For ‘guix pack -RR’ packs, unlike the “userns” and “proot” execution engines, the “fakechroot” execution engine doesn’t survive ‘exec’ calls:
--8<---------------cut here---------------start------------->8--- $ mkdir -p /tmp/fakechroot-test && cd /tmp/fakechroot-test/ && tar xf $(guix pack -RR openmpi intel-mpi-benchmarks bash-minimal -S /bin=bin) $ unshare -m -U -r -f sh -c 'mount -t tmpfs none /gnu; GUIX_EXECUTION_ENGINE=fakechroot /tmp/fakechroot-test/bin/bash' bash-5.1# echo /gnu/store/*coreutils*/bin/ls /gnu/store/d251rfgc9nm2clzffzhgiipdvfvzkvwi-coreutils-8.32/bin/ls /gnu/store/vqdsrvs9jbn0ix2a58s99jwkh74124y5-coreutils-minimal-8.32/bin/ls bash-5.1# test -f /gnu/store/*coreutils-8*/bin/ls bash-5.1# echo $? 0 bash-5.1# /gnu/store/*coreutils-8*/bin/ls bash: /gnu/store/d251rfgc9nm2clzffzhgiipdvfvzkvwi-coreutils-8.32/bin/ls: No such file or directory --8<---------------cut here---------------end--------------->8--- This is because the ELF interpreter of the unwrapped ‘ls’ binary remains /gnu/store/…-glibc-2.33/lib/ld-linux-x86-64-so.2 and no LD_PRELOAD interposition can address that. In this case, adding ‘coreutils’ to the profile (on the ‘guix pack’ command line) would give us wrapped binaries, and the problem is solved. But in other cases, it’s not that simple. For instance, libmpi.so from Open MPI tries to exec one its programs, using its absolute file name: --8<---------------cut here---------------start------------->8--- $ unshare -m -U -r -f sh -c 'mount -t tmpfs none /gnu; GUIX_EXECUTION_ENGINE=fakechroot /tmp/fakechroot-test/bin/IMB-MPI1' -------------------------------------------------------------------------- The singleton application was not able to find the executable "orted" in your PATH or in the directory where Open MPI/OpenRTE was initially installed, and therefore cannot continue. For reference, we tried the following command: /gnu/store/c7g9qalmbz4a94hwzk1v1cbq7n5m8plq-openmpi-4.1.4/bin/orted and got the error No such file or directory. […] --8<---------------cut here---------------end--------------->8--- I can think of several ways to address that: 1. Change the exec* wrappers in libfakechroot such that, on ENOENT, they try a direct ld.so invocation to run program, like ‘run-in-namespace.c’ does. Problem is that for this to work correctly, it would need to compute the ‘--library-path’ argument at run time, by computing the equivalent of (map dirname (file-needed/recursive program)). Impractical at best. 2. Wrap/graft every package in the closure (as opposed to generating wrappers for just those packages that appear in the profile, which is what ‘guix pack’ currently does). The downside is that the “userns” and “proot” execution engines don’t need something this heavyweight: they just need a leaf package to be wrapped. 3. Ignore the problem. After all, we’re talking about a corner case of the “fakechroot” engine, which is a niche within a niche. Food for thought… Ludo’.