero packages installed in root's profile, then there would be no point in running "guix pull && guix package -u ." as root at all. I hope that helps clarify things! I also found this topic a bit confusing at first. -- Chris
signature.asc
Description: PGP signature
