guix lint: permission denied for cve checker

Done

Details

4 participants

Jonathan Brielmaier
Leo Famulari
Ludovic Courtès
Maxim Cournoyer

Owner: unassigned

Submitted by: Jonathan Brielmaier

Severity: normal

Jonathan Brielmaier wrote on 14 Aug 2020 14:26

Recipients:(name . bug-guix)(address . bug-guix@gnu.org)

Message-ID:11047e71-4c2a-1ee3-e2c2-75e182f2faa7@web.de

When running guix lint with the cve checker I get the following error:

```
guix lint icecat --checkers=cve
fetching CVE database for 2020...view1 [cve]...
Backtrace:
          12 (primitive-load "/home/jonathan/.config/guix/current/bi?")
In guix/ui.scm:
  2046:12 11 (run-guix-command _ . _)
In srfi/srfi-1.scm:
    634:9 10 (for-each #<procedure 7fe83940afc0 at guix/scripts/lin?> ?)
In guix/scripts/lint.scm:
     60:4  9 (run-checkers #<package icecat@68.11.0-guix0-preview1 ?> ?)
In srfi/srfi-1.scm:
    634:9  8 (for-each #<procedure 7fe83094da20 at guix/scripts/lin?> ?)
In guix/scripts/lint.scm:
    69:21  7 (_ _)
In guix/lint.scm:
   1110:4  6 (check-vulnerabilities #<package icecat@68.11.0-guix0-?> ?)
   1102:9  5 (_ _)
In unknown file:
           4 (force #<promise #<procedure 7fe8387c8820 at guix/lint.?>)
In guix/lint.scm:
   1085:2  3 (_)
   1044:2  2 (call-with-networking-fail-safe _ _ _)
In ice-9/boot-9.scm:
  1736:10  1 (with-exception-handler _ _ #:unwind? _ # _)
  1669:16  0 (raise-exception _ #:continuable? _)

ice-9/boot-9.scm:1669:16: In procedure raise-exception:
In procedure mkdir: Permission denied
```

I'm on a pretty new guix and I did observe this issue for quite a while:
```
guix describe
  guix 697e54b
    Repository-URL: https://git.savannah.gnu.org/git/guix.git
    Branch: master
    Commit: 697e54b2a16575afa9457456fa2a27b0e5895caa
```

Leo Famulari wrote on 14 Aug 2020 20:27

Recipients:(name . Jonathan Brielmaier)(address . jonathan.brielmaier@web.de)(address . 42859@debbugs.gnu.org)

Message-ID:20200814182757.GA23337@jasmine.lan

On Fri, Aug 14, 2020 at 02:26:03PM +0200, Jonathan Brielmaier wrote:

Toggle quote (5 lines)> When running guix lint with the cve checker I get the following error:
> 
> ```
> guix lint icecat --checkers=cve
> fetching CVE database for 2020...view1 [cve]...

[...]

Toggle quote (3 lines)

> In procedure mkdir: Permission denied

> ```

Do you know which directory that is? You can run the comand with `strace

-f` to check.

It works for me on Debian...

Jonathan Brielmaier wrote on 16 Aug 2020 21:58

Recipients:(name . Leo Famulari)(address . leo@famulari.name)(address . 42859@debbugs.gnu.org)

Message-ID:335a65e3-53a5-8c5b-2388-12553e3236b9@web.de

On 14.08.20 20:27, Leo Famulari wrote:

Toggle quote (13 lines)> On Fri, Aug 14, 2020 at 02:26:03PM +0200, Jonathan Brielmaier wrote:
>> When running guix lint with the cve checker I get the following error:
>>
>> ```
>> guix lint icecat --checkers=cve
>> fetching CVE database for 2020...view1 [cve]...
> [...]
>> In procedure mkdir: Permission denied
>> ```
>
> Do you know which directory that is? You can run the comand with `strace
> -f` to check.

Ah thanks for that hint!

[...]
[pid 20797] mkdir("/home/jonathan/.cache/guix", 0777) = -1 EEXIST (Die
Datei existiert bereits)
[pid 20797] mkdir("/home/jonathan/.cache/guix/http", 0777) = -1 EACCES
(Keine Berechtigung)
[pid 20797] write(2, "Backtrace:\n", 11Backtrace:
) = 11
[...]

ll /home/jonathan/.cache/guix
insgesamt 8
drwxr-xr-x 3 root root 4096 17. Jun 00:00 authentication/
drwxr-xr-x 6 root root 4096  7. Jun 11:53 checkouts/

So i wonder now why it's owned by root and not by jonathan:users like
the rest (apart from guile) in ~/.cache/

Ludovic Courtès wrote on 26 Aug 2020 00:54

Recipients:(name . Jonathan Brielmaier)(address . jonathan.brielmaier@web.de)

Message-ID:87ft8awd3p.fsf@gnu.org

Jonathan Brielmaier <jonathan.brielmaier@web.de> skribis:

Toggle quote (33 lines)> On 14.08.20 20:27, Leo Famulari wrote:
>> On Fri, Aug 14, 2020 at 02:26:03PM +0200, Jonathan Brielmaier wrote:
>>> When running guix lint with the cve checker I get the following error:
>>>
>>> ```
>>> guix lint icecat --checkers=cve
>>> fetching CVE database for 2020...view1 [cve]...
>> [...]
>>> In procedure mkdir: Permission denied
>>> ```
>>
>> Do you know which directory that is? You can run the comand with `strace
>> -f` to check.
>
> Ah thanks for that hint!
>
> [...]
> [pid 20797] mkdir("/home/jonathan/.cache/guix", 0777) = -1 EEXIST (Die
> Datei existiert bereits)
> [pid 20797] mkdir("/home/jonathan/.cache/guix/http", 0777) = -1 EACCES
> (Keine Berechtigung)
> [pid 20797] write(2, "Backtrace:\n", 11Backtrace:
> ) = 11
> [...]
>
> ll /home/jonathan/.cache/guix
> insgesamt 8
> drwxr-xr-x 3 root root 4096 17. Jun 00:00 authentication/
> drwxr-xr-x 6 root root 4096  7. Jun 11:53 checkouts/
>
> So i wonder now why it's owned by root and not by jonathan:users like
> the rest (apart from guile) in ~/.cache/

Perhaps you previously ran “sudo guix lint -c cve” or something?

Commit 4c5edee1ef2aff2b8f3782ccb03723a6428bf600 leads to a clearer error

message pointing at the faulty directory permissions.

I think we’re done?

Thanks,

Ludo’.

Maxim Cournoyer wrote on 14 Jul 2022 05:04

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:87bktsz966.fsf@gmail.com

Hi,

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (42 lines)> Jonathan Brielmaier <jonathan.brielmaier@web.de> skribis:
>
>> On 14.08.20 20:27, Leo Famulari wrote:
>>> On Fri, Aug 14, 2020 at 02:26:03PM +0200, Jonathan Brielmaier wrote:
>>>> When running guix lint with the cve checker I get the following error:
>>>>
>>>> ```
>>>> guix lint icecat --checkers=cve
>>>> fetching CVE database for 2020...view1 [cve]...
>>> [...]
>>>> In procedure mkdir: Permission denied
>>>> ```
>>>
>>> Do you know which directory that is? You can run the comand with `strace
>>> -f` to check.
>>
>> Ah thanks for that hint!
>>
>> [...]
>> [pid 20797] mkdir("/home/jonathan/.cache/guix", 0777) = -1 EEXIST (Die
>> Datei existiert bereits)
>> [pid 20797] mkdir("/home/jonathan/.cache/guix/http", 0777) = -1 EACCES
>> (Keine Berechtigung)
>> [pid 20797] write(2, "Backtrace:\n", 11Backtrace:
>> ) = 11
>> [...]
>>
>> ll /home/jonathan/.cache/guix
>> insgesamt 8
>> drwxr-xr-x 3 root root 4096 17. Jun 00:00 authentication/
>> drwxr-xr-x 6 root root 4096  7. Jun 11:53 checkouts/
>>
>> So i wonder now why it's owned by root and not by jonathan:users like
>> the rest (apart from guile) in ~/.cache/
>
> Perhaps you previously ran “sudo guix lint -c cve” or something?
>
> Commit 4c5edee1ef2aff2b8f3782ccb03723a6428bf600 leads to a clearer error
> message pointing at the faulty directory permissions.
>
> I think we’re done?

I think so! Closing.

Thanks,

Maxim

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 42859@debbugs.gnu.org

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date