amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
guix-mirrors/tests
History
Ludovic Courtès ff5181e27e
daemon: Do not make chroot root directory read-only. 
Fixes <https://issues.guix.gnu.org/77570>.

Commit 40f69b586a made chroot root
directory read-only; as a consequence, build processes attempting to
write to the root directory would now get EROFS instead of EACCES.

It turns out that a number of test suites (Go, Ruby, SCons, Shepherd)
would fail because of this observable difference.

To restore previous behavior in build environments while still
preventing build processes from exposing their root directory to outside
processes, this patch (1) keeps the root writable but #o555 by default,
thereby restoring the EACCES behavior, and (2) ensures that the parent
of the chroot root directory is itself user-accessible only.

* nix/libstore/build.cc (class DerivationGoal)[chrootRootTop]: New
field.
(DerivationGoal::startBuilder): Initialize ‘chrootRootTop’ and make it
‘AutoDelete’.  Replace ‘mount’ call that made the root directory
read-only by a mere ‘chmod_’ call.
* tests/store.scm ("build root cannot be made world-readable"): Remove.
("writing to build root leads to EACCES"): New test.

Reported-by: Ada Stevenson <adanskana@gmail.com>
Reported-by: keinflue <keinflue@posteo.net>
Suggested-by: Reepca Russelstein <reepca@russelstein.xyz>
Change-Id: I5912e8b3b293f8242a010cfc79255fc981314445
2025-04-11 12:18:01 +02:00
..
keys tests: Ensure test OpenPGP keys never expire. 2022-05-18 23:20:21 +02:00
machine machine: hetzner: Fix deployment on smaller instances. 2025-02-28 23:03:36 +01:00
services services: configuration: Use transducers within serialize-configuration. 2023-10-07 12:41:05 -04:00
accounts.scm accounts: Add /etc/subid and /etc/subgid allocation logic. 2024-12-18 18:32:40 +01:00
base16.scm
base32.scm
base64.scm
boot-parameters.scm tests: Add test for menu-entry roundtrips as sexps. 2022-08-28 23:37:28 +02:00
bournish.scm
build-emacs-utils.scm tests: build-emacs-utils: Allow test to pass on Emacs 27 too. 2022-07-13 10:49:40 -04:00
build-utils.scm build: utils: Raise error in modify-phases upon missing key. 2024-08-31 10:42:06 +02:00
builders.scm git-download: Use “builtin:git-download” when available. 2023-09-26 17:36:58 +02:00
cache.scm cache: Avoid cache cleanup storms from concurrent processes. 2024-08-21 00:52:39 +02:00
challenge.scm
channels.scm channels: Adjust tests for new #:verify-certificate? parameter. 2024-12-30 11:01:54 +01:00
combinators.scm
composer.scm guix: import: Add composer importer. 2023-12-18 23:16:28 +01:00
containers.scm linux-container: 'container-excursion' forks to join the PID namespace. 2023-01-30 22:24:27 +01:00
cpan.scm tests: Ensure 'cpan' updater test does not access the network. 2023-06-09 14:19:14 +02:00
cpio.scm utils: Don’t re-export ‘call-with-temporary-output-file’. 2024-04-15 22:36:42 +02:00
cran.scm
crate.scm tests: crate: Add build dependency. 2025-02-09 18:20:41 +01:00
cve-sample.json
cve.scm
debug-link.scm
derivations.scm tests: Add missing derivation inputs. 2025-03-26 17:57:44 +01:00
discovery.scm
egg.scm utils: Don’t re-export ‘call-with-temporary-output-file’. 2024-04-15 22:36:42 +02:00
elm.scm tests: Adjust ‘elm’ importer test to expect inputs without labels. 2024-09-17 17:34:58 +02:00
elpa.scm tests: Ensure 'elpa' test does not access the network. 2023-06-09 14:19:14 +02:00
file-systems.scm
gem.scm refresh: Add support for partial target versions. 2025-02-28 13:36:44 +09:00
gexp.scm gexp: ‘local-file’ expands its argument only once. 2025-04-06 11:23:07 +02:00
git-authenticate.scm tests: Assume ‘git’ is always available. 2023-09-26 17:36:59 +02:00
git.scm git: Remove untracked files from cached checkouts. 2024-07-18 17:31:19 +02:00
glob.scm
gnu-maintenance.scm refresh: Add support for partial target versions. 2025-02-28 13:36:44 +09:00
go.scm tests: Fix the 'go-module->guix-package' test. 2024-11-17 20:32:50 +09:00
grafts.scm grafts: Fix corner case involving multiple-output derivations. 2023-10-28 00:17:23 +02:00
graph.scm tests: Adjust 'node-back-edges' test for 'bag' to system-dependent glibc. 2023-08-21 16:16:47 +02:00
gremlin.scm tests: Fix gremlin.scm for GCC 14 2024-11-12 23:40:39 +01:00
guix-archive.sh tests: Fix checks for expected failures. 2023-04-21 16:16:38 +02:00
guix-authenticate.sh
guix-build-branch.sh tests: Fix checks for expected failures. 2023-04-21 16:16:38 +02:00
guix-build.sh tests: Adjust ‘guix build -P1’ test to new packages. 2024-12-02 23:18:52 +01:00
guix-daemon.sh tests: Fix checks for expected failures. 2023-04-21 16:16:38 +02:00
guix-describe.sh guix describe: Adjust test to latest changes. 2022-09-04 23:10:10 +02:00
guix-download.sh tests: Remove interference from the user’s Git config. 2024-05-13 16:31:35 +02:00
guix-environment-container.sh tests: Adjust to cope with glibc graft. 2023-10-28 01:30:37 +02:00
guix-environment.sh tests: Fix checks for expected failures. 2023-04-21 16:16:38 +02:00
guix-gc.sh tests: Fix checks for expected failures. 2023-04-21 16:16:38 +02:00
guix-git-authenticate.sh git authenticate: Record introduction and keyring in ‘.git/config’. 2024-05-01 17:26:18 +02:00
guix-graph.sh tests: Adjust ‘guix graph --path’ test to latest Emacs changes. 2023-09-26 17:36:57 +02:00
guix-hash.sh tests: Fix checks for expected failures. 2023-04-21 16:16:38 +02:00
guix-home.sh tests: guix-home: Fix description search for home-mcron. 2023-08-25 17:45:47 +02:00
guix-lint.sh
guix-locate.sh locate: Accept ‘--clear’ without additional arguments. 2023-11-15 18:29:37 +01:00
guix-pack-localstatedir.sh
guix-pack-relocatable.sh tests: Fix checks for expected failures. 2023-04-21 16:16:38 +02:00
guix-pack.sh tests: Adjust to cope with glibc graft. 2023-10-28 01:30:37 +02:00
guix-package-aliases.sh tests: Relax two tests that expected a non-zero error code. 2023-04-21 17:09:46 +02:00
guix-package-net.sh tests: Fix checks for expected failures. 2023-04-21 16:16:38 +02:00
guix-package.sh tests: guix-package: Fix guix package --search test. 2024-12-14 00:34:28 +01:00
guix-refresh.sh refresh: Add support for partial target versions. 2025-02-28 13:36:44 +09:00
guix-repl.sh
guix-shell-export-manifest.sh tests: guix-shell-export-manifest: Fix pyproject-build-system python test. 2024-12-14 01:28:49 +01:00
guix-shell.sh shell: ‘--development’ honors ‘--system’. 2023-12-06 23:50:04 +01:00
guix-style.sh scripts: style: Sort more kinds of package definitions. 2025-02-09 18:20:41 +01:00
guix-system.sh tests: Adjust ‘guix system’ test for EFI bootloader. 2024-06-13 22:34:00 +02:00
guix-time-machine.sh time-machine: Allow time travels to v0.16.0. 2024-03-11 22:12:34 +01:00
hackage.scm guix: import: Fix parsing Cabal files that import many stanzas 2023-12-03 16:15:29 +01:00
hexpm.scm import: utils: End package descriptions with period. 2024-06-03 22:58:53 +02:00
home-import.scm home: Define ‘%base-home-services’. 2025-01-16 22:32:11 +01:00
home-services.scm home: services: Add 'lookup-home-service-types' procedure. 2022-06-04 12:04:24 +02:00
http-client.scm
import-git.scm refresh: Add support for partial target versions. 2025-02-28 13:36:44 +09:00
import-github.scm upstream-updater: Rename record field. 2022-12-26 17:15:06 +01:00
import-utils.scm import/utils: Wrap terms starting with @ in descriptions. 2025-02-11 22:13:10 +01:00
inferior.scm guix: inferior: Fix the behaviour of open-inferior #:error-port. 2022-07-08 13:51:34 +01:00
ipfs.scm
lint.scm lint: Adjust ‘check-inputs-should-not-be-an-input-at-all’ tests for Python. 2025-01-24 23:36:04 +01:00
minetest.scm import: utils: End package descriptions with period. 2024-06-03 22:58:53 +02:00
modules.scm build-systems: gnu: Export %default-gnu-imported-modules and %default-gnu-modules. 2024-08-31 10:42:16 +02:00
monads.scm gexp: ‘with-parameters’ properly handles ‘%graft?’. 2025-03-05 00:28:49 +01:00
nar.scm
networking.scm services: ntp-service-type: Remove deprecated server as strings support. 2023-04-07 17:56:07 +02:00
npm-binary.scm import: Add binary npm importer. 2024-05-19 16:05:00 +02:00
offload.scm
opam.scm utils: Don’t re-export ‘call-with-temporary-output-file’. 2024-04-15 22:36:42 +02:00
openpgp.scm
pack.scm tests: pack: Improve AppImage tests. 2025-01-24 23:52:49 +01:00
packages.scm tests: Add missing derivation inputs. 2025-03-26 17:57:44 +01:00
pki.scm pki: 'public-keys->acl' deduplicates entries. 2022-12-12 15:03:05 +01:00
print.scm tests: Make ‘tests/print.scm’ deterministic. 2024-09-28 00:20:18 +02:00
processes.scm tests: Run in a chroot and unprivileged user namespaces. 2025-03-26 17:57:44 +01:00
profiles.scm profiles: Use C.UTF-8 instead of ‘glibc-utf8-locales’ where possible. 2024-08-31 10:42:49 +02:00
publish.scm tests: publish: Constrain guix-publish thread use. 2025-03-03 20:14:56 +00:00
pypi.scm import: pypi: Adjust test to new setuptools and wheel requirements. 2024-12-30 11:01:54 +01:00
read-print.scm read-print: Adjust test for keyword alignment. 2025-02-24 23:33:51 +01:00
records.scm tests: records: Add test for ellipsis in body. 2023-06-04 10:59:28 +02:00
rpm.scm pack: Add RPM format. 2023-02-19 21:13:23 -05:00
scripts.scm
search-paths.scm
services.scm services: ‘shepherd-service-upgrade’ handles canonical name changes. 2025-03-05 00:28:49 +01:00
sets.scm
size.scm
status.scm status: Relay "updating substitutes" messages. 2022-06-26 23:19:14 +02:00
store-database.scm utils: Don’t re-export ‘call-with-temporary-output-file’. 2024-04-15 22:36:42 +02:00
store-deadlock.scm daemon: Explicitly unlock output path in the has-become-valid case. 2024-12-30 00:51:57 +01:00
store-deduplication.scm deduplication: Detect holes and create sparse files. 2024-05-25 16:44:42 +02:00
store-roots.scm tests: store-roots: Remove bogus test. 2023-08-18 16:10:08 +02:00
store.scm daemon: Do not make chroot root directory read-only. 2025-04-11 12:18:01 +02:00
style.scm style: Fix conversion of ‘unquote-splicing’ by ‘-S arguments’. 2024-06-03 22:58:52 +02:00
substitute.scm substitute: Do not exit when failing to find a nar. 2023-12-04 22:26:36 +01:00
swh.scm swh: ‘lookup-origin-revision’ handles branches pointing to directories. 2024-03-09 18:55:49 +01:00
syscalls.scm syscalls: Remove wrong syscall ID for ‘kexec_load_file’ on i686. 2025-01-07 17:44:12 +01:00
system.scm Remove now unnecessary uses of (guix grafts). 2022-10-22 01:46:55 +02:00
test.drv
texlive.scm guix: import texlive: Add UPSTREAM-NAME property when necessary. 2024-08-31 10:45:37 +02:00
toml.scm guix: toml: Fix evaluation of empty inline tables. 2025-01-20 21:37:36 +01:00
transformations.scm transformations: ‘package-with-upstream-version’ can preserve patches. 2024-12-01 20:14:16 +01:00
ui.scm ui: Take package upstream name into account when searching. 2022-12-13 17:46:39 +01:00
union.scm
upstream.scm upstream: Define ‘preferred-upstream-source’. 2025-01-08 23:03:04 +01:00
utils.scm utils: Don’t re-export ‘call-with-temporary-output-file’. 2024-04-15 22:36:42 +02:00
uuid.scm
workers.scm