aboutsummaryrefslogtreecommitdiff
BranchCommit messageAuthorAge
koszkoAllow unauthorized `guix pull`W. Kosior3 weeks
koszko-scriptsAdd `koszko-vpn' branch.W. Kosior4 months
 
'>2020-10-31pack: Relocatable wrapper leaves root available to child processes....Fixes <https://bugs.gnu.org/44261>. Reported by Jan Nieuwenhuizen <janneke@gnu.org>. * gnu/packages/aux-files/run-in-namespace.c (exec_in_user_namespace): Add call to 'prctl'. Call 'mount' for NEW_ROOT and define 'is_tmpfs'. When IS_TMPFS is true, call 'umount' and 'rmdir' after 'waitpid'; otherwise, call 'rm_rf' only when 'waitpid' returns -1 the second time. (exec_with_loader): Call 'prctl'. Remove NEW_ROOT only when 'waitpid' returns -1 the second time, otherwise leave it behind. * tests/guix-pack-relocatable.sh (wait_for_file): New function. Add test. Ludovic Courtès 2020-10-30guix: pack: Fix offset calculation for store directory mount point....Fixes wrapping of non-package things, where the target store directory may differ in length from the original. * guix/scripts/pack.scm (wrapped-package)<build-wrapper>: Define WRAPPER_PROGRAM macro with wrapper's file name. * gnu/packages/aux-files/run-in-namespace.c (main): Offset index by len of that file name. Eric Bavier 2020-08-27pack: fakechroot: Honor $LD_LIBRARY_PATH....Until now, when using the "fakechroot" engine, $LD_LIBRARY_PATH would always be ignored. However, it's useful in some cases to allow users to specify LD_LIBRARY_PATH, so honor it. * gnu/packages/aux-files/run-in-namespace.c (concat_paths): New function. (exec_with_loader): Concatenante $LD_LIBRARY_PATH to the relocated AUDIT_LIBRARY_PATH. Ludovic Courtès 2020-07-28pack: "fakechroot" engine always creates its store....Previously it would silently fail to create the /gnu/store symlink when the host has a read-only /gnu as is the case in these tests. * gnu/packages/aux-files/run-in-namespace.c (exec_with_loader): Unlink the ancestor of ORIGINAL_STORE under NEW_ROOT. Check the return value of 'symlink' when creating NEW_STORE. * tests/guix-pack-relocatable.sh: Check the contents of the store as seen by the wrapped executable, with all three engines, and with both "/gnu" and "/gnu/store" erased. Ludovic Courtès 2020-07-28pack: "fakechroot" execution engine can load its audit module....Fixes <https://bugs.gnu.org/42558>. Until now, loading 'pack-audit.so' in a truly non-Guix environment would usually fail because 'pack-audit.so' depends on 'libgcc_s.so' and 'libc.so', none of which could be found. Furthermore, the test was not working as expected: the trick unshare -mrf sh -c 'mount -t tmpfs none /gnu ; ...' would allow the fakechroot engine to make its store available as /gnu/store as a result of another bug. * gnu/packages/aux-files/run-in-namespace.c (relocated_search_path): New function. (exec_with_loader): Pass "--library-path" to the loader. * guix/scripts/pack.scm (wrapped-package)[build](runpath): New procedure. (elf-loader-compile-flags): Pass "-DLOADER_AUDIT_RUNPATH". * tests/guix-pack-relocatable.sh: Remove 'STORE_PARENT'. (run_without_store): New function. Erase $NIX_STORE_DIR instead of $STORE_PARENT. Use 'run_without_store' throughout. Ludovic Courtès 2020-05-14pack: Add relocation via ld.so and fakechroot....* gnu/packages/aux-files/run-in-namespace.c (HAVE_EXEC_WITH_LOADER): New macro. (bind_mount): Rename to... (mirror_directory): ... this. Add 'firmlink' argument and use it instead of calling mkdir/open/close/mount directly. (bind_mount, make_symlink): New functions. (exec_in_user_namespace): Adjust accordingly. (exec_with_loader) [HAVE_EXEC_WITH_LOADER]: New function. (exec_performance): New function. (engines): Add them. * guix/scripts/pack.scm (wrapped-package)[fakechroot-library] [audit-module]: New procedures. [audit-source]: New variable. [build](elf-interpreter, elf-loader-compile-flags): New procedures. (build-wrapper): Use them. * tests/guix-pack-relocatable.sh: Test with 'GUIX_EXECUTION_ENGINE=fakechroot'. * doc/guix.texi (Invoking guix pack): Document the 'performance' and 'fakechroot' engines. * gnu/packages/aux-files/pack-audit.c: New file. * Makefile.am (AUX_FILES): Add it. Ludovic Courtès 2020-05-14pack: Factorize store references in wrapper....* gnu/packages/aux-files/run-in-namespace.c (original_store): New variable. (exec_in_user_namespace, exec_with_proot, main): Use it instead of the literal "@STORE_DIRECTORY@". Ludovic Courtès 2020-05-14pack: Wrapper honors 'GUIX_EXECUTION_ENGINE' environment variable....* gnu/packages/aux-files/run-in-namespace.c (struct engine): New type. (exec_default): New function. (engines): New variable. (execution_engine): New function. (main): Use it instead of calling 'exec_in_user_namespace' and 'exec_with_proot' directly. * tests/guix-pack-relocatable.sh: Add test with 'GUIX_EXECUTION_ENGINE'. * doc/guix.texi (Invoking guix pack): Document 'GUIX_EXECUTION_ENGINE'. Ludovic Courtès 2020-05-07pack: Factorize 'exec_in_user_namespace' wrapper....* gnu/packages/aux-files/run-in-namespace.c (exec_in_user_namespace): New function, with code taken from... (main): ... here. Call it. Ludovic Courtès 2020-05-07pack: Add 'xmalloc' in wrapper....* gnu/packages/aux-files/run-in-namespace.c (xmalloc): New function. (concat): Use it. Ludovic Courtès 2020-05-07pack: Fix off-by-one in PRoot handling in the wrapper....* gnu/packages/aux-files/run-in-namespace.c (exec_with_proot): Make 'proot_argv' one element larger to account for the terminating NULL. Ludovic Courtès 2020-04-24pack: 'guix pack -R' wrapper correctly reports exit code....Fixes <https://bugs.gnu.org/40816>. Reported by Jan (janneke) Nieuwenhuizen <janneke@gnu.org>. * gnu/packages/aux-files/run-in-namespace.c (main): In the 'default' case, check 'WIFEXITED (status)' and exit with the corresponding code in that case. Exit with 255 in other cases. * tests/guix-pack-relocatable.sh: Add test. Ludovic Courtès 2019-03-15pack: "-RR" produces PRoot-enabled relocatable binaries....* gnu/packages/aux-files/run-in-namespace.c (exec_with_proot): New function. (main): When 'clone' fails, call 'rm_rf'. [PROOT_PROGRAM]: When 'clone' fails, call 'exec_with_proot'. * guix/scripts/pack.scm (wrapped-package): Add #:proot?. [proot]: New procedure. [build]: Compile with -DPROOT_PROGRAM when PROOT? is true. * guix/scripts/pack.scm (%options): Set the 'relocatable?' value to 'proot when "-R" is passed several times. (guix-pack): Pass #:proot? to 'wrapped-package'. * tests/guix-pack-relocatable.sh: Use "-RR" on Intel systems that lack user namespace support. * doc/guix.texi (Invoking guix pack): Document -RR. Ludovic Courtès 2018-05-11pack: Relocatable wrapper now properly maps the current UID/GID....* gnu/packages/aux-files/run-in-namespace.c (write_id_map) (disallow_setgroups): New functions. (main): Use 'clone' via 'syscall' instead of 'fork' followed by 'unshare'. Add calls to 'disallow_setgroups' and 'write_id_map' in the parent process. Ludovic Courtès 2018-05-10pack: Add '--relocatable'....* gnu/packages/aux-files/run-in-namespace.c: New file. * Makefile.am (AUX_FILES): Add it. * guix/scripts/pack.scm (<c-compiler>): New record type. (c-compiler, bootstrap-c-compiler, c-compiler-compiler): New procedures. (self-contained-tarball): Use 'relative-file-name' for the SOURCE -> TARGET symlink. (docker-image): Add 'defmod' to please Geiser. (wrapped-package, map-manifest-entries): New procedures. (%options, show-help): Add --relocatable. (guix-pack): Honor it. Ludovic Courtès