From 47e99e626b46b2fc433506a822d251de68ad6241 Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Wed, 16 Oct 2019 19:09:46 +0200
Subject: daemon: Remove traces of 'NIX_ROOT_FINDER'.
This is a followup to 2e3e5d21988fc2cafb2a9eaf4b00976ea425629d.
* build-aux/test-env.in: Remove mentions of 'NIX_ROOT_FINDER'.
* nix/libstore/gc.cc (LocalStore::collectGarbage): Adjust comment
accordingly.
---
nix/libstore/gc.cc | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
(limited to 'nix/libstore')
diff --git a/nix/libstore/gc.cc b/nix/libstore/gc.cc
index c466996668..fe152da015 100644
--- a/nix/libstore/gc.cc
+++ b/nix/libstore/gc.cc
@@ -620,10 +620,9 @@ void LocalStore::collectGarbage(const GCOptions & options, GCResults & results)
foreach (Roots::iterator, i, rootMap) state.roots.insert(i->second);
- /* Add additional roots returned by the program specified by the
- NIX_ROOT_FINDER environment variable. This is typically used
- to add running programs to the set of roots (to prevent them
- from being garbage collected). */
+ /* Add additional roots returned by 'guix gc --list-busy'. This is
+ typically used to add running programs to the set of roots (to prevent
+ them from being garbage collected). */
if (!options.ignoreLiveness)
addAdditionalRoots(*this, state.roots);
--
cgit 1.4.1
From 81c580c8664bfeeb767e2c47ea343004e88223c7 Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Wed, 16 Oct 2019 11:51:42 +0200
Subject: daemon: Make 'profiles/per-user' non-world-writable.
Fixes <https://bugs.gnu.org/37744>.
Reported at <https://www.openwall.com/lists/oss-security/2019/10/09/4>.
Based on Nix commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d
by Eelco Dolstra <edolstra@gmail.com>.
* nix/libstore/local-store.cc (LocalStore::LocalStore): Set 'perUserDir'
to #o755 instead of #o1777.
(LocalStore::createUser): New function.
* nix/libstore/local-store.hh (LocalStore): Add it.
* nix/libstore/store-api.hh (StoreAPI): Add it.
* nix/nix-daemon/nix-daemon.cc (performOp): In 'wopSetOptions', add
condition to handle "user-name" property and honor it.
(processConnection): Add 'userId' parameter. Call 'store->createUser'
when userId is not -1.
* guix/profiles.scm (ensure-profile-directory): Note that this is now
handled by the daemon.
* guix/store.scm (current-user-name): New procedure.
(set-build-options): Add #:user-name parameter and pass it to the daemon.
* tests/guix-daemon.sh: Test the creation of 'profiles/per-user' when
listening on a TCP socket.
* tests/store.scm ("profiles/per-user exists and is not writable")
("profiles/per-user/$USER exists"): New tests.
---
guix/profiles.scm | 3 ++-
guix/store.scm | 12 ++++++++++++
nix/libstore/local-store.cc | 17 +++++++++++++++--
nix/libstore/local-store.hh | 2 ++
nix/libstore/store-api.hh | 4 ++++
nix/nix-daemon/nix-daemon.cc | 24 ++++++++++++++++++++++--
tests/guix-daemon.sh | 21 +++++++++++++++++++++
tests/store.scm | 13 ++++++++++++-
8 files changed, 90 insertions(+), 6 deletions(-)
(limited to 'nix/libstore')
diff --git a/guix/profiles.scm b/guix/profiles.scm
index f5c863945c..cd3b21e390 100644
--- a/guix/profiles.scm
+++ b/guix/profiles.scm
@@ -1732,7 +1732,8 @@ because the NUMBER is zero.)"
(string-append %profile-directory "/guix-profile"))
(define (ensure-profile-directory)
- "Attempt to create /…/profiles/per-user/$USER if needed."
+ "Attempt to create /…/profiles/per-user/$USER if needed. Nowadays this is
+taken care of by the daemon."
(let ((s (stat %profile-directory #f)))
(unless (and s (eq? 'directory (stat:type s)))
(catch 'system-error
diff --git a/guix/store.scm b/guix/store.scm
index d7c603898c..382aad29d9 100644
--- a/guix/store.scm
+++ b/guix/store.scm
@@ -748,6 +748,14 @@ encoding conversion errors."
(cut string-append "http://" <>))
'("ci.guix.gnu.org")))
+(define (current-user-name)
+ "Return the name of the calling user."
+ (catch #t
+ (lambda ()
+ (passwd:name (getpwuid (getuid))))
+ (lambda _
+ (getenv "USER"))))
+
(define* (set-build-options server
#:key keep-failed? keep-going? fallback?
(verbosity 0)
@@ -759,6 +767,7 @@ encoding conversion errors."
(build-verbosity 0)
(log-type 0)
(print-build-trace #t)
+ (user-name (current-user-name))
;; When true, provide machine-readable "build
;; traces" for use by (guix status). Old clients
@@ -849,6 +858,9 @@ encoding conversion errors."
`(("build-repeat"
. ,(number->string (max 0 (1- rounds)))))
'())
+ ,@(if user-name
+ `(("user-name" . ,user-name))
+ '())
,@(if terminal-columns
`(("terminal-columns"
. ,(number->string terminal-columns)))
diff --git a/nix/libstore/local-store.cc b/nix/libstore/local-store.cc
index 3b08492c64..3793382361 100644
--- a/nix/libstore/local-store.cc
+++ b/nix/libstore/local-store.cc
@@ -88,8 +88,9 @@ LocalStore::LocalStore(bool reserveSpace)
Path perUserDir = profilesDir + "/per-user";
createDirs(perUserDir);
- if (chmod(perUserDir.c_str(), 01777) == -1)
- throw SysError(format("could not set permissions on '%1%' to 1777") % perUserDir);
+ if (chmod(perUserDir.c_str(), 0755) == -1)
+ throw SysError(format("could not set permissions on '%1%' to 755")
+ % perUserDir);
mode_t perm = 01775;
@@ -1642,4 +1643,16 @@ void LocalStore::vacuumDB()
}
+void LocalStore::createUser(const std::string & userName, uid_t userId)
+{
+ auto dir = settings.nixStateDir + "/profiles/per-user/" + userName;
+
+ createDirs(dir);
+ if (chmod(dir.c_str(), 0755) == -1)
+ throw SysError(format("changing permissions of directory '%s'") % dir);
+ if (chown(dir.c_str(), userId, -1) == -1)
+ throw SysError(format("changing owner of directory '%s'") % dir);
+}
+
+
}
diff --git a/nix/libstore/local-store.hh b/nix/libstore/local-store.hh
index 4113fafcb5..2e48cf03e6 100644
--- a/nix/libstore/local-store.hh
+++ b/nix/libstore/local-store.hh
@@ -180,6 +180,8 @@ public:
void setSubstituterEnv();
+ void createUser(const std::string & userName, uid_t userId);
+
private:
Path schemaPath;
diff --git a/nix/libstore/store-api.hh b/nix/libstore/store-api.hh
index 2d9dcbd573..7d2ad2270d 100644
--- a/nix/libstore/store-api.hh
+++ b/nix/libstore/store-api.hh
@@ -289,6 +289,10 @@ public:
/* Check the integrity of the Nix store. Returns true if errors
remain. */
virtual bool verifyStore(bool checkContents, bool repair) = 0;
+
+ /* Create a profile for the given user. This is done by the daemon
+ because the 'profiles/per-user' directory is not writable by users. */
+ virtual void createUser(const std::string & userName, uid_t userId) = 0;
};
diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc
index 1163a249d1..3dd156ba77 100644
--- a/nix/nix-daemon/nix-daemon.cc
+++ b/nix/nix-daemon/nix-daemon.cc
@@ -613,6 +613,17 @@ static void performOp(bool trusted, unsigned int clientVersion,
|| name == "build-repeat"
|| name == "multiplexed-build-output")
settings.set(name, value);
+ else if (name == "user-name"
+ && settings.clientUid == (uid_t) -1) {
+ /* Create the user profile. This is necessary if
+ clientUid = -1, for instance because the client
+ connected over TCP. */
+ struct passwd *pw = getpwnam(value.c_str());
+ if (pw != NULL)
+ store->createUser(value, pw->pw_uid);
+ else
+ printMsg(lvlInfo, format("user name %1% not found") % value);
+ }
else
settings.set(trusted ? name : "untrusted-" + name, value);
}
@@ -731,7 +742,7 @@ static void performOp(bool trusted, unsigned int clientVersion,
}
-static void processConnection(bool trusted)
+static void processConnection(bool trusted, uid_t userId)
{
canSendStderr = false;
_writeToStderr = tunnelStderr;
@@ -778,6 +789,15 @@ static void processConnection(bool trusted)
/* Open the store. */
store = std::shared_ptr<StoreAPI>(new LocalStore(reserveSpace));
+ if (userId != (uid_t) -1) {
+ /* Create the user profile. */
+ struct passwd *pw = getpwuid(userId);
+ if (pw != NULL && pw->pw_name != NULL)
+ store->createUser(pw->pw_name, userId);
+ else
+ printMsg(lvlInfo, format("user with UID %1% not found") % userId);
+ }
+
stopWork();
to.flush();
@@ -963,7 +983,7 @@ static void acceptConnection(int fdSocket)
/* Handle the connection. */
from.fd = remote;
to.fd = remote;
- processConnection(trusted);
+ processConnection(trusted, clientUid);
exit(0);
}, false, "unexpected build daemon error: ", true);
diff --git a/tests/guix-daemon.sh b/tests/guix-daemon.sh
index 758f18cc36..b58500966b 100644
--- a/tests/guix-daemon.sh
+++ b/tests/guix-daemon.sh
@@ -94,6 +94,27 @@ done
kill "$daemon_pid"
+# Make sure 'profiles/per-user' is created when connecting over TCP.
+
+orig_GUIX_STATE_DIRECTORY="$GUIX_STATE_DIRECTORY"
+GUIX_STATE_DIRECTORY="$GUIX_STATE_DIRECTORY-2"
+
+guix-daemon --disable-chroot --listen="localhost:9877" &
+daemon_pid=$!
+
+GUIX_DAEMON_SOCKET="guix://localhost:9877"
+export GUIX_DAEMON_SOCKET
+
+test ! -d "$GUIX_STATE_DIRECTORY/profiles/per-user"
+
+guix build guile-bootstrap -d
+
+test -d "$GUIX_STATE_DIRECTORY/profiles/per-user/$USER"
+
+kill "$daemon_pid"
+unset GUIX_DAEMON_SOCKET
+GUIX_STATE_DIRECTORY="$orig_GUIX_STATE_DIRECTORY"
+
# Check the failed build cache.
guix-daemon --no-substitutes --listen="$socket" --disable-chroot \
diff --git a/tests/store.scm b/tests/store.scm
index 518750d26a..2b14a4af0a 100644
--- a/tests/store.scm
+++ b/tests/store.scm
@@ -18,6 +18,7 @@
(define-module (test-store)
#:use-module (guix tests)
+ #:use-module (guix config)
#:use-module (guix store)
#:use-module (guix utils)
#:use-module (guix monads)
@@ -102,7 +103,17 @@
"/283gqy39v3g9dxjy26rynl0zls82fmcg-guile-2.0.7/bin/guile")))
(not (direct-store-path? (%store-prefix)))))
-(test-skip (if %store 0 13))
+(test-skip (if %store 0 15))
+
+(test-equal "profiles/per-user exists and is not writable"
+ #o755
+ (stat:perms (stat (string-append %state-directory "/profiles/per-user"))))
+
+(test-equal "profiles/per-user/$USER exists"
+ (list (getuid) #o755)
+ (let ((s (stat (string-append %state-directory "/profiles/per-user/"
+ (passwd:name (getpwuid (getuid)))))))
+ (list (stat:uid s) (stat:perms s))))
(test-equal "add-data-to-store"
#vu8(1 2 3 4 5)
--
cgit 1.4.1
From af73beeba1fc9effab60b11aea1d7ed8c24e7367 Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Mon, 4 Nov 2019 22:49:49 +0100
Subject: daemon: Unregister build hook from the worker's children upon build
failure.
Fixes <https://bugs.gnu.org/38062>.
This is a followup to ada9a19a2dca74feafcf24df1152abd685d4142f.
* nix/libstore/build.cc (DerivationGoal::killChild): Add conditional
call to 'worker.childTerminated' for 'hook->pid'.
---
nix/libstore/build.cc | 5 +++++
1 file changed, 5 insertions(+)
(limited to 'nix/libstore')
diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
index 74cd05417f..c4fc87746a 100644
--- a/nix/libstore/build.cc
+++ b/nix/libstore/build.cc
@@ -947,6 +947,11 @@ void DerivationGoal::killChild()
assert(pid == -1);
}
+ /* If there was a build hook involved, remove it from the worker's
+ children. */
+ if (hook && hook->pid != -1) {
+ worker.childTerminated(hook->pid);
+ }
hook.reset();
}
--
cgit 1.4.1
From 298fb2907e3f432cea7dee9f58e89ab8d9dbd56f Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Wed, 13 Nov 2019 11:44:34 +0100
Subject: daemon: Don't include <linux/fs.h>.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
As of GNU libc 2.29, <sys/mount.h> declares all the constants and
functions we need, so there's no use in including <linux/fs.h> anymore.
This silences annoying warnings like this one:
In file included from nix/libstore/local-store.cc:32:0:
/gnu/store/…-linux-libre-headers-4.19.56/include/linux/fs.h:108:0: warning: "MS_RDONLY" redefined
#define MS_RDONLY 1 /* Mount read-only */
In file included from nix/libstore/local-store.cc:28:0:
/gnu/store/…-glibc-2.29/include/sys/mount.h:36:0: note: this is the location of the previous definition
#define MS_RDONLY MS_RDONLY
* config-daemon.ac: Remove check for <linux/fs.h>.
* nix/libstore/build.cc: Remove conditional inclusion of <linux/fs.h>.
* nix/libstore/local-store.cc: Remove "#if HAVE_LINUX_FS_H" and
inclusion of <linux/fs.h>.
---
config-daemon.ac | 3 ---
nix/libstore/build.cc | 5 -----
nix/libstore/local-store.cc | 3 ---
3 files changed, 11 deletions(-)
(limited to 'nix/libstore')
diff --git a/config-daemon.ac b/config-daemon.ac
index bf94815966..848e1e58da 100644
--- a/config-daemon.ac
+++ b/config-daemon.ac
@@ -115,9 +115,6 @@ if test "x$guix_build_daemon" = "xyes"; then
dnl to do i686-linux builds on x86_64-linux machines.
AC_CHECK_HEADERS([sys/personality.h])
- dnl Check for <linux/fs.h> (for immutable file support).
- AC_CHECK_HEADERS([linux/fs.h])
-
dnl Determine the appropriate default list of substitute URLs (GnuTLS
dnl is required so we can default to 'https'.)
guix_substitute_urls="https://ci.guix.gnu.org"
diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
index c4fc87746a..17e92c68a7 100644
--- a/nix/libstore/build.cc
+++ b/nix/libstore/build.cc
@@ -51,11 +51,6 @@
#include <sched.h>
#endif
-/* In GNU libc 2.11, <sys/mount.h> does not define `MS_PRIVATE', but
- <linux/fs.h> does. */
-#if !defined MS_PRIVATE && defined HAVE_LINUX_FS_H
-#include <linux/fs.h>
-#endif
#define CHROOT_ENABLED HAVE_CHROOT && HAVE_SYS_MOUNT_H && defined(MS_BIND) && defined(MS_PRIVATE) && defined(CLONE_NEWNS) && defined(SYS_pivot_root)
diff --git a/nix/libstore/local-store.cc b/nix/libstore/local-store.cc
index 3793382361..7a520925e5 100644
--- a/nix/libstore/local-store.cc
+++ b/nix/libstore/local-store.cc
@@ -28,11 +28,8 @@
#include <sys/mount.h>
#endif
-#if HAVE_LINUX_FS_H
-#include <linux/fs.h>
#include <sys/ioctl.h>
#include <errno.h>
-#endif
#include <sqlite3.h>
--
cgit 1.4.1