GNU bug report logs -
#78152
[guix-daemon] Build user's pw_dir != HOME
Previous Next
To reply to this bug, email your comments to 78152 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#78152; Package
guix.
(Tue, 29 Apr 2025 23:20:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Maxim Cournoyer <maxim.cournoyer <at> gmail.com>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Tue, 29 Apr 2025 23:20:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Hi,
There is a discrepancy in our build environment, where the build user's
directory is set to '/' while HOME is set to '/homeless-shelter'.
Normally both should match, and it trips some test suite that assumes
this to be the case, as with libssh's [0].
Perhaps '/homeless-shelter' could be made to more simply be '/', or
pw_dir could be made to be '/homeless-shelter'.
What do you think?
[0] https://gitlab.com/libssh/libssh-mirror/-/issues/302#note_2475036715
--
Thanks,
Maxim
Information forwarded
to
bug-guix <at> gnu.org:
bug#78152; Package
guix.
(Thu, 01 May 2025 11:50:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 78152 <at> debbugs.gnu.org (full text, mbox):
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes:
> Hi,
>
> There is a discrepancy in our build environment, where the build user's
> directory is set to '/' while HOME is set to '/homeless-shelter'.
> Normally both should match, and it trips some test suite that assumes
> this to be the case, as with libssh's [0].
>
> Perhaps '/homeless-shelter' could be made to more simply be '/', or
> pw_dir could be made to be '/homeless-shelter'.
>
> What do you think?
I would prefer the latter. I know this is just the build container, but
it still would likely be preferable not to litter / with garbage. IMO.
>
> [0] https://gitlab.com/libssh/libssh-mirror/-/issues/302#note_2475036715
--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
Information forwarded
to
bug-guix <at> gnu.org:
bug#78152; Package
guix.
(Thu, 01 May 2025 12:07:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 78152 <at> debbugs.gnu.org (full text, mbox):
Hi,
imo the latter approach is better, because the advantage of using
/homeless-shelter is that you can clearly see it in error log if the
package you're building tries to use the HOME. If it was just /, we
would lose the ability to tell why the package chose to access something
under root of the filesystem - is it accessing a hard coded path or
accessing $HOME?
Information forwarded
to
maxim.cournoyer <at> gmail.com, ~@wolfsden.cz, rutherther <at> ditigal.xyz, bug-guix <at> gnu.org:
bug#78152; Package
guix.
(Fri, 02 May 2025 06:01:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 78152 <at> debbugs.gnu.org (full text, mbox):
* nix/libstore/build.cc (DerivationGoal::startBuilder)
</etc/passwd>: Adjust build user directory.
Fixes: <https://issues.guix.gnu.org/78152>
Change-Id: I242940195e49b2ee9544e9e5211a6598f682cbfe
---
The fix was tested by:
1. Exiting all 'guix shell' envs then # herd stop guix-daemon
2. sudo -E ./pre-inst-env guix-daemon --build-users-group guixbuild \
--max-silent-time 3600 --timeout 86400 --log-compression none \
--discover=no --substitute-urls \
'https://bordeaux.guix.gnu.org https://ci.guix.gnu.org' --max-jobs=10 &
3. Apply the following diff:
modified gnu/packages/ssh.scm
@@ -182,13 +182,7 @@ (define-public libssh
;; Test sources.
(substitute* '("tests/server/test_server/default_cb.c")
(("\"/bin/sh\"")
- (format #f "~s" (which "sh"))))))
- (add-before 'check 'prepare-for-tests
- ;; A few test rely on the assumption that HOME == user's pw_dir,
- ;; which is not satisfied in Guix, where `pw_dir' is '/' while
- ;; HOME is '/homeless-shelter'.
- (lambda _
- (setenv "HOME" "/"))))))
+ (format #f "~s" (which "sh")))))))))
(native-inputs (list cmocka))
(inputs (list bash-minimal mit-krb5 openssl zlib))
(synopsis "SSH client library")
4. Building it successfully: ./pre-inst-env guix build libssh
nix/libstore/build.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
index a1f39d9a8bf..2cf2a7d06c2 100644
--- a/nix/libstore/build.cc
+++ b/nix/libstore/build.cc
@@ -1845,7 +1845,7 @@ void DerivationGoal::startBuilder()
writeFile(chrootRootDir + "/etc/passwd",
(format(
- "nixbld:x:%1%:%2%:Nix build user:/:/noshell\n"
+ "nixbld:x:%1%:%2%:Nix build user:/homeless-shelter:/noshell\n"
"nobody:x:65534:65534:Nobody:/:/noshell\n")
% (buildUser.enabled() ? buildUser.getUID() : guestUID)
% (buildUser.enabled() ? buildUser.getGID() : guestGID)).str());
base-commit: b2b7d2a3275d5ba866ae7fecac928ed4bd416beb
--
2.49.0
Information forwarded
to
bug-guix <at> gnu.org:
bug#78152; Package
guix.
(Fri, 02 May 2025 15:58:01 GMT)
Full text and
rfc822 format available.
Message #17 received at 78152 <at> debbugs.gnu.org (full text, mbox):
Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes:
> * nix/libstore/build.cc (DerivationGoal::startBuilder)
> </etc/passwd>: Adjust build user directory.
>
> Fixes: <https://issues.guix.gnu.org/78152>
> Change-Id: I242940195e49b2ee9544e9e5211a6598f682cbfe
> ---
> The fix was tested by:
>
> 1. Exiting all 'guix shell' envs then # herd stop guix-daemon
>
> 2. sudo -E ./pre-inst-env guix-daemon --build-users-group guixbuild \
> --max-silent-time 3600 --timeout 86400 --log-compression none \
> --discover=no --substitute-urls \
> 'https://bordeaux.guix.gnu.org https://ci.guix.gnu.org' --max-jobs=10 &
>
> 3. Apply the following diff:
> modified gnu/packages/ssh.scm
> @@ -182,13 +182,7 @@ (define-public libssh
> ;; Test sources.
> (substitute* '("tests/server/test_server/default_cb.c")
> (("\"/bin/sh\"")
> - (format #f "~s" (which "sh"))))))
> - (add-before 'check 'prepare-for-tests
> - ;; A few test rely on the assumption that HOME == user's pw_dir,
> - ;; which is not satisfied in Guix, where `pw_dir' is '/' while
> - ;; HOME is '/homeless-shelter'.
> - (lambda _
> - (setenv "HOME" "/"))))))
> + (format #f "~s" (which "sh")))))))))
> (native-inputs (list cmocka))
> (inputs (list bash-minimal mit-krb5 openssl zlib))
> (synopsis "SSH client library")
>
> 4. Building it successfully: ./pre-inst-env guix build libssh
> nix/libstore/build.cc | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
> index a1f39d9a8bf..2cf2a7d06c2 100644
> --- a/nix/libstore/build.cc
> +++ b/nix/libstore/build.cc
> @@ -1845,7 +1845,7 @@ void DerivationGoal::startBuilder()
>
> writeFile(chrootRootDir + "/etc/passwd",
> (format(
> - "nixbld:x:%1%:%2%:Nix build user:/:/noshell\n"
> + "nixbld:x:%1%:%2%:Nix build user:/homeless-shelter:/noshell\n"
> "nobody:x:65534:65534:Nobody:/:/noshell\n")
> % (buildUser.enabled() ? buildUser.getUID() : guestUID)
> % (buildUser.enabled() ? buildUser.getGID() : guestGID)).str());
>
> base-commit: b2b7d2a3275d5ba866ae7fecac928ed4bd416beb
LGTM.
Reviewed-by: Tomas Volf <~@wolfsden.cz>
--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
This bug report was last modified 1 day ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.