From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 2OjxAaBzo2JgfAAAbAwnHQ (envelope-from ) for ; Fri, 10 Jun 2022 18:38:56 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id 6NrlAaBzo2LqXQEA9RJhRA (envelope-from ) for ; Fri, 10 Jun 2022 18:38:56 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A97AC1FD0A for ; Fri, 10 Jun 2022 18:38:55 +0200 (CEST) Received: from localhost ([::1]:59784 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nzheu-00033c-P3 for larch@yhetil.org; Fri, 10 Jun 2022 12:38:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37492) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nzhB6-0007ly-CI for guix-patches@gnu.org; Fri, 10 Jun 2022 12:08:05 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:57195) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nzhB3-0007IC-UQ for guix-patches@gnu.org; Fri, 10 Jun 2022 12:08:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1nzhB3-00034N-Ma for guix-patches@gnu.org; Fri, 10 Jun 2022 12:08:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#55892] [PATCH] pull: Fail if cache directory ownership is suspect. Resent-From: Tobias Geerinckx-Rice Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 10 Jun 2022 16:08:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 55892 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 55892@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.165487726311767 (code B ref -1); Fri, 10 Jun 2022 16:08:01 +0000 Received: (at submit) by debbugs.gnu.org; 10 Jun 2022 16:07:43 +0000 Received: from localhost ([127.0.0.1]:51092 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nzhAk-00033i-Oj for submit@debbugs.gnu.org; Fri, 10 Jun 2022 12:07:43 -0400 Received: from lists.gnu.org ([209.51.188.17]:60126) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nzhAh-00033Z-Gd for submit@debbugs.gnu.org; Fri, 10 Jun 2022 12:07:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37098) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nzhAh-0007J1-Ci for guix-patches@gnu.org; Fri, 10 Jun 2022 12:07:39 -0400 Received: from tobias.gr ([2a02:c205:2020:6054::1]:58960) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nzhAd-0007D2-01 for guix-patches@gnu.org; Fri, 10 Jun 2022 12:07:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=woxWW7LDSga/O WY0LGBHaGJWv+sps9VG9dMKB6rYMb8=; h=date:subject:to:from; d=tobias.gr; b=kQ1WK5Y+VEdoL39fWhMecGccZj/tTilXKsJ6v5BsVzgdm7jVWvRGjY+iS4ozqdKr7nQc qwC0yUgwgg8r3P/fbqv3QwDjuIzUBFvSom9wdaB16R+FKD4y00erUzVnAZylO6aadjVq2S MibTlR3Maz4W7K0NMPHRgNi1CZgZiHdQWLhCS0KdZIrJG3AFklumMJKo6HVUInYN3xQs94 YyOIMh2R2BwiB9/DNFM1Rlu2Qi2QnEUHhbE41Pk+/G4/4bwcoHiTmXxqt4GJDge7FqmO4u B4OwtSoKqKk3BwJZP7hlecTz+lgaFgmltpKRAXRTNnqqWbxsoUJMAvD9eYHm/Hyw== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 1687a6ba (TLSv1.3:AEAD-AES256-GCM-SHA384:256:NO) for ; Fri, 10 Jun 2022 16:07:30 +0000 (UTC) Date: Sun, 5 Jun 2022 02:04:25 +0200 Message-Id: <20220605000425.20480-1-me@tobias.gr> X-Mailer: git-send-email 2.36.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@tobias.gr; helo=tobias.gr X-Spam_score_int: 13 X-Spam_score: 1.3 X-Spam_bar: + X-Spam_report: (1.3 / 5.0 requ) BAYES_00=-1.9, DATE_IN_PAST_96_XX=3.405, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" Reply-to: Tobias Geerinckx-Rice X-ACL-Warn: , Tobias Geerinckx-Rice via Guix-patches From: Tobias Geerinckx-Rice via Guix-patches via X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1654879135; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=woxWW7LDSga/OWY0LGBHaGJWv+sps9VG9dMKB6rYMb8=; b=jdjRfzIRHc0sA7OpvpmoGL/rA9uJAHLbkQ5TSZexWzrHW/XT31NVQjvBBy3Ky3VBBnHYT9 z5FSzU66hGoJDrKFS444nLaGrXGgM/RoASs+0BAkqWJfBLtab2kvqGpjN5YeL/TWsHj676 7pq9kxyIPKsJ3ZuSJgxeoz7YrdPNKQXRacgFXE5J4bUZ/R1PJepqjzxOx5LQCA4ypWHXnc EHDHS1amc12pjZJk5NlveI0mRBZG92kEBeOxDuxc9rbkTmud83WicUOWb6h+TXwcDWVvKA sMc3mpa1iU1vqBGBNHvOjhAMbHlpcV+nXwv+7EBD4ibkDzhJvl3dAFGAj9qEiA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1654879135; a=rsa-sha256; cv=none; b=uYmLHhyGoaSHk1kFNSM2UA0B+7s6tVD77qe/Gb/lu8yKg2xYa5GcvgnQxw7C9MIzejL8ZM bqeCkwi/MAmRVeBIwVwXR3EKtB55gcZFCm9JdhUtJayV1CdBW74IC6wYUeNGapJ31E1n2G w4khChQBFBvrMi21/VwcelCfC5y6V3uHfzDQQA5mQeiMlQFcm6aBLmwTBw07Zbiinz8CoE FhV1sk7XQrEIhyyfyVfGemE4IeP+c0Sf0FLSIgMgsf5wJliI/NMO3PEYt3LKHwjnrS05w+ 15cQjFBGWomjvlkqeNSMcIlP53iASO63hfb3gLNX0tiNUCib3Y54rzbwOOKUEw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=tobias.gr header.s=2018 header.b=kQ1WK5Y+; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.18 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=tobias.gr header.s=2018 header.b=kQ1WK5Y+; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: A97AC1FD0A X-Spam-Score: -3.18 X-Migadu-Scanner: scn0.migadu.com X-TUID: F+EyXkxRntj0 New users frequently run ‘sudo guix pull’ which breaks subsequent unprivileged ‘guix pull’s until manually fixed with chmod -R. * guix/scripts/pull.scm (guix-pull): Fail if the cache directory (or its innermost extant parent) is not owned by the user pulling the Guix, with a hint about ‘sudo -i’. --- Hi Guix, Another one in the ‘low-level support noise paper-cut’ series. The XXX comment would not land upstream, I think. I didn't test this on a foreign distribution. My understanding is that distributions where sudo already defaults to ‘-i’ won't throw the warning nor suffer from the problem. Kind regards, T G-R guix/scripts/pull.scm | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm index f01764637b..1eaf8f087b 100644 --- a/guix/scripts/pull.scm +++ b/guix/scripts/pull.scm @@ -49,6 +49,7 @@ (define-module (guix scripts pull) #:autoload (gnu packages bootstrap) (%bootstrap-guile) #:autoload (gnu packages certs) (le-certs) #:use-module (srfi srfi-1) + #:use-module (srfi srfi-11) #:use-module (srfi srfi-26) #:use-module (srfi srfi-34) #:use-module (srfi srfi-35) @@ -810,6 +811,31 @@ (define (no-arguments arg _) ((assoc-ref opts 'generation) (process-generation-change opts profile)) (else + ;; Bail out early when users accidentally run, e.g., ’sudo guix pull’. + ;; If CACHE-DIRECTORY doesn't yet exist, test where it would end up. + (let-values (((st dir) (let loop ((dir (cache-directory))) + (let ((st (stat dir #f))) + (if st + (values (stat dir #f) dir) + (loop (dirname dir))))))) + (let ((dir:uid (stat:uid st)) + (our:uid (getuid))) + (unless (= dir:uid our:uid) + (let ((our:user (passwd:name (getpwuid our:uid))) + (dir:user (passwd:name (getpwuid dir:uid)))) + (raise + (condition + (&message + (message + (format #f (G_ "directory ‘~a’ is not owned by user ~a") + dir dir:user))) + (&fix-hint + (hint + ;; XXX We could check (getenv "SUDO_USER") to display this + ;; only under sudo, but that would imply handling doas… &c. + (format #f (G_ "You should run this command as ~a; use ‘sudo -i’ or equivalent if you really want to pull as ~a.") + dir:user our:user))))))))) + (with-store store (with-status-verbosity (assoc-ref opts 'verbosity) (parameterize ((%current-system (assoc-ref opts 'system)) -- 2.36.1