1. 21

Wellons has put a lot more work into this than I did, though I enjoy what I believe to be the same benefits.

I guess I haven’t encountered the library issue yet.

I just set my PREFIX= to ~/bin/emacs.app, then after make install, I do something like cd ~/bin; find emacs.app -executable -exec ln -s {} \;.

The result is:

sebboh@namagiri:~$ ls -al ~/bin
total 196
drwxr-xr-x 1 sebboh sebboh  602 May  3 13:26 .
drwxr-xr-x 1 sebboh sebboh 1124 Jun 22 17:44 ..
lrwxrwxrwx 1 sebboh sebboh   27 May  3 13:26 acyclic -> ../graphviz.app/bin/acyclic
lrwxrwxrwx 1 sebboh sebboh   26 May  3 13:26 bcomps -> ../graphviz.app/bin/bcomps
lrwxrwxrwx 1 sebboh sebboh   20 May  3 13:26 bin -> ../graphviz.app/bin/
lrwxrwxrwx 1 sebboh sebboh   26 May  3 13:26 ccomps -> ../graphviz.app/bin/ccomps
lrwxrwxrwx 1 sebboh sebboh   25 May  3 13:26 circo -> ../graphviz.app/bin/circo
lrwxrwxrwx 1 sebboh sebboh   27 May  3 13:26 cluster -> ../graphviz.app/bin/cluster
lrwxrwxrwx 1 sebboh sebboh   28 May  3 13:26 dijkstra -> ../graphviz.app/bin/dijkstra
lrwxrwxrwx 1 sebboh sebboh   24 Aug  5  2016 dlc -> /home/sebboh/src/dlc/dlc
lrwxrwxrwx 1 sebboh sebboh   23 May  3 13:26 dot -> ../graphviz.app/bin/dot
lrwxrwxrwx 1 sebboh sebboh   27 May  3 13:26 dot2gxl -> ../graphviz.app/bin/dot2gxl
lrwxrwxrwx 1 sebboh sebboh   32 May  3 13:26 dot_builtins -> ../graphviz.app/bin/dot_builtins
lrwxrwxrwx 1 sebboh sebboh   25 May  3 13:26 dotty -> ../graphviz.app/bin/dotty
lrwxrwxrwx 1 sebboh sebboh   29 May  3 13:26 edgepaint -> ../graphviz.app/bin/edgepaint
lrwxrwxrwx 1 sebboh sebboh   19 Jul  8  2016 emacs -> emacs.app/bin/emacs
drwxr-xr-x 1 sebboh sebboh   36 Jul  8  2016 emacs.app
lrwxrwxrwx 1 sebboh sebboh   25 Jul  8  2016 emacsclient -> emacs.app/bin/emacsclient
lrwxrwxrwx 1 sebboh sebboh   23 May  3 13:26 fdp -> ../graphviz.app/bin/fdp
lrwxrwxrwx 1 sebboh sebboh   22 May  3 13:26 gc -> ../graphviz.app/bin/gc
lrwxrwxrwx 1 sebboh sebboh   26 May  3 13:26 gml2gv -> ../graphviz.app/bin/gml2gv
lrwxrwxrwx 1 sebboh sebboh   30 May  3 13:26 graphml2gv -> ../graphviz.app/bin/graphml2gv
lrwxrwxrwx 1 sebboh sebboh   26 May  3 13:26 gv2gml -> ../graphviz.app/bin/gv2gml
lrwxrwxrwx 1 sebboh sebboh   26 May  3 13:26 gv2gxl -> ../graphviz.app/bin/gv2gxl
lrwxrwxrwx 1 sebboh sebboh   27 May  3 13:26 gvcolor -> ../graphviz.app/bin/gvcolor
lrwxrwxrwx 1 sebboh sebboh   26 May  3 13:26 gvedit -> ../graphviz.app/bin/gvedit
lrwxrwxrwx 1 sebboh sebboh   25 May  3 13:26 gvgen -> ../graphviz.app/bin/gvgen
lrwxrwxrwx 1 sebboh sebboh   25 May  3 13:26 gvmap -> ../graphviz.app/bin/gvmap
lrwxrwxrwx 1 sebboh sebboh   28 May  3 13:26 gvmap.sh -> ../graphviz.app/bin/gvmap.sh
lrwxrwxrwx 1 sebboh sebboh   26 May  3 13:26 gvpack -> ../graphviz.app/bin/gvpack
lrwxrwxrwx 1 sebboh sebboh   24 May  3 13:26 gvpr -> ../graphviz.app/bin/gvpr
lrwxrwxrwx 1 sebboh sebboh   27 May  3 13:26 gxl2dot -> ../graphviz.app/bin/gxl2dot
lrwxrwxrwx 1 sebboh sebboh   26 May  3 13:26 gxl2gv -> ../graphviz.app/bin/gxl2gv
lrwxrwxrwx 1 sebboh sebboh   25 May  3 13:26 lefty -> ../graphviz.app/bin/lefty
lrwxrwxrwx 1 sebboh sebboh   26 May  3 13:26 lneato -> ../graphviz.app/bin/lneato
lrwxrwxrwx 1 sebboh sebboh   25 May  3 13:26 mm2gv -> ../graphviz.app/bin/mm2gv
lrwxrwxrwx 1 sebboh sebboh   27 Sep 12  2016 mr -> /home/sebboh/src/myrepos/mr
lrwxrwxrwx 1 sebboh sebboh   25 May  3 13:26 neato -> ../graphviz.app/bin/neato
lrwxrwxrwx 1 sebboh sebboh   23 May  3 13:26 nop -> ../graphviz.app/bin/nop
lrwxrwxrwx 1 sebboh sebboh   25 May  3 13:26 osage -> ../graphviz.app/bin/osage
lrwxrwxrwx 1 sebboh sebboh   29 May  3 13:26 patchwork -> ../graphviz.app/bin/patchwork
lrwxrwxrwx 1 sebboh sebboh   25 May  3 13:26 prune -> ../graphviz.app/bin/prune
-rwxr-xr-x 1 sebboh sebboh  223 Sep 12  2016 replify
lrwxrwxrwx 1 sebboh sebboh   17 Jul  6  2016 sbcl -> sbcl.app/bin/sbcl
drwxr-xr-x 1 sebboh sebboh   22 Jul  6  2016 sbcl.app
lrwxrwxrwx 1 sebboh sebboh   26 May  3 13:26 sccmap -> ../graphviz.app/bin/sccmap
lrwxrwxrwx 1 sebboh sebboh   24 May  3 13:26 sfdp -> ../graphviz.app/bin/sfdp
lrwxrwxrwx 1 sebboh sebboh   28 Apr 21 16:07 siv -> /home/sebboh/src/siv/src/siv
lrwxrwxrwx 1 sebboh sebboh   32 Jun  1  2016 stumpwm -> /home/hobbes/src/stumpwm/stumpwm
lrwxrwxrwx 1 sebboh sebboh   24 May  3 13:26 tred -> ../graphviz.app/bin/tred
lrwxrwxrwx 1 sebboh sebboh   25 May  3 13:26 twopi -> ../graphviz.app/bin/twopi
lrwxrwxrwx 1 sebboh sebboh   29 May  3 13:26 unflatten -> ../graphviz.app/bin/unflatten
lrwxrwxrwx 1 sebboh sebboh   26 May  3 13:26 vimdot -> ../graphviz.app/bin/vimdot

I thought that I’d version all the *.app directories, but in practice, this isn’t really needed, because I got more than one machine… Who cares if emacs is broken for a day or two on one of them?

  1.  

  2. 3

    If you can have someone install Nix in multi-user mode, then everyone with permissions to connect to the daemon can build local environments. It’s nice to have user-local binaries, but I’m not sure I can think of a scenario where running code on someone else’s server is valuable enough to justify giving up package management.

    1. 3

      On the sliding scale of “installing software locally”:

      1. run software straight from the build directory (doesn’t work for all software)
      2. make PREFIX=$HOME/.local install as described here
      3. Install the application to some subdirectory like ~/.local/stowables/theapplication-1.2.3 and use GNU Stow to symlink it into place
      4. Nix

      Also, answering this:

      Fortunately, Debian and Debian-derived systems, using a mechanism I haven’t yet figured out, discover home directory man pages automatically without any assistance.

      From the output of manpath --debug:

      path directory /home/st/.local/bin is not in the config file
      but does have a ../man, man, ../share/man, or share/man subdirectory
      adding /home/st/.local/share/man to manpath
      

      So basically it guesses based on $PATH.

      1. 2

        AppFS ( http://appfs.rkeene.org/ ) solves this problem, and takes it further to include de-duplication, distribution, authentication, and local modifications.

        1. 1

          Filesystems are powerful tools (like what we can see with plan9, 9p…) !

          Tanks for sharing, I like the idea.

        2. 2

          A coworker once pointed out to me that one of the big dangers of putting programs in $HOME like this is that now a malicious program can easily replace your installation of node or ghc or whatever.

          I don’t know how worried I am about this, given that the attacker would already have to have home access. But something to think about

          If anything it’s proof that file systems aren’t a great abstraction for organizing code that needs to be executed

          1. 4

            A malicious program can do this by modifying $PATH in the appropriate startup shell script (you have audited the which command, right?).

            So what is the appropriate abstraction for organizing code that needs to be executed?

            1. 2

              The problem is more that ideally a user should not have both write and execute permissions to a location, such as $HOME or /tmp.

              Under UNIX a noexec flag for the mount solves a lot of problems and since WinXP there has bee Software Restriction Policies (including by path) to get the same effect.

              The result, a lot of malicious simply stops working.

              1. 2

                I am a programmer, so mounting my $HOME with noexec renders my box useless. This is no solution.

                1. 2

                  …or you create a separate mountpoint for your code in; such as /usr/src or $HOME/stuff or whatever your preference is.

                  1. 2

                    But then we’re back to the original issue aren’t we?

                    1. 1

                      Yes.

                      Malicious software (for now) just pokes the common locations such as /tmp or $HOME and not search everywhere for possible write/exec points. Setting these locations up to stop this can only be a good thing.

                      Of course this is a kind of security by obscurity but it is free and not intrusive.

                    2. 1

                      Such as opt ? Is it what opt is for ?

              2. 1

                I wrote a package installer script (BUILD) doing this, along with a service management script (SERVICE): http://github.com/josuah/etc

                Both are really not smart (70~80 lines). What they do could be done by hand…

                Setting up your own embedded system across all distros (including BSD if you enable procfs(5)) feels good!

                And indeed, bootstrapping gcc or clang is a pain (chaining compilation from older version to newer version up to the latest: the first one cannot compile the last one directly).