From patchwork Thu Apr 17 14:21:35 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 2931 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 2428427BC4C; Thu, 17 Apr 2025 15:24:32 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 244D927BC4B for ; Thu, 17 Apr 2025 15:24:29 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1u5Q9O-0000h0-8D; Thu, 17 Apr 2025 10:23:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u5Q8x-0000VI-SX for guix-patches@gnu.org; Thu, 17 Apr 2025 10:23:09 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1u5Q8w-0001eh-PP for guix-patches@gnu.org; Thu, 17 Apr 2025 10:23:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:In-Reply-To:References:Subject; bh=hE/ShDqK3QeVPKvQH05uuklqyZ/8pqzDJEcBcp04Ye4=; b=iFlvugkZ175Hk5ACXS8b+dDd95z+NnIO0O24V1HCK40yuFx/Cn6wZOmUw/sCibbGnAwsFGGPGrwuWTQMkmBfrX/oCFhuxyZPDKKO9ILD7pDMAKyZU6O8Uta9PJcKkpyuN2FjlS2M4HSKqDiFOMp8zdWbmoGFbyfrZdsmbCvmdyAgGVxy7zmw0XQYSgZz/O8JsJQ8dOfPa7FWJAgZe8gd4OlvYKjQItlRKPjmU4A25V0rB5UhMLey17xmGjEkDIFKfDbIxVJw3cqV8QgfzdqO7Boq5903D6Ier4u2xp7i4rmnL+61Fp4pddJmKg3WikQVhFdmSUxXkoZ3nMJWyNpiww==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1u5Q8s-0004vE-Vw; Thu, 17 Apr 2025 10:23:03 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#77288] [PATCH v2 0/8] Rootless guix-daemon on Guix System References: In-Reply-To: Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: pelzflorian@pelzflorian.de, julien@lepiller.eu, guix-patches@gnu.org Resent-Date: Thu, 17 Apr 2025 14:23:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 77288 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 77288@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= , "pelzflorian \(Florian Pelz\)" , Florian Pelz , Julien Lepiller X-Debbugs-Original-Xcc: Florian Pelz , Julien Lepiller Received: via spool by 77288-submit@debbugs.gnu.org id=B77288.174489973518688 (code B ref 77288); Thu, 17 Apr 2025 14:23:02 +0000 Received: (at 77288) by debbugs.gnu.org; 17 Apr 2025 14:22:15 +0000 Received: from localhost ([127.0.0.1]:47988 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u5Q86-0004rG-Ma for submit@debbugs.gnu.org; Thu, 17 Apr 2025 10:22:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:44852) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u5Q7w-0004on-CT for 77288@debbugs.gnu.org; Thu, 17 Apr 2025 10:22:04 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u5Q7q-0001Su-6N; Thu, 17 Apr 2025 10:21:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=hE/ShDqK3QeVPKvQH05uuklqyZ/8pqzDJEcBcp04Ye4=; b=qMAKlMaQo1j1rO dxFzbUK2PBE7AcaJjJm28kb64Wn0TteekllyS30lbpf+6+ucmHxtKlPC249I7Y0RMF8VnLJION7E0 DlRotfNxr979wTsY/FGLlSqQ/sbQgvmLcAXayZEv+R6ySjw1Sk8re2IAayLvDoat7aLBByqQt3C+h E9vRXvwcMnclKiyIBNQ5cI7M7WlKa5kvatxVPllPQ3dJP5Yboaw/oq8Z4eT24/SmfUgfluxc0TTeo K8ggVh/UtJ0DXo0vKDC7eGt0N4bG1bRJLC0b2YgrTPA8eNrSkIfuxS1EHJHzqgkRkJXG8tfbaX7fb 8AioduVCmG+VW++1mRjQ==; From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Thu, 17 Apr 2025 16:21:35 +0200 Message-ID: X-Mailer: git-send-email 2.49.0 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Hello Guix, Changes since v1: • ‘guix pull’ will now install systemd ‘.service’ files, which is necessary to ease migration on systemd-based distros. • Migration to the unprivileged daemon is now documented, for foreign distros in particular. • News entry reads “will likely” instead of “may eventually” and it mentions unprivileged daemon migration for other distros, as suggested by Florian. I’d like to push this in the coming days. Let me know what you think! Ludo’. Ludovic Courtès (8): self: Install systemd ‘.service’ files. doc: Document migration to the unprivileged daemon. syscalls: Add ‘unshare’. services: account: Create /var/guix/profiles/per-user/$USER. tests: guix-daemon: Send system log output to /dev/console. tests: guix-daemon: Wait for the ‘guix-daemon’ service to be up. services: guix: Allow ‘guix-daemon’ to run without root privileges. DRAFT news: Add entry about unprivileged guix-daemon on Guix System. doc/guix.texi | 106 ++++++++++++++++++++++- etc/news.scm | 31 +++++++ gnu/services/base.scm | 187 ++++++++++++++++++++++++++++++++++++---- gnu/system/shadow.scm | 19 +++- gnu/tests/base.scm | 60 +++++++++++-- guix/build/syscalls.scm | 18 ++++ guix/self.scm | 42 ++++++--- tests/syscalls.scm | 9 ++ 8 files changed, 439 insertions(+), 33 deletions(-) base-commit: 4bd2949cfa7a8bf5dfe66adad1a76472af09708d