GNU bug report logs -
#38800
Non-existent setuid programs make "guix system reconfigure" break mid-generation-switch
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 38800 in the body.
You can then email your comments to 38800 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#38800; Package
guix.
(Sun, 29 Dec 2019 22:07:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Jakub Kądziołka <kuba <at> kadziolka.net>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Sun, 29 Dec 2019 22:07:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Steps to reproduce:
0. [IMPORTANT] Make sure you will be able to reconfigure your system
when all setuid binaries stop working (this includes sudo, which
makes this, IMHO, a serious bug).
Namely, either make sure you can log in as root, or keep a "sudo -s"
shell open. The latter is slightly more dangerous in the event of a
power outage.
I would also recommend running "guix pull" in this recovery shell, as
a root login shell will use root's profile, and not your own.
1. Add a non-existant file to your system configuration's
setuid-programs. For example,
(setuid-programs (cons*
#~(string-append #$bash "/bin/enoent")
%setuid-programs))
2. Reconfigure your system.
$ sudo guix system reconfigure /etc/config.scm
Actual behavior:
activating system...
substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
building /gnu/store/0ay9wd3wz4x0f5mgmbdfs72w98qvm68z-switch-to-system.scm.drv...
making '/gnu/store/7vwa2xd378fgwrkgwif7pi6ymshsf2jc-system' the current system...
setting up setuid programs in '/run/setuid-programs'...
guix system: error: copy-file: No such file or directory: "/run/setuid-programs/enoent"
$ sudoedit /etc/config.scm
-bash: /run/setuid-programs/sudoedit: No such file or directory
$ ls -l /run/setuid-programs
total 0
Expected behavior: the running system is left untouched.
/run/setuid-programs is still populated with the previous generation's
setuid programs. The error message says that the source of the copy-file
doesn't exist, not the destination. (While the latter is technically
correct, it's utterly unhelpful)
3. [OPTIONAL] Run a rollback.
# guix system roll-back
Expected behavior: /run/setuid-programs gets populated again.
Actual behavior: /run/setuid-programs is still empty.
(Is this a separate bug with roll-back not restoring setuid-programs? No
idea, didn't test)
4. Remove the changes made to the configuration and run reconfigure
again.
# guix system reconfigure /etc/config.scm
Expected & actual behavior: system is back in (AFAIK) a well-defined
state.
Regards,
Jakub Kądziołka
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility.
(Thu, 02 Jan 2020 18:46:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Jakub Kądziołka <kuba <at> kadziolka.net>:
bug acknowledged by developer.
(Thu, 02 Jan 2020 18:46:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 38800-done <at> debbugs.gnu.org (full text, mbox):
Hello,
Jakub Kądziołka <kuba <at> kadziolka.net> skribis:
> Steps to reproduce:
>
> 0. [IMPORTANT] Make sure you will be able to reconfigure your system
> when all setuid binaries stop working (this includes sudo, which
> makes this, IMHO, a serious bug).
>
> Namely, either make sure you can log in as root, or keep a "sudo -s"
> shell open. The latter is slightly more dangerous in the event of a
> power outage.
>
> I would also recommend running "guix pull" in this recovery shell, as
> a root login shell will use root's profile, and not your own.
> 1. Add a non-existant file to your system configuration's
> setuid-programs. For example,
>
> (setuid-programs (cons*
> #~(string-append #$bash "/bin/enoent")
> %setuid-programs))
>
> 2. Reconfigure your system.
>
> $ sudo guix system reconfigure /etc/config.scm
>
> Actual behavior:
>
> activating system...
> substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
> building /gnu/store/0ay9wd3wz4x0f5mgmbdfs72w98qvm68z-switch-to-system.scm.drv...
> making '/gnu/store/7vwa2xd378fgwrkgwif7pi6ymshsf2jc-system' the current system...
> setting up setuid programs in '/run/setuid-programs'...
> guix system: error: copy-file: No such file or directory: "/run/setuid-programs/enoent"
> $ sudoedit /etc/config.scm
> -bash: /run/setuid-programs/sudoedit: No such file or directory
> $ ls -l /run/setuid-programs
> total 0
Good catch, I believe commit 7c4e4bac876190eae90635ba7d7f59892c31bcc6
fixes it.
> 3. [OPTIONAL] Run a rollback.
>
> # guix system roll-back
>
> Expected behavior: /run/setuid-programs gets populated again.
> Actual behavior: /run/setuid-programs is still empty.
>
> (Is this a separate bug with roll-back not restoring setuid-programs? No
> idea, didn't test)
It looks like a separate bug, yes. Could you report it separately?
Thanks!
Ludo’.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Fri, 31 Jan 2020 12:24:03 GMT)
Full text and
rfc822 format available.
This bug report was last modified 5 years and 43 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.