GNU bug report logs - #58640
Garbage collector ('gc') deletes valid user roots when $HOME is inaccessible

Previous Next

Package: guix;

Reported by: Felix Lechner <felix.lechner <at> lease-up.com>

Date: Wed, 19 Oct 2022 17:15:01 UTC

Severity: normal

Tags: notabug

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 58640 in the body.
You can then email your comments to 58640 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to bug-guix <at> gnu.org:
bug#58640; Package guix. (Wed, 19 Oct 2022 17:15:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Felix Lechner <felix.lechner <at> lease-up.com>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Wed, 19 Oct 2022 17:15:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Felix Lechner <felix.lechner <at> lease-up.com>
To: bug-guix <at> gnu.org
Subject: Garbage collector ('gc') deletes valid user roots when $HOME is
 inaccessible
Date: Wed, 19 Oct 2022 10:14:05 -0700
Hi,

The Guix garbage collector ('gc') deletes valid user roots when those
links are not resolvable via the user's home folder in places such as

    ~/.cache/guix/profiles/

which potentially leaves the user without a working profile.

Home folders are not always accessible to the root user, and may
therefore also not be accessible to the Guix daemon.  In some
networked setups, for example, home folders can be automounted.

In my particular case, the home folder was inaccessible due to my
encrypted filesystem's security policies, which are enforced by FUSE
when using gocryptfs. [1]

The FUSE feature can be turned off [2] and Gocryptfs can 'allow_other'
[3] but that is a large concession and may not solve the daemon's
alleged (mis-)behavior in the general case.

Thank you for reading!

Kind regards
Felix Lechner

[1] https://nuetzlich.net/gocryptfs/
[2] https://unix.stackexchange.com/a/17423
[3] https://manpages.debian.org/bullseye/gocryptfs/gocryptfs.1.en.html




Information forwarded to bug-guix <at> gnu.org:
bug#58640; Package guix. (Thu, 20 Oct 2022 11:42:01 GMT) Full text and rfc822 format available.

Message #8 received at 58640 <at> debbugs.gnu.org (full text, mbox):

From: Liliana Marie Prikler <liliana.prikler <at> ist.tugraz.at>
To: Felix Lechner <felix.lechner <at> lease-up.com>, 58640 <at> debbugs.gnu.org
Subject: Re: Garbage collector ('gc') deletes valid user roots when $HOME is
 inaccessible
Date: Thu, 20 Oct 2022 13:41:02 +0200
Am Mittwoch, dem 19.10.2022 um 10:14 -0700 schrieb Felix Lechner:
> Hi,
> 
> The Guix garbage collector ('gc') deletes valid user roots when those
> links are not resolvable via the user's home folder in places such as
> 
>     ~/.cache/guix/profiles/
> 
> which potentially leaves the user without a working profile.
The output of `guix gc --list-roots' seems to suggest that the actual
garbage collector roots are in /var/guix/profiles (note that root sees
the roots of all users, whereas users only see their own).

More importantly, all GC roots in /home seem to point to the cache used
by guix shell.  By definition, everything in XDG_CACHE_HOME should be
removable without consequences.  Is this not the case here?

Cheers




Information forwarded to bug-guix <at> gnu.org:
bug#58640; Package guix. (Fri, 21 Oct 2022 07:31:02 GMT) Full text and rfc822 format available.

Message #11 received at 58640 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Felix Lechner <felix.lechner <at> lease-up.com>
Cc: 58640 <at> debbugs.gnu.org
Subject: Re: bug#58640: Garbage collector ('gc') deletes valid user roots
 when $HOME is inaccessible
Date: Fri, 21 Oct 2022 09:30:25 +0200
Hi Felix,

Felix Lechner <felix.lechner <at> lease-up.com> skribis:

> The Guix garbage collector ('gc') deletes valid user roots when those
> links are not resolvable via the user's home folder in places such as
>
>     ~/.cache/guix/profiles/
>
> which potentially leaves the user without a working profile.
>
> Home folders are not always accessible to the root user, and may
> therefore also not be accessible to the Guix daemon.  In some
> networked setups, for example, home folders can be automounted.
>
> In my particular case, the home folder was inaccessible due to my
> encrypted filesystem's security policies, which are enforced by FUSE
> when using gocryptfs. [1]

To complement what Liliana wrote, there are two kinds of GC root:
“regular roots” (the symlinks under /var/guix/profiles and
/var/guix/gcroots), and “indirect roots” (symlinks created when you run
‘guix shell’ or when you run ‘guix package -p ~/my-root’).

Indirect roots are invisible to the GC if the file system where they
live is inaccessible.  That’s what you observed.

There’s no good solution I can think of, except not storing indirect
roots on a file system not visible to the GC.

I hope that makes sense!

Thanks,
Ludo’.




Added tag(s) notabug. Request was from Ludovic Courtès <ludo <at> gnu.org> to control <at> debbugs.gnu.org. (Thu, 10 Nov 2022 10:48:03 GMT) Full text and rfc822 format available.

bug closed, send any further explanations to 58640 <at> debbugs.gnu.org and Felix Lechner <felix.lechner <at> lease-up.com> Request was from Ludovic Courtès <ludo <at> gnu.org> to control <at> debbugs.gnu.org. (Thu, 10 Nov 2022 10:48:03 GMT) Full text and rfc822 format available.

bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Thu, 08 Dec 2022 12:24:08 GMT) Full text and rfc822 format available.

This bug report was last modified 1 year and 111 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.