amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

daemon: Use the guest GID in /etc/group.

Browse source 
Partly fixes <https://issues.guix.gnu.org/77862>.

Fixes a bug whereby, when running guix-daemon unprivileged, /etc/group
would contain the wrong GID for the “nixbld” group.  This inconsistency
would lead to failures in the Coreutils test suite, for instance.

* nix/libstore/build.cc (DerivationGoal::startBuilder): Use ‘guestGID’
when writing /etc/group.
* tests/store.scm ("/etc/passwd and /etc/group"): New test.

Reported-by: keinflue <keinflue@posteo.net>
Change-Id: I739bc96c4c935fd9015a45e2bfe5b3e3f90554a9
This commit is contained in:
Ludovic Courtès 2025-04-25 20:17:17 +02:00
parent 5529636006
commit 0d3bc50b0c
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
2 changed files with 23 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nix/libstore/build.cc
View file

@ -1854,7 +1854,7 @@ void DerivationGoal::startBuilder()
view of the system (e.g., "id -gn"). */ view of the system (e.g., "id -gn"). */
writeFile(chrootRootDir + "/etc/group", writeFile(chrootRootDir + "/etc/group",
(format("nixbld:!:%1%:\n") (format("nixbld:!:%1%:\n")
% (buildUser.enabled() ? buildUser.getGID() : getgid())).str()); % (buildUser.enabled() ? buildUser.getGID() : guestGID)).str());
/* Create /etc/hosts with localhost entry. */ /* Create /etc/hosts with localhost entry. */
if (!fixedOutput) if (!fixedOutput)

22
tests/store.scm
View file

@ -443,6 +443,28 @@
(and (build-derivations %store (list d)) (and (build-derivations %store (list d))
(call-with-input-file o get-string-all)))) (call-with-input-file o get-string-all))))
(unless (unprivileged-user-namespace-supported?)
(test-skip 1))
(test-equal "/etc/passwd and /etc/group"
'((name "nixbld")
(uid 30001)
(gid 30000)
(group-name "nixbld"))
(let ((d (build-expression->derivation
%store "passwd-group-check"
`(call-with-output-file %output
(lambda (port)
',(gettimeofday)
(let ((pw (getpwuid (getuid)))
(gr (getgrgid (getgid))))
(write `((name ,(passwd:name pw))
(uid ,(passwd:uid pw))
(gid ,(passwd:gid pw))
(group-name ,(group:name gr)))
port)))))))
(build-derivations %store (list d))
(call-with-input-file (derivation->output-path d) read)))
(unless (unprivileged-user-namespace-supported?) (unless (unprivileged-user-namespace-supported?)
(test-skip 1)) (test-skip 1))
(test-equal "inputs are read-only" (test-equal "inputs are read-only"