From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jakub =?UTF-8?Q?K=C4=85dzio=C5=82ka?= Subject: bug#38800: Non-existent setuid programs make "guix system reconfigure" break mid-generation-switch Date: Sun, 29 Dec 2019 21:23:46 +0100 Message-ID: <20191229202346.p3nixfhsanw4oy4s@zdrowyportier.kadziolka.net> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:50541) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ilgiH-0006Yj-9M for bug-guix@gnu.org; Sun, 29 Dec 2019 17:07:06 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ilgiF-0003Rb-4r for bug-guix@gnu.org; Sun, 29 Dec 2019 17:07:04 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:54339) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ilgiE-0003R7-NV for bug-guix@gnu.org; Sun, 29 Dec 2019 17:07:03 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ilgiE-0005WL-JY for bug-guix@gnu.org; Sun, 29 Dec 2019 17:07:02 -0500 Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([2001:470:142:3::10]:49282) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ilf6O-0001oJ-GU for bug-guix@gnu.org; Sun, 29 Dec 2019 15:23:53 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ilf6M-00032b-8T for bug-guix@gnu.org; Sun, 29 Dec 2019 15:23:52 -0500 Received: from pat.zlotemysli.pl ([37.59.186.212]:35040) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ilf6L-0002uh-UB for bug-guix@gnu.org; Sun, 29 Dec 2019 15:23:50 -0500 Content-Disposition: inline List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 38800@debbugs.gnu.org Steps to reproduce: 0. [IMPORTANT] Make sure you will be able to reconfigure your system when all setuid binaries stop working (this includes sudo, which makes this, IMHO, a serious bug). Namely, either make sure you can log in as root, or keep a "sudo -s" shell open. The latter is slightly more dangerous in the event of a power outage. I would also recommend running "guix pull" in this recovery shell, as a root login shell will use root's profile, and not your own. 1. Add a non-existant file to your system configuration's setuid-programs. For example, (setuid-programs (cons* #~(string-append #$bash "/bin/enoent") %setuid-programs)) 2. Reconfigure your system. $ sudo guix system reconfigure /etc/config.scm Actual behavior: activating system... substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0% building /gnu/store/0ay9wd3wz4x0f5mgmbdfs72w98qvm68z-switch-to-system.scm.drv... making '/gnu/store/7vwa2xd378fgwrkgwif7pi6ymshsf2jc-system' the current system... setting up setuid programs in '/run/setuid-programs'... guix system: error: copy-file: No such file or directory: "/run/setuid-programs/enoent" $ sudoedit /etc/config.scm -bash: /run/setuid-programs/sudoedit: No such file or directory $ ls -l /run/setuid-programs total 0 Expected behavior: the running system is left untouched. /run/setuid-programs is still populated with the previous generation's setuid programs. The error message says that the source of the copy-file doesn't exist, not the destination. (While the latter is technically correct, it's utterly unhelpful) 3. [OPTIONAL] Run a rollback. # guix system roll-back Expected behavior: /run/setuid-programs gets populated again. Actual behavior: /run/setuid-programs is still empty. (Is this a separate bug with roll-back not restoring setuid-programs? No idea, didn't test) 4. Remove the changes made to the configuration and run reconfigure again. # guix system reconfigure /etc/config.scm Expected & actual behavior: system is back in (AFAIK) a well-defined state. Regards, Jakub Kądziołka