From unknown Thu Jun 19 14:03:46 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#57016 <57016@debbugs.gnu.org> To: bug#57016 <57016@debbugs.gnu.org> Subject: Status: [PATCH] scripts: Bail out when running pull/package commands as root. Reply-To: bug#57016 <57016@debbugs.gnu.org> Date: Thu, 19 Jun 2025 21:03:46 +0000 retitle 57016 [PATCH] scripts: Bail out when running pull/package commands = as root. reassign 57016 guix-patches submitter 57016 "(" severity 57016 normal tag 57016 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 06 07:42:24 2022 Received: (at submit) by debbugs.gnu.org; 6 Aug 2022 11:42:24 +0000 Received: from localhost ([127.0.0.1]:32872 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oKICF-0005Sm-Uv for submit@debbugs.gnu.org; Sat, 06 Aug 2022 07:42:24 -0400 Received: from lists.gnu.org ([209.51.188.17]:43332) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oKICB-0005Sb-Px for submit@debbugs.gnu.org; Sat, 06 Aug 2022 07:42:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47488) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oKICB-0007Zm-JY for guix-patches@gnu.org; Sat, 06 Aug 2022 07:42:19 -0400 Received: from knopi.disroot.org ([178.21.23.139]:41584) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oKIC8-00013P-Kx for guix-patches@gnu.org; Sat, 06 Aug 2022 07:42:19 -0400 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 7096840DCB; Sat, 6 Aug 2022 13:42:14 +0200 (CEST) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o9005qLOWRdC; Sat, 6 Aug 2022 13:42:13 +0200 (CEST) From: "(" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1659786123; bh=dJs3Pz+WfsaOiPQVtksscHWnk0NMoJR4v1hamEhkmm4=; h=From:To:Cc:Subject:Date; b=I3LDIjF2WHISJjrtzM8Wgkg6bzdff+XYneKNiTxDQSHDkfkHIYE7bT8fz8sUSDzQS KQajurdy4wbkYVsUlZ0sG+pAt9t7Fks74APEgQlfM5Fz3Ebyki4r0nA5xgq/9iLK8E mFdmOM9tpU+wRovYSei1ZSCSfpZLXl699EGRM9DQoYDIGiKboe5BLPapeE5AgbMQvn CpwznvcaIOwe4uLI58TG7jXovAe8aBWuedi30JLdRCoQt/HzpIHz6wUcZYMKlCht8H J7NGgO9A7UcjreaDCNoyFFY477cLO1UYxAgYXaitONBDlTbIE/nIUAlHFa2gtaQSBw mpa2OKeS5U+LQ== To: guix-patches@gnu.org Subject: [PATCH] scripts: Bail out when running pull/package commands as root. Date: Sat, 6 Aug 2022 12:41:53 +0100 Message-Id: <20220806114153.23153-1-paren@disroot.org> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=178.21.23.139; envelope-from=paren@disroot.org; helo=knopi.disroot.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.6 (/) X-Debbugs-Envelope-To: submit Cc: "\(" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.4 (/) * guix/scripts/package.scm (assert-not-root): New procedure. (%options): Add `--allow-root`. (guix-package*): Add `#:allow-root?` keyword argument. Bail out when Guix is being run as root if `allow-root?` is not #T and `--allow-root` has not been passed. * guix/scripts/install.scm (%options): Add `--allow-root` here... * guix/scripts/remove.scm (%options): ...here... * guix/scripts/upgrade.scm (%options): ...and here. * guix/scripts/search.scm (guix-search): Explicitly allow execution as root here... * guix/scripts/show.scm (guix-show): ...and here. * guix/scripts/pull.scm (%options): Add `--allow-root`. (guix-pull): Bail out when Guix is being run as root if `--allow-root` has not been passed. A pretty common beginner mistake, it seems, is assuming that since every other package manager you've used requires root for installing, removing, and upgrading packages, Guix must too. This is an especially dangerous assumption when applied to `guix pull`, since I seem to recall that running that command as root breaks the installation. (I'm pretty sure I once made that mistake, and spent ages trying to figure out why it was broken.) This commit tries to make it harder to make such an assumption, by making commands such as `pull`, `package`, and `upgrade` bail out when run as root. This can be overridden with the new `--allow-root` flag for those commands. --- guix/scripts/install.scm | 4 +++- guix/scripts/package.scm | 30 +++++++++++++++++++++++++++--- guix/scripts/pull.scm | 11 ++++++++++- guix/scripts/remove.scm | 4 +++- guix/scripts/search.scm | 3 ++- guix/scripts/show.scm | 3 ++- guix/scripts/upgrade.scm | 4 +++- 7 files changed, 50 insertions(+), 9 deletions(-) diff --git a/guix/scripts/install.scm b/guix/scripts/install.scm index 63e625f266..21873e69c4 100644 --- a/guix/scripts/install.scm +++ b/guix/scripts/install.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2019, 2020 Ludovic Courtès +;;; Copyright © 2022 ( ;;; ;;; This file is part of GNU Guix. ;;; @@ -61,7 +62,8 @@ (define %options ;; Preserve some of the 'guix package' options. (append (filter (lambda (option) (any (cut member <> (option-names option)) - '("profile" "dry-run" "verbosity" "bootstrap"))) + '("allow-root" "profile" "dry-run" + "verbosity" "bootstrap"))) %package-options) %transformation-options diff --git a/guix/scripts/package.scm b/guix/scripts/package.scm index 7d92598efa..5dba931216 100644 --- a/guix/scripts/package.scm +++ b/guix/scripts/package.scm @@ -12,6 +12,7 @@ ;;; Copyright © 2018 Steve Sprang ;;; Copyright © 2022 Josselin Poiret ;;; Copyright © 2022 Antero Mejr +;;; Copyright © 2022 ( ;;; ;;; This file is part of GNU Guix. ;;; @@ -64,7 +65,9 @@ (define-module (guix scripts package) #:use-module (srfi srfi-37) #:use-module (gnu packages) #:autoload (gnu packages bootstrap) (%bootstrap-guile) - #:export (build-and-use-profile + #:export (assert-not-root + + build-and-use-profile delete-generations delete-matching-generations guix-package @@ -82,6 +85,19 @@ (define-module (guix scripts package) (define %store (make-parameter #f)) +(define (assert-not-root override-flag) + "Throw an error if Guix was invoked by root. This allows us to +inform new users that it is usually a mistake to run commands such +as `guix package' as root. OVERRIDE-FLAG should be a flag that can +be used with the invoked command to override this requirement." + (when (= (getuid) 0) + (leave (G_ "this command should not be run as root + +Note: Running this command as root will only affect the `root' user, +not the entire system, due to Guix's support for per-user package +management. Use `~a' to continue regardless.~%") + override-flag))) + ;;; ;;; Profiles. @@ -658,6 +674,10 @@ (define %options (values (cons `(query show ,arg) result) #f))) + (option '("allow-root") #f #f + (lambda (opt name arg result arg-handler) + (values (alist-cons 'allow-root? #t result) + #f))) (append %transformation-options %standard-build-options))) @@ -1079,10 +1099,14 @@ (define opts (guix-package* opts)) -(define (guix-package* opts) +(define* (guix-package* opts #:key (allow-root? #f)) "Run the 'guix package' command on OPTS, an alist resulting for command-line -option processing with 'parse-command-line'." +option processing with 'parse-command-line'. If ALLOW-ROOT? is #T, don't bail +out when running as root, even if `opts' doesn't set `allow-root?'." (with-error-handling + (unless (or allow-root? (assoc-ref opts 'allow-root?)) + (assert-not-root "--allow-root")) + (or (process-query opts) (parameterize ((%store (open-connection)) (%graft? (assoc-ref opts 'graft?))) diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm index b0cc459d63..7a871939af 100644 --- a/guix/scripts/pull.scm +++ b/guix/scripts/pull.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2013-2015, 2017-2022 Ludovic Courtès ;;; Copyright © 2017 Marius Bakke ;;; Copyright © 2020, 2021 Tobias Geerinckx-Rice +;;; Copyright © 2022 ( ;;; ;;; This file is part of GNU Guix. ;;; @@ -45,7 +46,8 @@ (define-module (guix scripts pull) #:use-module (git) #:autoload (gnu packages) (fold-available-packages) #:autoload (guix scripts package) (build-and-use-profile - delete-matching-generations) + delete-matching-generations + assert-not-root) #:autoload (gnu packages base) (canonical-package) #:autoload (gnu packages bootstrap) (%bootstrap-guile) #:autoload (gnu packages certs) (le-certs) @@ -195,6 +197,9 @@ (define %options (option '("bootstrap") #f #f (lambda (opt name arg result) (alist-cons 'bootstrap? #t result))) + (option '("allow-root") #f #f + (lambda (opt name arg result) + (alist-cons 'allow-root? #t result))) (option '(#\h "help") #f #f (lambda args @@ -828,12 +833,16 @@ (define (no-arguments arg _) (let* ((opts (parse-command-line args %options (list %default-options) #:argument-handler no-arguments)) + (allow-root? (assoc-ref opts 'allow-root?)) (substitutes? (assoc-ref opts 'substitutes?)) (dry-run? (assoc-ref opts 'dry-run?)) (profile (or (assoc-ref opts 'profile) %current-profile)) (current-channels (profile-channels profile)) (validate-pull (assoc-ref opts 'validate-pull)) (authenticate? (assoc-ref opts 'authenticate-channels?))) + (unless allow-root? + (assert-not-root "--allow-root")) + (cond ((assoc-ref opts 'query) (process-query opts profile)) diff --git a/guix/scripts/remove.scm b/guix/scripts/remove.scm index a46ad04d56..f7cf810544 100644 --- a/guix/scripts/remove.scm +++ b/guix/scripts/remove.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2019, 2020 Ludovic Courtès +;;; Copyright © 2022 ( ;;; ;;; This file is part of GNU Guix. ;;; @@ -58,7 +59,8 @@ (define %options ;; Preserve some of the 'guix package' options. (append (filter (lambda (option) (any (cut member <> (option-names option)) - '("profile" "dry-run" "verbosity" "bootstrap"))) + '("allow-root" "profile" "dry-run" + "verbosity" "bootstrap"))) %package-options) %standard-build-options))) diff --git a/guix/scripts/search.scm b/guix/scripts/search.scm index 27b9da5278..efa83e066c 100644 --- a/guix/scripts/search.scm +++ b/guix/scripts/search.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2019, 2020 Ludovic Courtès ;;; Copyright © 2021 Simon Tournier +;;; Copyright © 2022 ( ;;; ;;; This file is part of GNU Guix. ;;; @@ -74,4 +75,4 @@ (define opts (unless (assoc-ref opts 'query) (leave (G_ "missing arguments: no regular expressions to search for~%"))) - (guix-package* opts)) + (guix-package* opts #:allow-root? #t)) diff --git a/guix/scripts/show.scm b/guix/scripts/show.scm index c747eedd21..ae1e56469a 100644 --- a/guix/scripts/show.scm +++ b/guix/scripts/show.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2019, 2021 Simon Tournier +;;; Copyright © 2022 ( ;;; ;;; This file is part of GNU Guix. ;;; @@ -73,4 +74,4 @@ (define opts (unless (assoc-ref opts 'query) (leave (G_ "missing arguments: no package to show~%"))) - (guix-package* (reverse opts))) + (guix-package* (reverse opts) #:allow-root? #t)) diff --git a/guix/scripts/upgrade.scm b/guix/scripts/upgrade.scm index beb59cbe6f..e5a7c84108 100644 --- a/guix/scripts/upgrade.scm +++ b/guix/scripts/upgrade.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2019, 2020 Ludovic Courtès ;;; Copyright © 2020 Jakub Kądziołka ;;; Copyright © 2020 Simon Tournier +;;; Copyright © 2022 ( ;;; ;;; This file is part of GNU Guix. ;;; @@ -65,7 +66,8 @@ (define %options ;; Preserve some of the 'guix package' options. (append (filter (lambda (option) (any (cut member <> (option-names option)) - '("profile" "dry-run" "verbosity" "do-not-upgrade"))) + '("allow-root" "profile" "dry-run" + "verbosity" "do-not-upgrade"))) %package-options) %transformation-options -- 2.37.1 From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 06 07:47:13 2022 Received: (at submit) by debbugs.gnu.org; 6 Aug 2022 11:47:13 +0000 Received: from localhost ([127.0.0.1]:32887 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oKIGu-0005as-TE for submit@debbugs.gnu.org; Sat, 06 Aug 2022 07:47:13 -0400 Received: from lists.gnu.org ([209.51.188.17]:43940) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oKIGt-0005ak-1q for submit@debbugs.gnu.org; Sat, 06 Aug 2022 07:47:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47974) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oKIGs-0008FA-T6 for guix-patches@gnu.org; Sat, 06 Aug 2022 07:47:10 -0400 Received: from knopi.disroot.org ([178.21.23.139]:59820) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oKIGr-0001aC-C1 for guix-patches@gnu.org; Sat, 06 Aug 2022 07:47:10 -0400 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 4D16540D85; Sat, 6 Aug 2022 13:47:08 +0200 (CEST) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with UTF8SMTP id EbWMRvyhNfUE; Sat, 6 Aug 2022 13:47:07 +0200 (CEST) Mime-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1659786416; bh=6vKYAPAOoUpltg9O+9sSfs58FItDWeaAJvuNd8L5D/E=; h=Date:Subject:From:To:References:In-Reply-To; b=mIlRZ/DUUvKc3c0f7r8KrcbvvS8u0M7FVHKLPtMl5+jB5KMEF7TKnR55ENZDbEUAa YwqZ1d8EBBvBOcO6yudJhfxx0LaFENHMEs6qNUoO+UsTp/3eXqzut1EpX+sOYV249i hP3b7p5T0z1z9QntlxWFe4IM1XbDJb17mkKwA5tHfZK80OjDdrYbdWEo1MkB9VmSd8 NoB9R1Qm26EUK5O17vpBsRGBygh1a2AxulZy3wnL5hmlnn6tiSI8Mu7alMLy48P1co RpG9iKm5vhv5pyiNmHJIlxRHX9SgH532MAykemkpDbQOMd/av9XBQF/uU7KMLr7AhQ DIrDQjafPCIiQ== Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Sat, 06 Aug 2022 12:46:55 +0100 Message-Id: Subject: Re: [PATCH] scripts: Bail out when running pull/package commands as root. From: "(" To: "(" , References: <20220806114153.23153-1-paren@disroot.org> In-Reply-To: <20220806114153.23153-1-paren@disroot.org> Received-SPF: pass client-ip=178.21.23.139; envelope-from=paren@disroot.org; helo=knopi.disroot.org X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) This is my first patch that touches Guix internals (second if you count the dub-build-system patch, though I don't really consider that part of the 'internals' of Guix), so it might be a little wonky. I want to make the beginner's experience of Guix easier by eliminating 'papercuts' and unintuitive behaviour, starting with this patch. I hope it's useful! :D -- ( From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 06 07:47:41 2022 Received: (at 57016) by debbugs.gnu.org; 6 Aug 2022 11:47:41 +0000 Received: from localhost ([127.0.0.1]:32891 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oKIHN-0005bk-6n for submit@debbugs.gnu.org; Sat, 06 Aug 2022 07:47:41 -0400 Received: from xavier.telenet-ops.be ([195.130.132.52]:58634) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oKIHK-0005bT-R0 for 57016@debbugs.gnu.org; Sat, 06 Aug 2022 07:47:39 -0400 Received: from [172.20.10.2] ([188.189.230.142]) by xavier.telenet-ops.be with bizsmtp id 4Bnc2800H34zUUk01BndLn; Sat, 06 Aug 2022 13:47:37 +0200 Message-ID: <4ae42a10-0c06-a920-e85b-bf9981eab6e1@telenet.be> Date: Sat, 6 Aug 2022 13:47:36 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: Re: [bug#57016] [PATCH] scripts: Bail out when running pull/package commands as root. Content-Language: en-US To: "(" , 57016@debbugs.gnu.org References: <20220806114153.23153-1-paren@disroot.org> From: Maxime Devos In-Reply-To: <20220806114153.23153-1-paren@disroot.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------egGh7N50DRDbB50eL2ZwfSNX" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1659786457; bh=GrUHy3rWC2LrhXCGAPTC1MgRzOpr0n2P3NERO8vrXCg=; h=Date:Subject:To:References:From:In-Reply-To; b=Mi2hsFbBQBWCQcnp4nVHtFrPXwu/FoTfeF1klxHFgsM7ZNWaB4s6qiFGsDk393y3U ddrQKzMBSPTiaWFnqgI5vH8D1z4dxmjXQOCri7lk7umehwFTe9KfODL8CoZuwkDDfA tUUPQ6+jMKYqDvge0E3h3c41swfLnzrA/UIXyZfzarYOrdf1/LP46u+CjQGUjzzulo gYcevGb8IM0dEpPyqYhmhgGLP6d6AysISMd/go27XSkRE8wMiRcGpFz/zxpFBmzasb PDazmagayvTtKfK7OEuOGA1i4IdDYvZrVxwP3xZpOLcyD2XLjCI598rG6JGwRlefwy htUNg+PyxFUmg== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 57016 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------egGh7N50DRDbB50eL2ZwfSNX Content-Type: multipart/mixed; boundary="------------Mga0Ps7zTvLxDuXERVZuWsEX"; protected-headers="v1" From: Maxime Devos To: "(" , 57016@debbugs.gnu.org Message-ID: <4ae42a10-0c06-a920-e85b-bf9981eab6e1@telenet.be> Subject: Re: [bug#57016] [PATCH] scripts: Bail out when running pull/package commands as root. References: <20220806114153.23153-1-paren@disroot.org> In-Reply-To: <20220806114153.23153-1-paren@disroot.org> --------------Mga0Ps7zTvLxDuXERVZuWsEX Content-Type: multipart/mixed; boundary="------------Q0VTPUkbeC0MNs2g5NDjP5IZ" --------------Q0VTPUkbeC0MNs2g5NDjP5IZ Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64 DQpPbiAwNi0wOC0yMDIyIDEzOjQxLCAoIHZpYSBHdWl4LXBhdGNoZXMgdmlhIHdyb3RlOg0K PiArKGRlZmluZSAoYXNzZXJ0LW5vdC1yb290IG92ZXJyaWRlLWZsYWcpDQo+ICsgICJUaHJv dyBhbiBlcnJvciBpZiBHdWl4IHdhcyBpbnZva2VkIGJ5IHJvb3QuICBUaGlzIGFsbG93cyB1 cyB0bw0KPiAraW5mb3JtIG5ldyB1c2VycyB0aGF0IGl0IGlzIHVzdWFsbHkgYSBtaXN0YWtl IHRvIHJ1biBjb21tYW5kcyBzdWNoDQo+ICthcyBgZ3VpeCBwYWNrYWdlJyBhcyByb290LiAg T1ZFUlJJREUtRkxBRyBzaG91bGQgYmUgYSBmbGFnIHRoYXQgY2FuDQo+ICtiZSB1c2VkIHdp dGggdGhlIGludm9rZWQgY29tbWFuZCB0byBvdmVycmlkZSB0aGlzIHJlcXVpcmVtZW50LiIN Cj4gKyAgKHdoZW4gKD0gKGdldHVpZCkgMCkNCj4gKyAgICAobGVhdmUgKEdfICJ0aGlzIGNv bW1hbmQgc2hvdWxkIG5vdCBiZSBydW4gYXMgcm9vdA0KPiArDQo+ICtOb3RlOiBSdW5uaW5n IHRoaXMgY29tbWFuZCBhcyByb290IHdpbGwgb25seSBhZmZlY3QgdGhlIGByb290JyB1c2Vy LA0KPiArbm90IHRoZSBlbnRpcmUgc3lzdGVtLCBkdWUgdG8gR3VpeCdzIHN1cHBvcnQgZm9y IHBlci11c2VyIHBhY2thZ2UNCj4gK21hbmFnZW1lbnQuICBVc2UgYH5hJyB0byBjb250aW51 ZSByZWdhcmRsZXNzLn4lIikNCj4gKyAgICAgICAgICAgb3ZlcnJpZGUtZmxhZykpKQ0KDQpM b29rcyBsaWtlIGEgbmljZSBzYWZldHkgbmV0LCBidXQgbWF5YmUgdGhpcyB3b3VsZCBiZXR0 ZXIgdXNlIHRoZSAnaGludCcgDQptZWNoYW5pc20gZm9yIGNvbnNpc3RlbmN5IGluIGVycm9y IG1lc3NhZ2VzPw0KDQpHcmVldGluZ3MsDQpNYXhpbWUuDQoNCg== --------------Q0VTPUkbeC0MNs2g5NDjP5IZ Content-Type: application/pgp-keys; name="OpenPGP_0x49E3EE22191725EE.asc" Content-Disposition: attachment; filename="OpenPGP_0x49E3EE22191725EE.asc" Content-Description: OpenPGP public key Content-Transfer-Encoding: quoted-printable -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEX4ch6BYJKwYBBAHaRw8BAQdANPb/d6MrGnGi5HyvODCkBUJPRjiFQcRU5V+m xvMaAa/NL01heGltZSBEZXZvcyA8bWF4aW1lLmRldm9zQHN0dWRlbnQua3VsZXV2 ZW4uYmU+wpAEExYIADgWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCX4ch6AIbAwUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBJ4+4iGRcl7japAQC3opZ2KGWzWmRc /gIWSu0AAcfMwyinFEEPa/QhUt2CogD/e2RdF4CYAgaRHJJmZ9WU7piKbLZ7llB4 LzgezVDHggzNJU1heGltZSBEZXZvcyA8bWF4aW1lZGV2b3NAdGVsZW5ldC5iZT7C kAQTFggAOBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJf56ycAhsDBQsJCAcDBRUK CQgLBRYCAwEAAh4BAheAAAoJEEnj7iIZFyXujpQBAKV1SwDDl4f24rXciDlB9L8W ycZt30CgbewMSRQk4mvbAP9dFMbVVixYBd6C8cfhR+NsOBGiOJnQABlUmgNuqGFJ Dc44BF+HIegSCisGAQQBl1UBBQEBB0BOlzIWiJzgobMF6/cqwLaLk7jIcFSZ++c0 k9cCNT6YXwMBCAfCeAQYFggAIBYhBMHzPuIMUo/bfdcBH0nj7iIZFyXuBQJfhyHo AhsMAAoJEEnj7iIZFyXuMr0BAJc8cl5PGvVmVuSQVKjleNl4DK1/XAaPAYPe34AE fZJPAP9IqLCQhH/FeJanHqBP8gNdGNI2qn8RnnLVfRJgUjZ1BA=3D=3D =3DOVqp -----END PGP PUBLIC KEY BLOCK----- --------------Q0VTPUkbeC0MNs2g5NDjP5IZ-- --------------Mga0Ps7zTvLxDuXERVZuWsEX-- --------------egGh7N50DRDbB50eL2ZwfSNX Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYu5U2AUDAAAAAAAKCRBJ4+4iGRcl7h6V AP4liufdYfQYVu7ksBoRL0jsRsoBiKv1HZDtl36fSAiN0wEA2pOn25RbvIy1WKPfa5WlP+sHN9co ZZjAc9+89NVTbAM= =o99x -----END PGP SIGNATURE----- --------------egGh7N50DRDbB50eL2ZwfSNX-- From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 06 07:49:02 2022 Received: (at 57016) by debbugs.gnu.org; 6 Aug 2022 11:49:02 +0000 Received: from localhost ([127.0.0.1]:32896 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oKIIf-0005dw-O9 for submit@debbugs.gnu.org; Sat, 06 Aug 2022 07:49:02 -0400 Received: from knopi.disroot.org ([178.21.23.139]:48426) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oKIId-0005dj-FC for 57016@debbugs.gnu.org; Sat, 06 Aug 2022 07:48:59 -0400 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id CC1D940DCB; Sat, 6 Aug 2022 13:48:58 +0200 (CEST) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dq3QyPgKyyEW; Sat, 6 Aug 2022 13:48:57 +0200 (CEST) Mime-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1659786537; bh=hpCAtVnj5L1WdeKhpw9wyblx1Sv/YF8IzA0sFA5qkRU=; h=Date:From:To:Subject:References:In-Reply-To; b=iyUelY0XpocB/9+PFp7nf5TRaUtot/Meosli18N+3dzFu7Xwo6O3yhhyDktWZYNT3 Czq4wpMnHcloZy9KUj0JeDFB66Lv8gumoW/NWlyEomMB8wnApLxJdKkYXvfeCNRcr6 NW0x6WmqBH4Os9miSyhrdqxf8YX5UVQ69NMHP3ZZeWWRDgF5ywep6LS4VLOSqSwcoy ukQqZXkC0GuTa1c4s3kTN6BhhEc/GRH/zygOUm/uPbGAEQby3ll3aTVxM+kPT/pq0+ G84a0mUqpx35gtsqLHYzLbnfr3/4UuUNj6dki9bb65TJ6P4+lt2RH40D2rbqP6qCad eQPk3PrF4qJvQ== Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Sat, 06 Aug 2022 12:48:57 +0100 Message-Id: From: "(" To: "Maxime Devos" , <57016@debbugs.gnu.org> Subject: Re: [bug#57016] [PATCH] scripts: Bail out when running pull/package commands as root. References: <20220806114153.23153-1-paren@disroot.org> <4ae42a10-0c06-a920-e85b-bf9981eab6e1@telenet.be> In-Reply-To: <4ae42a10-0c06-a920-e85b-bf9981eab6e1@telenet.be> X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 57016 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On Sat Aug 6, 2022 at 12:47 PM BST, Maxime Devos wrote: > Looks like a nice safety net, but maybe this would better use the 'hint'= =20 > mechanism for consistency in error messages? Thanks for the tip, I'll take a look at `hint`. -- ( From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 06 07:55:31 2022 Received: (at 57016) by debbugs.gnu.org; 6 Aug 2022 11:55:31 +0000 Received: from localhost ([127.0.0.1]:32908 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oKIOx-0005p2-4P for submit@debbugs.gnu.org; Sat, 06 Aug 2022 07:55:31 -0400 Received: from knopi.disroot.org ([178.21.23.139]:53880) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oKIOv-0005ou-2R for 57016@debbugs.gnu.org; Sat, 06 Aug 2022 07:55:29 -0400 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 613DB40F32; Sat, 6 Aug 2022 13:55:28 +0200 (CEST) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id chb4QrO2QuNb; Sat, 6 Aug 2022 13:55:26 +0200 (CEST) From: "(" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1659786926; bh=QrgHS9wsvYphfg809dH6ogP+/qrm8vEEwnawi0XE98k=; h=From:To:Cc:Subject:Date; b=H794U+Rp4ymQ8kzzJtouSrOn7LZMs28CzyZFiyD5KWfNPXHBCrVWZA6RlMUscUtEc 57sKaeVfF9SfZBhhDLRcCksWat5bskunN5UhR9YOULrzlvo/WQirWqGSy++mbFWHwm /tVqdo14Mwlo4bw6MqBQ3n0vREnNhZyDOZ1r5JGh7r+yLe/Qjld/8BP6WEFfb+57NS 3qrOyOnqdDqO0hLhC+BARAPn7So5ACmGtyDWtw5rbLeNKT3lImxgG/BpJeMpX/fz7k TtMpVd2TeztWC6MrZeoJdYJmu5yIlfDo2nBWyWY3HZBFvR74CCVCilmbzrWmUYNYmg zkekDpYVMNH+g== To: 57016@debbugs.gnu.org Subject: [PATCH v2] scripts: Bail out when running pull/package commands as root. Date: Sat, 6 Aug 2022 12:55:25 +0100 Message-Id: <20220806115525.23819-1-paren@disroot.org> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 2.0 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: * guix/scripts/package.scm (assert-not-root): New procedure. (%options): Add `--allow-root`. (guix-package*): Add `#:allow-root?` keyword argument. Bail out when Guix is being run as root if `allow-ro [...] Content analysis details: (2.0 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs [URI: jpoiret.xyz (xyz)] -0.0 SPF_PASS SPF: sender matches SPF record X-Debbugs-Envelope-To: 57016 Cc: "\(" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) * guix/scripts/package.scm (assert-not-root): New procedure. (%options): Add `--allow-root`. (guix-package*): Add `#:allow-root?` keyword argument. Bail out when Guix is being run as root if `allow-root?` is not #T and `--allow-root` has not been passed. * guix/scripts/install.scm (%options): Add `--allow-root` here... * guix/scripts/remove.scm (%options): ...here... * guix/scripts/upgrade.scm (%options): ...and here. * guix/scripts/search.scm (guix-search): Explicitly allow execution as root here... * guix/scripts/show.scm (guix-show): ...and here. * guix/scripts/pull.scm (%options): Add `--allow-root`. (guix-pull): Bail out when Guix is being run as root if `--allow-root` has not been passed. A pretty common beginner mistake, it seems, is assuming that since every other package manager you've used requires root for installing, removing, and upgrading packages, Guix must too. This is an especially dangerous assumption when applied to `guix pull`, since I seem to recall that running that command as root breaks the installation. (I'm pretty sure I once made that mistake, and spent ages trying to figure out why it was broken.) This commit tries to make it harder to make such an assumption, by making commands such as `pull`, `package`, and `upgrade` bail out when run as root. This can be overridden with the new `--allow-root` flag for those commands. --- guix/scripts/install.scm | 4 +++- guix/scripts/package.scm | 31 ++++++++++++++++++++++++++++--- guix/scripts/pull.scm | 11 ++++++++++- guix/scripts/remove.scm | 4 +++- guix/scripts/search.scm | 3 ++- guix/scripts/show.scm | 3 ++- guix/scripts/upgrade.scm | 4 +++- 7 files changed, 51 insertions(+), 9 deletions(-) diff --git a/guix/scripts/install.scm b/guix/scripts/install.scm index 63e625f266..21873e69c4 100644 --- a/guix/scripts/install.scm +++ b/guix/scripts/install.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2019, 2020 Ludovic Courtès +;;; Copyright © 2022 ( ;;; ;;; This file is part of GNU Guix. ;;; @@ -61,7 +62,8 @@ (define %options ;; Preserve some of the 'guix package' options. (append (filter (lambda (option) (any (cut member <> (option-names option)) - '("profile" "dry-run" "verbosity" "bootstrap"))) + '("allow-root" "profile" "dry-run" + "verbosity" "bootstrap"))) %package-options) %transformation-options diff --git a/guix/scripts/package.scm b/guix/scripts/package.scm index 7d92598efa..918fd385d8 100644 --- a/guix/scripts/package.scm +++ b/guix/scripts/package.scm @@ -12,6 +12,7 @@ ;;; Copyright © 2018 Steve Sprang ;;; Copyright © 2022 Josselin Poiret ;;; Copyright © 2022 Antero Mejr +;;; Copyright © 2022 ( ;;; ;;; This file is part of GNU Guix. ;;; @@ -64,7 +65,9 @@ (define-module (guix scripts package) #:use-module (srfi srfi-37) #:use-module (gnu packages) #:autoload (gnu packages bootstrap) (%bootstrap-guile) - #:export (build-and-use-profile + #:export (assert-not-root + + build-and-use-profile delete-generations delete-matching-generations guix-package @@ -82,6 +85,20 @@ (define-module (guix scripts package) (define %store (make-parameter #f)) +(define (assert-not-root override-flag) + "Throw an error if Guix was invoked by root. This allows us to +inform new users that it is usually a mistake to run commands such +as `guix package' as root. OVERRIDE-FLAG should be a flag that can +be used with the invoked command to override this requirement." + (when (= (getuid) 0) + (report-error (G_ "this command should not be run as root~%")) + (display-hint (format #f (G_ "Running this command as root will +only affect the `root' user, not the entire system, due to Guix's +support for per-user package management. Use `~a' to continue +regardless.~%") + override-flag)) + (exit 1))) + ;;; ;;; Profiles. @@ -658,6 +675,10 @@ (define %options (values (cons `(query show ,arg) result) #f))) + (option '("allow-root") #f #f + (lambda (opt name arg result arg-handler) + (values (alist-cons 'allow-root? #t result) + #f))) (append %transformation-options %standard-build-options))) @@ -1079,10 +1100,14 @@ (define opts (guix-package* opts)) -(define (guix-package* opts) +(define* (guix-package* opts #:key (allow-root? #f)) "Run the 'guix package' command on OPTS, an alist resulting for command-line -option processing with 'parse-command-line'." +option processing with 'parse-command-line'. If ALLOW-ROOT? is #T, don't bail +out when running as root, even if `opts' doesn't set `allow-root?'." (with-error-handling + (unless (or allow-root? (assoc-ref opts 'allow-root?)) + (assert-not-root "--allow-root")) + (or (process-query opts) (parameterize ((%store (open-connection)) (%graft? (assoc-ref opts 'graft?))) diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm index b0cc459d63..7a871939af 100644 --- a/guix/scripts/pull.scm +++ b/guix/scripts/pull.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2013-2015, 2017-2022 Ludovic Courtès ;;; Copyright © 2017 Marius Bakke ;;; Copyright © 2020, 2021 Tobias Geerinckx-Rice +;;; Copyright © 2022 ( ;;; ;;; This file is part of GNU Guix. ;;; @@ -45,7 +46,8 @@ (define-module (guix scripts pull) #:use-module (git) #:autoload (gnu packages) (fold-available-packages) #:autoload (guix scripts package) (build-and-use-profile - delete-matching-generations) + delete-matching-generations + assert-not-root) #:autoload (gnu packages base) (canonical-package) #:autoload (gnu packages bootstrap) (%bootstrap-guile) #:autoload (gnu packages certs) (le-certs) @@ -195,6 +197,9 @@ (define %options (option '("bootstrap") #f #f (lambda (opt name arg result) (alist-cons 'bootstrap? #t result))) + (option '("allow-root") #f #f + (lambda (opt name arg result) + (alist-cons 'allow-root? #t result))) (option '(#\h "help") #f #f (lambda args @@ -828,12 +833,16 @@ (define (no-arguments arg _) (let* ((opts (parse-command-line args %options (list %default-options) #:argument-handler no-arguments)) + (allow-root? (assoc-ref opts 'allow-root?)) (substitutes? (assoc-ref opts 'substitutes?)) (dry-run? (assoc-ref opts 'dry-run?)) (profile (or (assoc-ref opts 'profile) %current-profile)) (current-channels (profile-channels profile)) (validate-pull (assoc-ref opts 'validate-pull)) (authenticate? (assoc-ref opts 'authenticate-channels?))) + (unless allow-root? + (assert-not-root "--allow-root")) + (cond ((assoc-ref opts 'query) (process-query opts profile)) diff --git a/guix/scripts/remove.scm b/guix/scripts/remove.scm index a46ad04d56..f7cf810544 100644 --- a/guix/scripts/remove.scm +++ b/guix/scripts/remove.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2019, 2020 Ludovic Courtès +;;; Copyright © 2022 ( ;;; ;;; This file is part of GNU Guix. ;;; @@ -58,7 +59,8 @@ (define %options ;; Preserve some of the 'guix package' options. (append (filter (lambda (option) (any (cut member <> (option-names option)) - '("profile" "dry-run" "verbosity" "bootstrap"))) + '("allow-root" "profile" "dry-run" + "verbosity" "bootstrap"))) %package-options) %standard-build-options))) diff --git a/guix/scripts/search.scm b/guix/scripts/search.scm index 27b9da5278..efa83e066c 100644 --- a/guix/scripts/search.scm +++ b/guix/scripts/search.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2019, 2020 Ludovic Courtès ;;; Copyright © 2021 Simon Tournier +;;; Copyright © 2022 ( ;;; ;;; This file is part of GNU Guix. ;;; @@ -74,4 +75,4 @@ (define opts (unless (assoc-ref opts 'query) (leave (G_ "missing arguments: no regular expressions to search for~%"))) - (guix-package* opts)) + (guix-package* opts #:allow-root? #t)) diff --git a/guix/scripts/show.scm b/guix/scripts/show.scm index c747eedd21..ae1e56469a 100644 --- a/guix/scripts/show.scm +++ b/guix/scripts/show.scm @@ -1,5 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2019, 2021 Simon Tournier +;;; Copyright © 2022 ( ;;; ;;; This file is part of GNU Guix. ;;; @@ -73,4 +74,4 @@ (define opts (unless (assoc-ref opts 'query) (leave (G_ "missing arguments: no package to show~%"))) - (guix-package* (reverse opts))) + (guix-package* (reverse opts) #:allow-root? #t)) diff --git a/guix/scripts/upgrade.scm b/guix/scripts/upgrade.scm index beb59cbe6f..e5a7c84108 100644 --- a/guix/scripts/upgrade.scm +++ b/guix/scripts/upgrade.scm @@ -2,6 +2,7 @@ ;;; Copyright © 2019, 2020 Ludovic Courtès ;;; Copyright © 2020 Jakub Kądziołka ;;; Copyright © 2020 Simon Tournier +;;; Copyright © 2022 ( ;;; ;;; This file is part of GNU Guix. ;;; @@ -65,7 +66,8 @@ (define %options ;; Preserve some of the 'guix package' options. (append (filter (lambda (option) (any (cut member <> (option-names option)) - '("profile" "dry-run" "verbosity" "do-not-upgrade"))) + '("allow-root" "profile" "dry-run" + "verbosity" "do-not-upgrade"))) %package-options) %transformation-options -- 2.37.1 From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 06 07:56:57 2022 Received: (at 57016) by debbugs.gnu.org; 6 Aug 2022 11:56:57 +0000 Received: from localhost ([127.0.0.1]:32912 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oKIQL-0005r3-0S for submit@debbugs.gnu.org; Sat, 06 Aug 2022 07:56:57 -0400 Received: from knopi.disroot.org ([178.21.23.139]:38744) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oKIQJ-0005qu-Un for 57016@debbugs.gnu.org; Sat, 06 Aug 2022 07:56:56 -0400 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id 4E34A40DB8; Sat, 6 Aug 2022 13:56:55 +0200 (CEST) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id phxPr_m2NZ49; Sat, 6 Aug 2022 13:56:54 +0200 (CEST) Mime-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1659787014; bh=0p4iFRBx8+HJEbZyj7qZyVhvRTzz5CV8E8zRkDizuGI=; h=Date:Subject:From:To:References:In-Reply-To; b=IO83ll/O9BHTqCzWEbn7A3m24zg3mPayqltsA8abIXJRVrXqiTIV7Zn3zCNKLXXVr 0mPymoLnfN2n+S01uTTn0fDRNGudaJlZjp8/jS164jK3ZfBlCPzVVCvWwtEmSz2Wv8 f5vkcQi1czFF1FpZrJ2QM8IKC15IzJwJtMfhnhMtz+M6XxSE96VMqATug9HWb+xN6W r2Q1Mu13hUJnJSQwnxkn+rGYHm/Oruu7T9l6WaHd383sMDDoUMy3D7kkVng6dWHZk6 H1QsOiwdStSsjV79ljsnM7wQvtUhL+Sa71/yFu2gl5D9BIQQ5TinB4mljepi/2lzWj PNYFcfc76Gwsw== Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Sat, 06 Aug 2022 12:56:53 +0100 Message-Id: Subject: Re: [bug#57016] [PATCH] scripts: Bail out when running pull/package commands as root. From: "(" To: "Maxime Devos" , <57016@debbugs.gnu.org> References: <20220806114153.23153-1-paren@disroot.org> <4ae42a10-0c06-a920-e85b-bf9981eab6e1@telenet.be> In-Reply-To: <4ae42a10-0c06-a920-e85b-bf9981eab6e1@telenet.be> X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 57016 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On Sat Aug 6, 2022 at 12:47 PM BST, Maxime Devos wrote: > Looks like a nice safety net, but maybe this would better use the 'hint'= =20 > mechanism for consistency in error messages? Done in v2 :) -- ( From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 06 09:13:17 2022 Received: (at submit) by debbugs.gnu.org; 6 Aug 2022 13:13:17 +0000 Received: from localhost ([127.0.0.1]:33041 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oKJcD-0003iY-8l for submit@debbugs.gnu.org; Sat, 06 Aug 2022 09:13:17 -0400 Received: from lists.gnu.org ([209.51.188.17]:40458) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oKJc7-0003iM-Vp for submit@debbugs.gnu.org; Sat, 06 Aug 2022 09:13:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58952) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oKJc5-0005NF-Vv for guix-patches@gnu.org; Sat, 06 Aug 2022 09:13:11 -0400 Received: from tobias.gr ([2a02:c205:2020:6054::1]:40256) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oKJc1-0006mg-41 for guix-patches@gnu.org; Sat, 06 Aug 2022 09:13:09 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=N7ATxQdqYwhS6 i4IrR26G8dcsnHmYaujSJJc9pUUV8E=; h=in-reply-to:date:subject:cc:to: from:references; d=tobias.gr; b=jsT3NnTIOtZBnPSEFGlHeRWSQQdxdfoSLtBTd7 6Vg4qFKA4RoOdFr2Sxf0XRp8raeh7cOPVPs+dTYHBQzXKczSuVLsOyjAIJtCBa2XhJoboE mfFCZyaDGzW9J8ytL673D4/fW84cFOlXHWHprqj/nE9QDXcjdcEr9TvyrsDo8fJGwiVhra LPN1+yvqobCefFzeqTzgJC47iCwsbWk3UTk/6c0Ae5UDE27iGwrX5zFf+HDoUjTPJZ/wHN QKn/FuTGXmaAm4IF2G5XGk400KGvIFeBhceg28xe6V8BdxVdAoxJHhvDDnX0UwolH/lB2X /pLUSfUXBiQ/hL9Q8/jLhQKg== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id a689d217 (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO); Sat, 6 Aug 2022 13:12:59 +0000 (UTC) References: <20220806114153.23153-1-paren@disroot.org> From: Tobias Geerinckx-Rice To: "(" Subject: Re: [bug#57016] [PATCH] scripts: Bail out when running pull/package commands as root. Date: Sat, 06 Aug 2022 14:30:37 +0200 In-reply-to: <20220806114153.23153-1-paren@disroot.org> BIMI-Selector: v=BIMI1; s=default; Message-ID: <87r11ta52c@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@tobias.gr; helo=tobias.gr X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.6 (-) X-Debbugs-Envelope-To: submit Cc: 57016@debbugs.gnu.org, guix-patches@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.6 (--) --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hi (, "( via Guix-patches" via =E5=86=99=E9=81=93=EF=BC=9A > A pretty common beginner mistake, it seems, is assuming that=20 > since > every other package manager you've used requires root for=20 > installing, > removing, and upgrading packages, Guix must too. > > This is an especially dangerous assumption when applied to `guix=20 > pull`, Running =E2=80=98guix pull=E2=80=99 as root is fine. There was danger in r= unning=20 =E2=80=98sudo guix pull=E2=80=99 (with Guix System defaulting to =E2=80=98s= udo -E=E2=80=99), but=20 that was addressed in 7c52cad0464175370c44bd4695e4c01a62b8268f.=20 If it doesn't trigger reliably, let's fix that. Running =E2=80=98guix package=E2=80=99 and =E2=80=98guix upgrade=E2=80=99 a= s root is also fine.=20 If improper use of sudo/doas/=E2=80=A6 is the real issue, address *that*,=20 not this loose proxy. Ludo' factored out some of the bits in=20 9be470b5d2bab7ad2048c95815fee2916d45f4ad. It could make sense to=20 factor it out further to check, e.g., whether the effective UID=20 matches that of the profile's parent directory. Why should=20 OpenBSD packages get to hoard all the pedantic ownership checks? > since I seem to recall A good trigger to go investigate; not sufficient to (wrongly)=20 imply =E2=80=98root bad=E2=80=99 and throw fatal errors at perfectly legiti= mate=20 use(r)s. Conversely, if we reliably detect and report the true issue,=20 there's no need for =E2=80=98--allow-root=E2=80=99, which by the logic of t= his=20 patch would knowingly break things. We do not provide such=20 options. Huge NAK on v2 I'm afraid, but looking forward to your thoughts, T G-R --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYu5o3A0cbWVAdG9iaWFz LmdyAAoJEA2w/4hPVW15g6gA/10E5i/9OA6BqSxhvBvQEbemhWalA7wHbtJ9JBln ZWenAP9Ry+zTfGWaJuGOR+iWmuOWVYjgMqAKwUVNe9QhlZYwCA== =0B11 -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 06 09:30:46 2022 Received: (at 57016-done) by debbugs.gnu.org; 6 Aug 2022 13:30:46 +0000 Received: from localhost ([127.0.0.1]:33067 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oKJt8-0008Fl-8B for submit@debbugs.gnu.org; Sat, 06 Aug 2022 09:30:46 -0400 Received: from knopi.disroot.org ([178.21.23.139]:56264) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oKJt4-0008Ah-2y for 57016-done@debbugs.gnu.org; Sat, 06 Aug 2022 09:30:44 -0400 Received: from localhost (localhost [127.0.0.1]) by disroot.org (Postfix) with ESMTP id A5E7740ECB for <57016-done@debbugs.gnu.org>; Sat, 6 Aug 2022 15:30:40 +0200 (CEST) X-Virus-Scanned: SPAM Filter at disroot.org Received: from knopi.disroot.org ([127.0.0.1]) by localhost (disroot.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l4egZCvJYtrl for <57016-done@debbugs.gnu.org>; Sat, 6 Aug 2022 15:30:39 +0200 (CEST) Mime-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=disroot.org; s=mail; t=1659792638; bh=JjgwDaDRefMM16VUim5bKsmDPkaApFcKfF6QDZ0qsYE=; h=Date:Subject:From:To; b=NO06UaobD0UWonj5vI966BqB5tWDOD67agYb/SuqlwwHsiQ18Vtw+tcyx/oAhZ4mj lJatHkAC9axGAoCQwOPtRGJVHNBs/m95yLhnuUJylHfZ7I+aTZWYVzpSIQy5h/H+Ud y+5nFK0pDyfv/26aSDmznrrf3H9mrzD03xT2lEdnjpPSYzUvvHBYfpwA/hdT2jX6JD cpKuUFDcHfq5N1qUa/qKI5mC5DKi5+go4d5RhVgm0mI6Mv63uAmeNZiiUx97g3Ctf9 6ZwEjQZELBLAUactXVBcOfCHH1yhyk+KU0qqq0fCfUM3fyHQk9rhoRo/rpL1DeNEGx huTz6d1tgTY4w== Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Sat, 06 Aug 2022 14:30:37 +0100 Message-Id: Subject: Closing From: "(" To: <57016-done@debbugs.gnu.org> X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 57016-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) As nckx rightly pointed out, this patch isn't really useful because `sudo guix pull` was fixed, and after a brief discussion on IRC I've decided to close this patch. -- ( From unknown Thu Jun 19 14:03:46 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Sun, 04 Sep 2022 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator