Age	Commit message (Expand)	Author
2024-03-12	daemon: Address shortcoming in previous security fix for CVE-2024-27297....This is a followup to 8f4ffb3fae133bb21d7991e97c2f19a7108b1143. Commit 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 fell short in two ways: (1) it didn’t have any effet for fixed-output derivations performed in a chroot, which is the case for all of them except those using “builtin:download” and “builtin:git-download”, and (2) it did not preserve ownership when copying, leading to “suspicious ownership or permission […] rejecting this build output” errors. * nix/libstore/build.cc (DerivationGoal::buildDone): Account for ‘chrootRootDir’ when copying ‘drv.outputs’. * nix/libutil/util.cc (copyFileRecursively): Add ‘fchown’ and ‘fchownat’ calls to preserve file ownership; this is necessary for chrooted fixed-output derivation builds. * nix/libutil/util.hh: Update comment. Change-Id: Ib59f040e98fed59d1af81d724b874b592cbef156	Ludovic Courtès
2024-03-11	daemon: Protect against FD escape when building fixed-output derivations (CVE......This fixes a security issue (CVE-2024-27297) whereby a fixed-output derivation build process could open a writable file descriptor to its output, send it to some outside process for instance over an abstract AF_UNIX socket, which would then allow said process to modify the file in the store after it has been marked as “valid”. Vulnerability discovered by puck <https://github.com/puckipedia>. Nix security advisory: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 Nix fix: https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9 * nix/libutil/util.cc (readDirectory): Add variants that take a DIR* and a file descriptor. Rewrite the ‘Path’ variant accordingly. (copyFile, copyFileRecursively): New functions. * nix/libutil/util.hh (copyFileRecursively): New declaration. * nix/libstore/build.cc (DerivationGoal::buildDone): When ‘fixedOutput’ is true, call ‘copyFileRecursively’ followed by ‘rename’ on each output. Change-Id: I7952d41093eed26e123e38c14a4c1424be1ce1c4 Reported-by: Picnoir <picnoir@alternativebit.fr>, Théophane Hufschmitt <theophane.hufschmitt@tweag.io> Change-Id: Idb5f2757f35af86b032a9851cecb19b70227bd88	Ludovic Courtès
2024-01-05	daemon: Change default ‘timeout’ and ‘max-silent-time’ values....Having a timeout seems generally preferable as it makes sure build slots are not kept busy for no good reason (few package builds, if any, are expected to exceed these values). * nix/libstore/globals.cc (Settings::Settings): Change ‘maxSilentTime’ and ‘buildTimeout’. * gnu/services/base.scm (<guix-configuration>)[max-silent-time] [timeout]: Change default values. * doc/guix.texi (Invoking guix-daemon, Base Services): Adjust accordingly. Change-Id: I25c50893f3f7fcca451b8f093d9d4d1a15fa58d8	Ludovic Courtès
2023-12-17	daemon: Fix my own whitespace errors....This follows up on commit d993ed43b2bae8717437aa27d9d33fd223a6411f and was entirely predictable. The noise, sorry for it. Change-Id: I8ddb8cfe33db3864949f6589cc091616a90ebc5b	Tobias Geerinckx-Rice
2023-12-10	daemon: Sacrifice builders on OOM....* nix/libstore/build.cc (DerivationGoal::runChild): Maximise our OOM score adjustment. Change-Id: I418c763b499ca16e1ffe3c6033319112b9744f51	Tobias Geerinckx-Rice
2023-12-11	daemon: Implement ‘substitute-urls’ RPC....* nix/libstore/worker-protocol.hh (PROTOCOL_VERSION): Bump. (WorkerOp): Add ‘wopSubstituteURLs’. * nix/nix-daemon/nix-daemon.cc (performOp): Implement it. * guix/store.scm (%protocol-version): Bump. (operation-id): Add ‘substitute-urls’. (substitute-urls): New procedure. * tests/store.scm ("substitute-urls, default") ("substitute-urls, client-specified URLs") ("substitute-urls, disabled"): New tests. Change-Id: I2c0119500c3a1eecfa5ebf32463ffb0f173161de	Ludovic Courtès
2023-12-04	daemon: Simplify “empty status” substitute error message....* nix/libstore/build.cc (SubstitutionGoal::finished): Don’t show what the empty status looks like. Change-Id: Ie898432aeb047aff3d59024de6ed6d18f68903c4	Ludovic Courtès