all messages for Guix-related lists mirrored at
 help / color / mirror / Atom feed
* bug#47644: guix on foreign distro won't upgrade, stuck on old commits
@ 2021-04-07 20:19 Brian Zwahr
       [not found] ` <>
  0 siblings, 1 reply; 2+ messages in thread
From: Brian Zwahr @ 2021-04-07 20:19 UTC (permalink / raw)
  To: 47644

[-- Attachment #1.1: Type: text/plain, Size: 4108 bytes --]

Hi! It was suggested I email this in by someone in the IRC channel. I'm 
having an issue where guix always tells me it is "X days old" and that 
I should run guix pull/guix upgrade. However, running these commands 
does not fix the issue.

guix describe shows:

$ guix describe
Generation 9	Mar 25 2021 08:36:11	(current)
  guix 3f1b2bd
    repository URL: <>
    branch: master
    commit: 3f1b2bd322b6cdba99a43d08e5e8464f7424cbc5

Which is, indeed, out of date. IRC folks recommended checking the git 
status, so I did:

(master) $ git status
On branch master
Your branch is behind 'origin/master' by 474 commits, and can be 
  (use "git pull" to update your local branch)

nothing to commit, working tree clean

It is, indeed, out of date, but after a guix pull:

$ guix pull
Updating channel 'guix' from Git repository at 
Building from this channel:
  guix      <>	3f1b2bd
Computing Guix derivation for 'x86_64-linux'... |
nothing to be done

It doesn't update and still tells me I'm out of date:

$ guix upgrade
guix upgrade: warning: Your Guix installation is 13 days old.
guix upgrade: warning: Consider running 'guix pull' followed by
'guix package -u' to get up-to-date packages and security updates.

It was suggested that I should run this command:

guix pull --commit=02297d3fe680371a4b97b9c1b770932cbdd55615

and after doing so, I was then only 1 commit behind instead:

(master) $ git status
On branch master
Your branch is behind 'origin/master' by 1 commit, and can be 
  (use "git pull" to update your local branch)

nothing to commit, working tree clean

However, `guix pull` now gives me a new error about needing to 

$ guix pull
Updating channel 'guix' from Git repository at 
guix pull: error: aborting update of channel 'guix' to commit 
3f1b2bd322b6cdba99a43d08e5e8464f7424cbc5, which is not a descendant of 
hint: Use `--allow-downgrades' to force this downgrade.

and for some reason, I'm back to being almost 500 commits behind again:

(master) $ git status
On branch master
Your branch is behind 'origin/master' by 477 commits, and can be 
  (use "git pull" to update your local branch)

nothing to commit, working tree clean

even though `guix describe` now seems to be more up-to-date (apr 7 
instead or mar 25)

$ guix describe
Generation 10	Apr 07 2021 14:38:16	(current)
  guix 02297d3
    repository URL: <>
    commit: 02297d3fe680371a4b97b9c1b770932cbdd55615

As a final attempt to solve this, it was suggested that I run `guix 
pull -l 2>&1 | tee pull-generations.log` and email it to this list. I'm 
attaching that file here.

Also, after running that command, I'm back to being only 1 commit 
behind and still get the downgrade error from `guix pull`:

(master) $ git status
On branch master
Your branch is behind 'origin/master' by 1 commit, and can be 
  (use "git pull" to update your local branch)

nothing to commit, working tree clean

$ guix pull
Updating channel 'guix' from Git repository at 
guix pull: error: aborting update of channel 'guix' to commit 
3f1b2bd322b6cdba99a43d08e5e8464f7424cbc5, which is not a descendant of 
hint: Use `--allow-downgrades' to force this downgrade.

For now, I'm trying to avoid doing anything else guix-related, so that 
my system is in the same state and can hopefully be diagnosed and fixed.

[-- Attachment #1.2: Type: text/html, Size: 6170 bytes --]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: pull-generations.log --]
[-- Type: text/x-log, Size: 18060 bytes --]

Generation 1	Mar 16 2021 14:50:54
  guix 109f584
    repository URL:
    branch: master
    commit: 109f58444beecd1b9b7c502f2a687a6b91c62dc0
Generation 2	Mar 16 2021 15:14:10
  guix 109f584
    repository URL:
    branch: master
    commit: 109f58444beecd1b9b7c502f2a687a6b91c62dc0
Generation 3	Mar 17 2021 09:24:14
  guix d79d63e
    repository URL:
    branch: master
    commit: d79d63e7829d53f6a501d8df7e264ff70033abca
  1 new package: lolcode-lci
  5 packages upgraded: emacs-marginalia@0.4, gnome-autoar@0.3.1,
    komikku@0.27.0, meson@0.57.1, tig@2.5.3
Generation 4	Mar 19 2021 13:05:15
  guix 1ab03fb
    repository URL:
    commit: 1ab03fb74505458e7754dce338a5da29dc754d80
  5 new packages: countdown, dragon-drop, emacs-kotlin-mode,
    libucl, psi
  28 packages upgraded: bind@9.16.13, busybox@1.33.0,
    cpupower@5.11.7, dhewm3@1.5.1, di@4.49, elixir@1.11.4,
    emacs-flymake-shellcheck@0.1-1.ac534e9, emacs-leaf@4.4.4, freefall@5.11.7,
    goffice@0.10.49, guile2.2-guix@1.2.0-17.ec7fb66, guix@1.2.0-17.ec7fb66,
    java-openmpi@4.1.0, linux-libre-bpf@5.11.7, linux-libre-headers@5.11.7,
    linux-libre@5.11.7, openmpi-thread-multiple@4.1.0, openmpi@4.1.0,
    perf@5.11.7, ruby-kramdown@2.3.1, srt2vtt@0.2, swi-prolog@8.3.20,
    tmon@5.11.7, turbostat@5.11.7, ungoogled-chromium-wayland@89.0.4389.90-1,
    ungoogled-chromium@89.0.4389.90-1, vis@0.7, x86-energy-perf-policy@5.11.7

News for channel 'guix'
  Update on previous `guix-daemon' local privilege escalation
    commit 9ade2b720af91acecf76278b4d9b99ace406781e

    The previous news item described a potential local privilege escalation in
    `guix-daemon', and claimed that systems with the Linux ``protected
    hardlink'' ( feature
    enabled were unaffected by the vulnerability.
    This is not entirely correct.  Exploiting the bug on such systems is harder,
    but not impossible.  To avoid unpleasant surprises, all users are advised to
    upgrade `guix-daemon'.  Run `info "(guix) Upgrading Guix"' for info on how
    to do that.  See
    ix-daemon/' for more information on this bug.
  Risk of local privilege escalation via `guix-daemon'
    commit ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf

    A security vulnerability that can lead to local privilege escalation has
    been found in `guix-daemon'.  It affects multi-user setups in which
    `guix-daemon' runs locally.
    It does _not_ affect multi-user setups where `guix-daemon' runs on a
    separate machine and is accessed over the network, via `GUIX_DAEMON_SOCKET',
    as is customary on cluster setups.  Machines where the Linux ``protected
    hardlink'' ( feature
    is enabled, which is common, are also unaffected---this is the case when the
    contents of `/proc/sys/fs/protected_hardlinks' are `1'.
    The attack consists in having an unprivileged user spawn a build process,
    for instance with `guix build', that makes its build directory
    world-writable.  The user then creates a hardlink within the build directory
    to a root-owned file from outside of the build directory, such as
    `/etc/shadow'.  If the user passed the `--keep-failed' option and the build
    eventually fails, the daemon changes ownership of the whole build tree,
    including the hardlink, to the user.  At that point, the user has write
    access to the target file.
    You are advised to upgrade `guix-daemon'.  Run `info "(guix) Upgrading
    Guix"', for info on how to do that.  See `'
    for more information on this bug.

Generation 5	Mar 22 2021 09:17:16
  guix ee4fc3b
    repository URL:
    branch: master
    commit: ee4fc3b662994e9d041027c4d0799a173a12d35a
  30 new packages: fzf, git2cl, go-github-com-akosmarton-papipes,
    go-github-com-kisielk-gotool, go-github-com-mesilliac-pulse-simple,
    go-github-com-pborman-getopt, go-go-uber-org-atomic,
    go-go-uber-org-multierr, go-go-uber-org-zap, go-golang-org-x-lint,
    go-honnef-co-go-tools, guile-quickcheck, julia-benchmarktools,
    julia-bufferedstreams, julia-http, julia-inifile, julia-jllwrappers,
    julia-mbedtls, julia-mbedtls-jll, julia-uris, kappanhang, movim-desktop,
    psi-plus, qhttp, qite, r-chromstar, r-chromstardata, r-lsa, r-signac,
  48 packages upgraded: abseil-cpp@20200923.3, balsa@2.6.2,
    cpupower@5.11.8, drumkv1@0.9.21, emacs-ebuild-mode@1.52, emilua@0.3.0,
    fet@5.49.1, fluidsynth@2.1.8, freefall@5.11.8, gnumeric@1.12.49,
    guile-lib@0.2.7, guile2.0-lib@0.2.7, guile2.2-lib@0.2.7, haveged@1.9.14,
    inxi-minimal@3.3.03-1, inxi@3.3.03-1, jasper@2.0.27, linux-libre-bpf@5.11.8,
    linux-libre-headers@5.11.8, linux-libre@5.11.8, mbpfan@2.2.1, msmtp@1.8.15,
    nyxt@2-pre-release-6, oil@0.8.8, openresolv@3.12.0, padthv1@0.9.21,
    perf@5.11.8, perl-net-http@6.21, poke@1.1, python-httpretty@1.0.5,
    python-pikepdf@2.9.1, python-pygithub@1.54.1, qtractor@0.9.21,
    rng-tools@6.12, rust-syn@1.0.64, samplv1@0.9.21, sbcl@2.1.2, synthv1@0.9.21,
    tmon@5.11.8, turbostat@5.11.8, vim-full@8.2.2632, vim@8.2.2632, wcslib@7.5,
    webkitgtk@2.30.6, x86-energy-perf-policy@5.11.8, xfsprogs@5.11.0,
    xxd@8.2.2632, youtube-dl@2021.03.14
Generation 6	Mar 23 2021 10:44:55
  guix 5802858
    repository URL:
    branch: master
    commit: 5802858be335c945a80eb4d3528cc3cd55f2bbbe
  4 new packages: disarchive, emacs-ivy-avy, emacs-ivy-hydra,
  24 packages upgraded: borg@1.1.16, celluloid@0.21, cgal@5.2.1,
    cuirass@1.0.0-2.6f4a203, diffoscope@170, efibootmgr@17, emacs-auctex@13.0.5,
    fcitx5-qt@5.0.5, gtk-layer-shell@0.6.0, libime@1.0.5, man-pages@5.11,
    minetest-mineclone@0.71.0, minetest@5.4.0, mpg123@1.26.5,
    perl-moosex-getopt@0.75, python-duniterpy@0.62.0, rpm@,
    rust-env-logger@0.8.3, wesnoth-server@1.14.16, wesnoth@1.14.16,
    wildmidi@0.4.4, xcb-imdkit@1.0.3, xchm@1.32, yggdrasil@0.3.16
Generation 7	Mar 23 2021 16:34:52
  guix aa13529
    repository URL:
    branch: master
    commit: aa13529baf498362b5d0c2310d1349692f71a260
  2 new packages: libheif, snapcast
  7 packages upgraded: giac@1.7.0-1,
    icecat@78.9.0-guix0-preview1, parallel@20210322, rust-beef@0.5.0,
    rust-time@0.2.23, rust-tuikit@0.4.5, skim@0.9.4
Generation 8	Mar 24 2021 09:25:27
  guix 55685e4
    repository URL:
    branch: master
    commit: 55685e45be072b8b688f5a2bda4fc68147febd3f
  5 new packages: cbonsai, java-mxparser, java-xmlpull-api-v1,
    libdecaf, python-pylibacl
  7 packages upgraded: bcunit@3.0.2-0.74021cc,
    bitcoin-core@0.21.0, ccache@4.2, gnuradio-iqbalance@0.38.2-0.fbee239,
    gnuradio-osmosdr@0.2.3-0.a100eb0, gnuradio@, java-xstream@1.4.16
Generation 9	Mar 25 2021 08:36:11
  guix 3f1b2bd
    repository URL:
    branch: master
    commit: 3f1b2bd322b6cdba99a43d08e5e8464f7424cbc5
  9 new packages: cl-html-template, cl-quickproject, drawing,
    ecl-html-template, ecl-quickproject, emacs-vterm-toggle, gsequencer,
    sbcl-html-template, sbcl-quickproject
  15 packages upgraded: cpupower@5.11.9, emacs-git-gutter@0.91,
    exo@4.16.1, freefall@5.11.9, linux-libre-bpf@5.11.9,
    linux-libre-headers@5.11.9, linux-libre@5.11.9, perf@5.11.9, thunar@4.16.6,
    tmon@5.11.9, turbostat@5.11.9, x86-energy-perf-policy@5.11.9,
    xfce4-battery-plugin@1.1.4, xfce4-netload-plugin@1.4.0,
Generation 10	Apr 07 2021 14:38:16	(current)
  guix 02297d3
    repository URL:
    commit: 02297d3fe680371a4b97b9c1b770932cbdd55615
  106 new packages: build, camlidl, cfm, cl-bodge-math,
    cl-bodge-utilities, cl-conspack, cl-cpus, cl-opengl, cl-rtg-math, cl-shadow,
    cl-umbra, cli, dream, ecl-bodge-math, ecl-bodge-utilities, ecl-cl-conspack,
    ecl-cl-cpus, ecl-cl-opengl, ecl-rtg-math, ecl-shadow, ecl-umbra,
    emacs-cascading-dir-locals, emacs-julia-repl, emacs-julia-snail,
    emacs-nice-citation, emacs-relative-buffers, emacs-sdcv, emacs-showtip,
    entt,, gpart, guile-imanifest, hikari,
    interception-dual-function-keys, interception-tools, jami-gnome, jami-qt,
    julia-abstractffts, julia-calculus, julia-chainrules, julia-chainrulescore,
    julia-chainrulestestutils, julia-colors, julia-colortypes,
    julia-commonsubexpressions, julia-compilersupportlibraries-jll,
    julia-constructionbase, julia-diffresults, julia-diffrules, julia-difftests,
    julia-example, julia-fillarrays, julia-finitedifferences, julia-forwarddiff,
    julia-irtools, julia-macrotools, julia-nanmath, julia-openspecfun-jll,
    julia-reexport, julia-requires, julia-richardson, julia-specialfunctions,
    julia-staticarrays, julia-unitful, julia-zygote, julia-zygoterules, libcutl,
    librasterlite2, libxlsxwriter, libxsd-frontend, lime, linphone-desktop,
    mandoc, node-wrappy, opensmtpd-filter-rspamd, pt-scotch-shared,
    python-flake8-continuation, python-flake8-quotes, python-matrix-client,
    python-smartypants, python-typogrify, python-urwid-readline, python-zulip,
    r-gsa, r-samr, rust-endian-type, rust-hamcrest2, rust-nibble-vec,
    rust-radix-trie, sbcl-bodge-math, sbcl-bodge-utilities, sbcl-cl-conspack,
    sbcl-cl-cpus, sbcl-cl-opengl, sbcl-rtg-math, sbcl-shadow, sbcl-umbra,
    scotch-shared, texlive-bera, texlive-fontaxes, texlive-fourier,
    texlive-mathdesign, texlive-utopia, welle-io, xsd, zulip-term
  270 packages upgraded: american-fuzzy-lop@2.57b, asio@1.18.1,
    autocutsel@0.10.1, autofs@5.1.7, avidemux@2.7.8, babl@0.1.86,
    bcachefs-static@0.1-4.bb6eccc, bcachefs-tools-static@0.1-4.bb6eccc,
    bcachefs-tools@0.1-4.bb6eccc, bctoolbox@4.4.34, belcard@4.4.34,
    belle-sip@4.4.34, belr@4.4.34, bitcoin-unlimited@, butt@0.1.29,
    bzrtp@4.4.34, ccls@0.20201219, cl-golden-utils@0.0.0-2.62a5cb9,
    cl-ironclad@0.55, cl-postmodern@1.32.9, cl-webkit@2.4-13.db85563,
    containerd@1.4.4, corkscrew@2.0-0.268b71e, cpupower@5.11.11, crypto++@8.5.0,
    cryptsetup-static@2.3.5, cryptsetup@2.3.5, cuirass@1.0.0-7.1b35a77,
    curl@7.76.0, di@4.50, diffoscope@172, doctest@2.4.6, drumstick@2.1.1,
    ecl-cl-webkit@2.4-13.db85563, ecl-golden-utils@0.0.0-2.62a5cb9,
    ecl-ironclad@0.55, ecl-postmodern@1.32.9,
    emacs-all-the-icons-dired@1.0-2.fc2dfa1, emacs-auctex@13.0.6,
    emacs-ggtags@0.9.0, emacs-gif-screencast@1.2,
    emacs-imenu-list@0.9-1.b502223, emacs-minimal@27.2, emacs-no-x-toolkit@27.2,
    emacs-no-x@27.2, emacs-ob-sclang@20210329, emacs-org-contrib@20210329,
    emacs-org-roam@1.2.3-0.8ad57b1, emacs-org@9.4.5, emacs-posframe@0.9.0,
    emacs-tramp@, emacs-wide-int@27.2, emacs-xwidgets@27.2, emacs@27.2,
    facter@4.0.52, fetchmail@6.4.18, flite@2.2, foo2zjs@20200610.1,
    freefall@5.11.11, gegl@0.4.28, git-annex@8.20210330, git-lfs@2.13.3,
    git-minimal@2.31.1, git@2.31.1, gnu-efi@3.0.13,
    go-github-com-sirupsen-logrus@1.8.1, gphoto2@2.5.27, gptfdisk@1.0.7,
    gramps@5.1.3, grokmirror@2.0.8, guile2.2-guix@1.2.0-19.8f9052d,
    guix-build-coordinator@0-21.6e7e63f, guix-data-service@0.0.1-26.410f58c,
    guix@1.2.0-19.8f9052d, hnsd@1.0.0, icedove-wayland@78.9.0, icedove@78.9.0,
    ilmbase@2.5.5, imagemagick@6.9.12-4, ircii@20210314, knot-resolver@5.3.1,
    knot@3.0.5, krita@4.4.3, libaom@3.0.0, libgphoto2@2.5.27,
    libinstpatch@1.1.6, liblinphone@4.4.34, libpano13@2.9.20_rc3,
    libring@20210326.1.cfba013, libringclient@20210326.1.cfba013,
    librsvg@2.50.3, libupnp@1.14.4, libvirt-glib@4.0.0, libvirt@7.2.0,
    links@2.22, linux-libre-bpf@5.11.11, linux-libre-headers@5.11.11,
    linux-libre@5.11.11, lldpd@1.0.9, mame@0.230, mediastreamer2@4.4.34,
    mgba@0.9.0, minicom@2.8, mousepad@0.5.4, mpop@1.4.13, mpv@0.33.1,
    msamr@1.1.3-0.5ab5c09, msopenh264@1.2.1-0.88697cc, mssilk@1.1.1-0.dd0f31e,
    mswebrtc@1.1.1-0.946ca70, mumi@0.0.1-5.9f070bd, neomutt@20210205,
    nettle@3.7.2, nginx-documentation@1.19.9-2696-f85798c1c70a, nginx@1.19.9,
    nnn@3.6, node@14.16.0, nq@0.4, ntl@11.4.4, nushell@0.29.0, nyacc@1.03.6,
    opendht@2.2.0rc4, openexr@2.5.5, openssl@1.1.1k, ortp@4.4.34,
    pam-mount@2.18, perf@5.11.11, perl-crypt-rijndael@1.16,
    perl-data-validate-ip@0.30, perl-digest-hmac@1.04, perl-moose@2.2015,
    perl-net-cidr-lite@0.22, perl-net-dns@1.30, perl-params-util@1.102,
    perl-path-tiny@0.118, perl-pdf-api2@2.039, perl-scalar-list-utils@1.56,
    perl-test-output@1.033, pidgin@2.14.2, pjproject@2.11, plink-ng@2.00a2.3,
    psm2@11.2.185, python-astor@0.8.1, python-backcall@0.2.0,
    python-beautifulsoup4@4.9.3, python-django@3.1.8, python-dropbox@11.5.0,
    python-flake8@3.9.0, python-icalendar@4.0.7, python-ipaddress@1.0.23,
    python-libvirt@7.2.0, python-pikepdf@2.10.0, python-poppler-qt5@21.1.0,
    python-pycodestyle@2.7.0, python-pyflakes@2.3.1, python-pyserial@3.5,
    python-pytest-flake8@1.0.7, python-pytz@2021.1, python-pytzdata@2020.1,
    python-pyzmq@22.0.3, python-soupsieve@2.2.1, python-tabulate@0.8.9,
    python-toml@0.10.2, python-tornado@6.1, python-urwid@2.1.2,
    python2-astor@0.8.1, python2-beautifulsoup4@4.9.3, python2-flake8@3.9.0,
    python2-ipaddress@1.0.23, python2-libvirt@7.2.0, python2-pycodestyle@2.7.0,
    python2-pyflakes@2.3.1, python2-pyserial@3.5, python2-pytz@2021.1,
    python2-pytzdata@2020.1, python2-pyzmq@22.0.3, python2-tabulate@0.8.9,
    qrencode@4.1.1, quickjs@2021-03-27, restbed@4.7, restinio@0.6.13,
    rtl8812au-aircrack-ng-linux-module@, runc@1.0.0-rc93,
    rust-lopdf@0.26.0, rust-nix@0.20.0, rust-nu-ansi-term@0.29.0,
    rust-nu-cli@0.29.0, rust-nu-command@0.29.0, rust-nu-data@0.29.0,
    rust-nu-engine@0.29.0, rust-nu-errors@0.29.0, rust-nu-json@0.29.0,
    rust-nu-parser@0.29.0, rust-nu-plugin-binaryview@0.29.0,
    rust-nu-plugin-chart@0.29.0, rust-nu-plugin-fetch@0.29.0,
    rust-nu-plugin-from-bson@0.29.0, rust-nu-plugin-from-sqlite@0.29.0,
    rust-nu-plugin-inc@0.29.0, rust-nu-plugin-match@0.29.0,
    rust-nu-plugin-post@0.29.0, rust-nu-plugin-ps@0.29.0,
    rust-nu-plugin-s3@0.29.0, rust-nu-plugin-selector@0.29.0,
    rust-nu-plugin-start@0.29.0, rust-nu-plugin-sys@0.29.0,
    rust-nu-plugin-textview@0.29.0, rust-nu-plugin-to-bson@0.29.0,
    rust-nu-plugin-to-sqlite@0.29.0, rust-nu-plugin-tree@0.29.0,
    rust-nu-plugin-xpath@0.29.0, rust-nu-plugin@0.29.0, rust-nu-protocol@0.29.0,
    rust-nu-source@0.29.0, rust-nu-stream@0.29.0, rust-nu-table@0.29.0,
    rust-nu-test-support@0.29.0, rust-nu-value-ext@0.29.0, rust-rand-core@0.6.2,
    rust-rocket-codegen@0.4.7, rust-rocket-http@0.4.7, rust-rocket@0.4.7,
    rust-rustyline@8.0.0, rust-smallvec@1.6.1, rust@1.51.0, saga@7.9.0,
    sbcl-cl-webkit@2.4-13.db85563, sbcl-golden-utils@0.0.0-2.62a5cb9,
    sbcl-ironclad@0.55, sbcl-postmodern@1.32.9, sbcl@2.1.3, sg3-utils@1.46,
    skopeo@1.2.2, spatialite-gui@2.1.0-beta1, spdlog@1.8.5, sqlite@3.32.3,
    strawberry@0.9.2, stunnel@5.59, suitesparse@5.9.0, svt-hevc@1.5.0,
    synapse@1.29.0, terminator@2.1.1, tippecanoe@1.36.0, tmon@5.11.11,
    turbostat@5.11.11, txr@255, tzdata@2021a, ugrep@3.1.11, umoci@0.4.7,
    urlscan@0.9.6, vim-asyncrun@2.8.5, vim-full@8.2.2689, vim@8.2.2689,
    vips@8.10.6, virt-manager@3.2.0, vmpk@0.8.2, vsftpd@3.0.3-32.el8, vtk@9.0.1,
    wavpack@5.4.0, waybar@0.9.5, webkitgtk@2.32.0, wireguard-tools@1.0.20210315,
    wla-dx@9.12, wsjtx@2.3.1, x86-energy-perf-policy@5.11.11, xscreensaver@5.45,
    xxd@8.2.2689, youtube-dl@2021.04.01, zabbix-agentd@5.2.6,

News for channel 'guix'
  Risk of local privilege escalation during user account creation
    commit 2161820ebbbab62a5ce76c9101ebaec54dc61586

    A security vulnerability that can lead to local privilege escalation has
    been found in the code that creates user accounts on Guix System---Guix on
    other distros is unaffected.  The system is only vulnerable during the
    activation of user accounts that do not already exist.
    This bug is fixed and Guix System users are advised to upgrade their system,
    with a command along the lines of:
         guix system reconfigure /run/current-system/configuration.scm
    The attack can happen when `guix system reconfigure' is running.  Running
    `guix system reconfigure' can trigger the creation of new user accounts if
    the configuration specifies new accounts.  If a user whose account is being
    created manages to log in after the account has been created but before
    ``skeleton files'' copied to its home directory have the right ownership,
    they may, by creating an appropriately-named symbolic link in the home
    directory pointing to a sensitive file, such as `/etc/shadow', get root
    See `' for more information on this bug.
  New supported platform: powerpc64le-linux
    commit e52ec6c64a17a99ae4bb6ff02309067499915b06

    A new platform, powerpc64le-linux, has been added for little-endian 64-bit
    Power ISA processors using the Linux-Libre kernel.  This includes POWER9
    systems such as the RYF Talos II mainboard
    -fsf-certified-to-respect-your-freedom).  This platform is available as a
    "technology preview": although it is supported, substitutes are not yet
    available from the build farm, and some packages may fail to build.  In
    addition, Guix System is not yet available on this platform.  That said, the
    Guix community is actively working on improving this support, and now is a
    great time to try it and get involved!

^ permalink raw reply	[flat|nested] 2+ messages in thread

* bug#47644: Acknowledgement (guix on foreign distro won't upgrade, stuck on old commits)
       [not found] ` <>
@ 2021-04-09  1:43   ` Brian Zwahr
  0 siblings, 0 replies; 2+ messages in thread
From: Brian Zwahr @ 2021-04-09  1:43 UTC (permalink / raw)
  To: 47644

[-- Attachment #1: Type: text/plain, Size: 1505 bytes --]

Well, I figured out my issue. I had created backup files manifest.scm 
and channels.scm and put them in the ~/.config/guix directory for 
storage. Turns out that these files, or at least the channels one, get 
read and used automatically by `guix pull`.  I have moved those files 
to a different directory for storage and backup, and now everything 
seems fine.

Turns out the commit that `guix pull` was stuck on was the one defined 
in my channels.scm file.

If anyone else experiences the same issue, perhaps this will help.

On Wed, Apr 7 2021 at 08:21:02 PM +0000, GNU bug Tracking System 
<> wrote:
> Thank you for filing a new bug report with
> This is an automatically generated reply to let you know your message
> has been received.
> Your message is being forwarded to the package maintainers and other
> interested parties for their attention; they will reply in due course.
> Your message has been sent to the package maintainer(s):
> <>
> If you wish to submit further information on this problem, please
> send it to <>.
> Please do not send mail to 
> <> unless you wish
> to report a problem with the Bug-tracking system.
> --
> 47644: <>
> GNU Bug Tracking System
> Contact <> with 
> problems

[-- Attachment #2: Type: text/html, Size: 1820 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-04-09  1:44 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-07 20:19 bug#47644: guix on foreign distro won't upgrade, stuck on old commits Brian Zwahr
     [not found] ` <>
2021-04-09  1:43   ` bug#47644: Acknowledgement (guix on foreign distro won't upgrade, stuck on old commits) Brian Zwahr

all messages for Guix-related lists mirrored at

This inbox may be cloned and mirrored by anyone:

	git clone --mirror

Example config snippet for mirrors.

AGPL code for this site: git clone http://ou63pmih66umazou.onion/public-inbox.git