bug#42129: guix-install.sh does not add build users to kvm group

bug#42129: guix-install.sh does not add build users to kvm group

[Marius Bakke]

[-- Attachment #1: Type: text/plain, Size: 135 bytes --]

Hello,

guix-install.sh should add the build users to the 'kvm' group if present
so that commands that require use of KVM can succeed.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

bug#42129: guix-install.sh does not add build users to kvm group

[Leo Famulari]

[-- Attachment #1.1: Type: text/plain, Size: 299 bytes --]

On Mon, Jun 29, 2020 at 10:01:54PM +0200, Marius Bakke wrote:
> guix-install.sh should add the build users to the 'kvm' group if present
> so that commands that require use of KVM can succeed.

Here is a patch (untested) that makes sure a 'kvm' group exists and adds
it to the guixbuilders' groups.

[-- Attachment #1.2: 0001-guix-install.sh-Add-the-build-users-to-the-kvm-group.patch --]
[-- Type: text/plain, Size: 1643 bytes --]

From 929102f7b52d00f731a9f61fb2fe32bad441f1dd Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Thu, 8 Apr 2021 18:34:43 -0400
Subject: [PATCH] guix-install.sh: Add the build users to the 'kvm' group.

* etc/guix-install.sh (sys_create_build_user): Ensure that a 'kvm' group exists,
and add it to the guixbuilders' lists of supplementary groups.
---
 etc/guix-install.sh | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index c84e7b7577..15fa44f1e2 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -330,15 +330,22 @@ sys_create_build_user()
         _msg "${PAS}group <guixbuild> created"
     fi
 
+    if [ $(getent group kvm) ]; then
+        _msg "${INF}group kvm exists"
+    else
+        groupadd --system kvm
+        _msg "${PAS}group <kvm> created"
+    fi
+
     for i in $(seq -w 1 10); do
         if id "guixbuilder${i}" &>/dev/null; then
             _msg "${INF}user is already in the system, reset"
-            usermod -g guixbuild -G guixbuild           \
+            usermod -g guixbuild -G guixbuild,kvm       \
                     -d /var/empty -s "$(which nologin)" \
                     -c "Guix build user $i"             \
                     "guixbuilder${i}";
         else
-            useradd -g guixbuild -G guixbuild           \
+            useradd -g guixbuild -G guixbuild,kvm       \
                     -d /var/empty -s "$(which nologin)" \
                     -c "Guix build user $i" --system    \
                     "guixbuilder${i}";
-- 
2.31.1


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

bug#42129: guix-install.sh does not add build users to kvm group

[Leo Famulari]

[-- Attachment #1.1: Type: text/plain, Size: 517 bytes --]

On Thu, Apr 08, 2021 at 06:38:59PM -0400, Leo Famulari wrote:
> On Mon, Jun 29, 2020 at 10:01:54PM +0200, Marius Bakke wrote:
> > guix-install.sh should add the build users to the 'kvm' group if present
> > so that commands that require use of KVM can succeed.
> 
> Here is a patch (untested) that makes sure a 'kvm' group exists and adds
> it to the guixbuilders' groups.

I realized that you specified that the build users should be added to
the kvm group 'if' it is present. So, here is a revised patch.

[-- Attachment #1.2: v2-0001-guix-install.sh-Add-the-build-users-to-the-kvm-gr.patch --]
[-- Type: text/plain, Size: 1613 bytes --]

From 1a9fd7decd843f21c36d8ec4d1e218f478b983cf Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Thu, 8 Apr 2021 18:34:43 -0400
Subject: [PATCH v2] guix-install.sh: Add the build users to the 'kvm' group.

* etc/guix-install.sh (sys_create_build_user): If a 'kvm' group exists,
add it to the guixbuilders' lists of supplementary groups.
---
 etc/guix-install.sh | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index c84e7b7577..f3fcbf5d05 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -330,15 +330,20 @@ sys_create_build_user()
         _msg "${PAS}group <guixbuild> created"
     fi
 
+    if [ $(getent group kvm) ]; then
+        _msg "${INF}group kvm exists and build users will be added to it"
+	local KVMGROUP=,kvm
+    fi
+
     for i in $(seq -w 1 10); do
         if id "guixbuilder${i}" &>/dev/null; then
             _msg "${INF}user is already in the system, reset"
-            usermod -g guixbuild -G guixbuild           \
+            usermod -g guixbuild -G guixbuild{$KVMGROUP}     \
                     -d /var/empty -s "$(which nologin)" \
                     -c "Guix build user $i"             \
                     "guixbuilder${i}";
         else
-            useradd -g guixbuild -G guixbuild           \
+            useradd -g guixbuild -G guixbuild{$KVMGROUP}     \
                     -d /var/empty -s "$(which nologin)" \
                     -c "Guix build user $i" --system    \
                     "guixbuilder${i}";
-- 
2.31.1


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

bug#42129: guix-install.sh does not add build users to kvm group

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 520 bytes --]

On Thu, Apr 08, 2021 at 07:03:26PM -0400, Leo Famulari wrote:
> From 1a9fd7decd843f21c36d8ec4d1e218f478b983cf Mon Sep 17 00:00:00 2001
> From: Leo Famulari <leo@famulari.name>
> Date: Thu, 8 Apr 2021 18:34:43 -0400
> Subject: [PATCH v2] guix-install.sh: Add the build users to the 'kvm' group.
> 
> * etc/guix-install.sh (sys_create_build_user): If a 'kvm' group exists,
> add it to the guixbuilders' lists of supplementary groups.

I tested, fixed bugs, and pushed as 8e214c53a48a841887a59f24a20e7392b5e59b55

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]