[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
05/10: pull: Fail if cache directory ownership is suspect.
From: |
guix-commits |
Subject: |
05/10: pull: Fail if cache directory ownership is suspect. |
Date: |
Fri, 10 Jun 2022 22:26:16 -0400 (EDT) |
nckx pushed a commit to branch master
in repository guix.
commit 7c52cad0464175370c44bd4695e4c01a62b8268f
Author: Tobias Geerinckx-Rice <me@tobias.gr>
AuthorDate: Sun Jun 5 02:00:05 2022 +0200
pull: Fail if cache directory ownership is suspect.
New users frequently run ‘sudo guix pull’ which breaks subsequent
unprivileged ‘guix pull’s until manually fixed with chmod -R.
* guix/scripts/pull.scm (guix-pull): Fail if the cache directory (or
its innermost extant parent) is not owned by the user pulling the Guix,
with a hint about ‘sudo -i’.
---
guix/scripts/pull.scm | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/guix/scripts/pull.scm b/guix/scripts/pull.scm
index f01764637b..24151f7ed3 100644
--- a/guix/scripts/pull.scm
+++ b/guix/scripts/pull.scm
@@ -49,6 +49,7 @@
#:autoload (gnu packages bootstrap) (%bootstrap-guile)
#:autoload (gnu packages certs) (le-certs)
#:use-module (srfi srfi-1)
+ #:use-module (srfi srfi-11)
#:use-module (srfi srfi-26)
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-35)
@@ -810,6 +811,33 @@ Use '~/.config/guix/channels.scm' instead."))
((assoc-ref opts 'generation)
(process-generation-change opts profile))
(else
+ ;; Bail out early when users accidentally run, e.g., ’sudo guix pull’.
+ ;; If CACHE-DIRECTORY doesn't yet exist, test where it would end up.
+ (let-values (((stats dir) (let loop ((dir (cache-directory)))
+ (let ((stats (stat dir #f)))
+ (if stats
+ (values stats dir)
+ (loop (dirname dir)))))))
+ (let ((dir:uid (stat:uid stats))
+ (our:uid (getuid)))
+ (unless (= dir:uid our:uid)
+ (let* ((user (lambda (uid) ; handle the unthinkable invalid
UID
+ (or (false-if-exception (passwd:name
+ (getpwuid uid)))
+ uid)))
+ (our:user (user our:uid))
+ (dir:user (user dir:uid)))
+ (raise
+ (condition
+ (&message
+ (message
+ (format #f (G_ "directory ‘~a’ is not owned by user ~a")
+ dir dir:user)))
+ (&fix-hint
+ (hint
+ (format #f (G_ "You should run this command as ~a; use
‘sudo -i’ or equivalent if you really want to pull as ~a.")
+ dir:user our:user)))))))))
+
(with-store store
(with-status-verbosity (assoc-ref opts 'verbosity)
(parameterize ((%current-system (assoc-ref opts 'system))
- branch master updated (2f3dec3de7 -> b8edfdb008), guix-commits, 2022/06/10
- 03/10: gnu: c-blosc: Remove bundled libraries from source., guix-commits, 2022/06/10
- 01/10: gnu: c-blosc: Update to 1.21.1., guix-commits, 2022/06/10
- 06/10: gnu: oneko: Remove trailing #t from phases., guix-commits, 2022/06/10
- 04/10: gnu: c-blosc: Remove input labels., guix-commits, 2022/06/10
- 09/10: gnu: galera: Update to 26.4.12., guix-commits, 2022/06/10
- 05/10: pull: Fail if cache directory ownership is suspect.,
guix-commits <=
- 07/10: gnu: oneko: Edit description., guix-commits, 2022/06/10
- 08/10: gnu: Add nmon., guix-commits, 2022/06/10
- 02/10: gnu: c-blosc: Omit static library., guix-commits, 2022/06/10
- 10/10: gnu: qtox: Update to 1.17.6., guix-commits, 2022/06/10