GNU logs - #77862, boring messages

Message sent to bug-guix@HIDDEN:

Subject: bug#77862: guix-daemon run as non-root sets up /etc/group incorrectly in build container
Resent-From: keinflue <keinflue@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Thu, 17 Apr 2025 11:22:03 +0000
Resent-Message-ID: <handler.77862.B.174488886726903 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
To: 77862 <at> debbugs.gnu.org
Cc: ludo@HIDDEN
MIME-Version: 1.0
Date: Thu, 17 Apr 2025 11:20:47 +0000
From: keinflue <keinflue@HIDDEN>
Message-ID: <86b5c54e8412686790b6bf50525a6231@HIDDEN>
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=185.67.36.65; envelope-from=keinflue@HIDDEN;
 helo=mout01.posteo.de
X-Spam_score_int: -43
X-Spam_score: -4.4
X-Spam_bar: ----
X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001,
 RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 1.0 (+)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)

When using the new ability of guix-daemon to run as non-root with the 
help of user namespaces, the testsuite of coreutils fails.

This is because the daemon incorrectly uses the host GID instead of the 
guest GID in the build container's /etc/group, which the testsuite uses 
to lookup the group's name via id -gn.

Message sent:

Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
Content-Type: text/plain; charset=utf-8
X-Loop: help-debbugs@HIDDEN
From: help-debbugs@HIDDEN (GNU bug Tracking System)
To: keinflue <keinflue@HIDDEN>
Subject: bug#77862: Acknowledgement (guix-daemon run as non-root sets up
 /etc/group incorrectly in build container)
Message-ID: <handler.77862.B.174488886726903.ack <at> debbugs.gnu.org>
References: <86b5c54e8412686790b6bf50525a6231@HIDDEN>
X-Gnu-PR-Message: ack 77862
X-Gnu-PR-Package: guix
Reply-To: 77862 <at> debbugs.gnu.org
Date: Thu, 17 Apr 2025 11:22:03 +0000

Thank you for filing a new bug report with debbugs.gnu.org.

This is an automatically generated reply to let you know your message
has been received.

Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will reply in due course.

Your message has been sent to the package maintainer(s):
 bug-guix@HIDDEN

If you wish to submit further information on this problem, please
send it to 77862 <at> debbugs.gnu.org.

Please do not send mail to help-debbugs@HIDDEN unless you wish
to report a problem with the Bug-tracking system.

--=20
77862: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D77862
GNU Bug Tracking System
Contact help-debbugs@HIDDEN with problems

Message sent to bug-guix@HIDDEN:

Subject: bug#77862: guix-daemon run as non-root sets up /etc/group incorrectly in build container
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Thu, 17 Apr 2025 14:25:10 +0000
Resent-Message-ID: <handler.77862.B77862.174489988719669 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
To: keinflue <keinflue@HIDDEN>
Cc: 77862 <at> debbugs.gnu.org
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
In-Reply-To: <86b5c54e8412686790b6bf50525a6231@HIDDEN>
 (keinflue@HIDDEN's message of "Thu, 17 Apr 2025 11:20:47 +0000")
References: <86b5c54e8412686790b6bf50525a6231@HIDDEN>
User-Agent: mu4e 1.12.9; emacs 29.4
Date: Thu, 17 Apr 2025 15:30:38 +0200
Message-ID: <878qny530h.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Precedence: list
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>

--=-=-=
Content-Type: text/plain

Hi,

keinflue <keinflue@HIDDEN> writes:

> When using the new ability of guix-daemon to run as non-root with the
> help of user namespaces, the testsuite of coreutils fails.

Could you include a build log snippet?  (Also useful to have it inline
so that someone searching for discussions about the bug can find it.)

> This is because the daemon incorrectly uses the host GID instead of
> the guest GID in the build container's /etc/group, which the testsuite
> uses to lookup the group's name via id -gn.

I believe the fix you suggest is this:


--=-=-=
Content-Type: text/x-patch
Content-Disposition: inline

diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
index 4ee4a1ae5f..a1f39d9a8b 100644
--- a/nix/libstore/build.cc
+++ b/nix/libstore/build.cc
@@ -1854,7 +1854,7 @@ void DerivationGoal::startBuilder()
            view of the system (e.g., "id -gn"). */
         writeFile(chrootRootDir + "/etc/group",
             (format("nixbld:!:%1%:\n")
-                % (buildUser.enabled() ? buildUser.getGID() : getgid())).str());
+                % (buildUser.enabled() ? buildUser.getGID() : guestGID)).str());
 
         /* Create /etc/hosts with localhost entry. */
         if (!fixedOutput)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable


Correct?

Thanks,
Ludo=E2=80=99.

--=-=-=--

Message sent to bug-guix@HIDDEN:

Subject: bug#77862: guix-daemon run as non-root sets up /etc/group incorrectly in build container
Resent-From: keinflue <keinflue@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Thu, 17 Apr 2025 15:37:02 +0000
Resent-Message-ID: <handler.77862.B77862.174490420518670 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Cc: 77862 <at> debbugs.gnu.org
MIME-Version: 1.0
Date: Thu, 17 Apr 2025 15:36:32 +0000
From: keinflue <keinflue@HIDDEN>
In-Reply-To: <878qny530h.fsf@HIDDEN>
References: <86b5c54e8412686790b6bf50525a6231@HIDDEN>
 <878qny530h.fsf@HIDDEN>
Message-ID: <936405d1bcbed15df2266c30cfc4ca33@HIDDEN>
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
Precedence: list
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>

Here are excerpts from the build log:

> ERROR: tests/chown/separator
> ============================
> 
> ++ initial_cwd_=/tmp/guix-build-coreutils-9.1.drv-0/coreutils-9.1

[...]

> ++ id -u
> + id_u=30001
> + test -n 30001
> ++ id -un
> + id_un=nixbld
> + test -n nixbld
> ++ id -g
> + id_g=30000
> + test -n 30000
> ++ id -gn
> id: cannot find name for group ID 30000
> + id_gn=30000
> + framework_failure_
> + warn_ 'separator.sh: set-up failure: '
> + case $IFS in
> + printf '%s\n' 'separator.sh: set-up failure: '
> separator.sh: set-up failure:
> + test 9 = 2
> + printf '%s\n' 'separator.sh: set-up failure: '
> + sed 1q
> + Exit 99
> + set +e
> + exit 99
> + exit 99
> + remove_tmp_
> + __st=99
> + cleanup_
> + :
> + test '' = yes
> + cd /tmp/guix-build-coreutils-9.1.drv-0/coreutils-9.1
> + chmod -R u+rwx 
> /tmp/guix-build-coreutils-9.1.drv-0/coreutils-9.1/gt-separator.sh.Fk4W
> + rm -rf 
> /tmp/guix-build-coreutils-9.1.drv-0/coreutils-9.1/gt-separator.sh.Fk4W
> + exit 99
> ERROR tests/chown/separator.sh (exit status: 99)

[...]

> error: in phase 'check': uncaught exception:
> srfi-34 #<condition &invoke-error [program: "make" arguments: ("check" 
> "-j" "16") exit-status: 2 term-signal: #f stop-signal: #f] 2df6100> >
> phase `check' failed after 15.2 seconds
> command "make" "check" "-j" "16" failed with status 2
> build process 2 exited with status 256

Yes, I believe the patch as suggested is correct (with my limited 
understanding given that the lines above were changed in the same way).

Unfortunately I made a mistake and accidentally lost the container in 
which I tried this, so I can not verify right now whether the patch 
actually resolves the issue.

It might take me a day or two to restore it.

This happened either during or shortly after bootstrap builds, so I 
don't know whether this was the final coreutils package or one from 
commencement.scm.

Best,
keinflue

Message sent to bug-guix@HIDDEN:

X-Loop: help-debbugs@HIDDEN
Subject: bug#77862: guix-daemon run as non-root sets up /etc/group incorrectly in build container
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Thu, 17 Apr 2025 19:50:08 +0000
Resent-Message-ID: <handler.77862.B77862.17449193722595 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 77862
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: keinflue <keinflue@HIDDEN>
Cc: 77862 <at> debbugs.gnu.org
Received: via spool by 77862-submit <at> debbugs.gnu.org id=B77862.17449193722595
          (code B ref 77862); Thu, 17 Apr 2025 19:50:08 +0000
Received: (at 77862) by debbugs.gnu.org; 17 Apr 2025 19:49:32 +0000
Received: from localhost ([127.0.0.1]:48476 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1u5VEl-0000ew-Rs
	for submit <at> debbugs.gnu.org; Thu, 17 Apr 2025 15:49:31 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:48212)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5VEg-0000cu-3H
 for 77862 <at> debbugs.gnu.org; Thu, 17 Apr 2025 15:49:24 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1u5VEY-0001ai-AP; Thu, 17 Apr 2025 15:49:14 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
 From; bh=wYU0GrV6wjpP3OK4HOtcXzEamjhNihygC99zgCwo9aA=; b=oA7R+wOLhyA4wT1I2gRF
 Sq/WSXHmvOtlS3Stlplzg56BpjDWeru9PYkjNd99xtzmTNFeVI9JrSA1N94TpanSUG9PhOo2pdUVz
 zBE16xad0QtqqnQ/C86z1/6pVLestnm6ynK8F3c3BPQFakSyXNRzFd8Hud5Pwwl7u18bfmtdNiulN
 mYaWEo6xMDsYVRVOLPR/31TwRsZ9Atp1clJR/cob6vfUnNobkVnRYDXECjQqpCydPCm2p0cyyhirm
 cPshRmYvna01KVS65mbHkFsEA4u0NDANqkq3mWKn6gHUa4Z6y7g3sAfrFlfvbXDM/5VSDrMHHPx1G
 xLA59GtXt5d5NA==;
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
In-Reply-To: <936405d1bcbed15df2266c30cfc4ca33@HIDDEN>
 (keinflue@HIDDEN's message of "Thu, 17 Apr 2025 15:36:32 +0000")
References: <86b5c54e8412686790b6bf50525a6231@HIDDEN>
 <878qny530h.fsf@HIDDEN> <936405d1bcbed15df2266c30cfc4ca33@HIDDEN>
User-Agent: mu4e 1.12.9; emacs 29.4
X-URL: https://people.bordeaux.inria.fr/lcourtes/
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
X-Revolutionary-Date: Octidi 28 Germinal an 233 de la =?UTF-8?Q?R=C3=A9volution,?= jour de la =?UTF-8?Q?Pens=C3=A9e?=
Date: Thu, 17 Apr 2025 18:51:49 +0200
Message-ID: <87a58e3f4q.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

keinflue <keinflue@HIDDEN> writes:

> Here are excerpts from the build log:

Thanks.

> Unfortunately I made a mistake and accidentally lost the container in
> which I tried this, so I can not verify right now whether the patch
> actually resolves the issue.
>
> It might take me a day or two to restore it.

No worries, I=E2=80=99ll wait for your feedback.

> This happened either during or shortly after bootstrap builds, so I
> don't know whether this was the final coreutils package or one from
> commencement.scm.

OK.

If you have a setup for full rebuilds (no substitutes) running in a
container, I=E2=80=99m curious to learn more about it!

Ludo=E2=80=99.

Message received at control <at> debbugs.gnu.org:

Received: (at control) by debbugs.gnu.org; 18 Apr 2025 20:50:35 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 18 16:50:34 2025
Received: from localhost ([127.0.0.1]:53065 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1u5sfQ-0002dU-SH
	for submit <at> debbugs.gnu.org; Fri, 18 Apr 2025 16:50:34 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:46040)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5sfM-0002Zt-B6
 for control <at> debbugs.gnu.org; Fri, 18 Apr 2025 16:50:29 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1u5sfG-0000Co-Ul
 for control <at> debbugs.gnu.org; Fri, 18 Apr 2025 16:50:22 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-version:Subject:From:To:Date:in-reply-to:
 references; bh=n9JdsiWa+5mPU2XQt/s0b8hjUcOWxcMlzMrmdXsuyTo=; b=XTfHG3avQDVKdO
 jAyTsGtz+LIvBtmkB7Ss/Yh5uR33rm2sNLUGPAPA6l/jbOKNC8x1JBj0uBRfPClra8jhpgBENVYB/
 xsXbMJnNVpyaQETQmvlfGm/s/MthToycmpf88QTXrh6lcKJbmB8d8JEBKFpQ7ZwOT/AJSpI9B1Y4s
 WMWH8FN4GwfSxAgcPaT447spp2ZZkZuBxIoJAXbYDeJs9DNgXa2qKkO4Cm2zS7M/WVV19OYC47Tq1
 ufM+cRjmxE2OpUHvI/k0PBR0XIsiaWqbD4RkJNcqZ+fKmgxE8RHtnR57D0YKfYf8kR3CT2FvipK6U
 D4Y9r16GmzjRiCHBRqPg==;
Date: Fri, 18 Apr 2025 22:31:31 +0200
Message-Id: <87sem5i53w.fsf_-_@HIDDEN>
To: control <at> debbugs.gnu.org
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
Subject: control message for bug #77862
MIME-version: 1.0
Content-type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

severity 77862 important
quit

Message sent to bug-guix@HIDDEN:

X-Loop: help-debbugs@HIDDEN
Subject: bug#77862: guix-daemon run as non-root sets up /etc/group incorrectly in build container
Resent-From: keinflue <keinflue@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Sat, 19 Apr 2025 11:20:03 +0000
Resent-Message-ID: <handler.77862.B77862.174506154931308 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 77862
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Cc: 77862 <at> debbugs.gnu.org
Received: via spool by 77862-submit <at> debbugs.gnu.org id=B77862.174506154931308
          (code B ref 77862); Sat, 19 Apr 2025 11:20:03 +0000
Received: (at 77862) by debbugs.gnu.org; 19 Apr 2025 11:19:09 +0000
Received: from localhost ([127.0.0.1]:58950 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1u66Dy-00088Q-2j
	for submit <at> debbugs.gnu.org; Sat, 19 Apr 2025 07:19:09 -0400
Received: from mout01.posteo.de ([185.67.36.65]:53501)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <keinflue@HIDDEN>)
 id 1u66Dr-000864-Lw
 for 77862 <at> debbugs.gnu.org; Sat, 19 Apr 2025 07:19:03 -0400
Received: from submission (posteo.de [185.67.36.169]) 
 by mout01.posteo.de (Postfix) with ESMTPS id 33B35240027
 for <77862 <at> debbugs.gnu.org>; Sat, 19 Apr 2025 13:18:52 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017;
 t=1745061533; bh=u41wj5gqkR17qOffRrqKQKTQ/byqKw8Oh31b6QSu4RY=;
 h=MIME-Version:Date:From:To:Cc:Subject:Message-ID:Content-Type:
 Content-Transfer-Encoding:From;
 b=Fipf/4PUaLRRuXTLuG03vy6uHG2GukTsdAzVcxlcYHeqeWPaY5AxLuE8OHcBsFmtK
 xkkg82fEX9LbJtRuqN6bYs/Tyd4gGX/tzSvjpeXytRJj6s7HVdMGOMOmtdqVigfNe6
 i/l3AoZ3Rmje2QofXfVXnur1Z1f/Mw2mdzbe9mLzFWOeeoPAEJUa8WcKPe3SJOrBBG
 FCT8NNp2XrugG/ynjXWe95qualPdvJ1tjeiRObJ7YluRyVviEOetZWQHerDY5+ab/d
 OhdJUmmxM1WO5p6nN3lR3mrd3N7yHyyYpR1xvVWnBOQWcErtooc/ReAgn8nAOTN9Ox
 AhQVYg81jApQQ==
Received: from customer (localhost [127.0.0.1])
 by submission (posteo.de) with ESMTPSA id 4Zfpzc00Cvz6tsb;
 Sat, 19 Apr 2025 13:18:51 +0200 (CEST)
MIME-Version: 1.0
Date: Sat, 19 Apr 2025 11:18:51 +0000
From: keinflue <keinflue@HIDDEN>
In-Reply-To: <87a58e3f4q.fsf@HIDDEN>
References: <86b5c54e8412686790b6bf50525a6231@HIDDEN>
 <878qny530h.fsf@HIDDEN> <936405d1bcbed15df2266c30cfc4ca33@HIDDEN>
 <87a58e3f4q.fsf@HIDDEN>
Message-ID: <8c2080a3681e7d2e1d38bb4d3e1463d0@HIDDEN>
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

I can confirm that the patch resolves the particular failing test.

However I overlooked that there are other failing tests:

> FAIL: tests/chgrp/default-no-deref.sh
> FAIL: tests/chgrp/no-x.sh
> FAIL: tests/chgrp/posix-H.sh
> FAIL: tests/chgrp/recurse.sh
> FAIL: tests/chgrp/basic.sh

Here is an example of the failures:

> + require_membership_in_two_groups_
> + test 0 =3D 0
> + groups=3D'30000 65534'
> + case "$groups" in
> + require_local_dir_
> + require_mount_list_
> + local 'mount_list_fail=3Dcannot read table of mounted file systems'
> + df --local
> + grep -F 'cannot read table of mounted file systems'
> + is_local_dir_ .
> + test 1 =3D 1
> + df --local .
> + set _ 30000 65534
> + shift
> + g2=3D65534
> + mkdir d
> + touch f
> + ln -s ../f d/s
> ++ stat --printf=3D%g f
> + g_init=3D30000
> + chgrp -R 65534 d
> chgrp: changing group of 'd/s': Invalid argument
> chgrp: changing group of 'd': Invalid argument
> + fail=3D1
> ++ stat --printf=3D%g f
> + test 30000 =3D 30000
> + Exit 1
> + set +e
> + exit 1
> + exit 1
> + remove_tmp_
> + __st=3D1
> + cleanup_
> + :
> + test '' =3D yes
> + cd /tmp/guix-build-coreutils-9.1.drv-0/coreutils-9.1
> + chmod -R u+rwx=20
> /tmp/guix-build-coreutils-9.1.drv-0/coreutils-9.1/gt-default-no-deref.sh=
=2EAEHe
> + rm -rf=20
> /tmp/guix-build-coreutils-9.1.drv-0/coreutils-9.1/gt-default-no-deref.sh=
=2EAEHe
> + exit 1
> FAIL tests/chgrp/default-no-deref.sh (exit status: 1)

I think this happens if the user running guix-daemon has supplementary=20
groups. These are not mapped via /proc/gid_map in the build container=20
and therefore are reported as the overflow gid (65534) by getgroups.

The test cases assume that they can change ownership to this additional=20
group but that is not permitted on the overflow gid.

I think supplementary groups should be dropped in the user namespace for=20
the build container to make the behavior reproducible. Unfortunately=20
this may be impossible if the parent namespace has set=20
/proc/[...]/setgroups to "deny".

Best,
keinflue

On 17.04.2025 18:51, Ludovic Court=C3=A8s wrote:
> keinflue <keinflue@HIDDEN> writes:
>=20
>> Here are excerpts from the build log:
>=20
> Thanks.
>=20
>> Unfortunately I made a mistake and accidentally lost the container in
>> which I tried this, so I can not verify right now whether the patch
>> actually resolves the issue.
>>=20
>> It might take me a day or two to restore it.
>=20
> No worries, I=E2=80=99ll wait for your feedback.
>=20
>> This happened either during or shortly after bootstrap builds, so I
>> don't know whether this was the final coreutils package or one from
>> commencement.scm.
>=20
> OK.
>=20
> If you have a setup for full rebuilds (no substitutes) running in a
> container, I=E2=80=99m curious to learn more about it!
>=20
> Ludo=E2=80=99.

Last modified: Sat, 19 Apr 2025 11:30:04 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.