From unknown Sat Sep 20 07:49:23 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#55892 <55892@debbugs.gnu.org> To: bug#55892 <55892@debbugs.gnu.org> Subject: Status: [PATCH] pull: Fail if cache directory ownership is suspect. Reply-To: bug#55892 <55892@debbugs.gnu.org> Date: Sat, 20 Sep 2025 14:49:23 +0000 retitle 55892 [PATCH] pull: Fail if cache directory ownership is suspect. reassign 55892 guix-patches submitter 55892 Tobias Geerinckx-Rice severity 55892 normal tag 55892 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 10 12:07:43 2022 Received: (at submit) by debbugs.gnu.org; 10 Jun 2022 16:07:43 +0000 Received: from localhost ([127.0.0.1]:51092 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nzhAk-00033i-Oj for submit@debbugs.gnu.org; Fri, 10 Jun 2022 12:07:43 -0400 Received: from lists.gnu.org ([209.51.188.17]:60126) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nzhAh-00033Z-Gd for submit@debbugs.gnu.org; Fri, 10 Jun 2022 12:07:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37098) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nzhAh-0007J1-Ci for guix-patches@gnu.org; Fri, 10 Jun 2022 12:07:39 -0400 Received: from tobias.gr ([2a02:c205:2020:6054::1]:58960) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nzhAd-0007D2-01 for guix-patches@gnu.org; Fri, 10 Jun 2022 12:07:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=woxWW7LDSga/O WY0LGBHaGJWv+sps9VG9dMKB6rYMb8=; h=date:subject:to:from; d=tobias.gr; b=kQ1WK5Y+VEdoL39fWhMecGccZj/tTilXKsJ6v5BsVzgdm7jVWvRGjY+iS4ozqdKr7nQc qwC0yUgwgg8r3P/fbqv3QwDjuIzUBFvSom9wdaB16R+FKD4y00erUzVnAZylO6aadjVq2S MibTlR3Maz4W7K0NMPHRgNi1CZgZiHdQWLhCS0KdZIrJG3AFklumMJKo6HVUInYN3xQs94 YyOIMh2R2BwiB9/DNFM1Rlu2Qi2QnEUHhbE41Pk+/G4/4bwcoHiTmXxqt4GJDge7FqmO4u B4OwtSoKqKk3BwJZP7hlecTz+lgaFgmltpKRAXRTNnqqWbxsoUJMAvD9eYHm/Hyw== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 1687a6ba (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for ; Fri, 10 Jun 2022 16:07:30 +0000 (UTC) From: Tobias Geerinckx-Rice To: guix-patches@gnu.org Subject: [PATCH] pull: Fail if cache directory ownership is suspect. Date: Sun, 5 Jun 2022 02:04:25 +0200 Message-Id: <20220605000425.20480-1-me@tobias.gr> X-Mailer: git-send-email 2.36.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@tobias.gr; helo=tobias.gr X-Spam_score_int: 13 X-Spam_score: 1.3 X-Spam_bar: + X-Spam_report: (1.3 / 5.0 requ) BAYES_00=-1.9, DATE_IN_PAST_96_XX=3.405, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.4 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.6 (/) New users frequently run ‘sudo guix pull’ which breaks subsequent unprivileged ‘guix pull’s until manually fixed with chmod -R. * guix/scripts/pull.scm (guix-pull): Fail if the cache directory (or its innermost extant parent) is not owned by the user pulling the Guix, with a hint about ‘sudo -i’. --- Hi Guix, Another one in the ‘low-level support noise paper-cut’ series. The XXX comment would not land upstream, I think. I didn't test this on a foreign distribution. My understanding is that distributions where sudo already defaults to ‘-i’ won't throw the warning nor suffer from the problem. Kind regards, T G-R guix/scripts/pull.scm | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm index f01764637b..1eaf8f087b 100644 --- a/guix/scripts/pull.scm +++ b/guix/scripts/pull.scm @@ -49,6 +49,7 @@ (define-module (guix scripts pull) #:autoload (gnu packages bootstrap) (%bootstrap-guile) #:autoload (gnu packages certs) (le-certs) #:use-module (srfi srfi-1) + #:use-module (srfi srfi-11) #:use-module (srfi srfi-26) #:use-module (srfi srfi-34) #:use-module (srfi srfi-35) @@ -810,6 +811,31 @@ (define (no-arguments arg _) ((assoc-ref opts 'generation) (process-generation-change opts profile)) (else + ;; Bail out early when users accidentally run, e.g., ’sudo guix pull’. + ;; If CACHE-DIRECTORY doesn't yet exist, test where it would end up. + (let-values (((st dir) (let loop ((dir (cache-directory))) + (let ((st (stat dir #f))) + (if st + (values (stat dir #f) dir) + (loop (dirname dir))))))) + (let ((dir:uid (stat:uid st)) + (our:uid (getuid))) + (unless (= dir:uid our:uid) + (let ((our:user (passwd:name (getpwuid our:uid))) + (dir:user (passwd:name (getpwuid dir:uid)))) + (raise + (condition + (&message + (message + (format #f (G_ "directory ‘~a’ is not owned by user ~a") + dir dir:user))) + (&fix-hint + (hint + ;; XXX We could check (getenv "SUDO_USER") to display this + ;; only under sudo, but that would imply handling doas… &c. + (format #f (G_ "You should run this command as ~a; use ‘sudo -i’ or equivalent if you really want to pull as ~a.") + dir:user our:user))))))))) + (with-store store (with-status-verbosity (assoc-ref opts 'verbosity) (parameterize ((%current-system (assoc-ref opts 'system)) -- 2.36.1 From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 10 12:12:16 2022 Received: (at 55892) by debbugs.gnu.org; 10 Jun 2022 16:12:16 +0000 Received: from localhost ([127.0.0.1]:51100 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nzhFA-0003Au-CG for submit@debbugs.gnu.org; Fri, 10 Jun 2022 12:12:16 -0400 Received: from tobias.gr ([80.241.217.52]:53652) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nzhF8-0003Al-EA for 55892@debbugs.gnu.org; Fri, 10 Jun 2022 12:12:15 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=bGFbMMq1Dv37E iUuDbLGRdy9306ScREaMi8vEZxx7KE=; h=in-reply-to:date:subject:to:from: references; d=tobias.gr; b=n/u/mPAs7e2Q99iHWcxRk9SF0gQkOXexJH1V+T8jmFt 1Sl+gvEWtr+bn7p5E4HmsUhZE6p8VRzywhrwnTv1PHu8EToQ7Vug6ma/rkytkU8H/sGpZa mOyAHS8lrQgEWomOQYKcLC+mpXXekJtJpCVbmX61XpIu0BcFCsUvkxSETI9lIfMeuO8vRr Z2zAtgldMfF8zvh3dmElrPule+Aj+Se7tZYQuXlwt+Z7R0thMi5maHuQlEUkXdXGrIhFM0 b99gN8ghjo+0gKUSQ/YAR3McFckQFRkN7CTLpr4GKeaOYObyt4qFtwGFjgskA6qla7xxM9 gea9a2hgImMH464E6/Q== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id c530cfa1 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for <55892@debbugs.gnu.org>; Fri, 10 Jun 2022 16:12:11 +0000 (UTC) References: <20220605000425.20480-1-me@tobias.gr> From: Tobias Geerinckx-Rice To: 55892@debbugs.gnu.org Subject: Re: [PATCH] pull: Fail if cache directory ownership is suspect. Date: Fri, 10 Jun 2022 18:10:51 +0200 In-reply-to: BIMI-Selector: v=BIMI1; s=default; Message-ID: <87leu4ijk1@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 55892 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; format=flowed > (let ((st (stat dir #f))) > (if st > (values (stat dir #f) dir) Grr. I swear the font used by Mumi has magic typo-highlighting properties. Fixed locally. Kind regards, T G-R --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYqNtfg0cbWVAdG9iaWFz LmdyAAoJEA2w/4hPVW15ajcBALbCIztGKZ9E/FWQaO81zpPyKmZFxsp/Hh0CQJWt Si4CAQD5Rl5foPMpVbMA6u/CxZnEjRjOiqy5P5S5ZdgFz612Bg== =E0Hy -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 10 17:55:32 2022 Received: (at 55892) by debbugs.gnu.org; 10 Jun 2022 21:55:32 +0000 Received: from localhost ([127.0.0.1]:51475 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nzmbM-0003gw-An for submit@debbugs.gnu.org; Fri, 10 Jun 2022 17:55:32 -0400 Received: from xavier.telenet-ops.be ([195.130.132.52]:51032) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nzmbK-0003go-BN for 55892@debbugs.gnu.org; Fri, 10 Jun 2022 17:55:30 -0400 Received: from [172.20.10.5] ([213.119.181.187]) by xavier.telenet-ops.be with bizsmtp id hZvU2700B42zmhR01ZvU5n; Fri, 10 Jun 2022 23:55:29 +0200 Message-ID: <9ed7f25f4748f52ce1d52ac14f651c366f6b5b36.camel@telenet.be> Subject: Re: [bug#55892] [PATCH] pull: Fail if cache directory ownership is suspect. From: Maxime Devos To: Tobias Geerinckx-Rice , 55892@debbugs.gnu.org Date: Fri, 10 Jun 2022 23:55:28 +0200 In-Reply-To: <20220605000425.20480-1-me@tobias.gr> References: <20220605000425.20480-1-me@tobias.gr> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-OabmK8zc5yXCgXw04VSq" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1654898129; bh=EuIjZGxnsFeycjQXYUTOmh9/JqkMBK1xpJnEbCHbYM4=; h=Subject:From:To:Date:In-Reply-To:References; b=EyfAuKrdFFwyoCTf5igjUPrEJGb4bKBU6cusGzjEfqbTuy1NHdFZ9Sz7b8s2PbAuT XrOIY2FqSeo4L+HqsO4Ykasvp4hj8xOCD2vru3RNLjQK2JROEhPIRVnsH3JoaDVQ8G RAsljWXdsdPgyZL8CWJJ6usFRGK7CKS8WgBGVSb2ZtyWDl+VFMidUWfVZSNChniv5K totkJqPlvJIMcusjT3Q4As/zTm+iI7kWqEe7R40cqRYerextXPsl/Oi/PVoBbbNRtD +F7dPxW6GzzEN/1d3BN0psz9KBumrUQOGTGF141ZV6oLmN+3DAnGo+TkogJUUkyJIB vIaht9CUbMA5w== X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 55892 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-OabmK8zc5yXCgXw04VSq Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Tobias Geerinckx-Rice via Guix-patches via schreef op zo 05-06-2022 om 02:04 [+0200]: > Hi Guix, >=20 > Another one in the =E2=80=98low-level support noise paper-cut=E2=80=99 se= ries. > The XXX comment would not land upstream, I think. >=20 > I didn't test this on a foreign distribution.=C2=A0 My understanding is > that distributions where sudo already defaults to =E2=80=98-i=E2=80=99 wo= n't throw > the warning nor suffer from the problem. >=20 > Kind regards, >=20 > T G-R >=20 Concept looks sounds to me! Nitpick: + (let ((our:user (passwd:name (getpwuid our:uid))) + (dir:user (passwd:name (getpwuid dir:uid)))) what if the current user does not have an entry in /etc/passwd or equivalent? (E.g. if the user accidentally removed an entry in /etc/passwd on a foreign system and then runs "guix pull" & "guix shell THE_EDITOR" to get their favourite editor to edit /etc/passwd back?) Maybe in that case, it should be reported as NNNN (NNNN =3D user number)? Or would that be simply considered unsupported? Greetings, Maxime. --=-OabmK8zc5yXCgXw04VSq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYqO90BccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7otHAQCsenGfmkTOhTLk83p0s3qqlzFA nOOO5/2htUxQc1EEWAD6A5X/c68GuLki69Dh+sU/GmnSA6i1GV/uXcjyYHLoQgI= =lRN+ -----END PGP SIGNATURE----- --=-OabmK8zc5yXCgXw04VSq-- From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 10 22:36:35 2022 Received: (at 55892-done) by debbugs.gnu.org; 11 Jun 2022 02:36:35 +0000 Received: from localhost ([127.0.0.1]:51613 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nzqzK-0002pX-VK for submit@debbugs.gnu.org; Fri, 10 Jun 2022 22:36:35 -0400 Received: from tobias.gr ([80.241.217.52]:59078) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nzqzI-0002pI-Sw for 55892-done@debbugs.gnu.org; Fri, 10 Jun 2022 22:36:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=67h4NTHf84DRX Q3VBJgVIxWAG9s94xuF23MoPcSjngk=; h=in-reply-to:date:subject:cc:to: from:references; d=tobias.gr; b=XfZD+8su3R1+PXYK7+lNol3HcdM1XYMlwpoPbs WOhBHnGbfCFKkZTP0YJep6ao9YWJVwzK1NAiDeSuRF9FUWN9ghVfyRb8tKRqeD7+hblf6j vI4x7usiU0cj6F5fCABx2eA3NYbJM9d1+1GabILxzr0Ld6lgx6NsQW1rDlbScVcZgvXaRN XXpmLdXmvpt3rrtyz4Y+ZLW4eieQn+glqHDIQdwDtHsaTrXUYWJ1TYj+KLvFmWrNLysDzv O1leerzCcq5RzcE08BjWgzmetZYZ3phkqDvE/nqSv/66Gk0H51IWv+TOXBpPgu8d1aFwFh VnPKYUQRD8KX+KNf9Sx1G0WQ== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id ba6f9a4d (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Sat, 11 Jun 2022 02:36:29 +0000 (UTC) References: <20220605000425.20480-1-me@tobias.gr> <9ed7f25f4748f52ce1d52ac14f651c366f6b5b36.camel@telenet.be> From: Tobias Geerinckx-Rice To: Maxime Devos Subject: Re: [bug#55892] [PATCH] pull: Fail if cache directory ownership is suspect. Date: Sat, 11 Jun 2022 04:26:34 +0200 In-reply-to: <9ed7f25f4748f52ce1d52ac14f651c366f6b5b36.camel@telenet.be> BIMI-Selector: v=BIMI1; s=default; Message-ID: <87r13wq62s@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 55892-done Cc: 55892-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Maxime, Thanks for the swift review! Maxime Devos =E5=86=99=E9=81=93=EF=BC=9A > Maybe in that case, it should be reported as NNNN (NNNN =3D user=20 > number)? > Or would that be simply considered unsupported? Er=E2=80=A6 I'd say it's veering confidently into unsupported territory,=20 yes. But falling back to user IDs costs next to nothing so I made=20 the change. Thanks for the suggestion. Odd feeling that the error message might be more robust than some=20 other part of the code now :-) Pushed as 7c52cad0464175370c44bd4695e4c01a62b8268f. Kind regards, T G-R --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYqP/uw0cbWVAdG9iaWFz LmdyAAoJEA2w/4hPVW150XEBAItfbEgm9fOOprlxaGdWmJtYOSz6uorVX8hlOceu gu0sAP4wH9yBETmOMDZ3Dqn+qnOUWQYFBmMOKZAPnMBDgW1gAA== =O6Wt -----END PGP SIGNATURE----- --=-=-=-- From unknown Sat Sep 20 07:49:23 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sat, 09 Jul 2022 11:24:10 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator