;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2021 Brice Waegeneire ;;; Copyright © 2022 Tobias Geerinckx-Rice ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (gnu system privilege) #:use-module (guix records) #:export (privileged-program privileged-program? privileged-program-program privileged-program-setuid? privileged-program-setgid? privileged-program-user privileged-program-group privileged-program-capabilities file-like->setuid-program)) ;;; Commentary: ;;; ;;; Data structures representing privileged programs: binaries with additional ;;; permissions such as setuid/setgid, or POSIX capabilities. This is meant to ;;; be used both on the host side and at run time--e.g., in activation snippets. ;;; ;;; Code: (define-record-type* privileged-program make-privileged-program privileged-program? ;; File name of the program to assign elevated privileges. (program privileged-program-program) ;file-like ;; Whether to set the setuid (‘set user ID’) bit. (setuid? privileged-program-setuid? ;boolean (default #f)) ;; Whether to set the setgid (‘set group ID’) bit. (setgid? privileged-program-setgid? ;boolean (default #f)) ;; The user name or ID this should be set to (defaults to root's). (user privileged-program-user ;integer or string (default 0)) ;; The group name or ID we want to set this to (defaults to root's). (group privileged-program-group ;integer or string (default 0)) ;; POSIX capabilities in cap_from_text(3) form (defaults to #f: none). (capabilities privileged-program-capabilities ;string or #f (default #f))) (define (file-like->setuid-program program) "Simple wrapper to facilitate MAPping over a list of file-like objects and make them setuid, a pattern just common enough to justify a special helper." (privileged-program (program program) (setuid? #t))) header'>2023-09-26tests: Assume ‘git’ is always available.Ludovic Courtès * tests/channels.scm (gpg+git-available?): Check for ‘gpg-command’ only. Remove all ‘test-skip’ statements. * tests/derivations.scm: Likewise. * tests/git-authenticate.scm: Likewise. * tests/git.scm: Likewise. * tests/import-git.scm: Likewise. 2022-02-14git-authenticate: Ensure the target is a descendant of the introductory commit.Ludovic Courtès Fixes a bug whereby authentication of a commit *not* descending from the introductory commit could succeed, provided the commit verifies the authorization invariant. In the example below, A is a common ancestor of the introductory commit I and of commit X. Authentication of X would succeed, even though it is not a descendant of I, as long as X is authorized according to the '.guix-authorizations' in A: X I \ / A This is because, 'authenticate-repository' would not check whether X descends from I, and the call (commit-difference X I) would return X. In practice that only affects forks because it means that ancestors of the introductory commit already contain a '.guix-authorizations' file. * guix/git-authenticate.scm (authenticate-repository): Add call to 'commit-descendant?'. * tests/channels.scm ("authenticate-channel, not a descendant of introductory commit"): New test. * tests/git-authenticate.scm ("authenticate-repository, target not a descendant of intro"): New test. * tests/guix-git-authenticate.sh: Expect earlier test to fail since 9549f0283a78fe36f2d4ff2a04ef8ad6b0c02604 is not a descendant of $intro_commit. Add new test targeting an ancestor of the introductory commit, and another test targeting the v1.2.0 commit. * doc/guix.texi (Specifying Channel Authorizations): Add a sentence. 2022-02-14git-authenticate: Test introductory commit signature verification.Ludovic Courtès These tests mimic similar tests already in 'tests/channels.scm', but without using the higher-level 'authenticate-channel'. * tests/git-authenticate.scm ("introductory commit, valid signature") ("introductory commit, missing signature") ("introductory commit, wrong signature"): New tests. 2021-12-22tests: Move keys into ./tests/keys/ and add a third ed25519 key.Attila Lendvai The third key will be used in an upcoming commit. Rename public keys to .pub. * guix/tests/gnupg.scm (%ed25519-3-public-key-file): New variable. (%ed25519-3-secret-key-file): New variable. (%ed25519-2-public-key-file): Renamed from %ed25519bis-public-key-file. (%ed25519-2-secret-key-file): Renamed from %ed25519bis-secret-key-file. * tests/keys/ed25519-3.key: New file. * tests/keys/ed25519-3.sec: New file. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>