GNU bug report logs - #78287
ssh broken on systems with nix-service

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Package: guix; Reported by: Daniel Ziltener <dziltener@HIDDEN>; dated Wed, 7 May 2025 00:54:02 UTC; Maintainer for guix is bug-guix@HIDDEN.

Message received at 78287 <at> debbugs.gnu.org:


Received: (at 78287) by debbugs.gnu.org; 7 May 2025 11:27:24 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed May 07 07:27:24 2025
Received: from localhost ([127.0.0.1]:41673 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1uCcvr-00068K-Ki
	for submit <at> debbugs.gnu.org; Wed, 07 May 2025 07:27:23 -0400
Received: from mail-ed1-x530.google.com ([2a00:1450:4864:20::530]:60482)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.84_2) (envelope-from <sarg@HIDDEN>) id 1uCcvn-00067O-DD
 for 78287 <at> debbugs.gnu.org; Wed, 07 May 2025 07:27:20 -0400
Received: by mail-ed1-x530.google.com with SMTP id
 4fb4d7f45d1cf-5fbed53b421so1045375a12.0
 for <78287 <at> debbugs.gnu.org>; Wed, 07 May 2025 04:27:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=sarg.org.ru; s=google; t=1746617233; x=1747222033; darn=debbugs.gnu.org;
 h=mime-version:message-id:date:user-agent:subject:cc:to:from:from:to
 :cc:subject:date:message-id:reply-to;
 bh=6ebjMEb5AZtSiypt9tkHFZqOvqEpC38MCTKpiBzQD3E=;
 b=kYbrZfWlWJ2V/JtFZaTUpc8DjznfayiDN0CH1wuHBnk33uYwzVR9i/rJKSaKeiSaMt
 p3qvtX4ABV3Yp69h4BGe5Uih6B/qytgsrK7AKvNUcxfL4bapHKooqilr0367ExVlFoEI
 Mf9BwlyZPig1rGVFEAT9Psg/95JkrFX+TweTzvijUU2LnByyWfROIoO2CUpFFEQ35UBh
 DXGxnFzltlHFLA7qHT3+M/4UpTGNwsuOdTBU2RWKuzqRns6tFsp8xPb4w7zwC8kVx8Zc
 YcKVHstFAmAZp8o4o3f1Xk7CFV479+YFqFP1EqmU8H7W403FNFBcEMsAtQ6BDXKYF6g3
 82qg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1746617233; x=1747222033;
 h=mime-version:message-id:date:user-agent:subject:cc:to:from
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=6ebjMEb5AZtSiypt9tkHFZqOvqEpC38MCTKpiBzQD3E=;
 b=SUnDbxgQbg/xMCPIyDPxYcZJ3drd33w+fsk1NTWezoyo9KvKfpg1Uv4YBzG/KQ1Bcn
 7f8YkOKrNCzbDpmu6IQDN0mlZlBj948A6vGzZWQ+//cV7CDulMSAVvYKhRgEeDmQH7ef
 6PrqWbClIp20N4IlMCiJ3bkx0K7yA2N5Pp3XO0bNuCLHdQdaVwdWpuQ+DdFb7cq4CWYK
 2TAxq99ijKD4aRD0rzGItj1iH/4Sacfdx50p2lHXA+pcVczJoBVUhI74ZPIx4yuPG67o
 dMwZnynf4/fYOVDC31g3geCKFIxG7XjMQmFSNWnqvCZC1n/5B0ymZBZ/wwHimKQPLRjP
 52gg==
X-Gm-Message-State: AOJu0YyH+jy0QtFXFyTzH6A+Y3TE7HEoaXJQsrspGW09RdeIH6QJ7EaD
 JwPK71RFNyXRer4SM7FOiOxWTzZ7xdGxCTSqF4wFpBudYr4Cp1PUsepYwrNBubLKy8QteUrW2UQ
 yNJVU7g==
X-Gm-Gg: ASbGnctjE3zABHDmBFvIWqQpN5GzT9OIIP0Paoc8Q4EK6BRRla3QnOaUhb2CgOXxI2R
 WFmiykDKEX7ZjJduJQ8ewTIIS79pLXraRAAp5M8QSGJMnX3pggM2ji+bFCmAX/TgQo1Ymyq2Hcm
 okkyHGagr0QjeeAde4esX58yUXPhE7yqPBPZSv3AOhBbPWykYYj9i+7ksyXDjzvh6952CiQnqP1
 JdfrdtyymdAWNWiRlKDgH7yayt0WtkN6DFZk90m6usAItwxTQm2yEbsgEA9jJsyYIoeG1YcnDOl
 o7di6IbJGMgK++koP972aS9RfsyRKOr9xip0Jw==
X-Google-Smtp-Source: AGHT+IFY21OwCqhN/khubyptHuDxdT7GYL15cRGTn4DWHZPoGg/CVkpiUHCON6v5G5MV/dPxpS6XPA==
X-Received: by 2002:a17:906:794d:b0:ac6:f6e2:7703 with SMTP id
 a640c23a62f3a-ad1e8bd2265mr249982266b.8.1746617232851; 
 Wed, 07 May 2025 04:27:12 -0700 (PDT)
Received: from localhost ([2a02:2454:a095:5600:a64e:31ff:fe38:fd6c])
 by smtp.gmail.com with ESMTPSA id
 a640c23a62f3a-ad1891478fasm888848866b.26.2025.05.07.04.27.12
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 07 May 2025 04:27:12 -0700 (PDT)
From: Sergey Trofimov <sarg@HIDDEN>
To: Daniel Ziltener <dziltener@HIDDEN>
Subject: Re: bug#78287: ssh broken on systems with nix-service
User-Agent: mu4e 1.12.9; emacs 30.0.92
Date: Wed, 07 May 2025 13:27:11 +0200
Message-ID: <87y0v8iru8.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 78287
Cc: 78287 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi Daniel,

Daniel Ziltener <dziltener@HIDDEN> writes:

> It seems the latest OpenSSH update breaks ssh completely for people who
> have nix-service running. OpenSSH seems to be expecting a certain
> ownership of /nix/store which it does not have on Guix, and then fails
> with "bad ownership or modes for directory /nix/store".

This seem to be a regression from https://issues.guix.gnu.org/77968

Could you please let me know the output of `stat -c '%n %a %U %G' /nix
/nix/store` on your system?

Also, do you manage your ssh configuration using nix?
Information forwarded to bug-guix@HIDDEN:
bug#78287; Package guix. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 7 May 2025 00:53:42 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue May 06 20:53:42 2025
Received: from localhost ([127.0.0.1]:36221 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1uCT2c-0002YC-7k
	for submit <at> debbugs.gnu.org; Tue, 06 May 2025 20:53:42 -0400
Received: from lists.gnu.org ([2001:470:142::17]:43824)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <dziltener@HIDDEN>)
 id 1uCT2Y-0002Xp-Up
 for submit <at> debbugs.gnu.org; Tue, 06 May 2025 20:53:39 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <dziltener@HIDDEN>)
 id 1uCT2T-0008A5-Eu
 for bug-guix@HIDDEN; Tue, 06 May 2025 20:53:33 -0400
Received: from 195-15-242-23.dc3-a.pub1.etik-cloud.com ([195.15.242.23]
 helo=lyrion.ch)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <dziltener@HIDDEN>)
 id 1uCT2R-0003NF-9x
 for bug-guix@HIDDEN; Tue, 06 May 2025 20:53:33 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lyrion.ch; s=20230702; 
 t=1746578779;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type;
 bh=v6OvJUuKFeM7/1vQ6zCG8PGx3BLGnHyDjlTpRAbtTAI=;
 b=wDVG/QRONuD735fLV27AnlTgVVLCv81IfJQ/WMNTjKF3sq5YyiD3o9xWDyONh1rK7MrMfo
 CB4+Nd7Tlb2KoZRbaW2gZpvAHC/N2vhLyNQhclrCDokCmDTcoJ2o9yein3bz3HzjPYJWeY
 OQmjj2YMmj1Dx3/iaK6nkopqrtl9btq9ERLk+Pz48HYbnK7FpF8C3XAiId/zqiunSaniox
 JLdOPElgCG3jAUI60qnRPrz2tUY65gPvfyG3TFsAXBrxG8m5DI7X3wzls6RP3MY7YkTFYb
 AanfCg1ShTyucgxFnjohnYq4Ho129eH2TM3QL/DFX+esZiaW1S2XtEc8CVbmMQ==
Received: from localhost (053d9243.dynamic.tele-ag.de [5.61.146.67])
 by lyrion.ch (OpenSMTPD) with ESMTPSA id 7af4cb0b
 (TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <bug-guix@HIDDEN>;
 Wed, 7 May 2025 00:46:18 +0000 (UTC)
From: Daniel Ziltener <dziltener@HIDDEN>
To: bug-guix@HIDDEN
Subject: ssh broken on systems with nix-service
User-Agent: mu4e 1.12.9; emacs 30.1
Date: Wed, 07 May 2025 02:46:14 +0200
Message-ID: <87tt5xi6y1.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
Received-SPF: pass client-ip=195.15.242.23; envelope-from=dziltener@HIDDEN;
 helo=lyrion.ch
X-Spam_score_int: -10
X-Spam_score: -1.1
X-Spam_bar: -
X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,
 RDNS_DYNAMIC=0.982, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
 TVD_RCVD_IP=0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: 0.9 (/)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.1 (/)

It seems the latest OpenSSH update breaks ssh completely for people who
have nix-service running. OpenSSH seems to be expecting a certain
ownership of /nix/store which it does not have on Guix, and then fails
with "bad ownership or modes for directory /nix/store".
Acknowledgement sent to Daniel Ziltener <dziltener@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#78287; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Wed, 7 May 2025 11:30:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.