From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Thompson Subject: [PATCH] environment: container: Create dummy home directory and /etc/passwd. Date: Fri, 18 Mar 2016 08:41:01 -0400 Message-ID: <87wpp0hsbm.fsf@izanagi.i-did-not-set--mail-host-address--so-tickle-me> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:57047) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1agtiE-0003Ot-VE for guix-devel@gnu.org; Fri, 18 Mar 2016 08:41:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1agtiB-0002Mw-Kl for guix-devel@gnu.org; Fri, 18 Mar 2016 08:41:06 -0400 Received: from mail-qk0-x22c.google.com ([2607:f8b0:400d:c09::22c]:33751) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1agtiB-0002Ms-C1 for guix-devel@gnu.org; Fri, 18 Mar 2016 08:41:03 -0400 Received: by mail-qk0-x22c.google.com with SMTP id s5so48215658qkd.0 for ; Fri, 18 Mar 2016 05:41:03 -0700 (PDT) Received: from izanagi ([38.88.209.18]) by smtp.gmail.com with ESMTPSA id j8sm5872811qhj.19.2016.03.18.05.41.01 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 18 Mar 2016 05:41:02 -0700 (PDT) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: guix-devel@gnu.org --=-=-= Content-Type: text/plain In my recent adventures using 'guix environment --container --network', I noticed that certain tools *really* want to read user information out of /etc/passwd, such as 'git clone' over SSH. I initially hacked around this by adding code to create a dummy home directory and /etc/passwd in the Bash script I was running inside the container. After a little thought, I came to the conclusion that 'guix environment --container' should just do this automatically so that the container more closely resembles a real GNU/Linux system. WDYT? Thanks, -- David Thompson GPG Key: 0FF1D807 --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-environment-container-Create-dummy-home-directory-an.patch >From 5985be7a5b3b6a5d5a5d3eb3e95983ad96909f2e Mon Sep 17 00:00:00 2001 From: David Thompson Date: Thu, 17 Mar 2016 23:19:25 -0400 Subject: [PATCH] environment: container: Create dummy home directory and /etc/passwd. * guix/scripts/environment.scm (launch-environment/container): Change $HOME to the current user's home directory instead of /homeless-shelter. Create a dummy /etc/passwd with a single entry for the current user. --- guix/scripts/environment.scm | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm index b122b4c..ee8f6b1 100644 --- a/guix/scripts/environment.scm +++ b/guix/scripts/environment.scm @@ -373,6 +373,7 @@ host file systems to mount inside the container." (list (direct-store-path bash) profile)))) (return (let* ((cwd (getcwd)) + (passwd (getpwuid (getuid))) ;; Bind-mount all requisite store items, user-specified mappings, ;; /bin/sh, the current working directory, and possibly networking ;; configuration files within the container. @@ -417,16 +418,26 @@ host file systems to mount inside the container." ;; The same variables as in Nix's 'build.cc'. '("TMPDIR" "TEMPDIR" "TMP" "TEMP")) - ;; From Nix build.cc: - ;; - ;; Set HOME to a non-existing path to prevent certain - ;; programs from using /etc/passwd (or NIS, or whatever) - ;; to locate the home directory (for example, wget looks - ;; for ~/.wgetrc). I.e., these tools use /etc/passwd if - ;; HOME is not set, but they will just assume that the - ;; settings file they are looking for does not exist if - ;; HOME is set but points to some non-existing path. - (setenv "HOME" "/homeless-shelter") + ;; Create a dummy home directory with the same path as on the + ;; host. + (mkdir-p (passwd:dir passwd)) + (setenv "HOME" (passwd:dir passwd)) + + ;; Create a dummy /etc/passwd to satisfy applications that demand + ;; to read it, such as 'git clone' over SSH, a valid use-case when + ;; sharing the host's network namespace. + (mkdir-p "/etc") + (call-with-output-file "/etc/passwd" + (lambda (port) + (display (string-join (list (passwd:name passwd) + "x" ; but there is no shadow + "0" "0" ; user is now root + (passwd:gecos passwd) + (passwd:dir passwd) + bash) + ":") + port) + (newline port))) ;; For convenience, start in the user's current working ;; directory rather than the root directory. -- 2.6.3 --=-=-=--