Gary Johnson <lambdatro...@disroot.org> writes: >> Gary Johnson <lambdatro...@disroot.org> writes: >> >> Hi Guix, >> >> I just ran into an extremely odd error today when I tried to include the >> iproute2 package in a Guix container created with the --emulate-fhs (-F) >> option. >> >> ============================================================= >> >> $ guix shell -CFN iproute2 >> guix shell: error: symlink: File exists: "/etc/group" >> >> ============================================================= >> >> If I drop the -F option, it works fine, but for my use case, I need to be in >> an FHS-emulating container. Any idea how to fix this? > > >>Rutherther <ruthert...@ditigal.xyz> writes: >> >> I think this is a bug of `(@ (guix scripts environment) >> launch-environment/container)` that doesn't take into account those >> files could already exist. This problem will arise even with other >> files. I think the easiest solution would be to modify it to >> remove those files if they exist already before the script tries to >> create them. >> >> Rutherther > > Thanks to the folks who responded to my original question. As I look a bit > closer though, it looks like the /etc/group file in the iproute2 package > might simply be problematic. > > First, let's look at the /etc/group file that is created by `guix shell > --container`: > > ============================================================= > > $ guix shell -C coreutils -- cat /etc/group > users:x:998: > overflow:x:65534: > > ============================================================= > > This is the same output that we get with `guix shell --container > --emulate-fhs` or `guix shell --container --emulate-fhs --network`: > > ============================================================= > > $ guix shell -CF coreutils -- cat /etc/group > users:x:998: > overflow:x:65534: > > $ guix shell -CFN coreutils -- cat /etc/group > users:x:998: > overflow:x:65534: > > ============================================================= > > Next, let's take a look at the /etc/group file included in the iproute2 > package: > > ============================================================= > > $ cat $(guix build iproute2)/etc/group > # device group names > 0 default > > ============================================================= > > Well...that doesn't even look like the right format. Hmm... > > Now, let's include the iproute2 package in `guix shell --container` but > WITHOUT the --emulate-fhs option: > > ============================================================= > > $ guix shell -CN coreutils iproute2 -- cat /etc/group > users:x:998: > overflow:x:65534: > > ============================================================= > > Okay, that worked fine, and the /etc/group injected by the container > environment appears to have overwritten the invalid(?) /etc/group from the > iproute2 package. > > Now, let's add the --emulate-fhs option to our command: > > ============================================================= > > $ guix shell -CFN coreutils iproute2 -- cat /etc/group > guix shell: error: symlink: File exists: "/etc/group" > > ============================================================= > > Here that funky /etc/group file from iproute2 presumably conflicts > with the built-in /etc/group provided by the container environment. So > it seems as though the --emulate-fhs option triggers a different > pathway for initializing /etc that doesn't override the /etc/group in > iproute2. This feels like a bug to me. Of course, the inclusion of > that strangely formatted /etc/group file in the iproute2 package also > feels like a bug to me.
But there is nothing to override without --emulate-fhs as the etc group from the package is not even put to /etc in the container... that's what --emulate-fhs does, that it copies all the packages to root of the filesystem. Rutherther > > Does anyone have any thoughts on how to proceed here? > > Thanks, > Gary > > -- > GPG Key ID: C4FBEDBD > Use `gpg --search-keys trac...@disroot.org' to find me > Protect yourself from surveillance: https://emailselfdefense.fsf.org > ======================================================================= > () ascii ribbon campaign - against html e-mail > /\ www.asciiribbon.org - against proprietary attachments > > Why is HTML email a security nightmare? See https://useplaintext.email/ > > Please avoid sending me MS-Office attachments. > See http://www.gnu.org/philosophy/no-word-attachments.html
