From patchwork Sun Jun 5 00:04:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Tobias Geerinckx-Rice X-Patchwork-Id: 39820 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 7AAFC27BBEB; Fri, 10 Jun 2022 17:39:35 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,T_SPF_HELO_TEMPERROR,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 3347127BBEA for ; Fri, 10 Jun 2022 17:39:27 +0100 (BST) Received: from localhost ([::1]:59784 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nzhfN-00033c-Nh for patchwork@mira.cbaines.net; Fri, 10 Jun 2022 12:39:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37492) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nzhB6-0007ly-CI for guix-patches@gnu.org; Fri, 10 Jun 2022 12:08:05 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:57195) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nzhB3-0007IC-UQ for guix-patches@gnu.org; Fri, 10 Jun 2022 12:08:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1nzhB3-00034N-Ma for guix-patches@gnu.org; Fri, 10 Jun 2022 12:08:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#55892] [PATCH] pull: Fail if cache directory ownership is suspect. Resent-From: Tobias Geerinckx-Rice Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 10 Jun 2022 16:08:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 55892 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 55892@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.165487726311767 (code B ref -1); Fri, 10 Jun 2022 16:08:01 +0000 Received: (at submit) by debbugs.gnu.org; 10 Jun 2022 16:07:43 +0000 Received: from localhost ([127.0.0.1]:51092 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nzhAk-00033i-Oj for submit@debbugs.gnu.org; Fri, 10 Jun 2022 12:07:43 -0400 Received: from lists.gnu.org ([209.51.188.17]:60126) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nzhAh-00033Z-Gd for submit@debbugs.gnu.org; Fri, 10 Jun 2022 12:07:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37098) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nzhAh-0007J1-Ci for guix-patches@gnu.org; Fri, 10 Jun 2022 12:07:39 -0400 Received: from tobias.gr ([2a02:c205:2020:6054::1]:58960) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nzhAd-0007D2-01 for guix-patches@gnu.org; Fri, 10 Jun 2022 12:07:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=woxWW7LDSga/O WY0LGBHaGJWv+sps9VG9dMKB6rYMb8=; h=date:subject:to:from; d=tobias.gr; b=kQ1WK5Y+VEdoL39fWhMecGccZj/tTilXKsJ6v5BsVzgdm7jVWvRGjY+iS4ozqdKr7nQc qwC0yUgwgg8r3P/fbqv3QwDjuIzUBFvSom9wdaB16R+FKD4y00erUzVnAZylO6aadjVq2S MibTlR3Maz4W7K0NMPHRgNi1CZgZiHdQWLhCS0KdZIrJG3AFklumMJKo6HVUInYN3xQs94 YyOIMh2R2BwiB9/DNFM1Rlu2Qi2QnEUHhbE41Pk+/G4/4bwcoHiTmXxqt4GJDge7FqmO4u B4OwtSoKqKk3BwJZP7hlecTz+lgaFgmltpKRAXRTNnqqWbxsoUJMAvD9eYHm/Hyw== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 1687a6ba (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for ; Fri, 10 Jun 2022 16:07:30 +0000 (UTC) Date: Sun, 5 Jun 2022 02:04:25 +0200 Message-Id: <20220605000425.20480-1-me@tobias.gr> X-Mailer: git-send-email 2.36.1 MIME-Version: 1.0 Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@tobias.gr; helo=tobias.gr X-Spam_score_int: 13 X-Spam_score: 1.3 X-Spam_bar: + X-Spam_report: (1.3 / 5.0 requ) BAYES_00=-1.9, DATE_IN_PAST_96_XX=3.405, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" Reply-to: Tobias Geerinckx-Rice X-ACL-Warn: , Tobias Geerinckx-Rice via Guix-patches X-Patchwork-Original-From: Tobias Geerinckx-Rice via Guix-patches via From: Tobias Geerinckx-Rice X-getmail-retrieved-from-mailbox: Patches New users frequently run ‘sudo guix pull’ which breaks subsequent unprivileged ‘guix pull’s until manually fixed with chmod -R. * guix/scripts/pull.scm (guix-pull): Fail if the cache directory (or its innermost extant parent) is not owned by the user pulling the Guix, with a hint about ‘sudo -i’. --- Hi Guix, Another one in the ‘low-level support noise paper-cut’ series. The XXX comment would not land upstream, I think. I didn't test this on a foreign distribution. My understanding is that distributions where sudo already defaults to ‘-i’ won't throw the warning nor suffer from the problem. Kind regards, T G-R guix/scripts/pull.scm | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm index f01764637b..1eaf8f087b 100644 --- a/guix/scripts/pull.scm +++ b/guix/scripts/pull.scm @@ -49,6 +49,7 @@ (define-module (guix scripts pull) #:autoload (gnu packages bootstrap) (%bootstrap-guile) #:autoload (gnu packages certs) (le-certs) #:use-module (srfi srfi-1) + #:use-module (srfi srfi-11) #:use-module (srfi srfi-26) #:use-module (srfi srfi-34) #:use-module (srfi srfi-35) @@ -810,6 +811,31 @@ (define (no-arguments arg _) ((assoc-ref opts 'generation) (process-generation-change opts profile)) (else + ;; Bail out early when users accidentally run, e.g., ’sudo guix pull’. + ;; If CACHE-DIRECTORY doesn't yet exist, test where it would end up. + (let-values (((st dir) (let loop ((dir (cache-directory))) + (let ((st (stat dir #f))) + (if st + (values (stat dir #f) dir) + (loop (dirname dir))))))) + (let ((dir:uid (stat:uid st)) + (our:uid (getuid))) + (unless (= dir:uid our:uid) + (let ((our:user (passwd:name (getpwuid our:uid))) + (dir:user (passwd:name (getpwuid dir:uid)))) + (raise + (condition + (&message + (message + (format #f (G_ "directory ‘~a’ is not owned by user ~a") + dir dir:user))) + (&fix-hint + (hint + ;; XXX We could check (getenv "SUDO_USER") to display this + ;; only under sudo, but that would imply handling doas… &c. + (format #f (G_ "You should run this command as ~a; use ‘sudo -i’ or equivalent if you really want to pull as ~a.") + dir:user our:user))))))))) + (with-store store (with-status-verbosity (assoc-ref opts 'verbosity) (parameterize ((%current-system (assoc-ref opts 'system))