* bug#66305: Error with recursive git checkout
@ 2023-10-02 11:17 Guillaume Le Vaillant
2023-10-02 17:37 ` Guillaume Le Vaillant
` (4 more replies)
0 siblings, 5 replies; 12+ messages in thread
From: Guillaume Le Vaillant @ 2023-10-02 11:17 UTC (permalink / raw)
To: 66305
[-- Attachment #1.1: Type: text/plain, Size: 2545 bytes --]
Hi.
With Guix at 47d0346553fdad9795c9390a60944ccaad7e5255, I'm unable to
build a package (see attached patch) requiring a recursive git-fetch to
get the sources:
--8<---------------cut here---------------start------------->8---
$ ./pre-inst-env guix build bladerf
The following derivations will be built:
/gnu/store/982zz7z94va89fxn79hpjil5wp0v49pn-bladerf-2023.02.drv
/gnu/store/5rlqf4srlnnymsv93ydxkgxwgfszkszw-bladerf-2023.02-checkout.drv
building /gnu/store/5rlqf4srlnnymsv93ydxkgxwgfszkszw-bladerf-2023.02-checkout.drv...
Initialized empty Git repository in /gnu/store/fhlm9zxs4r4cgapbngckpzrs8rnzf1l2-bladerf-2023.02-checkout/.git/
From https://github.com/Nuand/bladeRF
* tag 2023.02 -> FETCH_HEAD
Note: switching to 'FETCH_HEAD'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:
git switch -c <new-branch-name>
Or undo this operation with:
git switch -
Turn off this advice by setting config variable advice.detachedHead to false
HEAD is now at 41ef634 Revert "libbladeRF: update compatibility for FPGA v0.15.0 from libbladeRF 2.4.0 to 2.5.0"
/gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule: line 7: basename: command not found
/gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule: line 7: sed: command not found
/gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-sh-setup: line 77: basename: command not found
/gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-sh-setup: line 77: sed: command not found
/gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-sh-setup: line 292: uname: command not found
/gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule: line 613: sed: command not found
/gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule: line 613: cmd_: command not found
git-fetch: '/gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/bin/git submodule update --init --recursive' failed with exit code 127
--8<---------------cut here---------------end--------------->8---
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: 0001-gnu-Add-bladerf.patch --]
[-- Type: text/x-patch, Size: 3029 bytes --]
From ac6fc0fdf16187c4e0c61916c52ced35a031fd76 Mon Sep 17 00:00:00 2001
Message-ID: <ac6fc0fdf16187c4e0c61916c52ced35a031fd76.1696246171.git.glv@posteo.net>
From: Guillaume Le Vaillant <glv@posteo.net>
Date: Sat, 30 Sep 2023 11:17:40 +0200
Subject: [PATCH 1/8] gnu: Add bladerf.
* gnu/packages/radio.scm (bladerf): New variable.
---
gnu/packages/radio.scm | 39 +++++++++++++++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
diff --git a/gnu/packages/radio.scm b/gnu/packages/radio.scm
index 2e4e9db4cc..aa26c04db2 100644
--- a/gnu/packages/radio.scm
+++ b/gnu/packages/radio.scm
@@ -69,10 +69,12 @@ (define-module (gnu packages radio)
#:use-module (gnu packages image)
#:use-module (gnu packages image-processing)
#:use-module (gnu packages javascript)
+ #:use-module (gnu packages libedit)
#:use-module (gnu packages libusb)
#:use-module (gnu packages linux)
#:use-module (gnu packages logging)
#:use-module (gnu packages lua)
+ #:use-module (gnu packages man)
#:use-module (gnu packages maths)
#:use-module (gnu packages mp3)
#:use-module (gnu packages multiprecision)
@@ -1416,6 +1418,43 @@ (define-public hackrf
@code{(udev-rules-service 'hackrf hackrf #:groups '(\"dialout\"))}.")
(license license:gpl2)))
+(define-public bladerf
+ (package
+ (name "bladerf")
+ (version "2023.02")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/Nuand/bladeRF")
+ (commit version)
+ (recursive? #t)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "038v9qdmrwx9mxsrq4l36bap0bsypyg4i8hs7l7srv4b0c2s7ynp"))))
+ (build-system cmake-build-system)
+ (native-inputs (list doxygen help2man pkg-config))
+ (inputs (list libedit libusb))
+ (arguments
+ (list #:configure-flags #~(list "-DTAGGED_RELEASE=ON"
+ (string-append "-DUDEV_RULES_PATH="
+ #$output
+ "/lib/udev/rules.d")
+ "-DBLADERF_GROUP=dialout"
+ "-DBUILD_DOCUMENTATION=ON")
+ #:tests? #f)) ; No test suite
+ (home-page "https://www.nuand.com/")
+ (synopsis "User-space library and utilities for BladeRF SDR")
+ (description
+ "This package contains a library and command line utilities for
+controlling the BladeRF Software Defined Radio (SDR) over USB. To install the
+hackrf udev rules, you must extend 'udev-service-type' with this package.
+E.g.: @code{(udev-rules-service 'bladerf bladerf)}.")
+ (license (list license:bsd-3
+ license:expat
+ license:gpl2+
+ license:lgpl2.1+))))
+
(define-public hamlib
(package
(name "hamlib")
base-commit: 47d0346553fdad9795c9390a60944ccaad7e5255
--
2.41.0
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]
^ permalink raw reply related [flat|nested] 12+ messages in thread
* bug#66305: Error with recursive git checkout
2023-10-02 11:17 bug#66305: Error with recursive git checkout Guillaume Le Vaillant
@ 2023-10-02 17:37 ` Guillaume Le Vaillant
2023-10-03 19:26 ` Simon Tournier
` (3 subsequent siblings)
4 siblings, 0 replies; 12+ messages in thread
From: Guillaume Le Vaillant @ 2023-10-02 17:37 UTC (permalink / raw)
To: 66305
[-- Attachment #1: Type: text/plain, Size: 184 bytes --]
Workaround: by rebooting the machine to an older generation (and
therefore an older guix-daemon, with Guix at
4f35ff1275e05be31f5d41464ccf147e9dbfd016), the recursive git-fetch
works.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#66305: Error with recursive git checkout
2023-10-02 11:17 bug#66305: Error with recursive git checkout Guillaume Le Vaillant
2023-10-02 17:37 ` Guillaume Le Vaillant
@ 2023-10-03 19:26 ` Simon Tournier
2023-10-04 16:25 ` Ludovic Courtès
2023-10-25 4:53 ` Alexis Simon via Bug reports for GNU Guix
` (2 subsequent siblings)
4 siblings, 1 reply; 12+ messages in thread
From: Simon Tournier @ 2023-10-03 19:26 UTC (permalink / raw)
To: Guillaume Le Vaillant, 66305; +Cc: Ludovic Courtès
Hi Guillaume,
On Mon, 02 Oct 2023 at 11:17, Guillaume Le Vaillant <glv@posteo.net> wrote:
> With Guix at 47d0346553fdad9795c9390a60944ccaad7e5255, I'm unable to
> build a package (see attached patch) requiring a recursive git-fetch to
> get the sources:
[...]
> HEAD is now at 41ef634 Revert "libbladeRF: update compatibility for FPGA v0.15.0 from libbladeRF 2.4.0 to 2.5.0"
> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule: line 7: basename: command not found
> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule: line 7: sed: command not found
> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-sh-setup: line 77: basename: command not found
> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-sh-setup: line 77: sed: command not found
> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-sh-setup: line 292: uname: command not found
> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule: line 613: sed: command not found
> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule: line 613: cmd_: command not found
> git-fetch: '/gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/bin/git submodule update --init --recursive' failed with exit code 127
It looks very similar as bug#65924:
bug#65924: git searches coreutils and util-linux commands in PATH
Maxim Cournoyer <maxim.cournoyer@gmail.com>
Wed, 13 Sep 2023 14:00:09 -0400
id:87fs3iuf6e.fsf@gmail.com
https://issues.guix.gnu.org//65924
https://issues.guix.gnu.org/msgid/87fs3iuf6e.fsf@gmail.com
https://yhetil.org/guix/87fs3iuf6e.fsf@gmail.com
I think it is a corollary from:
bug#65866: [PATCH 0/8] Add built-in builder for Git checkouts
Ludovic Courtès <ludo@gnu.org>
Tue, 26 Sep 2023 17:44:22 +0200
id:87fs312b3d.fsf_-_@gnu.org
https://issues.guix.gnu.org//65866
https://issues.guix.gnu.org/msgid/87fs312b3d.fsf_-_@gnu.org
https://yhetil.org/guix/87fs312b3d.fsf_-_@gnu.org
and if I am correct, such potential issue had been pointed by:
Re: hard dependency on Git? (was bug#65866: [PATCH 0/8] Add built-in builder for Git checkouts)
Simon Tournier <zimon.toutoune@gmail.com>
Thu, 14 Sep 2023 19:28:06 +0200
id:CAJ3okZ0hzimVNtTcSsJKR-x=WKpPVtHYxshznGzecqxNHFWC5Q@mail.gmail.com
https://lists.gnu.org/archive/html/guix-devel/2023-09
https://yhetil.org/guix/CAJ3okZ0hzimVNtTcSsJKR-x=WKpPVtHYxshznGzecqxNHFWC5Q@mail.gmail.com
Cheers,
simon
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#66305: Error with recursive git checkout
2023-10-03 19:26 ` Simon Tournier
@ 2023-10-04 16:25 ` Ludovic Courtès
2023-10-04 18:16 ` Simon Tournier
0 siblings, 1 reply; 12+ messages in thread
From: Ludovic Courtès @ 2023-10-04 16:25 UTC (permalink / raw)
To: Simon Tournier; +Cc: Guillaume Le Vaillant, 66305
[-- Attachment #1: Type: text/plain, Size: 1886 bytes --]
Hello,
Simon Tournier <zimon.toutoune@gmail.com> skribis:
> On Mon, 02 Oct 2023 at 11:17, Guillaume Le Vaillant <glv@posteo.net> wrote:
>
>> With Guix at 47d0346553fdad9795c9390a60944ccaad7e5255, I'm unable to
>> build a package (see attached patch) requiring a recursive git-fetch to
>> get the sources:
>
> [...]
>
>> HEAD is now at 41ef634 Revert "libbladeRF: update compatibility for FPGA v0.15.0 from libbladeRF 2.4.0 to 2.5.0"
>> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule: line 7: basename: command not found
>> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule: line 7: sed: command not found
>> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-sh-setup: line 77: basename: command not found
>> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-sh-setup: line 77: sed: command not found
>> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-sh-setup: line 292: uname: command not found
>> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule: line 613: sed: command not found
>> /gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/libexec/git-core/git-submodule: line 613: cmd_: command not found
>> git-fetch: '/gnu/store/y3vdq2pdkljrw63xxnc2vb6lz07ycar6-git-minimal-2.41.0/bin/git submodule update --init --recursive' failed with exit code 127
>
> It looks very similar as bug#65924:
>
> bug#65924: git searches coreutils and util-linux commands in PATH
> Maxim Cournoyer <maxim.cournoyer@gmail.com>
D’oh! Thanks Simon and Guillaume for the heads-up (I had totally
overlooked that you raised this during the review, Simon; my bad).
Here’s a patch that fixes it for me:
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: Type: text/x-patch, Size: 801 bytes --]
diff --git a/guix/scripts/perform-download.scm b/guix/scripts/perform-download.scm
index 045dd84ad6..c869f19502 100644
--- a/guix/scripts/perform-download.scm
+++ b/guix/scripts/perform-download.scm
@@ -108,6 +108,10 @@ (define* (perform-git-download drv output
(drv-output (assoc-ref (derivation-outputs drv) "out"))
(algo (derivation-output-hash-algo drv-output))
(hash (derivation-output-hash drv-output)))
+ ;; Commands such as 'git submodule' expect Coreutils and sed (among
+ ;; others) to be in $PATH.
+ (setenv "PATH" "/run/current-system/profile/bin:/bin:/usr/bin")
+
(git-fetch-with-fallback url commit output
#:recursive? recursive?
#:git-command %git))))
[-- Attachment #3: Type: text/plain, Size: 468 bytes --]
To test it, you need to run the daemon from your checkout, with
something like:
sudo herd stop guix-daemon
sudo -E ./pre-inst-env guix-daemon --build-users-group=guixbuild &
(Once we’ve applied the fix, we’ll have to update the ‘guix’ package.)
I think we should eventually our ‘git’ package as discussed in
<https://issues.guix.gnu.org/65924>, but that won’t help on foreign
distros anyway, hence the fix above.
WDYT?
Ludo’.
^ permalink raw reply related [flat|nested] 12+ messages in thread
* bug#66305: Error with recursive git checkout
2023-10-04 16:25 ` Ludovic Courtès
@ 2023-10-04 18:16 ` Simon Tournier
2023-10-04 18:18 ` Simon Tournier
2023-10-05 9:28 ` Ludovic Courtès
0 siblings, 2 replies; 12+ messages in thread
From: Simon Tournier @ 2023-10-04 18:16 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: Guillaume Le Vaillant, 66305
Hi Ludo,
On Wed, 04 Oct 2023 at 18:25, Ludovic Courtès <ludo@gnu.org> wrote:
> diff --git a/guix/scripts/perform-download.scm b/guix/scripts/perform-download.scm
> index 045dd84ad6..c869f19502 100644
> --- a/guix/scripts/perform-download.scm
> +++ b/guix/scripts/perform-download.scm
> @@ -108,6 +108,10 @@ (define* (perform-git-download drv output
> (drv-output (assoc-ref (derivation-outputs drv) "out"))
> (algo (derivation-output-hash-algo drv-output))
> (hash (derivation-output-hash drv-output)))
> + ;; Commands such as 'git submodule' expect Coreutils and sed (among
> + ;; others) to be in $PATH.
> + (setenv "PATH" "/run/current-system/profile/bin:/bin:/usr/bin")
> +
> (git-fetch-with-fallback url commit output
> #:recursive? recursive?
> #:git-command %git))))
LGTM.
Well, I would add a comment explicitly mentioning that’s a temporary fix
pointing this issue #66305.
And I have tested with:
--8<---------------cut here---------------start------------->8---
$ guix build ocaml-ansiterminal -S --no-substitutes
$ guix build volk --no-substitutes --check -S
--8<---------------cut here---------------end--------------->8---
Cheers,
simon
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#66305: Error with recursive git checkout
2023-10-04 18:16 ` Simon Tournier
@ 2023-10-04 18:18 ` Simon Tournier
2023-10-05 9:28 ` Ludovic Courtès
1 sibling, 0 replies; 12+ messages in thread
From: Simon Tournier @ 2023-10-04 18:18 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: Guillaume Le Vaillant, 66305
On Wed, 4 Oct 2023 at 20:16, Simon Tournier <zimon.toutoune@gmail.com> wrote:
> And I have tested with:
On foreign distro I mean :-)
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#66305: Error with recursive git checkout
2023-10-04 18:16 ` Simon Tournier
2023-10-04 18:18 ` Simon Tournier
@ 2023-10-05 9:28 ` Ludovic Courtès
2023-10-05 21:31 ` Ludovic Courtès
1 sibling, 1 reply; 12+ messages in thread
From: Ludovic Courtès @ 2023-10-05 9:28 UTC (permalink / raw)
To: Simon Tournier; +Cc: Guillaume Le Vaillant, 66305
Hello,
Simon Tournier <zimon.toutoune@gmail.com> skribis:
> On Wed, 04 Oct 2023 at 18:25, Ludovic Courtès <ludo@gnu.org> wrote:
>
>> diff --git a/guix/scripts/perform-download.scm b/guix/scripts/perform-download.scm
>> index 045dd84ad6..c869f19502 100644
>> --- a/guix/scripts/perform-download.scm
>> +++ b/guix/scripts/perform-download.scm
>> @@ -108,6 +108,10 @@ (define* (perform-git-download drv output
>> (drv-output (assoc-ref (derivation-outputs drv) "out"))
>> (algo (derivation-output-hash-algo drv-output))
>> (hash (derivation-output-hash drv-output)))
>> + ;; Commands such as 'git submodule' expect Coreutils and sed (among
>> + ;; others) to be in $PATH.
>> + (setenv "PATH" "/run/current-system/profile/bin:/bin:/usr/bin")
>> +
>> (git-fetch-with-fallback url commit output
>> #:recursive? recursive?
>> #:git-command %git))))
>
> LGTM.
>
> Well, I would add a comment explicitly mentioning that’s a temporary fix
> pointing this issue #66305.
It’s not temporary in that it will still be needed for example by the
Debian package of Guix. But yeah, I’ll clarify that in the comment.
> And I have tested with:
>
> $ guix build ocaml-ansiterminal -S --no-substitutes
> $ guix build volk --no-substitutes --check -S
Awesome, thanks for checking!
Ludo’.
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#66305: Error with recursive git checkout
2023-10-02 11:17 bug#66305: Error with recursive git checkout Guillaume Le Vaillant
2023-10-02 17:37 ` Guillaume Le Vaillant
2023-10-03 19:26 ` Simon Tournier
@ 2023-10-25 4:53 ` Alexis Simon via Bug reports for GNU Guix
2023-10-25 16:51 ` Alexis Simon via Bug reports for GNU Guix
2023-10-25 17:47 ` Alexis Simon via Bug reports for GNU Guix
4 siblings, 0 replies; 12+ messages in thread
From: Alexis Simon via Bug reports for GNU Guix @ 2023-10-25 4:53 UTC (permalink / raw)
To: 66305
Hi,
I think I'm hitting this bug trying to git-fetch with submodules.
I am on a foreign distro.
--8<---------------cut here---------------start------------->8---
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-submodule:
line 7: /bin/basename: Permission denied
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-submodule:
line 7: /bin/sed: Permission denied
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-sh-setup:
line 77: /bin/basename: Permission denied
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-sh-setup:
line 77: /bin/sed: Permission denied
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-sh-setup:
line 292: /bin/uname: Permission denied
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-submodule:
line 613: /bin/sed: Permission denied
/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/libexec/git-core/git-submodule:
line 613 : cmd_: command not found
git-fetch:
'/gnu/store/pmv37cxc4cg1s7x8yg8dkhikkwmwpncr-git-minimal-2.41.0/bin/git
submodule update --init --recursive' failed with exit code 127
--8<---------------cut here---------------end--------------->8---
This is with a recent guix I think
--8<---------------cut here---------------start------------->8---
❯ guix describe
Generation 8 oct. 24 2023 21:31:58 (current)
guix 0074731
repository URL: https://git.savannah.gnu.org/git/guix.git
branch: master
commit: 00747316ee0e1a7962ffe226c727776ba7a8163b
--8<---------------cut here---------------end--------------->8---
Alexis
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#66305: Error with recursive git checkout
2023-10-02 11:17 bug#66305: Error with recursive git checkout Guillaume Le Vaillant
` (2 preceding siblings ...)
2023-10-25 4:53 ` Alexis Simon via Bug reports for GNU Guix
@ 2023-10-25 16:51 ` Alexis Simon via Bug reports for GNU Guix
2023-10-25 17:47 ` Alexis Simon via Bug reports for GNU Guix
4 siblings, 0 replies; 12+ messages in thread
From: Alexis Simon via Bug reports for GNU Guix @ 2023-10-25 16:51 UTC (permalink / raw)
To: 66305
ah well it seems this is due to a selinux policy error
--8<---------------cut here---------------start------------->8---
SELinux is preventing git-submodule from execute access on the file
/usr/bin/sed.
***** Plugin catchall (100. confidence) suggests
**************************
If you believe that git-submodule should be allowed execute access on
the sed file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'git-submodule' --raw | audit2allow -M my-gitsubmodule
# semodule -X 300 -i my-gitsubmodule.pp
Additional Information:
Source Context system_u:system_r:guix_daemon.guix_daemon_t:s0
Target Context system_u:object_r:bin_t:s0
Target Objects /usr/bin/sed [ file ]
Source git-submodule
Source Path git-submodule
Port <Unknown>
Host xps13
Source RPM Packages
Target RPM Packages sed-4.8-12.fc38.x86_64
SELinux Policy RPM selinux-policy-targeted-38.29-1.fc38.noarch
Local Policy RPM
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name xps13
Platform Linux xps13 6.5.7-200.fc38.x86_64 #1 SMP
PREEMPT_DYNAMIC Wed Oct 11 04:07:58 UTC 2023
x86_64
Alert Count 460
First Seen 2023-10-24 20:20:26 PDT
Last Seen 2023-10-25 09:44:31 PDT
Local ID fa57086c-6738-4eec-8252-3abb66a9e249
Raw Audit Messages
type=AVC msg=audit(1698252271.150:513): avc: denied { execute } for
pid=10644 comm="git-submodule" name="sed" dev="dm-0" ino=261979
scontext=system_u:system_r:guix_daemon.guix_daemon_t:s0
tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0
Hash: git-submodule,guix_daemon.guix_daemon_t,bin_t,file,execute
--8<---------------cut here---------------end--------------->8---
But trying to fix it does not seem to have any effect. I've added this
to the guix-daemon.cil and re-applied
--8<---------------cut here---------------start------------->8---
(allow guix_daemon_t
bin_t
(file (execute)))
--8<---------------cut here---------------end--------------->8---
Alexis
^ permalink raw reply [flat|nested] 12+ messages in thread
* bug#66305: Error with recursive git checkout
2023-10-02 11:17 bug#66305: Error with recursive git checkout Guillaume Le Vaillant
` (3 preceding siblings ...)
2023-10-25 16:51 ` Alexis Simon via Bug reports for GNU Guix
@ 2023-10-25 17:47 ` Alexis Simon via Bug reports for GNU Guix
4 siblings, 0 replies; 12+ messages in thread
From: Alexis Simon via Bug reports for GNU Guix @ 2023-10-25 17:47 UTC (permalink / raw)
To: 66305
This is what was needed in the selinux policy to fix the errors
--8<---------------cut here---------------start------------->8---
(allow guix_daemon_t
bin_t
(file (execute execute_no_trans map)))
--8<---------------cut here---------------end--------------->8---
Alexis
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2023-10-26 22:08 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-10-02 11:17 bug#66305: Error with recursive git checkout Guillaume Le Vaillant
2023-10-02 17:37 ` Guillaume Le Vaillant
2023-10-03 19:26 ` Simon Tournier
2023-10-04 16:25 ` Ludovic Courtès
2023-10-04 18:16 ` Simon Tournier
2023-10-04 18:18 ` Simon Tournier
2023-10-05 9:28 ` Ludovic Courtès
2023-10-05 21:31 ` Ludovic Courtès
2023-10-12 14:42 ` Ludovic Courtès
2023-10-25 4:53 ` Alexis Simon via Bug reports for GNU Guix
2023-10-25 16:51 ` Alexis Simon via Bug reports for GNU Guix
2023-10-25 17:47 ` Alexis Simon via Bug reports for GNU Guix
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).