From: "Ludovic Courtès" <ludo@gnu.org>
To: 33259@debbugs.gnu.org
Subject: [bug#33259] [PATCH 7/8] store-copy: Canonicalize the mtime and permissions of the store copy.
Date: Sun, 4 Nov 2018 23:10:35 +0100 [thread overview]
Message-ID: <20181104221036.4776-7-ludo@gnu.org> (raw)
In-Reply-To: <20181104221036.4776-1-ludo@gnu.org>
Fixes a bug whereby directories in the output of 'guix pack -f tarball'
would not be read-only.
* guix/build/store-copy.scm (reset-permissions): New procedure.
(populate-store): Pass #:keep-mtime? #t to 'copy-recursively'. Call
'reset-permissions'.
* tests/pack.scm ("self-contained-tarball"): In CHECK, define
'canonical?' and use it to check that every file has an mtime of 1 and
is read-only.
* tests/guix-pack.sh: Invoke "chmod -Rf +w" before "rm -rf" in trap.
---
guix/build/store-copy.scm | 28 +++++++++++++++++++++++
tests/guix-pack.sh | 2 +-
tests/pack.scm | 48 +++++++++++++++++++++++++++++----------
3 files changed, 65 insertions(+), 13 deletions(-)
diff --git a/guix/build/store-copy.scm b/guix/build/store-copy.scm
index 64ade7885c..549aa4f28b 100644
--- a/guix/build/store-copy.scm
+++ b/guix/build/store-copy.scm
@@ -168,6 +168,28 @@ REFERENCE-GRAPHS, a list of reference-graph files."
(reduce + 0 (map file-size items)))
+(define (reset-permissions file)
+ "Reset the permissions on FILE and its sub-directories so that they are all
+read-only."
+ ;; XXX: This procedure exists just to work around the inability of
+ ;; 'copy-recursively' to preserve permissions.
+ (file-system-fold (const #t) ;enter?
+ (lambda (file stat _) ;leaf
+ (unless (eq? 'symlink (stat:type stat))
+ (chmod file
+ (if (zero? (logand (stat:mode stat)
+ #o100))
+ #o444
+ #o555))))
+ (const #t) ;down
+ (lambda (directory stat _) ;up
+ (chmod directory #o555))
+ (const #f) ;skip
+ (const #f) ;error
+ #t
+ file
+ lstat))
+
(define* (populate-store reference-graphs target
#:key (log-port (current-error-port)))
"Populate the store under directory TARGET with the items specified in
@@ -197,7 +219,13 @@ REFERENCE-GRAPHS, a list of reference-graph files."
(for-each (lambda (thing)
(copy-recursively thing
(string-append target thing)
+ #:keep-mtime? #t
#:log (%make-void-port "w"))
+
+ ;; XXX: Since 'copy-recursively' doesn't allow us to
+ ;; preserve permissions, we have to traverse TARGET to
+ ;; make sure everything is read-only.
+ (reset-permissions (string-append target thing))
(report))
things)))))
diff --git a/tests/guix-pack.sh b/tests/guix-pack.sh
index 8c1f556426..a43f4d128f 100644
--- a/tests/guix-pack.sh
+++ b/tests/guix-pack.sh
@@ -49,7 +49,7 @@ the_pack="`guix pack --bootstrap -S /opt/gnu/bin=bin guile-bootstrap`"
# exists because /opt/gnu/bin may be an absolute symlink to a store item that
# has been GC'd.
test_directory="`mktemp -d`"
-trap 'rm -rf "$test_directory"' EXIT
+trap 'chmod -Rf +w "$test_directory"; rm -rf "$test_directory"' EXIT
cd "$test_directory"
tar -xf "$the_pack"
test -L opt/gnu/bin
diff --git a/tests/pack.scm b/tests/pack.scm
index 22321a3e46..70e3e812be 100644
--- a/tests/pack.scm
+++ b/tests/pack.scm
@@ -68,18 +68,42 @@
#:archiver %tar-bootstrap))
(check (gexp->derivation
"check-tarball"
- #~(let ((bin (string-append "." #$profile "/bin")))
- (setenv "PATH"
- (string-append #$%tar-bootstrap "/bin"))
- (system* "tar" "xvf" #$tarball)
- (mkdir #$output)
- (exit
- (and (file-exists? (string-append bin "/guile"))
- (string=? (string-append #$%bootstrap-guile "/bin")
- (readlink bin))
- (string=? (string-append ".." #$profile
- "/bin/guile")
- (readlink "bin/Guile"))))))))
+ (with-imported-modules '((guix build utils))
+ #~(begin
+ (use-modules (guix build utils)
+ (srfi srfi-1))
+
+ (define store
+ ;; The unpacked store.
+ (string-append "." (%store-directory) "/"))
+
+ (define (canonical? file)
+ ;; Return #t if FILE is read-only and its mtime is 1.
+ (let ((st (lstat file)))
+ (or (not (string-prefix? store file))
+ (eq? 'symlink (stat:type st))
+ (and (= 1 (stat:mtime st))
+ (zero? (logand #o222
+ (stat:mode st)))))))
+
+ (define bin
+ (string-append "." #$profile "/bin"))
+
+ (setenv "PATH"
+ (string-append #$%tar-bootstrap "/bin"))
+ (system* "tar" "xvf" #$tarball)
+ (mkdir #$output)
+ (exit
+ (and (file-exists? (string-append bin "/guile"))
+ (file-exists? store)
+ (every canonical?
+ (find-files "." (const #t)
+ #:directories? #t))
+ (string=? (string-append #$%bootstrap-guile "/bin")
+ (readlink bin))
+ (string=? (string-append ".." #$profile
+ "/bin/guile")
+ (readlink "bin/Guile")))))))))
(built-derivations (list check))))
;; The following test needs guile-sqlite3, libgcrypt, etc. as a consequence of
--
2.19.1
next prev parent reply other threads:[~2018-11-04 22:20 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-04 22:01 [bug#33259] [PATCH 0/8] 'guix pack': Better '--localstatedir' handling and more tests Ludovic Courtès
2018-11-04 22:10 ` [bug#33259] [PATCH 1/8] pack: Move store database creation to a separate derivation Ludovic Courtès
2018-11-04 22:10 ` [bug#33259] [PATCH 2/8] pack: Import (guix store database) only when '--localstatedir' is passed Ludovic Courtès
2018-11-06 11:06 ` Danny Milosavljevic
2018-11-04 22:10 ` [bug#33259] [PATCH 3/8] install: Add 'install-database-and-gc-roots' Ludovic Courtès
2018-11-06 11:05 ` Danny Milosavljevic
2018-11-04 22:10 ` [bug#33259] [PATCH 4/8] pack: Docker backend now honors '--localstatedir' Ludovic Courtès
2018-11-06 10:57 ` Danny Milosavljevic
2018-11-06 14:45 ` Ludovic Courtès
2018-11-06 22:23 ` bug#33259: " Ludovic Courtès
2018-11-04 22:10 ` [bug#33259] [PATCH 5/8] pack: Squashfs " Ludovic Courtès
2018-11-06 11:00 ` Danny Milosavljevic
2018-11-06 14:44 ` Ludovic Courtès
2018-11-04 22:10 ` [bug#33259] [PATCH 6/8] pack: Add test for 'self-contained-tarball' with localstatedir Ludovic Courtès
2018-11-06 11:01 ` Danny Milosavljevic
2018-11-04 22:10 ` Ludovic Courtès [this message]
2018-11-06 11:02 ` [bug#33259] [PATCH 7/8] store-copy: Canonicalize the mtime and permissions of the store copy Danny Milosavljevic
2018-11-04 22:10 ` [bug#33259] [PATCH 8/8] pack: Add test for '--relocatable' Ludovic Courtès
2018-11-06 11:03 ` Danny Milosavljevic
2018-11-06 10:48 ` [bug#33259] [PATCH 1/8] pack: Move store database creation to a separate derivation Danny Milosavljevic
2018-11-06 14:43 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181104221036.4776-7-ludo@gnu.org \
--to=ludo@gnu.org \
--cc=33259@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).