From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 3C6DC138334 for ; Sun, 24 Nov 2019 12:47:31 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8C5D7E0856; Sun, 24 Nov 2019 12:46:40 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2F61DE0844 for ; Sun, 24 Nov 2019 12:46:40 +0000 (UTC) Received: from sf.home (host86-155-193-228.range86-155.btcentralplus.com [86.155.193.228]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: slyfox) by smtp.gentoo.org (Postfix) with ESMTPSA id 4314934D2C1; Sun, 24 Nov 2019 12:46:39 +0000 (UTC) Received: by sf.home (Postfix, from userid 1000) id 7541F25297C0B; Sun, 24 Nov 2019 12:46:30 +0000 (GMT) From: Sergei Trofimovich To: gentoo-dev@lists.gentoo.org Cc: Sergei Trofimovich Subject: [gentoo-dev] [PATCH 0/6] nix and guix GID/UID assignments Date: Sun, 24 Nov 2019 12:46:10 +0000 Message-Id: <20191124124616.691759-1-slyfox@gentoo.org> X-Mailer: git-send-email 2.24.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Archives-Salt: 702fa4db-cf79-44f5-b0d6-68b1337217b9 X-Archives-Hash: 3d75bd7d8f98fbaee9636b0cd549c490 A bit of background: nix and guix are both hermetic builders with precise dependency management: all build inputs are explicit and build outputs should ideally not change if build inputs don't change. Every user in the system can trigger the build via IPC request to the builder daemon (nix-daemon or guix-daemon). For each IPC request builder daemon pick free user from user pool dedicated specifically for building. In case of nix pool group is 'nixbld' and users in that pool are 'nixbld1', 'nixbld2', and so on. There is no fixed limit on a pool size. Nixos creates 32 users: nixbld{1..32}. That way different users can't interfere with one anothers' build. Groups/users have a few properties: - final build results are owned by root:root and never by nixbld{1..10} users - nixbld{1..10} own only temporary build directory while IPC request is handled. Temporary directory is deleted when build is finished. - the more concurrent clients are there the more users should be in the builder group. There is a GID collision: Both nix and guix use GID=30000 for their 'nixbld' and 'guixbuild' groups. As Gentoo allows both to co-exist one of them has to give. I've moved guix down to 31000. I've effectively reserved space for 1000 users for each of them: - 30000..30999 - 31000..31000 and using only 10 of each. Sergei Trofimovich (6): acct-group/nixbld: new group (GID 30000) acct-group/guixbuild: new group (GID 31000) acct-user/nixbld{1..10}: new user (UID {30001..30010) acct-user/guixbuilder{1..10}: new user (UID {31001..31010) sys-apps/nix: switch from user.eclass to acct-*/ depends sys-apps/guix: switch from user.eclass to acct-*/ depends acct-group/guixbuild/guixbuild-0.ebuild | 10 ++ acct-group/guixbuild/metadata.xml | 8 + acct-group/nixbld/metadata.xml | 8 + acct-group/nixbld/nixbld-0.ebuild | 9 + acct-user/guixbuilder1/guixbuilder1-0.ebuild | 13 ++ acct-user/guixbuilder1/metadata.xml | 8 + .../guixbuilder10/guixbuilder10-0.ebuild | 13 ++ acct-user/guixbuilder10/metadata.xml | 8 + acct-user/guixbuilder2/guixbuilder2-0.ebuild | 13 ++ acct-user/guixbuilder2/metadata.xml | 8 + acct-user/guixbuilder3/guixbuilder3-0.ebuild | 13 ++ acct-user/guixbuilder3/metadata.xml | 8 + acct-user/guixbuilder4/guixbuilder4-0.ebuild | 13 ++ acct-user/guixbuilder4/metadata.xml | 8 + acct-user/guixbuilder5/guixbuilder5-0.ebuild | 13 ++ acct-user/guixbuilder5/metadata.xml | 8 + acct-user/guixbuilder6/guixbuilder6-0.ebuild | 13 ++ acct-user/guixbuilder6/metadata.xml | 8 + acct-user/guixbuilder7/guixbuilder7-0.ebuild | 13 ++ acct-user/guixbuilder7/metadata.xml | 8 + acct-user/guixbuilder8/guixbuilder8-0.ebuild | 13 ++ acct-user/guixbuilder8/metadata.xml | 8 + acct-user/guixbuilder9/guixbuilder9-0.ebuild | 13 ++ acct-user/guixbuilder9/metadata.xml | 8 + acct-user/nixbld1/metadata.xml | 8 + acct-user/nixbld1/nixbld1-0.ebuild | 13 ++ acct-user/nixbld10/metadata.xml | 8 + acct-user/nixbld10/nixbld10-0.ebuild | 13 ++ acct-user/nixbld2/metadata.xml | 8 + acct-user/nixbld2/nixbld2-0.ebuild | 13 ++ acct-user/nixbld3/metadata.xml | 8 + acct-user/nixbld3/nixbld3-0.ebuild | 13 ++ acct-user/nixbld4/metadata.xml | 8 + acct-user/nixbld4/nixbld4-0.ebuild | 13 ++ acct-user/nixbld5/metadata.xml | 8 + acct-user/nixbld5/nixbld5-0.ebuild | 13 ++ acct-user/nixbld6/metadata.xml | 8 + acct-user/nixbld6/nixbld6-0.ebuild | 13 ++ acct-user/nixbld7/metadata.xml | 8 + acct-user/nixbld7/nixbld7-0.ebuild | 13 ++ acct-user/nixbld8/metadata.xml | 8 + acct-user/nixbld8/nixbld8-0.ebuild | 13 ++ acct-user/nixbld9/metadata.xml | 8 + acct-user/nixbld9/nixbld9-0.ebuild | 13 ++ sys-apps/guix/guix-1.0.1-r2.ebuild | 165 ++++++++++++++++++ sys-apps/nix/nix-2.3.1-r1.ebuild | 145 +++++++++++++++ 46 files changed, 765 insertions(+) create mode 100644 acct-group/guixbuild/guixbuild-0.ebuild create mode 100644 acct-group/guixbuild/metadata.xml create mode 100644 acct-group/nixbld/metadata.xml create mode 100644 acct-group/nixbld/nixbld-0.ebuild create mode 100644 acct-user/guixbuilder1/guixbuilder1-0.ebuild create mode 100644 acct-user/guixbuilder1/metadata.xml create mode 100644 acct-user/guixbuilder10/guixbuilder10-0.ebuild create mode 100644 acct-user/guixbuilder10/metadata.xml create mode 100644 acct-user/guixbuilder2/guixbuilder2-0.ebuild create mode 100644 acct-user/guixbuilder2/metadata.xml create mode 100644 acct-user/guixbuilder3/guixbuilder3-0.ebuild create mode 100644 acct-user/guixbuilder3/metadata.xml create mode 100644 acct-user/guixbuilder4/guixbuilder4-0.ebuild create mode 100644 acct-user/guixbuilder4/metadata.xml create mode 100644 acct-user/guixbuilder5/guixbuilder5-0.ebuild create mode 100644 acct-user/guixbuilder5/metadata.xml create mode 100644 acct-user/guixbuilder6/guixbuilder6-0.ebuild create mode 100644 acct-user/guixbuilder6/metadata.xml create mode 100644 acct-user/guixbuilder7/guixbuilder7-0.ebuild create mode 100644 acct-user/guixbuilder7/metadata.xml create mode 100644 acct-user/guixbuilder8/guixbuilder8-0.ebuild create mode 100644 acct-user/guixbuilder8/metadata.xml create mode 100644 acct-user/guixbuilder9/guixbuilder9-0.ebuild create mode 100644 acct-user/guixbuilder9/metadata.xml create mode 100644 acct-user/nixbld1/metadata.xml create mode 100644 acct-user/nixbld1/nixbld1-0.ebuild create mode 100644 acct-user/nixbld10/metadata.xml create mode 100644 acct-user/nixbld10/nixbld10-0.ebuild create mode 100644 acct-user/nixbld2/metadata.xml create mode 100644 acct-user/nixbld2/nixbld2-0.ebuild create mode 100644 acct-user/nixbld3/metadata.xml create mode 100644 acct-user/nixbld3/nixbld3-0.ebuild create mode 100644 acct-user/nixbld4/metadata.xml create mode 100644 acct-user/nixbld4/nixbld4-0.ebuild create mode 100644 acct-user/nixbld5/metadata.xml create mode 100644 acct-user/nixbld5/nixbld5-0.ebuild create mode 100644 acct-user/nixbld6/metadata.xml create mode 100644 acct-user/nixbld6/nixbld6-0.ebuild create mode 100644 acct-user/nixbld7/metadata.xml create mode 100644 acct-user/nixbld7/nixbld7-0.ebuild create mode 100644 acct-user/nixbld8/metadata.xml create mode 100644 acct-user/nixbld8/nixbld8-0.ebuild create mode 100644 acct-user/nixbld9/metadata.xml create mode 100644 acct-user/nixbld9/nixbld9-0.ebuild create mode 100644 sys-apps/guix/guix-1.0.1-r2.ebuild create mode 100644 sys-apps/nix/nix-2.3.1-r1.ebuild -- 2.24.0