aboutsummaryrefslogtreecommitdiff
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015, 2022, 2024 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (test-cpio)
  #:use-module (guix cpio)
  #:use-module (guix tests)
  #:use-module ((guix build utils)
                #:select (which call-with-temporary-output-file))
  #:use-module (ice-9 match)
  #:use-module (ice-9 popen)
  #:use-module (rnrs io ports)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-26)
  #:use-module (srfi srfi-64))

(define %cpio-program
  (which "cpio"))

(define %test-file
  (search-path %load-path "guix.scm"))


(test-begin "cpio")

;; The cpio format expects 'ino' to fit in 32 bits.  If we have a bigger inode
;; number, skip this test.
(test-skip
 (if (>= (stat:ino (lstat %test-file)) (expt 2 32)) 1 0))
(test-assert "file->cpio-header + write-cpio-header + read-cpio-header"
  (let* ((header (file->cpio-header %test-file)))
    (call-with-values
        (lambda ()
          (open-bytevector-output-port))
      (lambda (port get-bv)
        (write-cpio-header header port)
        (let ((port (open-bytevector-input-port (get-bv))))
          (equal? header (read-cpio-header port)))))))

(unless %cpio-program (test-skip 1))
(test-assert "bit-identical to GNU cpio's output"
  (call-with-temporary-output-file
   (lambda (link _)
     (delete-file link)
     (symlink "chbouib" link)

     (let ((files (cons* "/"
                         (canonicalize-path
                          (dirname (search-path %load-path "guix.scm")))
                         link
                         (map (compose canonicalize-path
                                       (cut search-path %load-path <>))
                              '("guix.scm" "guix/build/syscalls.scm"
                                "guix/packages.scm")))))
       (call-with-temporary-output-file
        (lambda (ref-file _)
          (let ((pipe (open-pipe* OPEN_WRITE %cpio-program "-o" "-O" ref-file
                                  "-H" "newc" "--null")))
            (for-each (lambda (file)
                        (format pipe "~a\0" file))
                      files)
            (and (zero? (close-pipe pipe))
                 (call-with-temporary-output-file
                  (lambda (file port)
                    (write-cpio-archive files port)
                    (close-port port)
                    (or (file=? ref-file file)
                        (throw 'cpio-archives-differ files
                               ref-file file
                               (stat:size (stat ref-file))
                               (stat:size (stat file))))))))))))))

(test-end "cpio")
generated by cgit
ate-user-home): Only chown the home directory after the account skeletons have been copied. Co-authored-by: Ludovic Courtès <ludo@gnu.org>. Maxime Devos 2021-03-10services: Prevent following symlinks during activation....This addresses a potential security issue, where a compromised service could trick the activation code in changing the permissions, owner and group of arbitrary files. However, this patch is currently only a partial fix, due to a TOCTTOU (time-of-check to time-of-use) race, which can be fixed once guile has bindings to openat and friends. Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html> * gnu/build/activation.scm: new procedure 'mkdir-p/perms'. * gnu/services/authentication.scm (%nslcd-activation, nslcd-service-type): use new procedure. * gnu/services/cups.scm (%cups-activation): likewise. * gnu/services/dbus.scm (dbus-activation): likewise. * gnu/services/dns.scm (knot-activation): likewise. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Maxime Devos 2021-02-09activation: Do not make setuid programs setgid-root [security]....Fixes <https://bugs.gnu.org/46395>. Reported by Duncan Overbruck <mail@duncano.de>. * gnu/build/activation.scm (activate-setuid-programs): Change TARGET mode to not be setgid. Ludovic Courtès 2020-06-09activation: Fix function call for system activation...* gnu/build/activation.scm (boot-time-system): Evaluate the linux-command-line thunk for linux systems to boot Signed-off-by: Ludovic Courtès <ludo@gnu.org> Royce Strange 2020-06-08system: Support activation service for the Hurd....* gnu/build/activation.scm (boot-time-system): Use "command-line" for the Hurd. * gnu/system.scm (hurd-default-essential-services): Add %boot-service and %activation-service. Jan (janneke) Nieuwenhuizen 2020-01-06activation: Check whether /proc/sys/kernel/modprobe exists....* gnu/build/activation.scm (activate-modprobe): Check whether /proc/sys/kernel/modprobe exists before writing to it. Co-authored-by: Ludovic Courtès <ludo@gnu.org> kanichos@yandex.ru 2020-01-02activation: Keep going when failing to create one of the setuid programs....Fixes <https://bugs.gnu.org/38800>. Reported by Jakub Kądziołka <kuba@kadziolka.net>. * gnu/build/activation.scm (activate-setuid-programs): Catch 'system-error' around 'make-setuid-program' calls. Ludovic Courtès 2019-06-05activation: Lock /etc/.pwd.lock before accessing databases....Suggested by Florian Pelz <pelzflorian@pelzflorian.de> in <http://bugs.gnu.org/35996>. * gnu/build/accounts.scm (%password-lock-file): New variable. * gnu/build/activation.scm (activate-users+groups): Wrap calls to 'user+group-databases', 'write-group', etc. into 'with-file-lock'. Ludovic Courtès