gnu: network-manager: Remove ownership check for plugins.

Fixes <https://issues.guix.gnu.org/78047>. Fixes a bug on Guix System whereby, when ‘guix-configuration’ has (privileged? #f), NetworkManager would fail to start due to plugins not being owned by ‘root’. * gnu/packages/patches/network-manager-plugin-ownership.patch: New file. * gnu/packages/gnome.scm (network-manager)[source]: Use it. * gnu/local.mk (dist_patch_DATA): Add it. Reported-by: Rodion Goritskov <rodion@goritskov.com> Change-Id: I9fff098788e79d1f00c9605a6067b16078ea0396
2025-10-02 02:15:12 +00:00 · 2025-06-23 15:15:42 +02:00 · 2025-06-23 15:15:42 +02:00 · 436a00be92
commit 436a00be92
parent 45ece3847a
3 changed files with 32 additions and 2 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -1929,6 +1929,7 @@ dist_patch_DATA =						\
  %D%/packages/patches/nhc98-c-update.patch			\
  %D%/packages/patches/nix-dont-build-html-doc.diff		\
  %D%/packages/patches/nfs4-acl-tools-0.3.7-fixpaths.patch	\
+  %D%/packages/patches/network-manager-plugin-ownership.patch	\
  %D%/packages/patches/network-manager-plugin-path.patch	\
  %D%/packages/patches/newlib-getentropy.patch			\
  %D%/packages/patches/nginx-socket-cloexec.patch		\
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2014-2023 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014-2023, 2025 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
 ;;; Copyright © 2014, 2016, 2020 Eric Bavier <bavier@posteo.net>
 ;;; Copyright © 2014, 2015 Federico Beffa <beffa@fbengineering.ch>
@ -8551,7 +8551,9 @@ users.")
                                        "NetworkManager/NetworkManager"))
                    (commit version)))
              (file-name (git-file-name name version))
-              (patches (search-patches "network-manager-plugin-path.patch"))
+              (patches (search-patches
+                        "network-manager-plugin-ownership.patch"
+                        "network-manager-plugin-path.patch"))
              (sha256
               (base32
                "0fx3yvqrwc9fqphhwvchxls0lgizlz7bxww3riijlvx3pkypqbyr"))))
--- a/gnu/packages/patches/network-manager-plugin-ownership.patch
+++ b/gnu/packages/patches/network-manager-plugin-ownership.patch
@ -0,0 +1,27 @@
+NetworkManager insists that plugins be root-owned.  This is the case when running
+guix-daemon with root privileged, but not when running it unprivileged (in that case,
+file in the store belong to the 'guix-daemon' user.)
+
+Skip that test entirely since it doesn't provide any additional safety on Guix System.
+
+See <https://issues.guix.gnu.org/78047>.
+
+diff --git a/src/core/nm-core-utils.c b/src/core/nm-core-utils.c
+index 895a991..738f8c7 100644
+--- a/src/core/nm-core-utils.c
+++ b/src/core/nm-core-utils.c
+@@ -4319,14 +4319,6 @@ nm_utils_validate_plugin(const char *path, struct stat *st, GError **error)
+         return FALSE;
+     }
+ 
+-    if (st->st_uid != 0) {
+-        g_set_error_literal(error,
+-                            NM_UTILS_ERROR,
+-                            NM_UTILS_ERROR_UNKNOWN,
+-                            "file has invalid owner (should be root)");
+-        return FALSE;
+-    }
+-
+     if (st->st_mode & (S_IWGRP | S_IWOTH | S_ISUID)) {
+         g_set_error_literal(error,
+                             NM_UTILS_ERROR,