summary refs log tree commit diff
diff options
context:
space:
mode:
authorTobias Geerinckx-Rice <me@tobias.gr>2022-06-05 02:00:05 +0200
committerTobias Geerinckx-Rice <me@tobias.gr>2022-06-05 02:00:00 +0200
commit7c52cad0464175370c44bd4695e4c01a62b8268f (patch)
treeb4d0c8447add35ffd9ddbab21c08f567129a717e
parent34c7c922f51b8988e7e1d943e56f7c6b3b2a7563 (diff)
downloadguix-7c52cad0464175370c44bd4695e4c01a62b8268f.tar.gz
pull: Fail if cache directory ownership is suspect.
New users frequently run ‘sudo guix pull’ which breaks subsequent
unprivileged ‘guix pull’s until manually fixed with chmod -R.

* guix/scripts/pull.scm (guix-pull): Fail if the cache directory (or
its innermost extant parent) is not owned by the user pulling the Guix,
with a hint about ‘sudo -i’.
Diffstat
-rw-r--r--guix/scripts/pull.scm28
1 files changed, 28 insertions, 0 deletions
diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
index f01764637b..24151f7ed3 100644
--- a/guix/scripts/pull.scm
+++ b/guix/scripts/pull.scm
@@ -49,6 +49,7 @@
   #:autoload   (gnu packages bootstrap) (%bootstrap-guile)
   #:autoload   (gnu packages certs) (le-certs)
   #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-11)
   #:use-module (srfi srfi-26)
   #:use-module (srfi srfi-34)
   #:use-module (srfi srfi-35)
@@ -810,6 +811,33 @@ Use '~/.config/guix/channels.scm' instead."))
         ((assoc-ref opts 'generation)
          (process-generation-change opts profile))
         (else
+         ;; Bail out early when users accidentally run, e.g., ’sudo guix pull’.
+         ;; If CACHE-DIRECTORY doesn't yet exist, test where it would end up.
+         (let-values (((stats dir) (let loop ((dir (cache-directory)))
+                                     (let ((stats (stat dir #f)))
+                                       (if stats
+                                           (values stats dir)
+                                           (loop (dirname dir)))))))
+           (let ((dir:uid (stat:uid stats))
+                 (our:uid (getuid)))
+             (unless (= dir:uid our:uid)
+               (let* ((user (lambda (uid)    ; handle the unthinkable invalid UID
+                              (or (false-if-exception (passwd:name
+                                                       (getpwuid uid)))
+                                  uid)))
+                      (our:user (user our:uid))
+                      (dir:user (user dir:uid)))
+                 (raise
+                  (condition
+                   (&message
+                    (message
+                     (format #f (G_ "directory ‘~a’ is not owned by user ~a")
+                             dir dir:user)))
+                   (&fix-hint
+                    (hint
+                     (format #f (G_ "You should run this command as ~a; use ‘sudo -i’ or equivalent if you really want to pull as ~a.")
+                             dir:user our:user)))))))))
+
          (with-store store
            (with-status-verbosity (assoc-ref opts 'verbosity)
              (parameterize ((%current-system (assoc-ref opts 'system))
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-14 17:23:42 +0000