ludo@HIDDEN (Ludovic Courtès)
to control <at> debbugs.gnu.org.
Full text available.Received: (at 30256) by debbugs.gnu.org; 3 Mar 2018 14:44:47 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 03 09:44:47 2018 Received: from localhost ([127.0.0.1]:42003 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1es8P1-0007U7-GM for submit <at> debbugs.gnu.org; Sat, 03 Mar 2018 09:44:47 -0500 Received: from hera.aquilenet.fr ([185.233.100.1]:52552) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1es8Oz-0007U0-V0 for 30256 <at> debbugs.gnu.org; Sat, 03 Mar 2018 09:44:46 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 5D1C5724F; Sat, 3 Mar 2018 15:44:45 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id USMfBOcra-o1; Sat, 3 Mar 2018 15:44:44 +0100 (CET) Received: from ribbon (unknown [IPv6:2a01:e0a:1d:7270:af76:b9b:ca24:c465]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 01F587127; Sat, 3 Mar 2018 15:44:43 +0100 (CET) From: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Mike Gerwitz <mtg@HIDDEN> Subject: Re: [bug#30256] [PATCH 3/3] scripts: environment: Add --no-cwd. References: <87vag2wopo.fsf@HIDDEN> <cover.1516937216.git.mtg@HIDDEN> <7bc71eaa3cff48ec7dc0d4fe406dde9482b716a9.1516937216.git.mtg@HIDDEN> <87tvtyhhnd.fsf@HIDDEN> <877equgxx7.fsf@HIDDEN> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 13 =?utf-8?Q?Vent=C3=B4se?= an 226 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Sat, 03 Mar 2018 15:44:43 +0100 In-Reply-To: <877equgxx7.fsf@HIDDEN> (Mike Gerwitz's message of "Fri, 02 Mar 2018 13:00:36 -0500") Message-ID: <87zi3p9q1w.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: 30256 Cc: 30256 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 1.0 (+) Hi Mike, Mike Gerwitz <mtg@HIDDEN> skribis: > Sorry I've been silent on the script you provided to me---between my GNU > volunteer work and preparing for my LP2018 talk, I've had no free time, > so I haven't even looked at it yet. After the conference I'll have the > time to collaborate a bit more. Sure, understood! > Also---I thought the decision was that this patchset was inappropriate > for `guix environment`; did I misinterpret? My initial reaction was that we shouldn=E2=80=99t stretch =E2=80=98guix env= ironment=E2=80=99 to do something that=E2=80=99s unrelated to environment management. However as I looked at your patches, I found that the additions you made are useful per se (for instance I=E2=80=99ve been wanting =E2=80=98--link-p= rofile=E2=80=99 on a couple of occasions for reasons like the one you gave, Fontconfig, etc.). And the patches had tests, documentation, and everything, so it seemed more beneficial to include them. :-) > I admit that I forgot some of the implementation details of my own > patch; I'd have to look at it in more detail. I'll consider it tonight > or this weekend. OK! > Thanks for taking a look at and applying these. If there are better > solutions, I'm fine with that---I just wanted a proof-of-concept to > start the discussion. Though, starting the discussion and then ducking > out for other obligations wasn't quite what I had in mind... Sure. I think the issue of least-authority execution of programs remains open anway. Do we want a =E2=80=98guix run=E2=80=99-like command? = Something in the shell, but which shell(s) then? Automatically-generated wrappers so we don=E2=80=99t depend on specific shells? Thanks, Ludo=E2=80=99.
guix-patches@HIDDEN:bug#30256; Package guix-patches.
Full text available.
Received: (at 30256) by debbugs.gnu.org; 2 Mar 2018 18:02:10 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 02 13:02:10 2018
Received: from localhost ([127.0.0.1]:41508 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1erp0U-00072f-BV
for submit <at> debbugs.gnu.org; Fri, 02 Mar 2018 13:02:10 -0500
Received: from eggs.gnu.org ([208.118.235.92]:50260)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <mtg@HIDDEN>) id 1erp0S-00072Q-Fw
for 30256 <at> debbugs.gnu.org; Fri, 02 Mar 2018 13:02:08 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <mtg@HIDDEN>) id 1erp0M-0001Q7-0K
for 30256 <at> debbugs.gnu.org; Fri, 02 Mar 2018 13:02:03 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level:
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD
autolearn=disabled version=3.3.2
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:34154)
by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <mtg@HIDDEN>)
id 1erp0J-0001KH-JC; Fri, 02 Mar 2018 13:01:59 -0500
Received: from localhost ([::1]:37287 helo=mikegerwitz-pc.gerwitz.local)
by fencepost.gnu.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128)
(Exim 4.82) (envelope-from <mtg@HIDDEN>)
id 1erp0J-00046p-AK; Fri, 02 Mar 2018 13:01:59 -0500
From: Mike Gerwitz <mtg@HIDDEN>
To: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: [bug#30256] [PATCH 3/3] scripts: environment: Add --no-cwd.
In-Reply-To: <87tvtyhhnd.fsf@HIDDEN> ("Ludovic
\=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\=
\=\?utf-8\?Q\?s\?\= message of "Fri, 02 Mar 2018 11:54:30 +0100")
Date: Fri, 02 Mar 2018 13:00:36 -0500
Message-ID: <877equgxx7.fsf@HIDDEN>
References: <87vag2wopo.fsf@HIDDEN> <cover.1516937216.git.mtg@HIDDEN>
<7bc71eaa3cff48ec7dc0d4fe406dde9482b716a9.1516937216.git.mtg@HIDDEN>
<87tvtyhhnd.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)
OpenPGP: id=22175B02E626BC98D7C0C2E5F22BB8158EE30EAB
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2001:4830:134:3::e
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: 30256
Cc: 30256 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hey, Ludo!
Sorry I've been silent on the script you provided to me---between my GNU
volunteer work and preparing for my LP2018 talk, I've had no free time,
so I haven't even looked at it yet. After the conference I'll have the
time to collaborate a bit more.
Also---I thought the decision was that this patchset was inappropriate
for `guix environment`; did I misinterpret?
On Fri, Mar 02, 2018 at 11:54:30 +0100, Ludovic Court=C3=A8s wrote:
>> --- a/tests/guix-environment.sh
>> +++ b/tests/guix-environment.sh
>> @@ -84,6 +84,14 @@ HOME=3D"$tmpdir" guix environment --bootstrap --conta=
iner --user=3Dfoognu \
>> --share=3D"$tmpdir/umock" \
>> -- guile -c "$usertest"
>>=20=20
>> +# if not sharing CWD, chdir home
>> +(
>> + cd "$tmpdir" \
>> + && guix environment --bootstrap --container --no-cwd --user=3Dfoo \
>> + --ad-hoc guile-bootstrap --pure \
>> + -- /bin/sh -c 'test $(pwd) =3D=3D "/home/foo" -a ! -d '"$tm=
pdir"
>> +)
>> +
>
> This test would fail for me because my test store is at
> ~ludo/src/guix/test-tmp/store and my CWD is ~/src/guix. So when using
> both --user and --no-cwd, the effect is that
> ~ludo/src/guix/test-tmp/store is not available at all within the
> container, and thus execve("/bin/sh") fails with ENOENT:
>
> $ ./test-env guix environment --bootstrap --container --no-cwd --user=3Df=
oo --ad-hoc guile-bootstrap
> accepted connection from pid 29684, user ludo
> accepted connection from pid 29695, user ludo
> ./test-env: line 1: 29683 Terminated "/home/ludo/src/guix/pr=
e-inst-env" "/home/ludo/src/guix/guix-daemon" --disable-chroot --substitute=
-urls=3D"$GUIX_BINARY_SUBSTITUTE_URL"
> $ echo $?
> 1
>
> Thoughts?
I admit that I forgot some of the implementation details of my own
patch; I'd have to look at it in more detail. I'll consider it tonight
or this weekend.
Thanks for taking a look at and applying these. If there are better
solutions, I'm fine with that---I just wanted a proof-of-concept to
start the discussion. Though, starting the discussion and then ducking
out for other obligations wasn't quite what I had in mind...
=2D-=20
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJamZFFAAoJEIyRe39dxRuiRkkQAIqrzkOPRrupZM0e2+w8B207
2Yyd8Fh4kFnis7FBpDJ9kz+FOiD3mpWYzfmCFQr/Z7CrPYVevnNXqS9sYtibKeNu
laV9dHt9LtBtWAfmwLu+DAqpOD/SCGZn8fRhWJNBwvYmq+Ojqi2PvLfhsQlXStWL
XB4ccwkCd4H+Y9JxXetT3pLQw1xLDAHnphTshU9DQ+E4qfnA5uX/wclwMzwhuYT/
kFvP40fvXVrZMLieAaQNGFNnBfiQy4/iyoOCNWVkSZYUXXflzmROuTkXePxdTtXv
JRsOzgVrdQMZoxFhyuwOB+XSq4S9Q1MVE8jeZGZ2ndyx1LLLYlsm8xtcr1W2wG4B
xq573Sqn+vvciwhAaRYt9pTIAAPYY2eMJz55rI0TysNbgzwlfJJABqtaytn4NmTL
heBEAGPcjmDcWwMkfFz001jA64NuhS0oJMcq2TZ+Zlh8+OqBwO0Ywua1R+8BoprI
BRmfJwdTcIAvo1PSPnTcMSLeOBK5s69Y74ibAQlGVxlHpLeCVjC+O3SnuauYNGMg
UewzSKOUD0kZ7xePy1Oia0K2VfmNVAH91FivfFvlK2st9gpNVqwj1vT7SQhC2SaG
WtMeFA2++ZEnGdpZRg5OjWId9cn1BoJRQHBWfLlq1mBVWA7b+AvEhJgc24DNhz/c
gDSoXDkj+c00/ZRtx6CB
=JVGH
-----END PGP SIGNATURE-----
--=-=-=--
guix-patches@HIDDEN:bug#30256; Package guix-patches.
Full text available.
Received: (at 30256) by debbugs.gnu.org; 2 Mar 2018 10:54:34 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 02 05:54:34 2018
Received: from localhost ([127.0.0.1]:40152 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1eriKg-00017A-9F
for submit <at> debbugs.gnu.org; Fri, 02 Mar 2018 05:54:34 -0500
Received: from hera.aquilenet.fr ([185.233.100.1]:44794)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1eriKf-000172-4k
for 30256 <at> debbugs.gnu.org; Fri, 02 Mar 2018 05:54:33 -0500
Received: from localhost (localhost [127.0.0.1])
by hera.aquilenet.fr (Postfix) with ESMTP id 5A0F1119E6;
Fri, 2 Mar 2018 11:54:32 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at aquilenet.fr
Received: from hera.aquilenet.fr ([127.0.0.1])
by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id JkX9vQSvzbzc; Fri, 2 Mar 2018 11:54:31 +0100 (CET)
Received: from ribbon (unknown [193.50.110.134])
by hera.aquilenet.fr (Postfix) with ESMTPSA id 48B6940E;
Fri, 2 Mar 2018 11:54:31 +0100 (CET)
From: ludo@HIDDEN (Ludovic =?utf-8?Q?Court=C3=A8s?=)
To: Mike Gerwitz <mtg@HIDDEN>
Subject: Re: [bug#30256] [PATCH 3/3] scripts: environment: Add --no-cwd.
References: <87vag2wopo.fsf@HIDDEN> <cover.1516937216.git.mtg@HIDDEN>
<7bc71eaa3cff48ec7dc0d4fe406dde9482b716a9.1516937216.git.mtg@HIDDEN>
Date: Fri, 02 Mar 2018 11:54:30 +0100
In-Reply-To: <7bc71eaa3cff48ec7dc0d4fe406dde9482b716a9.1516937216.git.mtg@HIDDEN>
(Mike Gerwitz's message of "Thu, 25 Jan 2018 22:29:45 -0500")
Message-ID: <87tvtyhhnd.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: 30256
Cc: 30256 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.0 (+)
Mike Gerwitz <mtg@HIDDEN> skribis:
> * doc/guix.texi (Invoking guix environment): Add --no-cwd.
> * guix/scripts/environment.scm (show-help, %options): Add --no-cwd.
> (launch-environment/container): Add 'map-cwd?' param; only add mapping fo=
r cwd
> if #t. Only change to cwd within container if #t, otherwise home.
> (guix-environment): Error if --no-cwd without --container. Provide '(not
> no-cwd?)' to launch-environment/container as 'map-cwd?'.
> * tests/guix-environment.sh: Add test for no-cwd.
This one LGTM as well (with the test moved to
guix-environment-container.sh). There=E2=80=99s just a minor issue:
> --- a/tests/guix-environment.sh
> +++ b/tests/guix-environment.sh
> @@ -84,6 +84,14 @@ HOME=3D"$tmpdir" guix environment --bootstrap --contai=
ner --user=3Dfoognu \
> --share=3D"$tmpdir/umock" \
> -- guile -c "$usertest"
>=20=20
> +# if not sharing CWD, chdir home
> +(
> + cd "$tmpdir" \
> + && guix environment --bootstrap --container --no-cwd --user=3Dfoo \
> + --ad-hoc guile-bootstrap --pure \
> + -- /bin/sh -c 'test $(pwd) =3D=3D "/home/foo" -a ! -d '"$tmp=
dir"
> +)
> +
This test would fail for me because my test store is at
~ludo/src/guix/test-tmp/store and my CWD is ~/src/guix. So when using
both --user and --no-cwd, the effect is that
~ludo/src/guix/test-tmp/store is not available at all within the
container, and thus execve("/bin/sh") fails with ENOENT:
--8<---------------cut here---------------start------------->8---
$ ./test-env guix environment --bootstrap --container --no-cwd --user=3Dfoo=
--ad-hoc guile-bootstrap
accepted connection from pid 29684, user ludo
accepted connection from pid 29695, user ludo
./test-env: line 1: 29683 Terminated "/home/ludo/src/guix/pre-=
inst-env" "/home/ludo/src/guix/guix-daemon" --disable-chroot --substitute-u=
rls=3D"$GUIX_BINARY_SUBSTITUTE_URL"
$ echo $?
1
--8<---------------cut here---------------end--------------->8---
Thoughts?
TIA,
Ludo=E2=80=99.
guix-patches@HIDDEN:bug#30256; Package guix-patches.
Full text available.
Received: (at submit) by debbugs.gnu.org; 26 Jan 2018 03:30:50 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jan 25 22:30:50 2018
Received: from localhost ([127.0.0.1]:43001 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1eeuj4-000231-Bs
for submit <at> debbugs.gnu.org; Thu, 25 Jan 2018 22:30:50 -0500
Received: from eggs.gnu.org ([208.118.235.92]:53154)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <mtg@HIDDEN>) id 1eeuj0-000229-5p
for submit <at> debbugs.gnu.org; Thu, 25 Jan 2018 22:30:47 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <mtg@HIDDEN>) id 1eeuit-0002k4-HH
for submit <at> debbugs.gnu.org; Thu, 25 Jan 2018 22:30:41 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level:
X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_40,T_RP_MATCHES_RCVD
autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:34647)
by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
(Exim 4.71) (envelope-from <mtg@HIDDEN>) id 1eeuit-0002jr-CP
for submit <at> debbugs.gnu.org; Thu, 25 Jan 2018 22:30:39 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44112)
by lists.gnu.org with esmtp (Exim 4.71) (envelope-from <mtg@HIDDEN>)
id 1eeuir-0001c0-NZ
for guix-patches@HIDDEN; Thu, 25 Jan 2018 22:30:39 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from <mtg@HIDDEN>) id 1eeuiq-0002i5-Ky
for guix-patches@HIDDEN; Thu, 25 Jan 2018 22:30:37 -0500
Received: from fencepost.gnu.org ([2001:4830:134:3::e]:34351)
by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <mtg@HIDDEN>)
id 1eeuiq-0002hr-Fz
for guix-patches@HIDDEN; Thu, 25 Jan 2018 22:30:36 -0500
Received: from localhost ([::1]:37485 helo=mikegerwitz-pc.gerwitz.local)
by fencepost.gnu.org with esmtps (TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128)
(Exim 4.82) (envelope-from <mtg@HIDDEN>) id 1eeuiq-0007E8-52
for guix-patches@HIDDEN; Thu, 25 Jan 2018 22:30:36 -0500
From: Mike Gerwitz <mtg@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH 3/3] scripts: environment: Add --no-cwd.
In-Reply-To: <cover.1516937216.git.mtg@HIDDEN>
Date: Thu, 25 Jan 2018 22:29:45 -0500
References: <87vag2wopo.fsf@HIDDEN>
<cover.1516937216.git.mtg@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)
X-From-Line: 7bc71eaa3cff48ec7dc0d4fe406dde9482b716a9 Mon Sep 17 00:00:00 2001
Message-Id: <7bc71eaa3cff48ec7dc0d4fe406dde9482b716a9.1516937216.git.mtg@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -5.0 (-----)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)
--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
* doc/guix.texi (Invoking guix environment): Add --no-cwd.
* guix/scripts/environment.scm (show-help, %options): Add --no-cwd.
(launch-environment/container): Add 'map-cwd?' param; only add mapping for =
cwd
if #t. Only change to cwd within container if #t, otherwise home.
(guix-environment): Error if --no-cwd without --container. Provide '(not
no-cwd?)' to launch-environment/container as 'map-cwd?'.
* tests/guix-environment.sh: Add test for no-cwd.
=2D--
doc/guix.texi | 8 ++++++++
guix/scripts/environment.scm | 33 ++++++++++++++++++++++++---------
tests/guix-environment.sh | 8 ++++++++
3 files changed, 40 insertions(+), 9 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 8218c6637..ce4545038 100644
=2D-- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7209,6 +7209,14 @@ While this will limit the leaking of user identity t=
hrough home paths
and each of the user fields, this is only one useful component of a
broader privacy/anonymity solution---not one in and of itself.
=20
+@item --no-cwd
+For containers, the default behavior is to share the current working
+directory with the isolated container and immediately change to that
+directory within the container. If this is undesirable, @code{--no-cwd}
+will cause the current working directory to @emph{not} be automatically
+shared and will change to the user's home directory within the container
+instead. See also @code{--user}.
+
@item --expose=3D@var{source}[=3D@var{target}]
For containers, expose the file system @var{source} from the host system
as the read-only file system @var{target} within the container. If
diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm
index f50018faf..6be263a64 100644
=2D-- a/guix/scripts/environment.scm
+++ b/guix/scripts/environment.scm
@@ -165,6 +165,9 @@ COMMAND or an interactive shell in that environment.\n"=
))
-u, --user=3DUSER instead of copying the name and home of the cur=
rent
user into an isolated container, use the name USER
with home directory /home/USER"))
+ (display (G_ "
+ --no-cwd do not share current working directory with an
+ isolated container"))
(display (G_ "
--share=3DSPEC for containers, share writable host file system
according to SPEC"))
@@ -251,6 +254,9 @@ COMMAND or an interactive shell in that environment.\n"=
))
(lambda (opt name arg result)
(alist-cons 'user arg
(alist-delete 'user result eq?))))
+ (option '("no-cwd") #f #f
+ (lambda (opt name arg result)
+ (alist-cons 'no-cwd? #t result)))
(option '("share") #t #f
(lambda (opt name arg result)
(alist-cons 'file-system-mapping
@@ -399,7 +405,8 @@ environment variables are cleared before setting the ne=
w ones."
((_ . status) status)))))
=20
(define* (launch-environment/container #:key command bash user user-mappin=
gs
=2D profile paths link-profile? netwo=
rk?)
+ profile paths link-profile? network?
+ map-cwd?)
"Run COMMAND within a container that features the software in PROFILE.
Environment variables are set according to PATHS, a list of native search
paths. The global shell is BASH, a file name for a GNU Bash binary in the
@@ -425,11 +432,13 @@ will be used for the passwd entry. LINK-PROFILE? cre=
ates a symbolic link from
(override-user-mappings
user home
(append user-mappings
=2D ;; Current working directory.
=2D (list (file-system-mapping
=2D (source cwd)
=2D (target cwd)
=2D (writable? #t)))
+ ;; Share current working directory, unless asked not=
to.
+ (if map-cwd?
+ (list (file-system-mapping
+ (source cwd)
+ (target cwd)
+ (writable? #t)))
+ '())
;; When in Rome, do as Nix build.cc does: Automagica=
lly
;; map common network configuration files.
(if network?
@@ -488,8 +497,10 @@ will be used for the passwd entry. LINK-PROFILE? crea=
tes a symbolic link from
(newline port)))
=20
;; For convenience, start in the user's current working
=2D ;; directory rather than the root directory.
=2D (chdir (override-user-dir user home cwd))
+ ;; directory or, if unmapped, the home directory.
+ (chdir (if map-cwd?
+ (override-user-dir user home cwd)
+ home-dir))
=20
(primitive-exit/status
;; A container's environment is already purified, so no need =
to
@@ -640,6 +651,7 @@ message if any test fails."
(container? (assoc-ref opts 'container?))
(link-prof? (assoc-ref opts 'link-profile?))
(network? (assoc-ref opts 'network?))
+ (no-cwd? (assoc-ref opts 'no-cwd?))
(user (assoc-ref opts 'user))
(bootstrap? (assoc-ref opts 'bootstrap?))
(system (assoc-ref opts 'system))
@@ -677,6 +689,8 @@ message if any test fails."
(leave (G_ "--link-prof cannot be used without --container~%")))
(when (and (not container?) user)
(leave (G_ "--user cannot be used without --container~%")))
+ (when (and (not container?) no-cwd?)
+ (leave (G_ "--no-cwd cannot be used without --container~%")))
=20
(with-store store
(set-build-options-from-command-line store opts)
@@ -729,7 +743,8 @@ message if any test fails."
#:profile profile
#:paths paths
#:link-profile? link-pro=
f?
=2D #:network? network?)))
+ #:network? network?
+ #:map-cwd? (not no-cwd?)=
)))
(else
(return
(exit/status
diff --git a/tests/guix-environment.sh b/tests/guix-environment.sh
index a1ce96579..abb019794 100644
=2D-- a/tests/guix-environment.sh
+++ b/tests/guix-environment.sh
@@ -84,6 +84,14 @@ HOME=3D"$tmpdir" guix environment --bootstrap --containe=
r --user=3Dfoognu \
--share=3D"$tmpdir/umock" \
-- guile -c "$usertest"
=20
+# if not sharing CWD, chdir home
+(
+ cd "$tmpdir" \
+ && guix environment --bootstrap --container --no-cwd --user=3Dfoo \
+ --ad-hoc guile-bootstrap --pure \
+ -- /bin/sh -c 'test $(pwd) =3D=3D "/home/foo" -a ! -d '"$tmpdi=
r"
+)
+
# Make sure '-r' works as expected.
rm -f "$gcroot"
expected=3D"`guix environment --bootstrap --ad-hoc guile-bootstrap \
=2D-=20
2.15.1
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJaaqCpAAoJEIyRe39dxRui3kwP/j/g7RtKUhxxh/6OMocxf4KR
+4wO+THWCS/eG23gGsEUAQ9llz56BFGBRF0SR2Cz/ldQafUAUmND27ZXjfA/li2M
rCBTLnW65NiMJi8YPMGwaVkDvGoN9GDKpsJYQDxISWLNKn7Mb9Cpdjvesop5aE1d
mWYK9K3dafGdUyh+gefCo9aXM/6nHURfwHRbQUsw3i+duQkeqBnE+QSjDjhEY6EU
vQk0sBVmgrcCyIBsKcCOo3LL++QggZTUa7n+3KQp9mcIb1ruPu8XMZw4gEfLAZaV
Qm0pS6CZYy9dX5g8w1Qbh0jenYFeA93QdSA60vPdfx7SUZgVS08BbIV0b+Svr6yu
fumyhmFWAAOyMCoYR3ZPBoydqBEQ+0U3ny1O0HIHzshkGOqLQCcbbW98xGNObZLI
TCyiBnCMPDPtzyMJ/X8Xet7jrQIF9tfXnXzOCha+uAK2vd8VLl+DIggtb3bImQ/i
XE693bTzu+5KVIVeC1Rapup06Vg3GsvdZNFz4QLHy/TTvMrJCF2YKtYDiCZCOMck
LV9qA8ZSh4okc11FQqmaGWJ7VA4Pj97wlMm2y16o6gYXt86SSQf9ET69MadawlXP
otqpje3AnLpUv4o3Ubvh0RVRiEbW1LRO9swY0fWCbfyq18EtXUE6ARrmANxlZNG0
nKQwafK4qe7JoxCEn5lc
=UKN6
-----END PGP SIGNATURE-----
--=-=-=--
Mike Gerwitz <mtg@HIDDEN>:guix-patches@HIDDEN.
Full text available.guix-patches@HIDDEN:bug#30256; Package guix-patches.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.