From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id +J/WItnK2GZtNwEA62LTzQ:P1 (envelope-from ) for ; Wed, 04 Sep 2024 21:02:17 +0000 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id +J/WItnK2GZtNwEA62LTzQ (envelope-from ) for ; Wed, 04 Sep 2024 23:02:17 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=AFm9ujuN; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=JJTNTiFX; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1725483737; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=fkZg/yg0G2Lljyl5PvOzeCz1zg5HLW6NrgwhHxKqEC0=; b=pO1SdQGomhFnZIs/GSTxjPqsT8fknCWrAIyIw1mwLx42jvPlz1M6qEBoBN5ff3UAFq26sO fZ+qdtLDCVjgVcQ7uhsTCJYQ1kQROmpuOhshKghQEfg9x30msJ6yajYagzNIRZVrL2Y8KN Pj619dnAssb2fEhOW+o6K6AShLWA4XSBOBDwlPZVkua6Acp47Sv1g2qT3LjeRJ8VBuz8lC NKDmU64ctOmw849sHomZmVncZ7QYZQ/7XzqXnwVdTI3nE155JE+DqfbzLMNwAG5qcdF9pz +9nz5O3Dk2+AetTjtdbgCyiBlwamZeyS8/UzBbNQblcjo/UKRAhQ1fckwt9CmQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1725483737; a=rsa-sha256; cv=none; b=AnFpqZgJTDDtXPIRwoQQqgocy25icpfHDetOJz4tw0diOoFPNrkAmw91EzpCMLxY/fO5iu /3gX4vp+6lAO2NOCjM6/ojxhGbsvH1tEP7JbhwRImTUBUeh1ch4NGTTzDb0IS9f6A/iRZE kSrvbyzLf5Ux1C0mHFod9JZu/5HqwCzniYW8D7ga4f1T8r1SjPWtg5k8Fmjf8eQZ9sRCpk PeuCYxAKNcZYaSsgOPAJHwVNvxSZhwmOUZ90PBF8HUEE4Kwe3cbeti3bBJ5EMQX1VM2tC+ yUKHClknv9gqt5EjDl+aQD6fNzQVBqUB2x4ZGjaswzZ4PPX/69dvSUS1peESLA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=AFm9ujuN; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=JJTNTiFX; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 87401394EA for ; Wed, 04 Sep 2024 23:02:16 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1slx8Z-0001RY-EJ; Wed, 04 Sep 2024 17:01:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1slx8Y-0001RC-Gs for guix-patches@gnu.org; Wed, 04 Sep 2024 17:01:58 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1slx8Y-0001dy-5R for guix-patches@gnu.org; Wed, 04 Sep 2024 17:01:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=fkZg/yg0G2Lljyl5PvOzeCz1zg5HLW6NrgwhHxKqEC0=; b=AFm9ujuNzxCdRereHePV2nj9JTt4AqBKoUSFsZla3+DrECMEe8lXm2oRYgRYdT/h6EwSdThityfp4HeIuVJ5Mzw/xnoow+wRqL80qCMTRSzsHNEtmqYCAtVGO/GuKuPrNf1Jr0edxZZpmQDRNewNrLjk5WAT5V82FT+4nGHz3fUwQmW8ufWQVCo6JlGxsrk98XdxRznJkVNoQBCau2z5EIhkG2mFsZGlwyCGDElX/RprKpfs4KJUcu6i4b9p6pt0jcDOaPHyntnSYgblxDmxIP3zKB4KKjvFaX2RApUpaOjgR0ef+pIzI1AhiRPacPvvO2F1VYsNLl8Vwg8y26at8Q==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1slx9a-00078s-5W for guix-patches@gnu.org; Wed, 04 Sep 2024 17:03:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#72337] Add /etc/subuid and /etc/subgid support Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 04 Sep 2024 21:03:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 72337 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Giacomo Leidi Cc: 72337@debbugs.gnu.org Received: via spool by 72337-submit@debbugs.gnu.org id=B72337.172548373527380 (code B ref 72337); Wed, 04 Sep 2024 21:03:02 +0000 Received: (at 72337) by debbugs.gnu.org; 4 Sep 2024 21:02:15 +0000 Received: from localhost ([127.0.0.1]:35548 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1slx8o-00077X-N0 for submit@debbugs.gnu.org; Wed, 04 Sep 2024 17:02:15 -0400 Received: from eggs.gnu.org ([209.51.188.92]:48880) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1slx8l-00077J-7N for 72337@debbugs.gnu.org; Wed, 04 Sep 2024 17:02:13 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1slx7c-0001Z6-Rb; Wed, 04 Sep 2024 17:01:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=fkZg/yg0G2Lljyl5PvOzeCz1zg5HLW6NrgwhHxKqEC0=; b=JJTNTiFXKV+PNKoW1DoL wpZMq5Dn8b4qg25DZ78bc8iOTrU/sOLwp9PCfNpHTkscPBbubz/dvXsyBZD2dwYkwAnFxza5JzCgz C/h8BrW4u/iXDZIjTlxSQJpyMb0fw2LRVwCcnuMVpu1Kl1RhbaQecX7lToqOh9FD3ZTuHIwIbxiDG 6a4zyRMEHbLE8efbL5wM3JevQdwO5AIl4iSLxq6/Ne3sWK+WdHJjmYEanWXjl4zFflOSknz2yoe8Z iSgFHY35EP1DLNguw7+c70DbsPLlQVu2a9z1AQdgyXxaIcgDS804xEJ7c2GZ+i4zlSYIOobiSfpEf GW1b9LeApY+WKQ==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= In-Reply-To: <5b955b5c53e8e2c7c3173c87ca17758505e960ae.1724192097.git.goodoldpaul@autistici.org> (Giacomo Leidi's message of "Wed, 21 Aug 2024 00:14:56 +0200") References: <5b955b5c53e8e2c7c3173c87ca17758505e960ae.1724192097.git.goodoldpaul@autistici.org> Date: Wed, 04 Sep 2024 23:00:58 +0200 Message-ID: <878qw7b0c5.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -6.08 X-Spam-Score: -6.08 X-Migadu-Queue-Id: 87401394EA X-Migadu-Scanner: mx11.migadu.com X-TUID: 3AOi1kLcBEGq Giacomo Leidi skribis: > * gnu/build/accounts.scm (list-set): New variable; > (%sub-id-min): new variable; > (%sub-id-max): new variable; > (%sub-id-count): new variable; > (sub-id?): new variable; > (subid-range-fits?): new variable; > (subid-range-fits-between?): new variable; > (insert-subid-range): new variable; > (reserve-subids): new variable; > (range->entry): new variable; > (entry->range): new variable; > (allocate-subids): new variable; > (subuid+subgid-databases): new variable. > > * gnu/system/accounts.scm (subid-range-end): New variable; > (subid-range-has-start?): new variable; > (subid-range-less): new variable. > > * test/accounts.scm: Test them. > > Change-Id: I8de1fd7cfe508b9c76408064d6f498471da0752d Woow, neat! It didn=E2=80=99t occur to me that we=E2=80=99d need a proper = subid allocation mechanism as well. > +(define (list-set lst el k) > + (if (>=3D k (length lst)) > + `(,@lst ,el) > + `(,@(list-head lst k) > + ,el > + ,@(list-tail lst k)))) =E2=80=98length=E2=80=99, =E2=80=98list-ref=E2=80=99, and thus =E2=80=98lis= t-set=E2=80=99 are linear in the size of the list so it=E2=80=99s something we should avoid, unless we know that the lis= ts we=E2=80=99re dealing with are always going to be small. > +;; According to Shadow's libmisc/find_new_sub_uids.c and > +;; libmisc/find_new_sub_gids.c. > +(define %sub-id-min 100000) > +(define %sub-id-max 600100000) > +(define %sub-id-count 65536) [...] > +(define (sub-id? id) > + (and (>=3D id %sub-id-min) > + (< id %sub-id-max))) s/sub-/subordinate-/ > +(define (subid-range-fits? r interval-start interval-end) > + (and (<=3D interval-start > + (subid-range-start r)) > + (<=3D (subid-range-end r) > + interval-end))) Maybe: (within-subordinate-id-range? start end range) ? Also, shouldn=E2=80=99t the first <=3D be >=3D ? Please add docstrings for top-level procedures. > +(define (subid-range-fits-between? r a b) > + (subid-range-fits? r > + (+ (subid-range-start a) 1) > + (- (subid-range-end b) 1))) Maybe: (containing-subordinate-id-range? range a b) ? > +(define (insert-subid-range range lst) We definitely need a docstring, I=E2=80=99m not sure what this is supposed = to do. :-) > + (unless (and (sub-id? range-start) > + (sub-id? range-end)) > + (raise > + (string-append "Subid range of " range-name > + " from " (number->string range-start) " to " > + (number->string range-end) > + " spans over illegal subids. Max allowed is " > + (number->string %sub-id-max) ", min is " > + (number->string %sub-id-min) ".")))) There are two issues: first we need =E2=80=98raise=E2=80=99 from (srfi srfi= -34), not from (guile), since the latter has nothing to do with exceptions. Second, =E2=80=98raise=E2=80=99 takes a SRFI-35 =E2=80=9Cerror condition=E2= =80=9D (essentially a record), not a string. But my suggestion here would be to define specific error conditions, like: (define-condition-type &subordinate-id-error &error) (define-condition-type &subordinate-id-range-error &subordinate-id-error (id subordinate-id-range-error-id)) The latter is what we=E2=80=99d use here. This procedure uses lists a lot, which should probably be avoided as I wrote above. Perhaps a vlist would do, or perhaps a vhash, or a vector. The procedure is also very long; I wonder if it could be further split and/or share code with the existing allocation-related code. > + (test-error "allocate-subids with interleaving, impossible interleavin= g" > + "error" > + ;; Make sure it's impossible to explicitly request impossi= ble allocations Instead of =E2=80=98test-error=E2=80=99, which is currently kinda broken II= RC, I=E2=80=99d suggest a more explicit approach: (test-assert =E2=80=A6 (guard (c ((whatever-error? c) #t)) =E2=80=A6 #f)) Thanks, Ludo=E2=80=99.