From 0d85bbd42ddcd442864a9ba4719aca8b70d68048 Mon Sep 17 00:00:00 2001 From: Alexey Abramov Date: Fri, 22 Apr 2022 11:32:15 +0200 Subject: [PATCH] Trust guix store directory To be able to execute binaries defined in OpenSSH configuration, we need to tell OpenSSH that we can trust Guix store objects. safe_path procedure takes a canonical path and for each component, walking upwards, checks ownership and permissions constrains which are: must be owned by root, not writable by group or others. --- misc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/misc.c b/misc.c index 0134d69..7131d5e 100644 --- a/misc.c +++ b/misc.c @@ -2146,6 +2146,7 @@ int safe_path(const char *name, struct stat *stp, const char *pw_dir, uid_t uid, char *err, size_t errlen) { + static const char guix_store[] = @STORE_DIRECTORY@; char buf[PATH_MAX], homedir[PATH_MAX]; char *cp; int comparehome = 0; @@ -2178,6 +2179,10 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, } strlcpy(buf, cp, sizeof(buf)); + /* If we are past the Guix store then we can stop */ + if (strcmp(guix_store, buf) == 0) + break; + if (stat(buf, &st) == -1 || (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) || (st.st_mode & 022) != 0) { -- 2.34.0 href='/guix/commit/gnu/bootloader/u-boot.scm?id=7fc2c442c85aefe21e61502f50b27651b043b5cd'>commitdiff
path: root/gnu/bootloader/u-boot.scm
AgeCommit message (Expand)Author
2023-01-18gnu: Add u-boot-ts7970-q-2g-1000mhz-c-bootloader....* gnu/bootloader/u-boot.scm (u-boot-ts7970-q-2g-1000mhz-c-bootloader): New variable. Maxim Cournoyer
2022-12-28gnu: u-boot-am335x-boneblack: Revert to old name....This reverts to the name this package had previous to commit c2c1dfdf5760873f1db86d14873f725a105f7feb ("gnu: bootloader: Add U-Boot packages for Raspberry Pi models."), which caused the package name to be derived from the board name. * gnu/packages/bootloaders.scm (u-boot-am335x-evm-boneblack): Remove the NAME-SUFFIX keyword argument. Specify the full name via the name field. * gnu/bootloader/u-boot.scm (u-boot-beaglebone-black-bootloader): Adjust to the renamed package. Reported-by: Vagrant Cascadian <vagrant@debian.org> Maxim Cournoyer
2022-12-20gnu: u-boot-am335x-evm-boneblack: Fix variable name....* gnu/packages/bootloaders.scm (u-boot-am335x-boneblack): Rename to... (u-boot-am335x-evm-boneblack), to match the package name. * gnu/bootloader/u-boot.scm (u-boot-beaglebone-black-bootloader): Adjust accordingly. Maxim Cournoyer
2021-05-29gnu: bootloader: Fix install-allwinner64-u-boot....This fixes boot breakage introduced in commit: a65c935e29766940148d52b8116634b1e1cbcba6 Multiple files were still needed, but the filenames changed. * gnu/bootloader/u-boot.scm (install-allwinner64-u-boot): Update to use both SPL and u-boot files with new filenames. Vagrant Cascadian