amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
guix-mirrors/guix/scripts
History
Reepca Russelstein 9202921e81
perform-download: Use (ice-9 sandbox) for mirrors. 
"guix perform-download" is used to implement the daemon's "download" and
"git-download" builtin builders.  Because these are builtins, it runs without
any additional isolation beyond merely running as a build user.  In such a
context, allowing arbitrary user-supplied code to be evaluated will easily
lead to the build user being taken over, which can then be used to corrupt
future builds, enable exploitation of certain vulnerabilities, and in the case
of the rootless daemon completely take over guix-daemon.

Use (ice-9 sandbox) to ensure that only safe bindings are available during the
evaluation of the content-addressed-mirrors file.

* guix/perform-download.scm (%safe-bindings, %sandbox-module): new variables.
  (syntax-noop): new syntax.
  (eval-content-addressed-mirrors, assert-store-file,
   call-with-input-file/no-symlinks): new procedures.
  (perform-download): use assert-store-file to ensure files are in the store
  before being read.  Use call-with-input-file/no-symlinks for opening
  untrusted files.  Use eval-content-addressed-mirrors to evaluate the
  content-addressed-mirrors file.

Change-Id: I8ed27a95d84dbcc7d72d0d75f172d113f8be6c79
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2025-09-01 16:13:29 +02:00
..
container container: Correctly report exit status. 2023-01-30 22:24:27 +01:00
git git authenticate: Create Git hooks directory. 2025-06-30 14:30:40 +02:00
home home: Define ‘%base-home-services’. 2025-01-16 22:32:11 +01:00
import import: crate: Stop importing dependencies from crates.io. 2025-08-21 19:09:04 +08:00
system guix: scripts: reconfigure: Export running-services variable. 2025-04-01 14:49:34 +02:00
archive.scm pki: Always make /etc/guix/acl world-readable. 2025-07-16 23:50:38 +02:00
authenticate.scm
build.scm guix build: Honor '--system' with '--manifest'. 2025-03-02 16:46:59 +02:00
challenge.scm challenge: Use the same substitute URLs as guix-daemon. 2023-12-11 23:18:57 +01:00
container.scm scripts: container: Handle EPIPE errors when displaying help. 2023-10-17 14:51:54 +02:00
copy.scm scripts: copy: Handle EPIPE errors when displaying help. 2023-10-17 14:51:55 +02:00
deploy.scm deploy: Add --roll-back option. 2025-03-01 00:18:38 +00:00
describe.scm describe: Recognize git.guix.gnu.org for commit hyperlinks. 2025-05-23 11:17:59 +02:00
discover.scm guix: Avoid ‘fdatasync’ call for caches and regular files. 2025-04-14 17:31:50 +02:00
download.scm guix download: Honor ‘--no-check-certificate’ for ‘--git’. 2024-12-25 23:51:10 +01:00
edit.scm scripts: edit: Fix relative file-name with 'load-path' option. 2023-11-05 16:11:17 +01:00
environment.scm environment: Set LANG by default. 2025-06-03 19:28:35 +02:00
gc.scm guix gc: Adjust size suffix based on the amount of data. 2025-07-28 13:57:53 +03:00
git.scm scripts: git: Handle EPIPE errors when displaying help. 2023-10-17 14:51:57 +02:00
graph.scm packages: Factorize ‘all-packages’. 2024-12-01 20:14:15 +01:00
hash.scm scripts: hash: Handle repository with different VCS folders. 2024-07-23 16:27:27 +02:00
home.scm environment, home: Make /tmp writable. 2025-05-06 12:22:34 +02:00
import.scm scripts: import: Skip existing definition for ‘--insert’ option. 2025-08-21 19:08:19 +08:00
install.scm scripts: install: Handle EPIPE errors when displaying help. 2023-10-17 14:51:59 +02:00
lint.scm scripts: lint: Handle EPIPE errors when displaying help. 2023-10-17 14:51:59 +02:00
locate.scm locate: Request writable db for --clear. 2025-04-16 18:20:44 +02:00
offload.scm guix offload: Adjust size suffix based on amount of data. 2025-07-28 13:57:56 +03:00
pack.scm pack: Autoload all the (gnu packages …) modules. 2025-07-09 11:53:23 +02:00
package.scm scripts: package: Handle EPIPE errors when displaying help. 2023-10-17 14:52:01 +02:00
perform-download.scm perform-download: Use (ice-9 sandbox) for mirrors. 2025-09-01 16:13:29 +02:00
processes.scm scripts: processes: Handle EPIPE errors when displaying help. 2023-10-17 14:52:01 +02:00
publish.scm publish: Prevent publication of non-substitutable derivation outputs. 2025-06-06 18:41:19 +02:00
pull.scm pull: Add ‘--no-check-certificate’. 2024-12-25 23:51:10 +01:00
refresh.scm refresh: Allow specifying a partial version via the version specification. 2025-05-19 10:07:24 +09:00
remove.scm scripts: remove: Handle EPIPE errors when displaying help. 2023-10-17 14:52:02 +02:00
repl.scm scripts: repl: Handle EPIPE errors when displaying help. 2023-10-17 14:52:03 +02:00
search.scm scripts: search: Handle EPIPE errors when displaying help. 2023-10-17 14:52:03 +02:00
shell.scm shell: Enable caching when using deterministic package transformations. 2024-10-22 00:27:49 +02:00
show.scm scripts: show: Handle EPIPE errors when displaying help. 2023-10-17 14:52:04 +02:00
size.scm scripts: size: Fix guix size with --system argument. 2024-01-12 17:26:31 +01:00
style.scm guix: Avoid ‘fdatasync’ call for caches and regular files. 2025-04-14 17:31:50 +02:00
substitute.scm scripts/substitute: Refine 'updating substitutes' message. 2024-12-18 16:27:09 +09:00
system.scm mapped-devices: Add ‘arguments’ field. 2025-07-18 00:57:25 +02:00
time-machine.scm time-machine: Remove unused binding from #:select. 2025-02-24 23:33:51 +01:00
upgrade.scm scripts: upgrade: Handle EPIPE errors when displaying help. 2023-10-17 14:52:06 +02:00
weather.scm weather: Reword the help message for the expression flag. 2024-12-23 20:45:32 +01:00