| Message ID | cover.1745257594.git.sarg@sarg.org.ru |
|---|---|
| Headers |
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id AAB0227BC4B; Mon, 21 Apr 2025 18:52:20 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-6.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 9DBD627BC49 for <patchwork@mira.cbaines.net>; Mon, 21 Apr 2025 18:52:19 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <guix-patches-bounces@gnu.org>) id 1u6vJM-0004Mv-7R; Mon, 21 Apr 2025 13:52:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1u6vJL-0004Mf-CT for guix-patches@gnu.org; Mon, 21 Apr 2025 13:52:03 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1u6vJL-0005g9-0l for guix-patches@gnu.org; Mon, 21 Apr 2025 13:52:03 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:Subject; bh=SVPyX4Xw5dPGyR7KS0mVKNU9lPW93ZYDIQ/XSUbweSQ=; b=s6hA9j/hVnrX+amIVAQ9bgyv/vRe/bdbEXV4jJzoZXKAIzOX7PnBAvWhEk6HZR/icE64JjO6MXeq4WduT76vbbhDnmWyjS8Qb5yGe+dsEu5ogCQBjLPlj7d2S4th3fP+Vk+1Tmj+wTTWPDXbftXsAsPLQ8J3H6m0nHfA17sBnnGGPTzeW7HL0frFCw3XeItHCsbFxuafgIOKCMojE6B+Yn5w6ii5EKBNvjwU2/f1LUd1UFTsmGPT3GjA/hGPqkj68M6qXMUPT/3FcmH/XY/dClen1ndv2hn3GGTfpKOmrWMJKS5LMJ/OLSW2Qtq/hiZmjX7UnpQF2wfyW3bDqXI31g==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1u6vJJ-0003pN-SK for guix-patches@gnu.org; Mon, 21 Apr 2025 13:52:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#77968] [PATCH 0/1] gnu: openssh: Trust store items owned by guix-daemon. Resent-From: Sergey Trofimov <sarg@sarg.org.ru> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 21 Apr 2025 17:52:01 +0000 Resent-Message-ID: <handler.77968.B.174525790114675@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 77968 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 77968@debbugs.gnu.org Cc: Sergey Trofimov <sarg@sarg.org.ru> X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.174525790114675 (code B ref -1); Mon, 21 Apr 2025 17:52:01 +0000 Received: (at submit) by debbugs.gnu.org; 21 Apr 2025 17:51:41 +0000 Received: from localhost ([127.0.0.1]:38089 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>) id 1u6vIz-0003oc-1K for submit@debbugs.gnu.org; Mon, 21 Apr 2025 13:51:41 -0400 Received: from lists.gnu.org ([2001:470:142::17]:57928) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <sarg@sarg.org.ru>) id 1u6vIw-0003oK-9h for submit@debbugs.gnu.org; Mon, 21 Apr 2025 13:51:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <sarg@sarg.org.ru>) id 1u6vIp-0004JA-LA for guix-patches@gnu.org; Mon, 21 Apr 2025 13:51:31 -0400 Received: from mail-ej1-x632.google.com ([2a00:1450:4864:20::632]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <sarg@sarg.org.ru>) id 1u6vIm-0005SW-J7 for guix-patches@gnu.org; Mon, 21 Apr 2025 13:51:31 -0400 Received: by mail-ej1-x632.google.com with SMTP id a640c23a62f3a-ac345bd8e13so615371166b.0 for <guix-patches@gnu.org>; Mon, 21 Apr 2025 10:51:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sarg.org.ru; s=google; t=1745257883; x=1745862683; darn=gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=SVPyX4Xw5dPGyR7KS0mVKNU9lPW93ZYDIQ/XSUbweSQ=; b=qGLsir95YkUOt3cR/N0pjzClVicN6k2RBO7miw2+vX21Xs17aXQ+iroChyfXNPTYN3 u2SrMCVQ9dEfnrpRdmX/s7/wpvpjDtvui4n0a1Vu/0gOkRnXmRc4PoxCRwdxZizr/PYj ZgMQ2NzrJ4HKyx0/DhlC/gDMaRIEVe63zvdYCfwT+tl2X+U35WQOKZYNh8GWNvCJN95y CPm/zrtZYafYirKE5YzIcJM74Br50QXB3IUGHHaarGQ0SeiwjGqlrr5mNYOgek2OjD8L M44mLCAUEOcNUVFGdWfNfJ+WYCMJcICLOCrAeVE65suCg6j7Lukac7zmQrLd35FXpnz7 DhNw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745257883; x=1745862683; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=SVPyX4Xw5dPGyR7KS0mVKNU9lPW93ZYDIQ/XSUbweSQ=; b=e918pMLxownz2KOam8JBBCjr5r7G7kGqF6pYg0FbtRhsevpqJIgUKPdpuISCJ4ie44 s0DlM5HoL9gsB2i4iE1evQPIEJvUFE84eHp+yMmitqedXNP4nxL8vsTKjDWNGSbpj0Ht mgbjio0R5g6UinpptHxauu+XBlM1IkofG8LKxE4b3HJOQeITRfwT49HWdRcDzIl7RIZP NmVN9vs0CsFGRXlFEWExlKwU/piUL1xxprJxiBfr/Z/6B0hhxxbBnfJwqbyBQPyH1yPz tpFWm3CNHN8Zrqpnd/RB87Ssm+RHEVFVwYv8yhdFDheDi36nLhny2eyFSU6tfMvc6FhO O7sA== X-Gm-Message-State: AOJu0Yy3jeGhlKrR6Je8LRdL9tVThRm8P80BBC6mRXLYynN9j0a7b8hN 06awzD/8qIVaGjMxQdLWXxrKd8PI6wYr6OFjME7oZlEgVWPOx4EZ6QTbyQGyQFzWZp0qghnqdQm kyDw= X-Gm-Gg: ASbGncvoFxOpaLDA/4bxr98g9oEvQyrleCCkfmHfYkCPOvu5aFCvZH1fksxnsVDajMe EqYHR5U2Q2PJ/EFtKvVjdyg/wNC/EqItDwWm2iC/cBpDQHfUcOMsNXXpPDENJT2PORipijlLEOl Vu8/scbGC8PqNUoB5+dgAK1KtyugNH/rUb9Y6s+Dx2tXK/w+AD9AUbvsZZ/kCuBzZMMYZ+bnc8x TWJXePqGmodmPgxqwr8LMtyQkIaN7206ZA37Xpc2yILdwvKWDOjJSLqNFnJ66lUbUohxBZrsDm4 EM2kL1uNgPlLjx1MBbD78t1ETZnsONG+Chh5vQ== X-Google-Smtp-Source: AGHT+IH4YbURyzVly4VoauKjBtc8FXWLACcKjVY0a7tNBSzzKr3Snw6P72/q0Qhoh8m6VmWjVApw1A== X-Received: by 2002:a17:907:fdc9:b0:acb:86f0:feda with SMTP id a640c23a62f3a-acb86f1017cmr855375866b.14.1745257882802; Mon, 21 Apr 2025 10:51:22 -0700 (PDT) Received: from localhost ([2a02:2454:a095:5600:a64e:31ff:fe38:fd6c]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-acb6ec0b6fbsm546612966b.19.2025.04.21.10.51.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 21 Apr 2025 10:51:22 -0700 (PDT) Date: Mon, 21 Apr 2025 19:51:18 +0200 Message-ID: <cover.1745257594.git.sarg@sarg.org.ru> X-Mailer: git-send-email 2.49.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a00:1450:4864:20::632; envelope-from=sarg@sarg.org.ru; helo=mail-ej1-x632.google.com X-Spam_score_int: -16 X-Spam_score: -1.7 X-Spam_bar: - X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: <guix-patches.gnu.org> List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=unsubscribe> List-Archive: <https://lists.gnu.org/archive/html/guix-patches> List-Post: <mailto:guix-patches@gnu.org> List-Help: <mailto:guix-patches-request@gnu.org?subject=help> List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=subscribe> Reply-to: Sergey Trofimov <sarg@sarg.org.ru> X-ACL-Warn: , Sergey Trofimov via Guix-patches <guix-patches@gnu.org> From: Sergey Trofimov via Guix-patches via <guix-patches@gnu.org> Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches |
| Series |
gnu: openssh: Trust store items owned by guix-daemon.
|
|
Message
Sergey Trofimov
April 21, 2025, 5:51 p.m. UTC
After migration to rootless guix-daemon on Guix system, ssh started to refuse operations with the error `Bad owner or permissions on /home/sarg/.ssh/config`. The config is managed with `home-openssh-service-type` and is a symlink to /gnu/store/... The file was previously owned by root which is treated specially in openssh source code. As a solution I suggest to patch ssh to trust config files in /gnu/store/ As a workaround users can for now use `ssh -F ~/.ssh/config` as this would skip ownership checks. Sergey Trofimov (1): gnu: openssh: Trust store items owned by guix-daemon. .../openssh-trust-guix-store-directory.patch | 67 +++++++++++++------ gnu/packages/ssh.scm | 2 +- 2 files changed, 47 insertions(+), 22 deletions(-) base-commit: 7a7eff34613c9b3357adf39813793f607c03629d