guix-install.sh does not add build users to kvm group

  • Done
  • quality assurance status badge
Details
3 participants
  • Leo Famulari
  • Ludovic Courtès
  • Marius Bakke
Owner
unassigned
Submitted by
Marius Bakke
Severity
important
M
M
Marius Bakke wrote on 29 Jun 2020 22:01
(address . bug-guix@gnu.org)
875zb91w0d.fsf@gnu.org
Hello,

guix-install.sh should add the build users to the 'kvm' group if present
so that commands that require use of KVM can succeed.
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAl76SLIACgkQoqBt8qM6
VPr3TQf+KGRK89tr9pxnafJhtPbd2m+V5/5f+D32m+mkFnt/aei7nQ+J8KpmZV4/
x4YpmS2hOrnTqs9KOoAANEMRgJCZME2VBvvUOlj4OPzKtTq5uWjn13oaAyykkv2d
Xk6vPhD5z7e2dR1vfjcFHsZmcKGa+ltGxiBtqaAmEOy3tO5qT3maJkuKdbMAslb/
7Gb8lnaOJ9Aeqv+1IQsq+fSI9MYoZcGzzcbBITxzXQxWHt3AiRqJTjtLKzdygdoF
z5Vc4owy6RtWFGAhe/83fiOhqlMC+XFtH9DSOnaifKh1BXy7wZIv3CnTIkwEOa/U
MI6ZbFGsqaOOp+k8ru4aXCMYJKKknA==
=0nkO
-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 1 Apr 2021 15:21
control message for bug #42129
(address . control@debbugs.gnu.org)
87eefu87jc.fsf@gnu.org
severity 42129 important
quit
L
L
Ludovic Courtès wrote on 2 Apr 2021 09:46
(address . control@debbugs.gnu.org)
8735w93z94.fsf@gnu.org
tags 42129 + easy
quit
L
L
Ludovic Courtès wrote on 2 Apr 2021 09:46
control message for bug #47297
(address . control@debbugs.gnu.org)
87zgyh2kny.fsf@gnu.org
block 47297 by 42129
quit
L
L
Leo Famulari wrote on 9 Apr 2021 00:38
Re: bug#42129: guix-install.sh does not add build users to kvm group
(name . Marius Bakke)(address . marius@gnu.org)(address . 42129@debbugs.gnu.org)
YG+GA/0KSRuqnbM2@jasmine.lan
On Mon, Jun 29, 2020 at 10:01:54PM +0200, Marius Bakke wrote:
Toggle quote (3 lines)
> guix-install.sh should add the build users to the 'kvm' group if present
> so that commands that require use of KVM can succeed.

Here is a patch (untested) that makes sure a 'kvm' group exists and adds
it to the guixbuilders' groups.
From 929102f7b52d00f731a9f61fb2fe32bad441f1dd Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Thu, 8 Apr 2021 18:34:43 -0400
Subject: [PATCH] guix-install.sh: Add the build users to the 'kvm' group.

* etc/guix-install.sh (sys_create_build_user): Ensure that a 'kvm' group exists,
and add it to the guixbuilders' lists of supplementary groups.
---
etc/guix-install.sh | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)

Toggle diff (31 lines)
diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index c84e7b7577..15fa44f1e2 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -330,15 +330,22 @@ sys_create_build_user()
_msg "${PAS}group <guixbuild> created"
fi
+ if [ $(getent group kvm) ]; then
+ _msg "${INF}group kvm exists"
+ else
+ groupadd --system kvm
+ _msg "${PAS}group <kvm> created"
+ fi
+
for i in $(seq -w 1 10); do
if id "guixbuilder${i}" &>/dev/null; then
_msg "${INF}user is already in the system, reset"
- usermod -g guixbuild -G guixbuild \
+ usermod -g guixbuild -G guixbuild,kvm \
-d /var/empty -s "$(which nologin)" \
-c "Guix build user $i" \
"guixbuilder${i}";
else
- useradd -g guixbuild -G guixbuild \
+ useradd -g guixbuild -G guixbuild,kvm \
-d /var/empty -s "$(which nologin)" \
-c "Guix build user $i" --system \
"guixbuilder${i}";
--
2.31.1
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmBvhgMACgkQJkb6MLrK
fwgM1xAA2mP7NRqSGW2sCjZUhYY1IvCCoFrCfnd2jqnV1n8BtsYcTUDnlnfdILOZ
ufMbSyfMyn0rZQHjdR9zJCAZcD1NKLRku9iFotVu3ai8qa72mJ+XA1gNX55r6xdV
FGAhp4kAYJxRYY58hUO/mYQ69HHoy0hHuCCl+H/VfMuqNkHn1ukip9F1I90q9qdn
uwnda3GuL5eFdtqio5MaVuVf6eDNhX+yaXYUAY/D361Q3v5b6l4BxEjQHa7bbgjd
cAHLWxbxGROtqBZ7JLZk6b7zxso85a6euQCFTCnHwS+oLAORNW/Bqi80GfQ2RLoW
DoqekRpDUJ68XfVXva+8Y5O6RBfMqrKLAdiIh3ptgcUZAJal5N8ClWtKR4VQOc4X
AUuN08LFome0k1B9wWVKwU1lM5EHC3Ah9cbE3K4le1m679wNkrbALdnmc9YExwl6
IutG3hkzhWa7zKaZF6nMpaQayAxXBxEbJcx5faWmWUhnIlPsPW99K5BUb5ZOqg9s
h46W39sVXjOPiPuEKkoD7qtaeVAdJ9xa2NikTwXH6yfTO3Vvj3jY1ep7BtKqk9o5
2Ikk6Qt5VNKktoOpk3cGD/oMz7MUxeSxsXrxYHtgr6pHhH8DRhBFhZ1LChpbX935
CrWqbmR5qVkPkjLAyRhkPKtP+1/5QimQ7IOOzkeL3w8pT5VOBuQ=
=vyZm
-----END PGP SIGNATURE-----


L
L
Leo Famulari wrote on 9 Apr 2021 01:03
(name . Marius Bakke)(address . marius@gnu.org)(address . 42129@debbugs.gnu.org)
YG+LvpQrqF0icNPd@jasmine.lan
On Thu, Apr 08, 2021 at 06:38:59PM -0400, Leo Famulari wrote:
Toggle quote (7 lines)
> On Mon, Jun 29, 2020 at 10:01:54PM +0200, Marius Bakke wrote:
> > guix-install.sh should add the build users to the 'kvm' group if present
> > so that commands that require use of KVM can succeed.
>
> Here is a patch (untested) that makes sure a 'kvm' group exists and adds
> it to the guixbuilders' groups.

I realized that you specified that the build users should be added to
the kvm group 'if' it is present. So, here is a revised patch.
From 1a9fd7decd843f21c36d8ec4d1e218f478b983cf Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Thu, 8 Apr 2021 18:34:43 -0400
Subject: [PATCH v2] guix-install.sh: Add the build users to the 'kvm' group.

* etc/guix-install.sh (sys_create_build_user): If a 'kvm' group exists,
add it to the guixbuilders' lists of supplementary groups.
---
etc/guix-install.sh | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

Toggle diff (29 lines)
diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index c84e7b7577..f3fcbf5d05 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -330,15 +330,20 @@ sys_create_build_user()
_msg "${PAS}group <guixbuild> created"
fi
+ if [ $(getent group kvm) ]; then
+ _msg "${INF}group kvm exists and build users will be added to it"
+ local KVMGROUP=,kvm
+ fi
+
for i in $(seq -w 1 10); do
if id "guixbuilder${i}" &>/dev/null; then
_msg "${INF}user is already in the system, reset"
- usermod -g guixbuild -G guixbuild \
+ usermod -g guixbuild -G guixbuild{$KVMGROUP} \
-d /var/empty -s "$(which nologin)" \
-c "Guix build user $i" \
"guixbuilder${i}";
else
- useradd -g guixbuild -G guixbuild \
+ useradd -g guixbuild -G guixbuild{$KVMGROUP} \
-d /var/empty -s "$(which nologin)" \
-c "Guix build user $i" --system \
"guixbuilder${i}";
--
2.31.1
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmBvi74ACgkQJkb6MLrK
fwhpxQ//dyXoDK/WMy2lEeEB7UlUt7ImGZkj3TMh+sxJnwmMyNykC6mxxxUQuiwR
y2ziqdNcUI/WdxLj3oTeZ17BLqrsKHLawJFNSqH8qVFksPHkljssfSFrYMCElIMc
GnjQ72iVe/jg/iYfyl22A/qYibuH8c2JGbxpOxD2WUHInOIwsNXaizpIQYJgw6tb
F5cXPn4rMW/JtwcOe5pYgWic/z5eCE81+RjMqpMlYrpESiZ4CReSt1aCJlL3rmoT
/ERSezNAcnASlt6KTUfe6DJHAKtdQf9siywe8Jt/m5junZMr4VA98Y1AJVyUvysf
Z8ixZlSLiSpGlQIHYeTM3SqWmjpJbGYmjJtoqX0zBViRhpii9pYGqG6kW/yp4UaP
ZZPZ971LkZKiEbPdN3QjGqqPjoMN3AcibnAiyoHasLbVOypS0zbCa49KIl0UEvgg
MOON/0LemIme2LzltpOlCxk7+e3izYbTq4vE1np3lffX+y+iEqAA5TE9L+eWGHnP
AC7tWuGT6Rfyl4lp38/g/8FXh9i40nVmrgZT9VidL4J4lkjCdVEHGoQwhAWa2ui7
lLh+U+A8yNJHCZYPd2+NaWrnduZiB3ze9dmjRIq7MVrqA3L1BEkLSavwBqEKqh/X
cI2gn/bPf9zoYnNHCbeB97rOuIfa4oPw5+RVCrXWK+iBWJlYTVE=
=e4ui
-----END PGP SIGNATURE-----


L
L
Leo Famulari wrote on 14 Apr 2021 21:33
(name . Marius Bakke)(address . marius@gnu.org)(address . 42129-done@debbugs.gnu.org)
YHdDmkj2OHpBWNEP@jasmine.lan
On Thu, Apr 08, 2021 at 07:03:26PM -0400, Leo Famulari wrote:
Toggle quote (8 lines)
> From 1a9fd7decd843f21c36d8ec4d1e218f478b983cf Mon Sep 17 00:00:00 2001
> From: Leo Famulari <leo@famulari.name>
> Date: Thu, 8 Apr 2021 18:34:43 -0400
> Subject: [PATCH v2] guix-install.sh: Add the build users to the 'kvm' group.
>
> * etc/guix-install.sh (sys_create_build_user): If a 'kvm' group exists,
> add it to the guixbuilders' lists of supplementary groups.

I tested, fixed bugs, and pushed as 8e214c53a48a841887a59f24a20e7392b5e59b55
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmB3Q5oACgkQJkb6MLrK
fwhUpxAA6cDg9ih/ochJxkcIJe+C6hueYYumzbohQmVgsOBPz6ubSuy+wCNJFXtt
3wFtq+ogVKIW4s2/6WFRIEsZAduRKCzfuRr/gKxq6Rh4GaXrIfhjclzv/UVEO+et
rgpd2SxYJ+gytr7VHCV6kewpQboS8aVuh0x0YCTRGgkibkJN9JHTnJG8jUoAaMez
0u8VDemkGAk09jhO0ylTplqooLw3jM2tzuwR8BssGdamk1d6cPTfeC3fODguD4Rm
KYoyCKeaMXhapiPzh9yiIVruzqcKw39vmMvB57uhO7qM9p+JhFKl3QhhvdrTGokP
zjePGF5FuB/zxEO4WwmBrAOIiRDXmaZcJ739AcDVh04yavwG/qjYb9/lWrS1HK/1
NCIIXAUUi81TYFwfmrGHk0IU7HduU7ouR98SEYlngJ/HYN1/8kUu7Nho3yF509Uv
NRmS/+pdma0vtkI5R9mES7/gf4zU0KgnySlk2iT9PL6kMbckUyp73Nh/DJxRozVx
DzHrr+Q35Ttjsm45NjH1HH7y7a/83+7xOPCq12W1D+bY7nLt1S+j9vk096sHl/dp
9qyEFtLsvuTzT0hFlvh05T5TbM8n8Ll8T6gRBGh4FMxTQ3owOcIPoXt316sBBxjF
FMCVLvgHLVQcmnHsvingbywtJhKVWntm4C1x0lbjGPabxgP0Wvg=
=hMQP
-----END PGP SIGNATURE-----


Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 42129@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 42129
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch