[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
|
From: |
Ludovic Courtès |
|
Date: |
Tue, 28 Nov 2023 10:26:20 -0500 (EST) |
branch: master
commit 3a6abc17f904f38098d3ab08e9d82de2e821d348
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Mon Nov 27 15:26:43 2023 +0100
remote-worker: Add ‘--user’.
* src/cuirass/scripts/remote-worker.scm (show-help, %options): Add ‘--user’.
(cuirass-remote-worker): Honor it.
* doc/cuirass.texi (Invocation): Document it.
---
doc/cuirass.texi | 4 ++++
src/cuirass/scripts/remote-worker.scm | 13 +++++++++++++
2 files changed, 17 insertions(+)
diff --git a/doc/cuirass.texi b/doc/cuirass.texi
index 5b52eaa..62f0a14 100644
--- a/doc/cuirass.texi
+++ b/doc/cuirass.texi
@@ -741,6 +741,10 @@ The list of URLs where to look for substitutes by default.
Use the specific @var{file}s as the public/private key pair used to sign
the store items being published.
+@item --user=@var{user}
+Change privileges to @var{user} as soon as possible---i.e., once the
+signing key has been read.
+
@item --version
@itemx -V
Display the actual version of @code{cuirass}.
diff --git a/src/cuirass/scripts/remote-worker.scm
b/src/cuirass/scripts/remote-worker.scm
index 8fa58b2..c34456c 100644
--- a/src/cuirass/scripts/remote-worker.scm
+++ b/src/cuirass/scripts/remote-worker.scm
@@ -27,6 +27,7 @@
#:use-module (cuirass logging)
#:use-module (cuirass remote)
#:use-module (cuirass ui)
+ #:autoload (cuirass utils) (gather-user-privileges)
#:use-module (gcrypt pk-crypto)
#:use-module (guix avahi)
#:use-module (guix config)
@@ -96,6 +97,8 @@ Start a remote build worker.\n" (%program-name))
(display (G_ "
--substitute-urls=URLS
check for available substitutes at URLS"))
+ (display (G_ "
+ -u, --user=USER change privileges to USER as soon as possible"))
(display (G_ "
--public-key=FILE use FILE as the public key for signatures"))
(display (G_ "
@@ -116,6 +119,9 @@ Start a remote build worker.\n" (%program-name))
(option '(#\V "version") #f #f
(lambda _
(show-version-and-exit "cuirass remote-worker")))
+ (option '(#\u "user") #t #f
+ (lambda (opt name arg result)
+ (alist-cons 'user arg result)))
(option '(#\w "workers") #t #f
(lambda (opt name arg result)
(alist-cons 'workers (string->number* arg) result)))
@@ -463,6 +469,7 @@ exiting."
(server-address (assoc-ref opts 'server))
(systems (assoc-ref opts 'systems))
(urls (assoc-ref opts 'substitute-urls))
+ (user (assoc-ref opts 'user))
(public-key
(read-file-sexp
(assoc-ref opts 'public-key-file)))
@@ -470,6 +477,12 @@ exiting."
(read-file-sexp
(assoc-ref opts 'private-key-file))))
+ (when user
+ ;; Now that the private key has been read, drop privileges.
+ (gather-user-privileges user))
+ (when (zero? (getuid))
+ (warning (G_ "running with root privileges, which is not
recommended~%")))
+
;; Distinguish the worker's GC root directory so that, in case a
;; 'cuirass remote-server' process runs on the same machine as a worker,
;; the worker's doesn't end up deleting the server's GC roots.