From: Sergei Trofimovich <slyfox@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Cc: Sergei Trofimovich <slyfox@gentoo.org>
Subject: [gentoo-dev] [PATCH 0/6] nix and guix GID/UID assignments
Date: Sun, 24 Nov 2019 12:46:10 +0000 [thread overview]
Message-ID: <20191124124616.691759-1-slyfox@gentoo.org> (raw)
A bit of background:
nix and guix are both hermetic builders with precise dependency
management: all build inputs are explicit and build outputs should
ideally not change if build inputs don't change.
Every user in the system can trigger the build via IPC request
to the builder daemon (nix-daemon or guix-daemon).
For each IPC request builder daemon pick free user from user pool
dedicated specifically for building. In case of nix pool group
is 'nixbld' and users in that pool are 'nixbld1', 'nixbld2', and so
on. There is no fixed limit on a pool size. Nixos creates 32 users:
nixbld{1..32}.
That way different users can't interfere with one anothers' build.
Groups/users have a few properties:
- final build results are owned by root:root and never by
nixbld{1..10} users
- nixbld{1..10} own only temporary build directory while IPC
request is handled. Temporary directory is deleted when build
is finished.
- the more concurrent clients are there the more users should
be in the builder group.
There is a GID collision:
Both nix and guix use GID=30000 for their 'nixbld'
and 'guixbuild' groups. As Gentoo allows both to co-exist
one of them has to give. I've moved guix down to 31000.
I've effectively reserved space for 1000 users for each of them:
- 30000..30999
- 31000..31000
and using only 10 of each.
Sergei Trofimovich (6):
acct-group/nixbld: new group (GID 30000)
acct-group/guixbuild: new group (GID 31000)
acct-user/nixbld{1..10}: new user (UID {30001..30010)
acct-user/guixbuilder{1..10}: new user (UID {31001..31010)
sys-apps/nix: switch from user.eclass to acct-*/ depends
sys-apps/guix: switch from user.eclass to acct-*/ depends
acct-group/guixbuild/guixbuild-0.ebuild | 10 ++
acct-group/guixbuild/metadata.xml | 8 +
acct-group/nixbld/metadata.xml | 8 +
acct-group/nixbld/nixbld-0.ebuild | 9 +
acct-user/guixbuilder1/guixbuilder1-0.ebuild | 13 ++
acct-user/guixbuilder1/metadata.xml | 8 +
.../guixbuilder10/guixbuilder10-0.ebuild | 13 ++
acct-user/guixbuilder10/metadata.xml | 8 +
acct-user/guixbuilder2/guixbuilder2-0.ebuild | 13 ++
acct-user/guixbuilder2/metadata.xml | 8 +
acct-user/guixbuilder3/guixbuilder3-0.ebuild | 13 ++
acct-user/guixbuilder3/metadata.xml | 8 +
acct-user/guixbuilder4/guixbuilder4-0.ebuild | 13 ++
acct-user/guixbuilder4/metadata.xml | 8 +
acct-user/guixbuilder5/guixbuilder5-0.ebuild | 13 ++
acct-user/guixbuilder5/metadata.xml | 8 +
acct-user/guixbuilder6/guixbuilder6-0.ebuild | 13 ++
acct-user/guixbuilder6/metadata.xml | 8 +
acct-user/guixbuilder7/guixbuilder7-0.ebuild | 13 ++
acct-user/guixbuilder7/metadata.xml | 8 +
acct-user/guixbuilder8/guixbuilder8-0.ebuild | 13 ++
acct-user/guixbuilder8/metadata.xml | 8 +
acct-user/guixbuilder9/guixbuilder9-0.ebuild | 13 ++
acct-user/guixbuilder9/metadata.xml | 8 +
acct-user/nixbld1/metadata.xml | 8 +
acct-user/nixbld1/nixbld1-0.ebuild | 13 ++
acct-user/nixbld10/metadata.xml | 8 +
acct-user/nixbld10/nixbld10-0.ebuild | 13 ++
acct-user/nixbld2/metadata.xml | 8 +
acct-user/nixbld2/nixbld2-0.ebuild | 13 ++
acct-user/nixbld3/metadata.xml | 8 +
acct-user/nixbld3/nixbld3-0.ebuild | 13 ++
acct-user/nixbld4/metadata.xml | 8 +
acct-user/nixbld4/nixbld4-0.ebuild | 13 ++
acct-user/nixbld5/metadata.xml | 8 +
acct-user/nixbld5/nixbld5-0.ebuild | 13 ++
acct-user/nixbld6/metadata.xml | 8 +
acct-user/nixbld6/nixbld6-0.ebuild | 13 ++
acct-user/nixbld7/metadata.xml | 8 +
acct-user/nixbld7/nixbld7-0.ebuild | 13 ++
acct-user/nixbld8/metadata.xml | 8 +
acct-user/nixbld8/nixbld8-0.ebuild | 13 ++
acct-user/nixbld9/metadata.xml | 8 +
acct-user/nixbld9/nixbld9-0.ebuild | 13 ++
sys-apps/guix/guix-1.0.1-r2.ebuild | 165 ++++++++++++++++++
sys-apps/nix/nix-2.3.1-r1.ebuild | 145 +++++++++++++++
46 files changed, 765 insertions(+)
create mode 100644 acct-group/guixbuild/guixbuild-0.ebuild
create mode 100644 acct-group/guixbuild/metadata.xml
create mode 100644 acct-group/nixbld/metadata.xml
create mode 100644 acct-group/nixbld/nixbld-0.ebuild
create mode 100644 acct-user/guixbuilder1/guixbuilder1-0.ebuild
create mode 100644 acct-user/guixbuilder1/metadata.xml
create mode 100644 acct-user/guixbuilder10/guixbuilder10-0.ebuild
create mode 100644 acct-user/guixbuilder10/metadata.xml
create mode 100644 acct-user/guixbuilder2/guixbuilder2-0.ebuild
create mode 100644 acct-user/guixbuilder2/metadata.xml
create mode 100644 acct-user/guixbuilder3/guixbuilder3-0.ebuild
create mode 100644 acct-user/guixbuilder3/metadata.xml
create mode 100644 acct-user/guixbuilder4/guixbuilder4-0.ebuild
create mode 100644 acct-user/guixbuilder4/metadata.xml
create mode 100644 acct-user/guixbuilder5/guixbuilder5-0.ebuild
create mode 100644 acct-user/guixbuilder5/metadata.xml
create mode 100644 acct-user/guixbuilder6/guixbuilder6-0.ebuild
create mode 100644 acct-user/guixbuilder6/metadata.xml
create mode 100644 acct-user/guixbuilder7/guixbuilder7-0.ebuild
create mode 100644 acct-user/guixbuilder7/metadata.xml
create mode 100644 acct-user/guixbuilder8/guixbuilder8-0.ebuild
create mode 100644 acct-user/guixbuilder8/metadata.xml
create mode 100644 acct-user/guixbuilder9/guixbuilder9-0.ebuild
create mode 100644 acct-user/guixbuilder9/metadata.xml
create mode 100644 acct-user/nixbld1/metadata.xml
create mode 100644 acct-user/nixbld1/nixbld1-0.ebuild
create mode 100644 acct-user/nixbld10/metadata.xml
create mode 100644 acct-user/nixbld10/nixbld10-0.ebuild
create mode 100644 acct-user/nixbld2/metadata.xml
create mode 100644 acct-user/nixbld2/nixbld2-0.ebuild
create mode 100644 acct-user/nixbld3/metadata.xml
create mode 100644 acct-user/nixbld3/nixbld3-0.ebuild
create mode 100644 acct-user/nixbld4/metadata.xml
create mode 100644 acct-user/nixbld4/nixbld4-0.ebuild
create mode 100644 acct-user/nixbld5/metadata.xml
create mode 100644 acct-user/nixbld5/nixbld5-0.ebuild
create mode 100644 acct-user/nixbld6/metadata.xml
create mode 100644 acct-user/nixbld6/nixbld6-0.ebuild
create mode 100644 acct-user/nixbld7/metadata.xml
create mode 100644 acct-user/nixbld7/nixbld7-0.ebuild
create mode 100644 acct-user/nixbld8/metadata.xml
create mode 100644 acct-user/nixbld8/nixbld8-0.ebuild
create mode 100644 acct-user/nixbld9/metadata.xml
create mode 100644 acct-user/nixbld9/nixbld9-0.ebuild
create mode 100644 sys-apps/guix/guix-1.0.1-r2.ebuild
create mode 100644 sys-apps/nix/nix-2.3.1-r1.ebuild
--
2.24.0
next reply other threads:[~2019-11-24 12:47 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-24 12:46 Sergei Trofimovich [this message]
2019-11-24 12:46 ` [gentoo-dev] [PATCH 1/6] acct-group/nixbld: new group (GID 30000) Sergei Trofimovich
2019-11-24 12:46 ` [gentoo-dev] [PATCH 2/6] acct-group/guixbuild: new group (GID 31000) Sergei Trofimovich
2019-11-24 12:46 ` [gentoo-dev] [PATCH 3/6] acct-user/nixbld{1..10}: new user (UID {30001..30010) Sergei Trofimovich
2019-11-24 12:46 ` [gentoo-dev] [PATCH 4/6] acct-user/guixbuilder{1..10}: new user (UID {31001..31010) Sergei Trofimovich
2019-11-24 12:46 ` [gentoo-dev] [PATCH 5/6] sys-apps/nix: switch from user.eclass to acct-*/ depends Sergei Trofimovich
2019-11-24 12:46 ` [gentoo-dev] [PATCH 6/6] sys-apps/guix: " Sergei Trofimovich
2019-11-24 12:57 ` [gentoo-dev] [PATCH 0/6] nix and guix GID/UID assignments Ulrich Mueller
2019-11-24 13:23 ` Sergei Trofimovich
2019-11-24 16:19 ` Ulrich Mueller
2019-11-24 20:35 ` Sergei Trofimovich
2019-11-25 16:24 ` David Seifert
2019-11-25 20:28 ` Sergei Trofimovich
2019-11-25 20:32 ` Michał Górny
2019-11-25 20:38 ` Sergei Trofimovich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191124124616.691759-1-slyfox@gentoo.org \
--to=slyfox@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox