GNU bug report logs - #69755
Issue trying to guix pull

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 69755 in the body.
You can then email your comments to 69755 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Michael Ford <fanquake <at> gmail.com>
To: bug-guix <at> gnu.org
Subject: Issue trying to guix pull
Date: Tue, 12 Mar 2024 16:55:58 +0000

If I currently try and do a "guix pull" on a Fedora aarch64 machine, I
currently see:

guix pull
Updating channel 'guix' from Git repository at
'https://git.savannah.gnu.org/git/guix.git'...
Building from this channel:
  guix      https://git.savannah.gnu.org/git/guix.git    447e9c9
 openssl-1.1.1u-doc  2.2MiB


                     18.5MiB/s 00:00 ▕██████████████████▏ 100.0%
 openssl-1.1.1u  1.7MiB


                      2.1MiB/s 00:01 ▕██████████████████▏ 100.0%
building /gnu/store/p9nimij8lz4yln5jd3gm0kdhirrwz56h-guix-1.4.0-18.4c94b9e-checkout.drv...
-suspicious ownership or permission on
`/gnu/store/bj2rp8ql9zxnv4l9gvlhph55fa241mk4-guix-1.4.0-18.4c94b9e-checkout';
rejecting this build output
Backtrace:
          14 (primitive-load
"/gnu/store/6wkj5bhjiqgappk2b1h8pb2snjmx835q-compute-guix-derivation")
In ice-9/eval.scm:
    155:9 13 (_ _)
    159:9 12 (_ #(#(#(#(#(#(#(#(#(#(#(#(#(#(#(#(#<directory (guile-u?>
?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?))
In ice-9/boot-9.scm:
    152:2 11 (with-fluid* _ _ _)
    152:2 10 (with-fluid* _ _ _)
In ./guix/store.scm:
  2180:24  9 (run-with-store #<store-connection 256.100 ffff9ae5aeb0>
#<procedure ffff7acc4d70 at ./guix/self.scm:1?> ?)
   2008:8  8 (_ #<store-connection 256.100 ffff9ae5aeb0>)
In ./guix/gexp.scm:
   299:22  7 (_ #<store-connection 256.100 ffff9ae5aeb0>)
   1201:2  6 (_ #<store-connection 256.100 ffff9ae5aeb0>)
   1068:2  5 (_ #<store-connection 256.100 ffff9ae5aeb0>)
    909:4  4 (_ #<store-connection 256.100 ffff9ae5aeb0>)
In ./guix/store.scm:
  2065:12  3 (_ #<store-connection 256.100 ffff9ae5aeb0>)
   1403:5  2 (map/accumulate-builds #<store-connection 256.100
ffff9ae5aeb0> #<procedure ffff79981ea0 at ./guix/sto?> ?)
  1419:15  1 (_ #<store-connection 256.100 ffff9ae5aeb0>
("/gnu/store/lg4cmmjzqxwdl8px3fpnzaqliwz6xwkw-guix-daem?" ?) ?)
  1419:15  0 (loop #f)

./guix/store.scm:1419:15: In procedure loop:
ERROR:
  1. &store-protocol-error:
      message: "build of
`/gnu/store/lg4cmmjzqxwdl8px3fpnzaqliwz6xwkw-guix-daemon-1.4.0-18.4c94b9e.drv'
failed"
      status: 1
guix pull: error: You found a bug: the program
'/gnu/store/6wkj5bhjiqgappk2b1h8pb2snjmx835q-compute-guix-derivation'
failed to compute the derivation for Guix (version:
"447e9c96259e8fa15a828de9b2dd3400e2ffafe6"; system: "aarch64-linux";
host version: "0547fe862cfdb53d408e777e6137d9222100cb50"; pull-version: 1).
Please report the COMPLETE output above by email to <bug-guix <at> gnu.org>.

guix --version is:
guix (GNU Guix) 0547fe862cfdb53d408e777e6137d9222100cb50
Copyright (C) 2024 the Guix authors
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Message #8 received at 69755 <at> debbugs.gnu.org (full text, mbox):

From: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>
To: Michael Ford <fanquake <at> gmail.com>
Cc: 69755 <at> debbugs.gnu.org
Subject: Re: bug#69755: Issue trying to guix pull
Date: Tue, 12 Mar 2024 20:23:20 +0100

Hello Michael.

Michael Ford <fanquake <at> gmail.com> writes:
> building /gnu/store/p9nimij8lz4yln5jd3gm0kdhirrwz56h-guix-1.4.0-18.4c94b9e-checkout.drv...
> -suspicious ownership or permission on
> `/gnu/store/bj2rp8ql9zxnv4l9gvlhph55fa241mk4-guix-1.4.0-18.4c94b9e-checkout';
> rejecting this build output
> Backtrace:

A probable fix was pushed by Ludovic recently.
Does it work?  Can this issue be closed?

commit ff1251de0bc327ec478fc66a562430fbf35aef42
Author: Ludovic Courtès <ludo <at> gnu.org>
Date:   Tue Mar 12 11:53:35 2024 +0100

    daemon: Address shortcoming in previous security fix for CVE-2024-27297.
    
    This is a followup to 8f4ffb3fae133bb21d7991e97c2f19a7108b1143.
    
    Commit 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 fell short in two
    ways: (1) it didn’t have any effet for fixed-output derivations
    performed in a chroot, which is the case for all of them except those
    using “builtin:download” and “builtin:git-download”, and (2) it did not
    preserve ownership when copying, leading to “suspicious ownership or
    permission […] rejecting this build output” errors.

Regards,
Florian

Message #11 received at 69755 <at> debbugs.gnu.org (full text, mbox):

From: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>
To: Michael Ford <fanquake <at> gmail.com>
Cc: 69755 <at> debbugs.gnu.org
Subject: Re: bug#69755: Issue trying to guix pull
Date: Tue, 12 Mar 2024 20:33:24 +0100

Sorry, I forgot, you might need to roll back first, if you had pulled
the broken in-between Guix revision.

guix pull --roll-back

I believe the in-between Guixes cannot be fixed.
Thank you for reporting.

Regards,
Florian

Message #14 received at 69755 <at> debbugs.gnu.org (full text, mbox):

From: Michael Ford <fanquake <at> gmail.com>
To: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>
Cc: 69755 <at> debbugs.gnu.org
Subject: Re: bug#69755: Issue trying to guix pull
Date: Tue, 12 Mar 2024 19:33:00 +0000

> A probable fix was pushed by Ludovic recently.
> Does it work?  Can this issue be closed?

The commit I'm building in the issue report (447e9c9) is more recent
than ff1251de0bc327ec478fc66a562430fbf35aef42. The issue
still exists as of now.


On Tue, 12 Mar 2024 at 19:23, pelzflorian (Florian Pelz)
<pelzflorian <at> pelzflorian.de> wrote:
>
> Hello Michael.
>
> Michael Ford <fanquake <at> gmail.com> writes:
> > building /gnu/store/p9nimij8lz4yln5jd3gm0kdhirrwz56h-guix-1.4.0-18.4c94b9e-checkout.drv...
> > -suspicious ownership or permission on
> > `/gnu/store/bj2rp8ql9zxnv4l9gvlhph55fa241mk4-guix-1.4.0-18.4c94b9e-checkout';
> > rejecting this build output
> > Backtrace:
>
> A probable fix was pushed by Ludovic recently.
> Does it work?  Can this issue be closed?
>
> commit ff1251de0bc327ec478fc66a562430fbf35aef42
> Author: Ludovic Courtès <ludo <at> gnu.org>
> Date:   Tue Mar 12 11:53:35 2024 +0100
>
>     daemon: Address shortcoming in previous security fix for CVE-2024-27297.
>
>     This is a followup to 8f4ffb3fae133bb21d7991e97c2f19a7108b1143.
>
>     Commit 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 fell short in two
>     ways: (1) it didn’t have any effet for fixed-output derivations
>     performed in a chroot, which is the case for all of them except those
>     using “builtin:download” and “builtin:git-download”, and (2) it did not
>     preserve ownership when copying, leading to “suspicious ownership or
>     permission […] rejecting this build output” errors.
>
> Regards,
> Florian

Message #17 received at 69755 <at> debbugs.gnu.org (full text, mbox):

From: Michael Ford <fanquake <at> gmail.com>
To: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>
Cc: 69755 <at> debbugs.gnu.org
Subject: Re: bug#69755: Issue trying to guix pull
Date: Wed, 13 Mar 2024 10:11:59 +0000

> Sorry, I forgot, you might need to roll back first, if you had pulled
the broken in-between Guix revision.

Thanks for the followup.
It looks like rolling-back has resolved the problem now.
So this issue can be closed.

On Tue, 12 Mar 2024 at 19:33, pelzflorian (Florian Pelz)
<pelzflorian <at> pelzflorian.de> wrote:
>
> Sorry, I forgot, you might need to roll back first, if you had pulled
> the broken in-between Guix revision.
>
> guix pull --roll-back
>
> I believe the in-between Guixes cannot be fixed.
> Thank you for reporting.
>
> Regards,
> Florian

Message #22 received at 69755-done <at> debbugs.gnu.org (full text, mbox):

From: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>
To: Michael Ford <fanquake <at> gmail.com>
Cc: 69755-done <at> debbugs.gnu.org
Subject: Re: bug#69755: Issue trying to guix pull
Date: Wed, 13 Mar 2024 12:24:51 +0100

Michael Ford <fanquake <at> gmail.com> writes:
> It looks like rolling-back has resolved the problem now.
> So this issue can be closed.

Closing.  Thank you!

Regards,
Florian

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.