GNU bug report logs - #69755
Issue trying to guix pull

Previous Next

Package: guix;

Reported by: Michael Ford <fanquake <at> gmail.com>

Date: Tue, 12 Mar 2024 16:57:02 UTC

Severity: normal

Done: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 69755 <at> debbugs.gnu.org (full text, mbox):

From: "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de>
To: Michael Ford <fanquake <at> gmail.com>
Cc: 69755 <at> debbugs.gnu.org
Subject: Re: bug#69755: Issue trying to guix pull
Date: Tue, 12 Mar 2024 20:23:20 +0100

Hello Michael.

Michael Ford <fanquake <at> gmail.com> writes:
> building /gnu/store/p9nimij8lz4yln5jd3gm0kdhirrwz56h-guix-1.4.0-18.4c94b9e-checkout.drv...
> -suspicious ownership or permission on
> `/gnu/store/bj2rp8ql9zxnv4l9gvlhph55fa241mk4-guix-1.4.0-18.4c94b9e-checkout';
> rejecting this build output
> Backtrace:

A probable fix was pushed by Ludovic recently.
Does it work?  Can this issue be closed?

commit ff1251de0bc327ec478fc66a562430fbf35aef42
Author: Ludovic Courtès <ludo <at> gnu.org>
Date:   Tue Mar 12 11:53:35 2024 +0100

    daemon: Address shortcoming in previous security fix for CVE-2024-27297.
    
    This is a followup to 8f4ffb3fae133bb21d7991e97c2f19a7108b1143.
    
    Commit 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 fell short in two
    ways: (1) it didn’t have any effet for fixed-output derivations
    performed in a chroot, which is the case for all of them except those
    using “builtin:download” and “builtin:git-download”, and (2) it did not
    preserve ownership when copying, leading to “suspicious ownership or
    permission […] rejecting this build output” errors.

Regards,
Florian
This bug report was last modified 1 year and 72 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.