GNU bug report logs -
#78152
[guix-daemon] Build user's pw_dir != HOME
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 78152 in the body.
You can then email your comments to 78152 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#78152; Package
guix.
(Tue, 29 Apr 2025 23:20:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Tue, 29 Apr 2025 23:20:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Hi,
There is a discrepancy in our build environment, where the build user's
directory is set to '/' while HOME is set to '/homeless-shelter'.
Normally both should match, and it trips some test suite that assumes
this to be the case, as with libssh's [0].
Perhaps '/homeless-shelter' could be made to more simply be '/', or
pw_dir could be made to be '/homeless-shelter'.
What do you think?
[0] https://gitlab.com/libssh/libssh-mirror/-/issues/302#note_2475036715
--
Thanks,
Maxim
Information forwarded
to
bug-guix <at> gnu.org:
bug#78152; Package
guix.
(Thu, 01 May 2025 11:50:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 78152 <at> debbugs.gnu.org (full text, mbox):
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes:
> Hi,
>
> There is a discrepancy in our build environment, where the build user's
> directory is set to '/' while HOME is set to '/homeless-shelter'.
> Normally both should match, and it trips some test suite that assumes
> this to be the case, as with libssh's [0].
>
> Perhaps '/homeless-shelter' could be made to more simply be '/', or
> pw_dir could be made to be '/homeless-shelter'.
>
> What do you think?
I would prefer the latter. I know this is just the build container, but
it still would likely be preferable not to litter / with garbage. IMO.
>
> [0] https://gitlab.com/libssh/libssh-mirror/-/issues/302#note_2475036715
--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
Information forwarded
to
bug-guix <at> gnu.org:
bug#78152; Package
guix.
(Thu, 01 May 2025 12:07:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 78152 <at> debbugs.gnu.org (full text, mbox):
Hi,
imo the latter approach is better, because the advantage of using
/homeless-shelter is that you can clearly see it in error log if the
package you're building tries to use the HOME. If it was just /, we
would lose the ability to tell why the package chose to access something
under root of the filesystem - is it accessing a hard coded path or
accessing $HOME?
Information forwarded
to
maxim.cournoyer <at> gmail.com, ~@wolfsden.cz, rutherther <at> ditigal.xyz, bug-guix <at> gnu.org:
bug#78152; Package
guix.
(Fri, 02 May 2025 06:01:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 78152 <at> debbugs.gnu.org (full text, mbox):
* nix/libstore/build.cc (DerivationGoal::startBuilder)
</etc/passwd>: Adjust build user directory.
Fixes: <https://issues.guix.gnu.org/78152>
Change-Id: I242940195e49b2ee9544e9e5211a6598f682cbfe
---
The fix was tested by:
1. Exiting all 'guix shell' envs then # herd stop guix-daemon
2. sudo -E ./pre-inst-env guix-daemon --build-users-group guixbuild \
--max-silent-time 3600 --timeout 86400 --log-compression none \
--discover=no --substitute-urls \
'https://bordeaux.guix.gnu.org https://ci.guix.gnu.org' --max-jobs=10 &
3. Apply the following diff:
modified gnu/packages/ssh.scm
@@ -182,13 +182,7 @@ (define-public libssh
;; Test sources.
(substitute* '("tests/server/test_server/default_cb.c")
(("\"/bin/sh\"")
- (format #f "~s" (which "sh"))))))
- (add-before 'check 'prepare-for-tests
- ;; A few test rely on the assumption that HOME == user's pw_dir,
- ;; which is not satisfied in Guix, where `pw_dir' is '/' while
- ;; HOME is '/homeless-shelter'.
- (lambda _
- (setenv "HOME" "/"))))))
+ (format #f "~s" (which "sh")))))))))
(native-inputs (list cmocka))
(inputs (list bash-minimal mit-krb5 openssl zlib))
(synopsis "SSH client library")
4. Building it successfully: ./pre-inst-env guix build libssh
nix/libstore/build.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
index a1f39d9a8bf..2cf2a7d06c2 100644
--- a/nix/libstore/build.cc
+++ b/nix/libstore/build.cc
@@ -1845,7 +1845,7 @@ void DerivationGoal::startBuilder()
writeFile(chrootRootDir + "/etc/passwd",
(format(
- "nixbld:x:%1%:%2%:Nix build user:/:/noshell\n"
+ "nixbld:x:%1%:%2%:Nix build user:/homeless-shelter:/noshell\n"
"nobody:x:65534:65534:Nobody:/:/noshell\n")
% (buildUser.enabled() ? buildUser.getUID() : guestUID)
% (buildUser.enabled() ? buildUser.getGID() : guestGID)).str());
base-commit: b2b7d2a3275d5ba866ae7fecac928ed4bd416beb
--
2.49.0
Information forwarded
to
bug-guix <at> gnu.org:
bug#78152; Package
guix.
(Fri, 02 May 2025 15:58:01 GMT)
Full text and
rfc822 format available.
Message #17 received at 78152 <at> debbugs.gnu.org (full text, mbox):
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes:
> * nix/libstore/build.cc (DerivationGoal::startBuilder)
> </etc/passwd>: Adjust build user directory.
>
> Fixes: <https://issues.guix.gnu.org/78152>
> Change-Id: I242940195e49b2ee9544e9e5211a6598f682cbfe
> ---
> The fix was tested by:
>
> 1. Exiting all 'guix shell' envs then # herd stop guix-daemon
>
> 2. sudo -E ./pre-inst-env guix-daemon --build-users-group guixbuild \
> --max-silent-time 3600 --timeout 86400 --log-compression none \
> --discover=no --substitute-urls \
> 'https://bordeaux.guix.gnu.org https://ci.guix.gnu.org' --max-jobs=10 &
>
> 3. Apply the following diff:
> modified gnu/packages/ssh.scm
> @@ -182,13 +182,7 @@ (define-public libssh
> ;; Test sources.
> (substitute* '("tests/server/test_server/default_cb.c")
> (("\"/bin/sh\"")
> - (format #f "~s" (which "sh"))))))
> - (add-before 'check 'prepare-for-tests
> - ;; A few test rely on the assumption that HOME == user's pw_dir,
> - ;; which is not satisfied in Guix, where `pw_dir' is '/' while
> - ;; HOME is '/homeless-shelter'.
> - (lambda _
> - (setenv "HOME" "/"))))))
> + (format #f "~s" (which "sh")))))))))
> (native-inputs (list cmocka))
> (inputs (list bash-minimal mit-krb5 openssl zlib))
> (synopsis "SSH client library")
>
> 4. Building it successfully: ./pre-inst-env guix build libssh
> nix/libstore/build.cc | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
> index a1f39d9a8bf..2cf2a7d06c2 100644
> --- a/nix/libstore/build.cc
> +++ b/nix/libstore/build.cc
> @@ -1845,7 +1845,7 @@ void DerivationGoal::startBuilder()
>
> writeFile(chrootRootDir + "/etc/passwd",
> (format(
> - "nixbld:x:%1%:%2%:Nix build user:/:/noshell\n"
> + "nixbld:x:%1%:%2%:Nix build user:/homeless-shelter:/noshell\n"
> "nobody:x:65534:65534:Nobody:/:/noshell\n")
> % (buildUser.enabled() ? buildUser.getUID() : guestUID)
> % (buildUser.enabled() ? buildUser.getGID() : guestGID)).str());
>
> base-commit: b2b7d2a3275d5ba866ae7fecac928ed4bd416beb
LGTM.
Reviewed-by: Tomas Volf <~@wolfsden.cz>
--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
Information forwarded
to
bug-guix <at> gnu.org:
bug#78152; Package
guix.
(Mon, 05 May 2025 15:36:04 GMT)
Full text and
rfc822 format available.
Message #20 received at 78152 <at> debbugs.gnu.org (full text, mbox):
Hi Maxim,
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes:
> There is a discrepancy in our build environment, where the build user's
> directory is set to '/' while HOME is set to '/homeless-shelter'.
> Normally both should match, and it trips some test suite that assumes
> this to be the case, as with libssh's [0].
>
> Perhaps '/homeless-shelter' could be made to more simply be '/', or
> pw_dir could be made to be '/homeless-shelter'.
>
> What do you think?
As a rule of thumb, the build environment should never change so that
things that derivations that succeeded one day still succeed years
later.
So my take is that we should live with this discrepancy forever and
ever.
(Note that the unprivileged daemon does introduce some discrepancies,
and this is something we should fix as much as possible.)
Thanks,
Ludo’.
Reply sent
to
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
You have taken responsibility.
(Wed, 07 May 2025 02:16:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
bug acknowledged by developer.
(Wed, 07 May 2025 02:16:02 GMT)
Full text and
rfc822 format available.
Message #25 received at 78152-done <at> debbugs.gnu.org (full text, mbox):
Hi Ludovic,
Ludovic Courtès <ludo <at> gnu.org> writes:
> Hi Maxim,
>
> Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes:
>
>> There is a discrepancy in our build environment, where the build user's
>> directory is set to '/' while HOME is set to '/homeless-shelter'.
>> Normally both should match, and it trips some test suite that assumes
>> this to be the case, as with libssh's [0].
>>
>> Perhaps '/homeless-shelter' could be made to more simply be '/', or
>> pw_dir could be made to be '/homeless-shelter'.
>>
>> What do you think?
>
> As a rule of thumb, the build environment should never change so that
> things that derivations that succeeded one day still succeed years
> later.
>
> So my take is that we should live with this discrepancy forever and
> ever.
I was worried you'd say this :-). But it's true, that it could be
annoying to have something fail with old daemon and pass with newer
ones, or vice-versa when using time-machine.
> (Note that the unprivileged daemon does introduce some discrepancies,
> and this is something we should fix as much as possible.)
Hm, perhaps if the 'as much as possible' != 'everything', we could use
this breaking opportunity to bundle a few changes like this one?
A way that could perhaps be used here would be to bump the daemon's
version, and expose this to the build so that some phases code can be
conditional to the daemon version. Not very elegant, but it'd at least
allow us fixing this kind of issue in the daemon.
I'll close this issue for now, but if you have some thoughts on the
above idea, feel free to continue this discussion here!
--
Thanks,
Maxim
Information forwarded
to
bug-guix <at> gnu.org:
bug#78152; Package
guix.
(Wed, 07 May 2025 08:58:01 GMT)
Full text and
rfc822 format available.
Message #28 received at 78152-done <at> debbugs.gnu.org (full text, mbox):
Hello,
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes:
>> (Note that the unprivileged daemon does introduce some discrepancies,
>> and this is something we should fix as much as possible.)
>
> Hm, perhaps if the 'as much as possible' != 'everything', we could use
> this breaking opportunity to bundle a few changes like this one?
I would rather not (especially since this particular issue hasn’t been a
problem until now, and for only one package). But overall it’s tricky:
some discrepancies are unavoidable. So the real question is how likely
it is that package build systems and test suites will behave differently
because of these discrepancies, and often it’s really hard to tell
upfront.
> A way that could perhaps be used here would be to bump the daemon's
> version, and expose this to the build so that some phases code can be
> conditional to the daemon version. Not very elegant, but it'd at least
> allow us fixing this kind of issue in the daemon.
I would prefer not to as this goes against the model where we assume the
build environment to be set in stone.
But I don’t know, we’ll have to think through it.
Thanks,
Ludo’.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Wed, 04 Jun 2025 11:24:19 GMT)
Full text and
rfc822 format available.
This bug report was last modified 9 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.