From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id INmXHl2u8GUnFwEAe85BDQ:P1 (envelope-from ) for ; Tue, 12 Mar 2024 20:34:53 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e16b::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id INmXHl2u8GUnFwEAe85BDQ (envelope-from ) for ; Tue, 12 Mar 2024 20:34:53 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=T7newyWo; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1710272093; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=sSFWlOexJALbiJlNMV77zPGzRl+BVEVt74+Grxnr6I4=; b=G+Pze5oT+RdnUVYpO5GcxUHxsqSL0hRNAAWAFe0xwgJKFxaDU2Mv5zUdihA9q8NZiVuW+q rig/ZIG3WJ7gPyyzdxKdMouKfpw8di4eODPiTX0oYv70xFtfLrHfgRpPGvSV90FEgyLxtt 5ASk3SxTwxa3I82C0un0pYdP0zBn2BO5htsAVly/qSnjenT7XDFurMVdsTAn7oZRIQFj18 kJLhoUlGKmIjaJpA1F9HuAKlfagndNwZJcAXGdQ1XKSQjxu5fAiBKN8bwYV891xOesadZV hgdLpwm3Wx4Riltr9ct8wkNxrQuR7JUupL6dnbN1Dtp/cEsEvycZmLs+STmyUQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b=T7newyWo; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1710272093; a=rsa-sha256; cv=none; b=TcZEk8cua2ZP0xAgaWjsNRV3KGXt7LbJjm/hEykK1OLZ50qGSum097vO6XAjp7VvIrtH8I BG4Am1/ymjncEREHYah33OKqgR7cpR0v/XKiEcTbjHMrxj7osYB63iEx7X0yBn6OlBFByF PYlycpzeRMIsK0qc8qdhixPVKX8piY6N1m/EXVeVtrfq7PoJSGIC24IKdspeixb54OKzJb AK7nPtGzPLZqYyhFoDWTN4LT3hXqMuVtmgp960iiwYoKWjZh9Llx4R0BQcQpXQJA9jB/Kf XYTpI7d4JPYxBAIyQHs/3qZhG4VUH8OMBYfjTQRmlS7aFgTvx2PcHJN6aTxeSg== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 3341256D59 for ; Tue, 12 Mar 2024 20:34:53 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rk7tQ-0005K2-Ds; Tue, 12 Mar 2024 15:34:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rk7tM-0005I1-Rk for bug-guix@gnu.org; Tue, 12 Mar 2024 15:34:28 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rk7tM-0002VO-J7 for bug-guix@gnu.org; Tue, 12 Mar 2024 15:34:28 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rk7tv-0007me-6r for bug-guix@gnu.org; Tue, 12 Mar 2024 15:35:03 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#69755: Issue trying to guix pull Resent-From: Michael Ford Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 12 Mar 2024 19:35:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 69755 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: "pelzflorian (Florian Pelz)" Cc: 69755@debbugs.gnu.org Received: via spool by 69755-submit@debbugs.gnu.org id=B69755.171027209629883 (code B ref 69755); Tue, 12 Mar 2024 19:35:03 +0000 Received: (at 69755) by debbugs.gnu.org; 12 Mar 2024 19:34:56 +0000 Received: from localhost ([127.0.0.1]:43856 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rk7tm-0007ls-SO for submit@debbugs.gnu.org; Tue, 12 Mar 2024 15:34:56 -0400 Received: from mail-yb1-f173.google.com ([209.85.219.173]:57440) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rk7tj-0007lb-KQ for 69755@debbugs.gnu.org; Tue, 12 Mar 2024 15:34:53 -0400 Received: by mail-yb1-f173.google.com with SMTP id 3f1490d57ef6-dc74435c428so5752948276.2 for <69755@debbugs.gnu.org>; Tue, 12 Mar 2024 12:34:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1710271991; x=1710876791; darn=debbugs.gnu.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=sSFWlOexJALbiJlNMV77zPGzRl+BVEVt74+Grxnr6I4=; b=T7newyWoGZHrcEgLVhZF5rRjkEY4NlcK4WOY7NrlmltgPExaPTulz6ETE0cghqSvAi yf6QsEiipYboBXv8t3ROk9VwJhakMcMJBWTJ23Z3uGL3FBtzZaTU1UcxltbW6WaU0tI7 sjmBSgpcaHTtfvmdZRnGpD1E6XQQBPsHDVtz+gY7bVmsbkdXA09J3TpZ7NdsdXDZcYSJ msxnE2oBEhJUlsEp3oO/KzWsZ3rfOCtI2ai0gc7KsZEh3R2lw+XBae3RjT70pHTT5Eqj DibZoUjx+PKE95OmOKhKDRwexyINpXCjffzD7RnXkrBHzhHLj0O+A2ELWPJ7t2Y5BUE2 f3KQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710271991; x=1710876791; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sSFWlOexJALbiJlNMV77zPGzRl+BVEVt74+Grxnr6I4=; b=CtfXpiliSQ3h8UR9IlzsxWs6T50kj7NL8fiSqCZjYNwu5KJeHdLdbB6NOk+H7y2D/m QnzzqiSQeG66FxqYIcMONqbfmI/fG7V5tgm93RxvQyaRVPR6rbpHoYlwpTYg6QoosOfK WPSjA7LYW4VRz0ZrjkC/+0H6E8FMNaZakDuhssWjvjahfEkVbT9LGRnoBMJsMlwHzgQP R1toN0K6RBzVYk67kIsPF0aRDw91UBPDacJ3ICP0t7Ztu93LDBPucKdPomZjQyGCx78T Ny+JqbPVrMZAoee1+8xWkF12mwLL6lYDjdRxSJEkCk5kUKMi/slm+TRAmTWwYTYwr4ak 6Avw== X-Gm-Message-State: AOJu0YwCC6zP7GZDHH3n3U8/wtI2bHP2IIldGXg4QY5bll3TqxC3znj1 TLf12woSCOLzglflZKqbWrfaq8sAmGKUzFcqqNzH7HFTYSlxdthirAjDtAoFeKkgUpDP1a+MEfg s7qQqE3+KCgLnDAXYSRLy7ARGFtk= X-Google-Smtp-Source: AGHT+IGaLuWQr181vFWo+537/URiaj3qp9yAyIoXvVhpWjQJ/k5JAwZdD7icQ4evyGjznzV1S31j6xe/CIKKNuyknX8= X-Received: by 2002:a25:9186:0:b0:dce:9c23:eafc with SMTP id w6-20020a259186000000b00dce9c23eafcmr460907ybl.1.1710271990903; Tue, 12 Mar 2024 12:33:10 -0700 (PDT) MIME-Version: 1.0 References: <87a5n3tftj.fsf@pelzflorian.de> In-Reply-To: <87a5n3tftj.fsf@pelzflorian.de> From: Michael Ford Date: Tue, 12 Mar 2024 19:33:00 +0000 Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: bug-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -5.18 X-Spam-Score: -5.18 X-Migadu-Queue-Id: 3341256D59 X-Migadu-Scanner: mx13.migadu.com X-TUID: 0LRF6zz3z1ns > A probable fix was pushed by Ludovic recently. > Does it work? Can this issue be closed? The commit I'm building in the issue report (447e9c9) is more recent than ff1251de0bc327ec478fc66a562430fbf35aef42. The issue still exists as of now. On Tue, 12 Mar 2024 at 19:23, pelzflorian (Florian Pelz) wrote: > > Hello Michael. > > Michael Ford writes: > > building /gnu/store/p9nimij8lz4yln5jd3gm0kdhirrwz56h-guix-1.4.0-18.4c94= b9e-checkout.drv... > > -suspicious ownership or permission on > > `/gnu/store/bj2rp8ql9zxnv4l9gvlhph55fa241mk4-guix-1.4.0-18.4c94b9e-chec= kout'; > > rejecting this build output > > Backtrace: > > A probable fix was pushed by Ludovic recently. > Does it work? Can this issue be closed? > > commit ff1251de0bc327ec478fc66a562430fbf35aef42 > Author: Ludovic Court=C3=A8s > Date: Tue Mar 12 11:53:35 2024 +0100 > > daemon: Address shortcoming in previous security fix for CVE-2024-272= 97. > > This is a followup to 8f4ffb3fae133bb21d7991e97c2f19a7108b1143. > > Commit 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 fell short in two > ways: (1) it didn=E2=80=99t have any effet for fixed-output derivatio= ns > performed in a chroot, which is the case for all of them except those > using =E2=80=9Cbuiltin:download=E2=80=9D and =E2=80=9Cbuiltin:git-dow= nload=E2=80=9D, and (2) it did not > preserve ownership when copying, leading to =E2=80=9Csuspicious owner= ship or > permission [=E2=80=A6] rejecting this build output=E2=80=9D errors. > > Regards, > Florian