From unknown Mon Aug 18 14:25:37 2025
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
Content-Type: text/plain; charset=utf-8
From: bug#38800 <38800@debbugs.gnu.org>
To: bug#38800 <38800@debbugs.gnu.org>
Subject: Status: Non-existent setuid programs make "guix system
 reconfigure" break mid-generation-switch
Reply-To: bug#38800 <38800@debbugs.gnu.org>
Date: Mon, 18 Aug 2025 21:25:37 +0000

retitle 38800 Non-existent setuid programs make "guix system reconfigure" b=
reak mid-generation-switch
reassign 38800 guix
submitter 38800 Jakub K=C4=85dzio=C5=82ka <kuba@kadziolka.net>
severity 38800 normal

thanks


From debbugs-submit-bounces@debbugs.gnu.org Sun Dec 29 17:06:31 2019
Received: (at submit) by debbugs.gnu.org; 29 Dec 2019 22:06:31 +0000
Received: from localhost ([127.0.0.1]:60310 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1ilghi-0005VA-I8
	for submit@debbugs.gnu.org; Sun, 29 Dec 2019 17:06:31 -0500
Received: from lists.gnu.org ([209.51.188.17]:40059)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <kuba@kadziolka.net>) id 1ilf6P-00018N-Nj
 for submit@debbugs.gnu.org; Sun, 29 Dec 2019 15:23:54 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:49282)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <kuba@kadziolka.net>) id 1ilf6O-0001oJ-GU
 for bug-guix@gnu.org; Sun, 29 Dec 2019 15:23:53 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RCVD_IN_DNSWL_NONE,
 URIBL_BLOCKED autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <kuba@kadziolka.net>) id 1ilf6M-00032b-8T
 for bug-guix@gnu.org; Sun, 29 Dec 2019 15:23:52 -0500
Received: from pat.zlotemysli.pl ([37.59.186.212]:35040)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <kuba@kadziolka.net>) id 1ilf6L-0002uh-UB
 for bug-guix@gnu.org; Sun, 29 Dec 2019 15:23:50 -0500
Received: (qmail 18616 invoked by uid 1009); 29 Dec 2019 21:23:47 +0100
Received: from 188.123.215.55 (kuba@kadziolka.net@188.123.215.55) by pat
 (envelope-from <kuba@kadziolka.net>, uid 1002) with qmail-scanner-2.08st 
 (clamdscan: 0.98.6/25677. spamassassin: 3.4.0. perlscan: 2.08st.  
 Clear:RC:1(188.123.215.55):. 
 Processed in 0.01036 secs); 29 Dec 2019 20:23:47 -0000
Received: from unknown (HELO zdrowyportier.kadziolka.net)
 (kuba@kadziolka.net@188.123.215.55)
 by pat.zlotemysli.pl with SMTP; 29 Dec 2019 21:23:47 +0100
Date: Sun, 29 Dec 2019 21:23:46 +0100
From: Jakub =?utf-8?B?S8SFZHppb8WCa2E=?= <kuba@kadziolka.net>
To: bug-guix@gnu.org
Subject: Non-existent setuid programs make "guix system reconfigure" break
 mid-generation-switch
Message-ID: <20191229202346.p3nixfhsanw4oy4s@zdrowyportier.kadziolka.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [fuzzy]
X-Received-From: 37.59.186.212
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Sun, 29 Dec 2019 17:06:28 -0500
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Steps to reproduce:

0. [IMPORTANT] Make sure you will be able to reconfigure your system
   when all setuid binaries stop working (this includes sudo, which
   makes this, IMHO, a serious bug).

   Namely, either make sure you can log in as root, or keep a "sudo -s"
   shell open. The latter is slightly more dangerous in the event of a
   power outage.

   I would also recommend running "guix pull" in this recovery shell, as
   a root login shell will use root's profile, and not your own.
1. Add a non-existant file to your system configuration's
   setuid-programs. For example,

   (setuid-programs (cons*
                      #~(string-append #$bash "/bin/enoent")
                      %setuid-programs))

2. Reconfigure your system.

   $ sudo guix system reconfigure /etc/config.scm

Actual behavior:

   activating system...
   substitute: updating substitutes from 'https://ci.guix.gnu.org'...  100.0%
   building /gnu/store/0ay9wd3wz4x0f5mgmbdfs72w98qvm68z-switch-to-system.scm.drv...
   making '/gnu/store/7vwa2xd378fgwrkgwif7pi6ymshsf2jc-system' the current system...
   setting up setuid programs in '/run/setuid-programs'...
   guix system: error: copy-file: No such file or directory: "/run/setuid-programs/enoent"
   $ sudoedit /etc/config.scm
   -bash: /run/setuid-programs/sudoedit: No such file or directory
   $ ls -l /run/setuid-programs
   total 0

Expected behavior: the running system is left untouched.
/run/setuid-programs is still populated with the previous generation's
setuid programs. The error message says that the source of the copy-file
doesn't exist, not the destination. (While the latter is technically
correct, it's utterly unhelpful)

3. [OPTIONAL] Run a rollback.

   # guix system roll-back

Expected behavior: /run/setuid-programs gets populated again.
Actual behavior: /run/setuid-programs is still empty.

(Is this a separate bug with roll-back not restoring setuid-programs? No
idea, didn't test)

4. Remove the changes made to the configuration and run reconfigure
   again.

   # guix system reconfigure /etc/config.scm

Expected & actual behavior: system is back in (AFAIK) a well-defined
state.

Regards,
Jakub Kądziołka




From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 02 13:45:39 2020
Received: (at 38800-done) by debbugs.gnu.org; 2 Jan 2020 18:45:40 +0000
Received: from localhost ([127.0.0.1]:40021 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1in5TX-0004qX-LQ
	for submit@debbugs.gnu.org; Thu, 02 Jan 2020 13:45:39 -0500
Received: from eggs.gnu.org ([209.51.188.92]:38969)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1in5TW-0004qG-0I
 for 38800-done@debbugs.gnu.org; Thu, 02 Jan 2020 13:45:38 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:60461)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1in5TQ-0007cQ-G2; Thu, 02 Jan 2020 13:45:32 -0500
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=50352 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1in5TL-00088I-Cf; Thu, 02 Jan 2020 13:45:32 -0500
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: Jakub =?utf-8?B?S8SFZHppb8WCa2E=?= <kuba@kadziolka.net>
Subject: Re: bug#38800: Non-existent setuid programs make "guix system
 reconfigure" break mid-generation-switch
References: <20191229202346.p3nixfhsanw4oy4s@zdrowyportier.kadziolka.net>
Date: Thu, 02 Jan 2020 19:45:25 +0100
In-Reply-To: <20191229202346.p3nixfhsanw4oy4s@zdrowyportier.kadziolka.net>
 ("Jakub \=\?utf-8\?B\?S8SFZHppb8WCa2EiJ3M\=\?\= message of "Sun, 29 Dec 2019
 21:23:46 +0100")
Message-ID: <8736cxu27u.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 38800-done
Cc: 38800-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hello,

Jakub K=C4=85dzio=C5=82ka <kuba@kadziolka.net> skribis:

> Steps to reproduce:
>
> 0. [IMPORTANT] Make sure you will be able to reconfigure your system
>    when all setuid binaries stop working (this includes sudo, which
>    makes this, IMHO, a serious bug).
>
>    Namely, either make sure you can log in as root, or keep a "sudo -s"
>    shell open. The latter is slightly more dangerous in the event of a
>    power outage.
>
>    I would also recommend running "guix pull" in this recovery shell, as
>    a root login shell will use root's profile, and not your own.
> 1. Add a non-existant file to your system configuration's
>    setuid-programs. For example,
>
>    (setuid-programs (cons*
>                       #~(string-append #$bash "/bin/enoent")
>                       %setuid-programs))
>
> 2. Reconfigure your system.
>
>    $ sudo guix system reconfigure /etc/config.scm
>
> Actual behavior:
>
>    activating system...
>    substitute: updating substitutes from 'https://ci.guix.gnu.org'...  10=
0.0%
>    building /gnu/store/0ay9wd3wz4x0f5mgmbdfs72w98qvm68z-switch-to-system.=
scm.drv...
>    making '/gnu/store/7vwa2xd378fgwrkgwif7pi6ymshsf2jc-system' the curren=
t system...
>    setting up setuid programs in '/run/setuid-programs'...
>    guix system: error: copy-file: No such file or directory: "/run/setuid=
-programs/enoent"
>    $ sudoedit /etc/config.scm
>    -bash: /run/setuid-programs/sudoedit: No such file or directory
>    $ ls -l /run/setuid-programs
>    total 0

Good catch, I believe commit 7c4e4bac876190eae90635ba7d7f59892c31bcc6
fixes it.

> 3. [OPTIONAL] Run a rollback.
>
>    # guix system roll-back
>
> Expected behavior: /run/setuid-programs gets populated again.
> Actual behavior: /run/setuid-programs is still empty.
>
> (Is this a separate bug with roll-back not restoring setuid-programs? No
> idea, didn't test)

It looks like a separate bug, yes.  Could you report it separately?

Thanks!

Ludo=E2=80=99.




From unknown Mon Aug 18 14:25:37 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Fri, 31 Jan 2020 12:24:03 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator