aboutsummaryrefslogtreecommitdiff
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2024 Efraim Flashner <efraim@flashner.co.il>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

;;; This file returns a manifest of packages built using the cargo-build-system.
;;; It is used to assist continuous integration of the rust-team branch.

(use-modules (guix packages)
             (guix profiles)
             (guix build-system))

(manifest
  (map package->manifest-entry
       (fold-packages
         (lambda (package lst)
           (if (eq? (build-system-name (package-build-system package))
                    (quote cargo))
             (cons package lst)
             lst))
         (list))))
generated by cgit
...The only thing keeping a rogue builder and a local user from collaborating to usurp control over the builder's user during the build is the fact that whatever files the builder may produce are not accessible to any other users yet. If we're going to make them accessible, we should probably do some sanity checking to ensure that sort of collaborating can't happen. Currently this isn't happening when failed build outputs are moved from the chroot as an aid to debugging. * nix/libstore/build.cc (secureFilePerms): new function. (DerivationGoal::buildDone): use it. Change-Id: I9dce1e3d8813b31cabd87a0e3219bf9830d8be96 Signed-off-by: Ludovic Courtès <ludo@gnu.org> Reepca Russelstein 2024-03-12daemon: Address shortcoming in previous security fix for CVE-2024-27297....This is a followup to 8f4ffb3fae133bb21d7991e97c2f19a7108b1143. Commit 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 fell short in two ways: (1) it didn’t have any effet for fixed-output derivations performed in a chroot, which is the case for all of them except those using “builtin:download” and “builtin:git-download”, and (2) it did not preserve ownership when copying, leading to “suspicious ownership or permission […] rejecting this build output” errors. * nix/libstore/build.cc (DerivationGoal::buildDone): Account for ‘chrootRootDir’ when copying ‘drv.outputs’. * nix/libutil/util.cc (copyFileRecursively): Add ‘fchown’ and ‘fchownat’ calls to preserve file ownership; this is necessary for chrooted fixed-output derivation builds. * nix/libutil/util.hh: Update comment. Change-Id: Ib59f040e98fed59d1af81d724b874b592cbef156 Ludovic Courtès 2024-03-11daemon: Protect against FD escape when building fixed-output derivations (CVE......This fixes a security issue (CVE-2024-27297) whereby a fixed-output derivation build process could open a writable file descriptor to its output, send it to some outside process for instance over an abstract AF_UNIX socket, which would then allow said process to modify the file in the store after it has been marked as “valid”. Vulnerability discovered by puck <https://github.com/puckipedia>. Nix security advisory: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 Nix fix: https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9 * nix/libutil/util.cc (readDirectory): Add variants that take a DIR* and a file descriptor. Rewrite the ‘Path’ variant accordingly. (copyFile, copyFileRecursively): New functions. * nix/libutil/util.hh (copyFileRecursively): New declaration. * nix/libstore/build.cc (DerivationGoal::buildDone): When ‘fixedOutput’ is true, call ‘copyFileRecursively’ followed by ‘rename’ on each output. Change-Id: I7952d41093eed26e123e38c14a4c1424be1ce1c4 Reported-by: Picnoir <picnoir@alternativebit.fr>, Théophane Hufschmitt <theophane.hufschmitt@tweag.io> Change-Id: Idb5f2757f35af86b032a9851cecb19b70227bd88 Ludovic Courtès 2023-12-17daemon: Fix my own whitespace errors....This follows up on commit d993ed43b2bae8717437aa27d9d33fd223a6411f and was entirely predictable. The noise, sorry for it. Change-Id: I8ddb8cfe33db3864949f6589cc091616a90ebc5b Tobias Geerinckx-Rice 2023-12-10daemon: Sacrifice builders on OOM....* nix/libstore/build.cc (DerivationGoal::runChild): Maximise our OOM score adjustment. Change-Id: I418c763b499ca16e1ffe3c6033319112b9744f51 Tobias Geerinckx-Rice 2023-12-04daemon: Simplify “empty status” substitute error message....* nix/libstore/build.cc (SubstitutionGoal::finished): Don’t show what the empty status looks like. Change-Id: Ie898432aeb047aff3d59024de6ed6d18f68903c4 Ludovic Courtès 2022-12-18daemon: Make "opening file" error messages distinguishable....* nix/libstore/build.cc (DerivationGoal::openLogFile): Customize "opening file" error message. * nix/libutil/hash.cc (hashFile): Likewise. * nix/libutil/util.cc (readFile, writeFile): Likewise. Ludovic Courtès