guix-install.sh does not add build users to kvm group

DoneSubmitted by Marius Bakke.
Details
3 participants
  • Leo Famulari
  • Ludovic Courtès
  • Marius Bakke
Owner
unassigned
Severity
important
M
M
Marius Bakke wrote on 29 Jun 2020 22:01
(address . bug-guix@gnu.org)
875zb91w0d.fsf@gnu.org
Hello,

guix-install.sh should add the build users to the 'kvm' group if present
so that commands that require use of KVM can succeed.
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAl76SLIACgkQoqBt8qM6
VPr3TQf+KGRK89tr9pxnafJhtPbd2m+V5/5f+D32m+mkFnt/aei7nQ+J8KpmZV4/
x4YpmS2hOrnTqs9KOoAANEMRgJCZME2VBvvUOlj4OPzKtTq5uWjn13oaAyykkv2d
Xk6vPhD5z7e2dR1vfjcFHsZmcKGa+ltGxiBtqaAmEOy3tO5qT3maJkuKdbMAslb/
7Gb8lnaOJ9Aeqv+1IQsq+fSI9MYoZcGzzcbBITxzXQxWHt3AiRqJTjtLKzdygdoF
z5Vc4owy6RtWFGAhe/83fiOhqlMC+XFtH9DSOnaifKh1BXy7wZIv3CnTIkwEOa/U
MI6ZbFGsqaOOp+k8ru4aXCMYJKKknA==
=0nkO
-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 1 Apr 2021 15:21
control message for bug #42129
(address . control@debbugs.gnu.org)
87eefu87jc.fsf@gnu.org
severity 42129 important
quit
L
L
Ludovic Courtès wrote on 2 Apr 2021 09:46
(address . control@debbugs.gnu.org)
8735w93z94.fsf@gnu.org
tags 42129 + easy
quit
L
L
Ludovic Courtès wrote on 2 Apr 2021 09:46
control message for bug #47297
(address . control@debbugs.gnu.org)
87zgyh2kny.fsf@gnu.org
block 47297 by 42129
quit
L
L
Leo Famulari wrote on 9 Apr 2021 00:38
Re: bug#42129: guix-install.sh does not add build users to kvm group
(name . Marius Bakke)(address . marius@gnu.org)(address . 42129@debbugs.gnu.org)
YG+GA/0KSRuqnbM2@jasmine.lan
On Mon, Jun 29, 2020 at 10:01:54PM +0200, Marius Bakke wrote:
Toggle quote (3 lines)
> guix-install.sh should add the build users to the 'kvm' group if present
> so that commands that require use of KVM can succeed.

Here is a patch (untested) that makes sure a 'kvm' group exists and adds
it to the guixbuilders' groups.
From 929102f7b52d00f731a9f61fb2fe32bad441f1dd Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Thu, 8 Apr 2021 18:34:43 -0400
Subject: [PATCH] guix-install.sh: Add the build users to the 'kvm' group.

* etc/guix-install.sh (sys_create_build_user): Ensure that a 'kvm' group exists,
and add it to the guixbuilders' lists of supplementary groups.
---
etc/guix-install.sh | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)

Toggle diff (31 lines)
diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index c84e7b7577..15fa44f1e2 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -330,15 +330,22 @@ sys_create_build_user()
         _msg "${PAS}group <guixbuild> created"
     fi
 
+    if [ $(getent group kvm) ]; then
+        _msg "${INF}group kvm exists"
+    else
+        groupadd --system kvm
+        _msg "${PAS}group <kvm> created"
+    fi
+
     for i in $(seq -w 1 10); do
         if id "guixbuilder${i}" &>/dev/null; then
             _msg "${INF}user is already in the system, reset"
-            usermod -g guixbuild -G guixbuild           \
+            usermod -g guixbuild -G guixbuild,kvm       \
                     -d /var/empty -s "$(which nologin)" \
                     -c "Guix build user $i"             \
                     "guixbuilder${i}";
         else
-            useradd -g guixbuild -G guixbuild           \
+            useradd -g guixbuild -G guixbuild,kvm       \
                     -d /var/empty -s "$(which nologin)" \
                     -c "Guix build user $i" --system    \
                     "guixbuilder${i}";
-- 
2.31.1
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmBvhgMACgkQJkb6MLrK
fwgM1xAA2mP7NRqSGW2sCjZUhYY1IvCCoFrCfnd2jqnV1n8BtsYcTUDnlnfdILOZ
ufMbSyfMyn0rZQHjdR9zJCAZcD1NKLRku9iFotVu3ai8qa72mJ+XA1gNX55r6xdV
FGAhp4kAYJxRYY58hUO/mYQ69HHoy0hHuCCl+H/VfMuqNkHn1ukip9F1I90q9qdn
uwnda3GuL5eFdtqio5MaVuVf6eDNhX+yaXYUAY/D361Q3v5b6l4BxEjQHa7bbgjd
cAHLWxbxGROtqBZ7JLZk6b7zxso85a6euQCFTCnHwS+oLAORNW/Bqi80GfQ2RLoW
DoqekRpDUJ68XfVXva+8Y5O6RBfMqrKLAdiIh3ptgcUZAJal5N8ClWtKR4VQOc4X
AUuN08LFome0k1B9wWVKwU1lM5EHC3Ah9cbE3K4le1m679wNkrbALdnmc9YExwl6
IutG3hkzhWa7zKaZF6nMpaQayAxXBxEbJcx5faWmWUhnIlPsPW99K5BUb5ZOqg9s
h46W39sVXjOPiPuEKkoD7qtaeVAdJ9xa2NikTwXH6yfTO3Vvj3jY1ep7BtKqk9o5
2Ikk6Qt5VNKktoOpk3cGD/oMz7MUxeSxsXrxYHtgr6pHhH8DRhBFhZ1LChpbX935
CrWqbmR5qVkPkjLAyRhkPKtP+1/5QimQ7IOOzkeL3w8pT5VOBuQ=
=vyZm
-----END PGP SIGNATURE-----


L
L
Leo Famulari wrote on 9 Apr 2021 01:03
(name . Marius Bakke)(address . marius@gnu.org)(address . 42129@debbugs.gnu.org)
YG+LvpQrqF0icNPd@jasmine.lan
On Thu, Apr 08, 2021 at 06:38:59PM -0400, Leo Famulari wrote:
Toggle quote (7 lines)
> On Mon, Jun 29, 2020 at 10:01:54PM +0200, Marius Bakke wrote:
> > guix-install.sh should add the build users to the 'kvm' group if present
> > so that commands that require use of KVM can succeed.
>
> Here is a patch (untested) that makes sure a 'kvm' group exists and adds
> it to the guixbuilders' groups.

I realized that you specified that the build users should be added to
the kvm group 'if' it is present. So, here is a revised patch.
From 1a9fd7decd843f21c36d8ec4d1e218f478b983cf Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Thu, 8 Apr 2021 18:34:43 -0400
Subject: [PATCH v2] guix-install.sh: Add the build users to the 'kvm' group.

* etc/guix-install.sh (sys_create_build_user): If a 'kvm' group exists,
add it to the guixbuilders' lists of supplementary groups.
---
etc/guix-install.sh | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

Toggle diff (29 lines)
diff --git a/etc/guix-install.sh b/etc/guix-install.sh
index c84e7b7577..f3fcbf5d05 100755
--- a/etc/guix-install.sh
+++ b/etc/guix-install.sh
@@ -330,15 +330,20 @@ sys_create_build_user()
         _msg "${PAS}group <guixbuild> created"
     fi
 
+    if [ $(getent group kvm) ]; then
+        _msg "${INF}group kvm exists and build users will be added to it"
+	local KVMGROUP=,kvm
+    fi
+
     for i in $(seq -w 1 10); do
         if id "guixbuilder${i}" &>/dev/null; then
             _msg "${INF}user is already in the system, reset"
-            usermod -g guixbuild -G guixbuild           \
+            usermod -g guixbuild -G guixbuild{$KVMGROUP}     \
                     -d /var/empty -s "$(which nologin)" \
                     -c "Guix build user $i"             \
                     "guixbuilder${i}";
         else
-            useradd -g guixbuild -G guixbuild           \
+            useradd -g guixbuild -G guixbuild{$KVMGROUP}     \
                     -d /var/empty -s "$(which nologin)" \
                     -c "Guix build user $i" --system    \
                     "guixbuilder${i}";
-- 
2.31.1
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmBvi74ACgkQJkb6MLrK
fwhpxQ//dyXoDK/WMy2lEeEB7UlUt7ImGZkj3TMh+sxJnwmMyNykC6mxxxUQuiwR
y2ziqdNcUI/WdxLj3oTeZ17BLqrsKHLawJFNSqH8qVFksPHkljssfSFrYMCElIMc
GnjQ72iVe/jg/iYfyl22A/qYibuH8c2JGbxpOxD2WUHInOIwsNXaizpIQYJgw6tb
F5cXPn4rMW/JtwcOe5pYgWic/z5eCE81+RjMqpMlYrpESiZ4CReSt1aCJlL3rmoT
/ERSezNAcnASlt6KTUfe6DJHAKtdQf9siywe8Jt/m5junZMr4VA98Y1AJVyUvysf
Z8ixZlSLiSpGlQIHYeTM3SqWmjpJbGYmjJtoqX0zBViRhpii9pYGqG6kW/yp4UaP
ZZPZ971LkZKiEbPdN3QjGqqPjoMN3AcibnAiyoHasLbVOypS0zbCa49KIl0UEvgg
MOON/0LemIme2LzltpOlCxk7+e3izYbTq4vE1np3lffX+y+iEqAA5TE9L+eWGHnP
AC7tWuGT6Rfyl4lp38/g/8FXh9i40nVmrgZT9VidL4J4lkjCdVEHGoQwhAWa2ui7
lLh+U+A8yNJHCZYPd2+NaWrnduZiB3ze9dmjRIq7MVrqA3L1BEkLSavwBqEKqh/X
cI2gn/bPf9zoYnNHCbeB97rOuIfa4oPw5+RVCrXWK+iBWJlYTVE=
=e4ui
-----END PGP SIGNATURE-----


L
L
Leo Famulari wrote on 14 Apr 2021 21:33
(name . Marius Bakke)(address . marius@gnu.org)(address . 42129-done@debbugs.gnu.org)
YHdDmkj2OHpBWNEP@jasmine.lan
On Thu, Apr 08, 2021 at 07:03:26PM -0400, Leo Famulari wrote:
Toggle quote (8 lines)
> From 1a9fd7decd843f21c36d8ec4d1e218f478b983cf Mon Sep 17 00:00:00 2001
> From: Leo Famulari <leo@famulari.name>
> Date: Thu, 8 Apr 2021 18:34:43 -0400
> Subject: [PATCH v2] guix-install.sh: Add the build users to the 'kvm' group.
>
> * etc/guix-install.sh (sys_create_build_user): If a 'kvm' group exists,
> add it to the guixbuilders' lists of supplementary groups.

I tested, fixed bugs, and pushed as 8e214c53a48a841887a59f24a20e7392b5e59b55
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmB3Q5oACgkQJkb6MLrK
fwhUpxAA6cDg9ih/ochJxkcIJe+C6hueYYumzbohQmVgsOBPz6ubSuy+wCNJFXtt
3wFtq+ogVKIW4s2/6WFRIEsZAduRKCzfuRr/gKxq6Rh4GaXrIfhjclzv/UVEO+et
rgpd2SxYJ+gytr7VHCV6kewpQboS8aVuh0x0YCTRGgkibkJN9JHTnJG8jUoAaMez
0u8VDemkGAk09jhO0ylTplqooLw3jM2tzuwR8BssGdamk1d6cPTfeC3fODguD4Rm
KYoyCKeaMXhapiPzh9yiIVruzqcKw39vmMvB57uhO7qM9p+JhFKl3QhhvdrTGokP
zjePGF5FuB/zxEO4WwmBrAOIiRDXmaZcJ739AcDVh04yavwG/qjYb9/lWrS1HK/1
NCIIXAUUi81TYFwfmrGHk0IU7HduU7ouR98SEYlngJ/HYN1/8kUu7Nho3yF509Uv
NRmS/+pdma0vtkI5R9mES7/gf4zU0KgnySlk2iT9PL6kMbckUyp73Nh/DJxRozVx
DzHrr+Q35Ttjsm45NjH1HH7y7a/83+7xOPCq12W1D+bY7nLt1S+j9vk096sHl/dp
9qyEFtLsvuTzT0hFlvh05T5TbM8n8Ll8T6gRBGh4FMxTQ3owOcIPoXt316sBBxjF
FMCVLvgHLVQcmnHsvingbywtJhKVWntm4C1x0lbjGPabxgP0Wvg=
=hMQP
-----END PGP SIGNATURE-----


Closed
?
Your comment

This issue is archived.

To comment on this conversation send email to 42129@debbugs.gnu.org