From: "\( via Guix-patches" via <guix-patches@gnu.org>
To: 57016@debbugs.gnu.org
Cc: "\(" <paren@disroot.org>
Subject: [bug#57016] [PATCH v2] scripts: Bail out when running pull/package commands as root.
Date: Sat, 6 Aug 2022 12:55:25 +0100 [thread overview]
Message-ID: <20220806115525.23819-1-paren@disroot.org> (raw)
In-Reply-To: <20220806114153.23153-1-paren@disroot.org>
* guix/scripts/package.scm (assert-not-root): New procedure.
(%options): Add `--allow-root`.
(guix-package*): Add `#:allow-root?` keyword argument. Bail out when
Guix is being run as root if `allow-root?` is not #T and `--allow-root`
has not been passed.
* guix/scripts/install.scm (%options): Add `--allow-root` here...
* guix/scripts/remove.scm (%options): ...here...
* guix/scripts/upgrade.scm (%options): ...and here.
* guix/scripts/search.scm (guix-search): Explicitly allow execution as
root here...
* guix/scripts/show.scm (guix-show): ...and here.
* guix/scripts/pull.scm (%options): Add `--allow-root`.
(guix-pull): Bail out when Guix is being run as root if `--allow-root`
has not been passed.
A pretty common beginner mistake, it seems, is assuming that since
every other package manager you've used requires root for installing,
removing, and upgrading packages, Guix must too.
This is an especially dangerous assumption when applied to `guix pull`,
since I seem to recall that running that command as root breaks the
installation. (I'm pretty sure I once made that mistake, and spent
ages trying to figure out why it was broken.)
This commit tries to make it harder to make such an assumption, by
making commands such as `pull`, `package`, and `upgrade` bail out
when run as root. This can be overridden with the new `--allow-root`
flag for those commands.
---
guix/scripts/install.scm | 4 +++-
guix/scripts/package.scm | 31 ++++++++++++++++++++++++++++---
guix/scripts/pull.scm | 11 ++++++++++-
guix/scripts/remove.scm | 4 +++-
guix/scripts/search.scm | 3 ++-
guix/scripts/show.scm | 3 ++-
guix/scripts/upgrade.scm | 4 +++-
7 files changed, 51 insertions(+), 9 deletions(-)
diff --git a/guix/scripts/install.scm b/guix/scripts/install.scm
index 63e625f266..21873e69c4 100644
--- a/guix/scripts/install.scm
+++ b/guix/scripts/install.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2019, 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2022 ( <paren@disroot.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -61,7 +62,8 @@ (define %options
;; Preserve some of the 'guix package' options.
(append (filter (lambda (option)
(any (cut member <> (option-names option))
- '("profile" "dry-run" "verbosity" "bootstrap")))
+ '("allow-root" "profile" "dry-run"
+ "verbosity" "bootstrap")))
%package-options)
%transformation-options
diff --git a/guix/scripts/package.scm b/guix/scripts/package.scm
index 7d92598efa..918fd385d8 100644
--- a/guix/scripts/package.scm
+++ b/guix/scripts/package.scm
@@ -12,6 +12,7 @@
;;; Copyright © 2018 Steve Sprang <scs@stevesprang.com>
;;; Copyright © 2022 Josselin Poiret <dev@jpoiret.xyz>
;;; Copyright © 2022 Antero Mejr <antero@mailbox.org>
+;;; Copyright © 2022 ( <paren@disroot.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -64,7 +65,9 @@ (define-module (guix scripts package)
#:use-module (srfi srfi-37)
#:use-module (gnu packages)
#:autoload (gnu packages bootstrap) (%bootstrap-guile)
- #:export (build-and-use-profile
+ #:export (assert-not-root
+
+ build-and-use-profile
delete-generations
delete-matching-generations
guix-package
@@ -82,6 +85,20 @@ (define-module (guix scripts package)
(define %store
(make-parameter #f))
+(define (assert-not-root override-flag)
+ "Throw an error if Guix was invoked by root. This allows us to
+inform new users that it is usually a mistake to run commands such
+as `guix package' as root. OVERRIDE-FLAG should be a flag that can
+be used with the invoked command to override this requirement."
+ (when (= (getuid) 0)
+ (report-error (G_ "this command should not be run as root~%"))
+ (display-hint (format #f (G_ "Running this command as root will
+only affect the `root' user, not the entire system, due to Guix's
+support for per-user package management. Use `~a' to continue
+regardless.~%")
+ override-flag))
+ (exit 1)))
+
\f
;;;
;;; Profiles.
@@ -658,6 +675,10 @@ (define %options
(values (cons `(query show ,arg)
result)
#f)))
+ (option '("allow-root") #f #f
+ (lambda (opt name arg result arg-handler)
+ (values (alist-cons 'allow-root? #t result)
+ #f)))
(append %transformation-options
%standard-build-options)))
@@ -1079,10 +1100,14 @@ (define opts
(guix-package* opts))
-(define (guix-package* opts)
+(define* (guix-package* opts #:key (allow-root? #f))
"Run the 'guix package' command on OPTS, an alist resulting for command-line
-option processing with 'parse-command-line'."
+option processing with 'parse-command-line'. If ALLOW-ROOT? is #T, don't bail
+out when running as root, even if `opts' doesn't set `allow-root?'."
(with-error-handling
+ (unless (or allow-root? (assoc-ref opts 'allow-root?))
+ (assert-not-root "--allow-root"))
+
(or (process-query opts)
(parameterize ((%store (open-connection))
(%graft? (assoc-ref opts 'graft?)))
diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
index b0cc459d63..7a871939af 100644
--- a/guix/scripts/pull.scm
+++ b/guix/scripts/pull.scm
@@ -2,6 +2,7 @@
;;; Copyright © 2013-2015, 2017-2022 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;; Copyright © 2020, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2022 ( <paren@disroot.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -45,7 +46,8 @@ (define-module (guix scripts pull)
#:use-module (git)
#:autoload (gnu packages) (fold-available-packages)
#:autoload (guix scripts package) (build-and-use-profile
- delete-matching-generations)
+ delete-matching-generations
+ assert-not-root)
#:autoload (gnu packages base) (canonical-package)
#:autoload (gnu packages bootstrap) (%bootstrap-guile)
#:autoload (gnu packages certs) (le-certs)
@@ -195,6 +197,9 @@ (define %options
(option '("bootstrap") #f #f
(lambda (opt name arg result)
(alist-cons 'bootstrap? #t result)))
+ (option '("allow-root") #f #f
+ (lambda (opt name arg result)
+ (alist-cons 'allow-root? #t result)))
(option '(#\h "help") #f #f
(lambda args
@@ -828,12 +833,16 @@ (define (no-arguments arg _)
(let* ((opts (parse-command-line args %options
(list %default-options)
#:argument-handler no-arguments))
+ (allow-root? (assoc-ref opts 'allow-root?))
(substitutes? (assoc-ref opts 'substitutes?))
(dry-run? (assoc-ref opts 'dry-run?))
(profile (or (assoc-ref opts 'profile) %current-profile))
(current-channels (profile-channels profile))
(validate-pull (assoc-ref opts 'validate-pull))
(authenticate? (assoc-ref opts 'authenticate-channels?)))
+ (unless allow-root?
+ (assert-not-root "--allow-root"))
+
(cond
((assoc-ref opts 'query)
(process-query opts profile))
diff --git a/guix/scripts/remove.scm b/guix/scripts/remove.scm
index a46ad04d56..f7cf810544 100644
--- a/guix/scripts/remove.scm
+++ b/guix/scripts/remove.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2019, 2020 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2022 ( <paren@disroot.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -58,7 +59,8 @@ (define %options
;; Preserve some of the 'guix package' options.
(append (filter (lambda (option)
(any (cut member <> (option-names option))
- '("profile" "dry-run" "verbosity" "bootstrap")))
+ '("allow-root" "profile" "dry-run"
+ "verbosity" "bootstrap")))
%package-options)
%standard-build-options)))
diff --git a/guix/scripts/search.scm b/guix/scripts/search.scm
index 27b9da5278..efa83e066c 100644
--- a/guix/scripts/search.scm
+++ b/guix/scripts/search.scm
@@ -1,6 +1,7 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2019, 2020 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2021 Simon Tournier <zimon.toutoune@gmail.com>
+;;; Copyright © 2022 ( <paren@disroot.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -74,4 +75,4 @@ (define opts
(unless (assoc-ref opts 'query)
(leave (G_ "missing arguments: no regular expressions to search for~%")))
- (guix-package* opts))
+ (guix-package* opts #:allow-root? #t))
diff --git a/guix/scripts/show.scm b/guix/scripts/show.scm
index c747eedd21..ae1e56469a 100644
--- a/guix/scripts/show.scm
+++ b/guix/scripts/show.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2019, 2021 Simon Tournier <zimon.toutoune@gmail.com>
+;;; Copyright © 2022 ( <paren@disroot.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -73,4 +74,4 @@ (define opts
(unless (assoc-ref opts 'query)
(leave (G_ "missing arguments: no package to show~%")))
- (guix-package* (reverse opts)))
+ (guix-package* (reverse opts) #:allow-root? #t))
diff --git a/guix/scripts/upgrade.scm b/guix/scripts/upgrade.scm
index beb59cbe6f..e5a7c84108 100644
--- a/guix/scripts/upgrade.scm
+++ b/guix/scripts/upgrade.scm
@@ -2,6 +2,7 @@
;;; Copyright © 2019, 2020 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2020 Jakub Kądziołka <kuba@kadziolka.net>
;;; Copyright © 2020 Simon Tournier <zimon.toutoune@gmail.com>
+;;; Copyright © 2022 ( <paren@disroot.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -65,7 +66,8 @@ (define %options
;; Preserve some of the 'guix package' options.
(append (filter (lambda (option)
(any (cut member <> (option-names option))
- '("profile" "dry-run" "verbosity" "do-not-upgrade")))
+ '("allow-root" "profile" "dry-run"
+ "verbosity" "do-not-upgrade")))
%package-options)
%transformation-options
--
2.37.1
next prev parent reply other threads:[~2022-08-06 11:56 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-06 11:41 [bug#57016] [PATCH] scripts: Bail out when running pull/package commands as root ( via Guix-patches via
2022-08-06 11:46 ` ( via Guix-patches via
2022-08-06 11:47 ` Maxime Devos
2022-08-06 11:48 ` ( via Guix-patches via
2022-08-06 11:56 ` ( via Guix-patches via
2022-08-06 11:55 ` ( via Guix-patches via [this message]
2022-08-06 12:30 ` Tobias Geerinckx-Rice via Guix-patches via
2022-08-06 13:30 ` bug#57016: Closing ( via Guix-patches via
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220806115525.23819-1-paren@disroot.org \
--to=guix-patches@gnu.org \
--cc=57016@debbugs.gnu.org \
--cc=paren@disroot.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.