Re: Unprivileged /gnu/store with PRoot - or relocate

[Ludovic Courtès]

Hello!

Pjotr Prins <address@hidden> skribis:

> I explored this and actually built Nix/Guix on proot in the past for the
> same reasons
>
>   https://github.com/pjotrp/nix-no-root

Right, thanks for the reminder!

Back then the target was mostly to run a full Nix/Guix under PRoot,
right?  I suppose running guix-daemon & co. under PRoot would be
terribly slow, especially when building stuff.

> Mind, it *is* slow. That is why I came up with relocatable Guix which
> works much better. No performance loss. Just an extra installation
> step. Relocatable Guix works great, but it requires effort to make it
> user friendly. We can automate creating relocatable packages with guix
> pack. All it needs is an additional installer that rewrites the paths.
> The other limitation is that the installer prefix can be no longer
> than ~50 characters because it gobbles up the Guix store path + hash.
>
> I have written all the code for that. The installer is fast.
>
> Anyone interested in that type of solution? We can make it work, even
> as automated builds. I think it would be great for HPC and can even be
> part of non-root packagers, such as brew and conda.

Definitely.  As discussed before, my personal preference for the
technical solutions to this problem is, in this order:

  1. user namespaces (unfortunately rarely available, at least on HPC);

  2. PRoot, provided the performance is okay for the target workload;

  3. relocation as you presented it at FOSDEM.

When #1 is available that’s good.  In other cases, one has to choose
between #2 and #3 depending on performance and other tradeoffs.

Each of these approaches has its pros and cons.  We all know that the
one true solution to file system virtualization is GNU/Hurd… but we’re
not there yet!  :-)

Ludo’.