From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Thompson <dthompson2@worcester.edu>
Subject: [PATCH] environment: container: Create dummy home directory and
	/etc/passwd.
Date: Fri, 18 Mar 2016 08:41:01 -0400
Message-ID: <87wpp0hsbm.fsf@izanagi.i-did-not-set--mail-host-address--so-tickle-me>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57047)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dthompson2@worcester.edu>) id 1agtiE-0003Ot-VE
	for guix-devel@gnu.org; Fri, 18 Mar 2016 08:41:07 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <dthompson2@worcester.edu>) id 1agtiB-0002Mw-Kl
	for guix-devel@gnu.org; Fri, 18 Mar 2016 08:41:06 -0400
Received: from mail-qk0-x22c.google.com ([2607:f8b0:400d:c09::22c]:33751)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dthompson2@worcester.edu>) id 1agtiB-0002Ms-C1
	for guix-devel@gnu.org; Fri, 18 Mar 2016 08:41:03 -0400
Received: by mail-qk0-x22c.google.com with SMTP id s5so48215658qkd.0
	for <guix-devel@gnu.org>; Fri, 18 Mar 2016 05:41:03 -0700 (PDT)
Received: from izanagi ([38.88.209.18])
	by smtp.gmail.com with ESMTPSA id j8sm5872811qhj.19.2016.03.18.05.41.01
	for <guix-devel@gnu.org>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 18 Mar 2016 05:41:02 -0700 (PDT)
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: guix-devel@gnu.org

--=-=-=
Content-Type: text/plain

In my recent adventures using 'guix environment --container --network',
I noticed that certain tools *really* want to read user information out
of /etc/passwd, such as 'git clone' over SSH.  I initially hacked around
this by adding code to create a dummy home directory and /etc/passwd in
the Bash script I was running inside the container.  After a little
thought, I came to the conclusion that 'guix environment --container'
should just do this automatically so that the container more closely
resembles a real GNU/Linux system.

WDYT?

Thanks,

-- 
David Thompson
GPG Key: 0FF1D807

--=-=-=
Content-Type: text/x-patch
Content-Disposition: inline;
 filename=0001-environment-container-Create-dummy-home-directory-an.patch

>From 5985be7a5b3b6a5d5a5d3eb3e95983ad96909f2e Mon Sep 17 00:00:00 2001
From: David Thompson <dthompson2@worcester.edu>
Date: Thu, 17 Mar 2016 23:19:25 -0400
Subject: [PATCH] environment: container: Create dummy home directory and
 /etc/passwd.

* guix/scripts/environment.scm (launch-environment/container): Change
$HOME to the current user's home directory instead of
/homeless-shelter.  Create a dummy /etc/passwd with a single entry for
the current user.
---
 guix/scripts/environment.scm | 31 +++++++++++++++++++++----------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm
index b122b4c..ee8f6b1 100644
--- a/guix/scripts/environment.scm
+++ b/guix/scripts/environment.scm
@@ -373,6 +373,7 @@ host file systems to mount inside the container."
                              (list (direct-store-path bash) profile))))
     (return
      (let* ((cwd (getcwd))
+            (passwd (getpwuid (getuid)))
             ;; Bind-mount all requisite store items, user-specified mappings,
             ;; /bin/sh, the current working directory, and possibly networking
             ;; configuration files within the container.
@@ -417,16 +418,26 @@ host file systems to mount inside the container."
                       ;; The same variables as in Nix's 'build.cc'.
                       '("TMPDIR" "TEMPDIR" "TMP" "TEMP"))
 
-            ;; From Nix build.cc:
-            ;;
-            ;; Set HOME to a non-existing path to prevent certain
-            ;; programs from using /etc/passwd (or NIS, or whatever)
-            ;; to locate the home directory (for example, wget looks
-            ;; for ~/.wgetrc).  I.e., these tools use /etc/passwd if
-            ;; HOME is not set, but they will just assume that the
-            ;; settings file they are looking for does not exist if
-            ;; HOME is set but points to some non-existing path.
-            (setenv "HOME" "/homeless-shelter")
+            ;; Create a dummy home directory with the same path as on the
+            ;; host.
+            (mkdir-p (passwd:dir passwd))
+            (setenv "HOME" (passwd:dir passwd))
+
+            ;; Create a dummy /etc/passwd to satisfy applications that demand
+            ;; to read it, such as 'git clone' over SSH, a valid use-case when
+            ;; sharing the host's network namespace.
+            (mkdir-p "/etc")
+            (call-with-output-file "/etc/passwd"
+              (lambda (port)
+                (display (string-join (list (passwd:name passwd)
+                                            "x" ; but there is no shadow
+                                            "0" "0" ; user is now root
+                                            (passwd:gecos passwd)
+                                            (passwd:dir passwd)
+                                            bash)
+                                      ":")
+                         port)
+                (newline port)))
 
             ;; For convenience, start in the user's current working
             ;; directory rather than the root directory.
-- 
2.6.3


--=-=-=--