aboutsummaryrefslogtreecommitdiff
path: root/tests/elpa.scm
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2021-03-18 11:39:39 +0100
committerLudovic Courtès <ludo@gnu.org>2021-03-18 12:18:56 +0100
commitec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf (patch)
treeb9330befde8c1dc8a07ad1a2571cbe4d008a0128 /tests/elpa.scm
parent898489f48e436e45e86e1ba0fcdb6df5cd5a051a (diff)
downloadguix-ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf.tar.gz
guix-ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf.zip
daemon: Prevent privilege escalation with '--keep-failed' [security].
Fixes <https://bugs.gnu.org/47229>. Reported by Nathan Nye of WhiteBeam Security. * nix/libstore/build.cc (DerivationGoal::startBuilder): When 'useChroot' is true, add "/top" to 'tmpDir'. (DerivationGoal::deleteTmpDir): Adjust accordingly. When 'settings.keepFailed' is true, chown in two steps: first the "/top" sub-directory, and then rename "/top" to its parent.
Diffstat (limited to 'tests/elpa.scm')
0 files changed, 0 insertions, 0 deletions
generated by cgit
2022-11-28 11:19:30 +0100'>2022-11-28hurd-boot: Explain why 'getxattr' cannot be used on GNU/Hurd....This is a followup to f25e8f76fec03e5a31c221e7427d6962ece1aa67. * gnu/build/hurd-boot.scm (translated?): Clarify why 'getxattr' cannot be used on GNU/Hurd. Ludovic Courtès 2022-11-28hurd-boot: Create more PTY nodes....* gnu/build/hurd-boot.scm (set-hurd-device-translators): Create more /dev/ptyp* and /dev/ttyp* nodes. Ludovic Courtès 2022-11-20file-systems: Always do recursive bind mounts....Fixes <https://issues.guix.gnu.org/59185>. * guix/build/syscalls.scm (MS_REC): New variable. * gnu/build/file-systems.scm (mount-flags->bit-mask): Set MS_REC bit when bind-mounting. Ricardo Wurmus 2022-11-17tests: root-unmount: Wait for the first QEMU process to finish....There was a tiny possibility that the first QEMU process would still be running by the time we launch the second one. * gnu/build/marionette.scm (marionette-pid): Export. * gnu/tests/base.scm (run-root-unmount-test)[test]: Add 'waitpid' call. Ludovic Courtès 2022-11-15install: Validate symlink target in evaluate-populate-directive....* gnu/build/install.scm (evaluate-populate-directive): By default, error when the target of a symlink doesn't exist. Always ensure TARGET ends with "/". (populate-root-file-system): Call evaluate-populate-directive with #:error-on-dangling-symlink #t and add comment. Maxim Cournoyer 2022-11-15linux-modules: Add 'load-pci-device-database'....* gnu/build/linux-modules.scm (read-pci-device-database) (load-pci-device-database): New procedures. Ludovic Courtès 2022-11-15linux-modules: Add support for listing PCI devices....* gnu/build/linux-modules.scm (<pci-device>): New record type. (pci-device-class-predicate, storage-pci-device?, network-pci-device?) (display-pci-device?, pci-devices?): New procedures. Ludovic Courtès 2022-11-03file-systems: Gracefully handle EMEDIUMTYPE in 'read-partitions'....* gnu/build/file-systems.scm (ENOENT-safe): Catch EMEDIUMTYPE and warn. Marius Bakke 2022-10-20file-systems: Support the 'no-diratime' mount flag....* gnu/build/file-systems.scm (mount-flags->bit-mask): Handle 'no-diratime'. * doc/guix.texi (File Systems): Document it. Ludovic Courtès 2022-10-07marionette: Add a callback arguments to wait-for-screen-text....* gnu/build/marionette.scm (wait-for-screen-text): New 'pre-action' and 'post-action' arguments. Update doc. Call the procedures before and after the OCR occurs, respectively. Maxim Cournoyer 2022-10-07marionette: Define keystrokes for typing colons and exclamation marks....* gnu/build/marionette.scm (%qwerty-us-keystrokes): Register keystrokes for the ':' and '!' characters. Maxim Cournoyer 2022-10-07marionette: Preserve screen dumps on failures....This is to make it easier to debug test failures involving 'wait-for-screen-text': the screendump image used for the OCR is now preserved for inspection when 'wait-for-screen-text' fails. * gnu/build/marionette.scm (marionette-screen-text): Return the screendump image file as the second value. Adjust doc. (wait-for-screen-text): Add the preserved screendump image file name to the error message. Adjust doc. Maxim Cournoyer 2022-10-07marionette: Make marionette-screen-text private....It has only one user, which is better suited for wait-for-screen-text anyway. * gnu/tests/base.scm (run-basic-test): Refactor to use wait-for-screen-text instead of marionette-screen-text. Maxim Cournoyer 2022-09-24linux-container: Mark socket pair as SOCK_CLOEXEC....* gnu/build/linux-container.scm (run-container): Pass SOCK_CLOEXEC to 'socketpair'. Ludovic Courtès 2022-09-23build: jami-service: account->username always return a fingerprint....This change is motivated by the fact that Account.registeredName is a volatile account data, not exported along the account and retrieved from the name server. Have it always return Account.username instead, so that the result is reproducible independent of whether networking is available or not. * gnu/build/jami-service.scm (account->username): Always return the account fingerprint. Adjust doc. (id->username): Likewise. Maxim Cournoyer 2022-09-20linux-container: 'container-excursion*' marks its FDs as FD_CLOEXEC....Fixes <https://issues.guix.gnu.org/57827>. Reported by Mathieu Othacehe <othacehe@gnu.org>. Fixes a regression introduced with the Shepherd 0.9.2 upgrade in 1ba0e38267c9ff8bb476285091be6e297bbf136e, whereby IN and OUT would no longer be closed when 'fork+exec-command/container' would call 'exec-command*' as part of the THUNK passed to 'container-excursion*'. This is because the Shepherd 0.9.2 assumes file descriptors are properly marked as O_CLOEXEC and, consequently, 'exec-command' no longer run the close(2) loop prior to 'exec'. * gnu/build/linux-container.scm (container-excursion*): Add calls to 'fcntl'. Ludovic Courtès 2022-09-16marionette: Avoid read error when wait-for-file file is empty....Since #<eof> can't be read. * gnu/build/marionette.scm (wait-for-file): Return "" if file is empty. Partially-Fixes: https://issues.guix.gnu.org/57827 Christopher Baines 2022-09-16marionette: Make it easier to debug REPL read failures....Log the remaining contnet written to the REPL, so that there's more to go on than: socket:5:14: Unknown # object: "#<" * gnu/build/marionette.scm (marionette-eval): Catch exceptions from read and log the remainder of the content from the REPL. Christopher Baines 2022-09-13secret-service: Mark sockets as SOCK_CLOEXEC....* gnu/build/secret-service.scm (secret-service-send-secrets) (secret-service-receive-secrets): Pass SOCK_CLOEXEC to 'socket'. Ludovic Courtès 2022-09-08file-systems: Open files with O_CLOEXEC....Since this code is run from PID 1, this ensures file descriptors to sensitive files and devices are not accidentally leaked to sub-processes. * gnu/build/file-systems.scm (call-with-input-file): New procedure. (mount-file-system): Use 'close-fdes' + 'open-fdes'. Ludovic Courtès 2022-09-04linux-boot: Resume from hibernation after pre-boot....* gnu/build/linux-boot.scm (boot-system): Call resume-if-hibernated after pre-mount. Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr> Jack Hill 2022-09-02shepherd: Set #o640 permissions for log file of service in container....* gnu/build/shepherd.scm (make-forkexec-constructor/container): Set #o640 permissions for log file. Arun Isaac 2022-08-30build: image: Make partition uuid optional....The uuid field of <partition> defaults to #false. This should be reflected when creating the partition. * gnu/build/image.scm (make-ext-image): Make it optional. Mathieu Othacehe 2022-08-30build: image: Remove unused variable....* gnu/build/image.scm (make-ext-image): Remove the unused flags variable. Mathieu Othacehe 2022-08-28build: marionette: Add support for Tesseract OCR....* gnu/build/marionette.scm (invoke-ocrad-ocr): New procedure. (invoke-tesseract-ocr): Likewise. (marionette-screen-text): Rename the #:ocrad argument to #:ocr. Dispatch the matching OCR invocation procedure. (wait-for-screen-text): Rename the #:ocrad argument to #:ocr. * gnu/tests/base.scm (run-basic-test): Adjust accordingly. * gnu/tests/install.scm (enter-luks-passphrase): Likewise. (enter-luks-passphrase-for-home): Likewise. Maxim Cournoyer 2022-08-28marionette: Improve the error message of 'wait-for-screen-text'....* gnu/build/marionette.scm (wait-for-screen-text): Return the last OCR'd text when the predicate fails to match instead of the not useful predicate object. Maxim Cournoyer 2022-08-11build: marionette: Adjust QEMU Info manual reference....* gnu/build/marionette.scm (marionette-control): Update doc to correct the QEMU Info manual reference. Maxim Cournoyer 2022-08-10gnu: system: file-systems: Add shared flag....* gnu/build/file-systems.scm (mount-flags->bit-mask, mount-file-system): Handle shared flag. * gnu/system/file-systems.scm (invalid-file-system-flags): Add shared to known flags. * guix/build/syscalls.scm (MS_SHARED): New variable. * doc/guix.texi (File Systems): Document shared flag. Oleg Pykhalov 2022-08-09tests: Add qemu-guest-agent system test....Enable the QEMU guest agent interface in marionette VMs, run the qemu-guest-agent service in one and try talking to it. * gnu/build/marionette.scm (make-marionette): Enable the guest agent device. * gnu/tests/virtualization.scm (run-qemu-guest-agent-test): New procedure. (%test-qemu-guest-agent): New variable. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Timotej Lazar 2022-07-20gnu: modifying make-chromium-extension to rely on node-crx3....* gnu/build/chromium-extension.scm (make-crx): Lift Xorg and Chromium dependencies, rely on node-crx3 instead. Signed-off-by: Marius Bakke <marius@gnu.org> Nicolas Graves