[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#57016] [PATCH] scripts: Bail out when running pull/package commands

From: Tobias Geerinckx-Rice
Subject: [bug#57016] [PATCH] scripts: Bail out when running pull/package commands as root.
Date: Sat, 06 Aug 2022 14:30:37 +0200

Hi (,

"( via Guix-patches" via 写道:
A pretty common beginner mistake, it seems, is assuming that since every other package manager you've used requires root for installing,
removing, and upgrading packages, Guix must too.

This is an especially dangerous assumption when applied to `guix pull`,

Running ‘guix pull’ as root is fine. There was danger in running ‘sudo guix pull’ (with Guix System defaulting to ‘sudo -E’), but that was addressed in 7c52cad0464175370c44bd4695e4c01a62b8268f. If it doesn't trigger reliably, let's fix that.

Running ‘guix package’ and ‘guix upgrade’ as root is also fine. If improper use of sudo/doas/… is the real issue, address *that*, not this loose proxy.

Ludo' factored out some of the bits in 9be470b5d2bab7ad2048c95815fee2916d45f4ad. It could make sense to factor it out further to check, e.g., whether the effective UID matches that of the profile's parent directory. Why should OpenBSD packages get to hoard all the pedantic ownership checks?

since I seem to recall

A good trigger to go investigate; not sufficient to (wrongly) imply ‘root bad’ and throw fatal errors at perfectly legitimate use(r)s.

Conversely, if we reliably detect and report the true issue, there's no need for ‘--allow-root’, which by the logic of this patch would knowingly break things. We do not provide such options.

Huge NAK on v2 I'm afraid, but looking forward to your thoughts,


Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]