It would be really nice, especially for downstream distributors, if
there was a test for CVE-2024-27297.

There is working code to test this in the excellent blog post on the
subject, which is a likely good starting point!

  https://guix.gnu.org/en/blog/2024/fixed-output-derivation-sandbox-bypass-cve-2024-27297/

Super extra bonus points if the test is backwards compatible with guix
1.4 and 1.2 :)

live well,
  vagrant