Received: (at 77201) by debbugs.gnu.org; 15 Apr 2025 18:26:33 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 15 14:26:33 2025
Received: from localhost ([127.0.0.1]:55413 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u4kzR-0008NU-2Y
for submit <at> debbugs.gnu.org; Tue, 15 Apr 2025 14:26:33 -0400
Received: from ditigal.xyz ([2a01:4f8:1c1b:6a1c::]:41254 helo=mail.ditigal.xyz)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <rutherther@HIDDEN>)
id 1u4kzN-0008N7-B5
for 77201 <at> debbugs.gnu.org; Tue, 15 Apr 2025 14:26:30 -0400
Received: by cerebrum (OpenSMTPD) with ESMTPSA id 43bceb4c
(TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO);
Tue, 15 Apr 2025 18:26:21 +0000 (UTC)
From: Rutherther <rutherther@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, Ian Eure
<ian@HIDDEN>
Subject: Re: [bug#77201] [PATCH] guix: substitute-key-authorization: Fix
case when acl symlink is broken
In-Reply-To: <877c3lhdbn.fsf@HIDDEN>
References: <f56c393fa6872cb0142564061ee17e5e7f8131cc.1742723299.git.rutherther@HIDDEN>
<87jz87darf.fsf@HIDDEN> <877c3lhdbn.fsf@HIDDEN>
Date: Tue, 15 Apr 2025 20:26:19 +0200
Message-ID: <871ptt8eno.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ditigal.xyz;
i=@ditigal.xyz; q=dns/txt; s=20240917; t=1744741581; h=from : to : cc
: subject : in-reply-to : references : date : message-id :
mime-version : content-type : content-transfer-encoding : from;
bh=XS9V5RV8GZb4Pvv1MZW3MgjYUSQx2OhXSBNm07sTTTY=;
b=YTZsJjfTtjidVcivmKGH5C1ghnhaC/rpzxbA8VhU4gZE+nmIVGpJVSZVyWZugCJmwyx+z
k5AxK7ojWpH4AG8jAEVzPsgJ8w8yg65uREnIsrpbPcgSvCd4hnXWJ+LVFhG1S+jcPDoMV/F
xUK8N5vTfme9RV2RrQCoVjySsd7v3Qw=
X-Spam-Score: 2.5 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hi Ludo, Ludovic Courtès <ludo@HIDDEN> writes: > Hello,
> > Ian Eure <ian@HIDDEN> writes: > >>> - (if (file-exists? acl-file)
>>> + (if (or (file-exists? acl-file) (symbolic-link? acl-file)) >> >> Guile
semantics are unhelpful here: `file-ex [...]
Content analysis details: (2.5 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: ditigal.xyz (xyz)]
-0.0 SPF_PASS SPF: sender matches SPF record
0.5 FROM_SUSPICIOUS_NTLD From abused NTLD
X-Debbugs-Envelope-To: 77201
Cc: 77201 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 2.5 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hi Ludo, Ludovic Courtès <ludo@HIDDEN> writes: > Hello,
> > Ian Eure <ian@HIDDEN> writes: > >>> - (if (file-exists? acl-file)
>>> + (if (or (file-exists? acl-file) (symbolic-link? acl-file)) >> >> Guile
semantics are unhelpful here: `file-ex [...]
Content analysis details: (2.5 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: ditigal.xyz (xyz)]
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 BULK_RE_SUSP_NTLD Precedence bulk and RE: from a suspicious TLD
0.5 FROM_SUSPICIOUS_NTLD From abused NTLD
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
Hi Ludo,
Ludovic Court=C3=A8s <ludo@HIDDEN> writes:
> Hello,
>
> Ian Eure <ian@HIDDEN> writes:
>
>>> - (if (file-exists? acl-file)
>>> + (if (or (file-exists? acl-file) (symbolic-link? acl-file))
>>
>> Guile semantics are unhelpful here: `file-exists?' returns #f for a
>> broken symlink, but `symbolic-link?' raises an exception if given a
>> nonexistent path.
>
> I would go back to the fundamentals:
>
> (match (and=3D> (false-if-exception (lstat acl-file)) stat:type)
> (#f ;file does not exist
> =E2=80=A6)
> ('symlink
> =E2=80=A6)
> (_
> =E2=80=A6))
This definitely helps, thanks, I am still not that skilled in Scheme, so
I wouldn't think about false-if-exception, and using match would also be
hard for me to figure out.
I have this now (untested for now)
```
(match (and=3D> (false-if-exception (lstat acl-file)) stat:type)
(#f #f) ; File doesn't exist
('symlink ; Delete symlink pointing to store; backup otherwise.
(if (or (store-file-name? (readlink acl-file)) ; Store symlink
(not (file-exists? acl-file))) ; Broken symlink
(delete-file acl-file)
(rename-file acl-file (string-append acl-file ".bak"))))
(_ ; Backup
(rename-file acl-file (string-append acl-file ".bak"))))
```
I will probably also make this into a reusable function in guix utils
build, but I have been thinking about a good name and couldn't come up with
one for a week! Programmers problems, I guess.
WDYT
Thanks,
Rutherther
guix-patches@HIDDEN:bug#77201; Package guix-patches.
Full text available.
Received: (at 77201) by debbugs.gnu.org; 15 Apr 2025 11:35:06 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 15 07:35:06 2025
Received: from localhost ([127.0.0.1]:50969 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u4eZF-0005jf-Vs
for submit <at> debbugs.gnu.org; Tue, 15 Apr 2025 07:35:06 -0400
Received: from hera.aquilenet.fr ([185.233.100.1]:33970)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u4eZC-0005is-Ie
for 77201 <at> debbugs.gnu.org; Tue, 15 Apr 2025 07:35:03 -0400
Received: from localhost (localhost [127.0.0.1])
by hera.aquilenet.fr (Postfix) with ESMTP id EB91D449;
Tue, 15 Apr 2025 13:34:55 +0200 (CEST)
Authentication-Results: hera.aquilenet.fr;
none
X-Virus-Scanned: Debian amavis at hera.aquilenet.fr
Received: from hera.aquilenet.fr ([127.0.0.1])
by localhost (hera.aquilenet.fr [127.0.0.1]) (amavis, port 10024) with ESMTP
id HDAECDmRYJ2W; Tue, 15 Apr 2025 13:34:55 +0200 (CEST)
Received: from ribbon (nat-eduroam-36-gw-01-bso.bordeaux.inria.fr
[194.199.1.36])
by hera.aquilenet.fr (Postfix) with ESMTPSA id 66A373AA;
Tue, 15 Apr 2025 13:34:55 +0200 (CEST)
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Ian Eure <ian@HIDDEN>
Subject: Re: [bug#77201] [PATCH] guix: substitute-key-authorization: Fix
case when acl symlink is broken
In-Reply-To: <87jz87darf.fsf@HIDDEN> (Ian Eure's message of "Sat, 29 Mar
2025 10:09:24 -0700")
References: <f56c393fa6872cb0142564061ee17e5e7f8131cc.1742723299.git.rutherther@HIDDEN>
<87jz87darf.fsf@HIDDEN>
Date: Tue, 15 Apr 2025 13:30:20 +0200
Message-ID: <877c3lhdbn.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: EB91D449
X-Spamd-Result: default: False [-6.07 / 15.00]; BAYES_HAM(-3.00)[99.99%];
NEURAL_HAM(-2.97)[-0.991]; MIME_GOOD(-0.10)[text/plain];
FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+];
RCVD_COUNT_TWO(0.00)[2]; ARC_NA(0.00)[];
TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_SOME(0.00)[];
RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_TLS_ALL(0.00)[];
FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3];
MID_RHS_MATCH_FROM(0.00)[]
X-Rspamd-Action: no action
X-Spamd-Bar: ------
X-Rspamd-Server: hera
X-Spam-Score: 0.7 (/)
X-Debbugs-Envelope-To: 77201
Cc: Rutherther <rutherther@HIDDEN>, 77201 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.3 (/)
Hello,
Ian Eure <ian@HIDDEN> writes:
>> - (if (file-exists? acl-file)
>> + (if (or (file-exists? acl-file) (symbolic-link? acl-file))
>
> Guile semantics are unhelpful here: `file-exists?' returns #f for a
> broken symlink, but `symbolic-link?' raises an exception if given a
> nonexistent path.
I would go back to the fundamentals:
(match (and=3D> (false-if-exception (lstat acl-file)) stat:type)
(#f ;file does not exist
=E2=80=A6)
('symlink
=E2=80=A6)
(_
=E2=80=A6))
HTH!
Ludo=E2=80=99.
guix-patches@HIDDEN:bug#77201; Package guix-patches.
Full text available.Received: (at 77201) by debbugs.gnu.org; 29 Mar 2025 17:09:40 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 29 13:09:40 2025 Received: from localhost ([127.0.0.1]:32886 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1tyZgh-0002Rx-Fa for submit <at> debbugs.gnu.org; Sat, 29 Mar 2025 13:09:39 -0400 Received: from fhigh-b6-smtp.messagingengine.com ([202.12.124.157]:42043) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <ian@HIDDEN>) id 1tyZgd-0002RY-1m for 77201 <at> debbugs.gnu.org; Sat, 29 Mar 2025 13:09:36 -0400 Received: from phl-compute-01.internal (phl-compute-01.phl.internal [10.202.2.41]) by mailfhigh.stl.internal (Postfix) with ESMTP id 520972540197; Sat, 29 Mar 2025 13:09:27 -0400 (EDT) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-01.internal (MEProxy); Sat, 29 Mar 2025 13:09:27 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=retrospec.tv; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :subject:subject:to:to; s=fm1; t=1743268167; x=1743354567; bh=J7 cPXHsFc39xOrcNpdkzkHY/q+k5IRX8qvnYfs3m0i4=; b=mXJ79sVUHWLLL8QInS bIkVEPEC41Yn0+HIfPqpX9RShd6XK8apvLTNcgD4wBq20n4A6CPYe7lyaTkjCAhw X6MAaHntWJc5epPXD2pGFzrRwh/H3Um+omLMomypMO/1y67Jqbgm8RjPT/UDVNi6 WNylZRcTK/JYn0whpzrQ9BNCM0v1iCFYDxkWDfV9ScALHATo6v2RxjpzsMTHjIL/ giOOy697SEiAUsIajQqsCP/q2Ju9TUlV6L7Rr2qrLXreMVnnlbGJ+W9UDhpFYkAc C9QdUuzSIoE+gg3kjcZM61DxpenNiHsj7qjomsL93csibc1eGbkgDAqBt1uAwnLj 9IcQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1743268167; x=1743354567; bh=J7cPXHsFc39xOrcNpdkzkHY/q+k5 IRX8qvnYfs3m0i4=; b=WY7ke7QfmPgKw74SqfLOzEUOKt0VrU8t0ukx9WrvhY74 DWIj+lS4VBdGPuanaHm/iKeudWKh+xf2GyTnSzeJndzqU9a0SLWmgZEfpMMee0bF bEYqWm9Ho3cK9HGOeQ5fWpcNF95pLYS9FPKfP8qiC8mnOpUmYgHGeawe86CpAPQj eeRsVbG9N/miKlw5JZRBuusqsZWCC2fLNGBbZIKJcXRXofljbDBpkzudMayZsU7b gImruyv/jzxTU6omVuk4xA256k7EGptTiVAAfJXONfxKvGF9i+bYdGfJhjugm0TX sX+w1ICdmUgH26RWvkoOI7/0ApEFmwRUdNFCqBVDLg== X-ME-Sender: <xms:RinoZ91UGx00X3uIGFy2GTTIlIjbNVGg18xN5iIhyb0WopJh7IEeIw> <xme:RinoZ0HMkxyPt51FLjr1htq4506KMR9e6oYzmkRw-k8kPZNO8Sd2N3iuisk_yXc_5 dnyz9fmIbgkXb1Jsw> X-ME-Received: <xmr:RinoZ961vJWvLZ-u6Gk-BDrQY7EUMzD65d2xJ1BhIODVPSlE9IFaXLVfAUN_Fk5XKduu8fCdVRk1-hzlCPRzWPOJN8Ucsg21hf2UhUxF7A> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgddujeegjeefucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvf evufgffffkgggtgfesthhqredttderjeenucfhrhhomhepkfgrnhcugfhurhgvuceoihgr nhesrhgvthhrohhsphgvtgdrthhvqeenucggtffrrghtthgvrhhnpedtteekfffffeeihf eukedvieeugeeigefftdfhleevlefgtddvhfdtudehffeuvdenucevlhhushhtvghrufhi iigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehirghnsehrvghtrhhoshhpvggtrd htvhdpnhgspghrtghpthhtohepvddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohep jeejvddtudesuggvsggsuhhgshdrghhnuhdrohhrghdprhgtphhtthhopehruhhthhgvrh hthhgvrhesughithhighgrlhdrgiihii X-ME-Proxy: <xmx:RinoZ61PSr5AxivJZUzIP6jn3qdHSq7iQLyzOOCVjRBfBJS5B7ZAhg> <xmx:RinoZwEf-X5-VanDP43GDnBCYTEx9Gp6lFvcisvGl8wd0958Y5Fiyg> <xmx:RinoZ7-1v9VLAnTrzltEYpEJdhaudaTtDwPEOlBfv9WNd6dA2Ksqzg> <xmx:RinoZ9mNm-C1qipQLJ5D7GwvV8DnvGHLLLjYWvxeF-c9mqPTO3LtKA> <xmx:RynoZ1SrTu9OEcehwb5qb9L7e8qZMQK9pVkWApLqVvX7FoOWDiKb1gEM> Feedback-ID: id9014242:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sat, 29 Mar 2025 13:09:26 -0400 (EDT) From: Ian Eure <ian@HIDDEN> To: Rutherther <rutherther@HIDDEN> Subject: Re: [bug#77201] [PATCH] guix: substitute-key-authorization: Fix case when acl symlink is broken User-Agent: mu4e 1.12.9; emacs 29.4 Date: Sat, 29 Mar 2025 10:09:24 -0700 Message-ID: <87jz87darf.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi Rutherther, Rutherther <rutherther@HIDDEN> writes: > One possible solution for an issue when /etc/guix/acl file > exists, but points > to a non-existent location. This can for example happen if one > is > reinitializing the system, and remove only /gn [...] Content analysis details: (1.3 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs [URI: ditigal.xyz (xyz)] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [202.12.124.157 listed in sa-trusted.bondedsender.org] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [202.12.124.157 listed in bl.score.senderscore.com] -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [202.12.124.157 listed in list.dnswl.org] X-Debbugs-Envelope-To: 77201 Cc: 77201 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 0.3 (/) Hi Rutherther, Rutherther <rutherther@HIDDEN> writes: > One possible solution for an issue when /etc/guix/acl file=20 > exists, but points > to a non-existent location. This can for example happen if one=20 > is > reinitializing the system, and remove only /gnu/store and=20 > /var/guix, keep the > rest okay. This is a major advantage of guix as compared to=20 > other distros that > usually need you to reinitialize the whole root partition. But=20 > this will leave > the user with acl file pointing to non-existent location. The=20 > file-exists? > procedure will return #f for broken symbolic links. > > I think that another reason one would get this issue is, if one=20 > was booted in > a live iso, chrooted, fixing their system. They would switch=20 > generations to > one with different acl file, delete other generations gc rooting=20 > the original > acl file and then gc. One could do this approach for example=20 > when recovering > from file corruptions in the store, to get rid of the=20 > unsubstitutable paths > that can't be repaired with guix gc --verify. > > I don't know if there is a better way as I am not that=20 > proficient in guile, > but I definitely think this should be fixed and it should be=20 > checked if > anything exists in that place, not that the link points to a=20 > known location. > Does Guile have a procedure for that that I am missing? If not,=20 > shouldn't > we create one in Guix? I can imagine this being a common=20 > mistake, where we > want to check if something exists at place 'x', without caring=20 > if it's > actually an accessible file. I was looking online and someone=20 > made themselves > a function 'file-exists??' that checked basically this what I=20 > did here - that > it's either a valid file on the disk, or a broken symlink. > > During debugging this issue I also noticed similar issue can=20 > occur in special > files and /run/current-system with the .new files that are=20 > created with > symlink procedure without checking for their existence. While=20 > it's not likely > (especially because the symlink is moved the second it's=20 > created) > the user would have /run/current-system.new nor /bin/sh.new=20 > etc., I still > think it would be worth fixing to make sure the system can boot=20 > even in cases > where something goes horribly wrong. Thanks for the explanation. > * gnu/services/base.scm (substitute-key-authorization): Check if=20 > acl file is a > (broken) symbolic link > > Change-Id: I2f8170606b2f4afeea48f04acfd738b04cafc7cf > --- > gnu/services/base.scm | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/gnu/services/base.scm b/gnu/services/base.scm > index 0d2bb31190..e419d043ae 100644 > --- a/gnu/services/base.scm > +++ b/gnu/services/base.scm > @@ -1845,7 +1845,7 @@ (define (substitute-key-authorization keys=20 > guix) > ;; If the ACL already exists, move it out of the way.=20 > Create a backup > ;; if it's a regular file: it's likely that the user=20 > manually updated > ;; it with 'guix archive --authorize'. > - (if (file-exists? acl-file) > + (if (or (file-exists? acl-file) (symbolic-link?=20 > acl-file)) Guile semantics are unhelpful here: `file-exists?' returns #f for=20 a broken symlink, but `symbolic-link?' raises an exception if=20 given a nonexistent path. The means that if /etc/guix/acl doesn=E2=80=99t= =20 exist, an exception will be raised. There doesn=E2=80=99t appear to be a=20 simple way to determine if a file exists which doesn=E2=80=99t resolve=20 symlinks, which I think is a Guile bug. Thinking through the possible situations here: If /etc/guix/acl is a good symlink pointing into /gnu/store ->=20 delete it. If /etc/guix/acl is a broken symlink pointing anywhere -> delete=20 it. If /etc/guix/acl is a file -> rename it to ".bak" else /etc/guix/acl must be missing -> mkdir-p /etc/acl. ...then populate /etc/guix/acl. I think the right move here is to refactor the nested `if's into a=20 cond to simplify the logic, and wrap `symbolic-link?' in=20 `with-exception-handler' (possibly `let=E2=80=99-binding its result, since= =20 multiple things need it). Thanks, -- Ian
guix-patches@HIDDEN:bug#77201; Package guix-patches.
Full text available.
Received: (at submit) by debbugs.gnu.org; 23 Mar 2025 09:48:50 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Mar 23 05:48:50 2025
Received: from localhost ([127.0.0.1]:47703 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1twHwn-0000dj-I0
for submit <at> debbugs.gnu.org; Sun, 23 Mar 2025 05:48:50 -0400
Received: from lists.gnu.org ([2001:470:142::17]:52716)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <rutherther@HIDDEN>)
id 1twHwk-0000ck-6L
for submit <at> debbugs.gnu.org; Sun, 23 Mar 2025 05:48:47 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <rutherther@HIDDEN>)
id 1twHwd-0004Nb-O6
for guix-patches@HIDDEN; Sun, 23 Mar 2025 05:48:39 -0400
Received: from ditigal.xyz ([2a01:4f8:1c1b:6a1c::] helo=mail.ditigal.xyz)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256)
(Exim 4.90_1) (envelope-from <rutherther@HIDDEN>)
id 1twHwb-00060R-Qx
for guix-patches@HIDDEN; Sun, 23 Mar 2025 05:48:39 -0400
Received: by cerebrum (OpenSMTPD) with ESMTPSA id 028405d7
(TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO);
Sun, 23 Mar 2025 09:48:35 +0000 (UTC)
From: Rutherther <rutherther@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH] guix: substitute-key-authorization: Fix case when acl symlink
is broken
Date: Sun, 23 Mar 2025 10:48:28 +0100
Message-ID: <f56c393fa6872cb0142564061ee17e5e7f8131cc.1742723299.git.rutherther@HIDDEN>
X-Mailer: git-send-email 2.48.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ditigal.xyz;
i=@ditigal.xyz; q=dns/txt; s=20240917; t=1742723315; h=from : to : cc
: subject : date : message-id : mime-version :
content-transfer-encoding : from;
bh=SnfH/9YlJIz/7LFQOM+sSgPS5cEE/0qCd8lCiESVlQg=;
b=skWeXuNLGd3AGLqFzxZMwiF/C5qKJ4cuRO5ljF4falg369g+J2XtdU3MtPVJ+l1cEVwmU
4cVcgdlv+VBz32+DL+bn067Cfbzxs/CqBB36ZORnxuRbPbYLiv6kF9r3pVTZGTua1DWTKVT
QFwkwKanM1B5w1cfyh8dZFmYDMOp+x0=
Received-SPF: pass client-ip=2a01:4f8:1c1b:6a1c::;
envelope-from=rutherther@HIDDEN; helo=mail.ditigal.xyz
X-Spam_score_int: 19
X-Spam_score: 1.9
X-Spam_bar: +
X-Spam_report: (1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_SUSPICIOUS_NTLD=0.499,
FROM_SUSPICIOUS_NTLD_FP=2, PDS_OTHER_BAD_TLD=1.474, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 4.9 (++++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: One possible solution for an issue when /etc/guix/acl file
exists, but points to a non-existent location. This can for example happen
if one is reinitializing the system, and remove only /gnu/store an [...]
Content analysis details: (4.9 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust [2001:470:142:0:0:0:0:17 listed in] [list.dnswl.org]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
1.5 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: ditigal.xyz (xyz)]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;
id=rutherther%40ditigal.xyz; ip=2001%3A470%3A142%3A%3A17; r=debbugs.gnu.org]
2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD
0.5 FROM_SUSPICIOUS_NTLD From abused NTLD
X-Debbugs-Envelope-To: submit
Cc: Rutherther <rutherther@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.9 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: One possible solution for an issue when /etc/guix/acl file
exists, but points to a non-existent location. This can for example happen
if one is reinitializing the system, and remove only /gnu/store an [...]
Content analysis details: (1.9 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust
[2001:470:142:0:0:0:0:17 listed in]
[list.dnswl.org]
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
1.5 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: ditigal.xyz (xyz)]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=rutherther%40ditigal.xyz;ip=2001%3A470%3A142%3A%3A17;r=debbugs.gnu.org]
0.5 FROM_SUSPICIOUS_NTLD From abused NTLD
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
One possible solution for an issue when /etc/guix/acl file exists, but points
to a non-existent location. This can for example happen if one is
reinitializing the system, and remove only /gnu/store and /var/guix, keep the
rest okay. This is a major advantage of guix as compared to other distros that
usually need you to reinitialize the whole root partition. But this will leave
the user with acl file pointing to non-existent location. The file-exists?
procedure will return #f for broken symbolic links.
I think that another reason one would get this issue is, if one was booted in
a live iso, chrooted, fixing their system. They would switch generations to
one with different acl file, delete other generations gc rooting the original
acl file and then gc. One could do this approach for example when recovering
from file corruptions in the store, to get rid of the unsubstitutable paths
that can't be repaired with guix gc --verify.
I don't know if there is a better way as I am not that proficient in guile,
but I definitely think this should be fixed and it should be checked if
anything exists in that place, not that the link points to a known location.
Does Guile have a procedure for that that I am missing? If not, shouldn't
we create one in Guix? I can imagine this being a common mistake, where we
want to check if something exists at place 'x', without caring if it's
actually an accessible file. I was looking online and someone made themselves
a function 'file-exists??' that checked basically this what I did here - that
it's either a valid file on the disk, or a broken symlink.
During debugging this issue I also noticed similar issue can occur in special
files and /run/current-system with the .new files that are created with
symlink procedure without checking for their existence. While it's not likely
(especially because the symlink is moved the second it's created)
the user would have /run/current-system.new nor /bin/sh.new etc., I still
think it would be worth fixing to make sure the system can boot even in cases
where something goes horribly wrong.
* gnu/services/base.scm (substitute-key-authorization): Check if acl file is a
(broken) symbolic link
Change-Id: I2f8170606b2f4afeea48f04acfd738b04cafc7cf
---
gnu/services/base.scm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 0d2bb31190..e419d043ae 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1845,7 +1845,7 @@ (define (substitute-key-authorization keys guix)
;; If the ACL already exists, move it out of the way. Create a backup
;; if it's a regular file: it's likely that the user manually updated
;; it with 'guix archive --authorize'.
- (if (file-exists? acl-file)
+ (if (or (file-exists? acl-file) (symbolic-link? acl-file))
(if (and (symbolic-link? acl-file)
(store-file-name? (readlink acl-file)))
(delete-file acl-file)
base-commit: fbfd2b93831978aadbb96f32cafdab997b04c6c6
prerequisite-patch-id: cf473eb15513404ca1d287f5b7eca109c848203c
prerequisite-patch-id: a46e75bdd193acb5e276e0aa31c77197a3254699
prerequisite-patch-id: a2b4aa0a33d89ee3f6c483aeb71a783cb0e63aa9
--
2.49.0
Rutherther <rutherther@HIDDEN>:guix-patches@HIDDEN.
Full text available.guix-patches@HIDDEN:bug#77201; Package guix-patches.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.