guix-install.sh does not add build users to kvm group

DoneSubmitted by Marius Bakke.
Details
3 participants
  • Leo Famulari
  • Ludovic Courtès
  • Marius Bakke
Owner
unassigned
Severity
important
M
M
Marius Bakke wrote on 29 Jun 2020 22:01
(address . bug-guix@gnu.org)
875zb91w0d.fsf@gnu.org
Hello,
guix-install.sh should add the build users to the 'kvm' group if presentso that commands that require use of KVM can succeed.
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAl76SLIACgkQoqBt8qM6VPr3TQf+KGRK89tr9pxnafJhtPbd2m+V5/5f+D32m+mkFnt/aei7nQ+J8KpmZV4/x4YpmS2hOrnTqs9KOoAANEMRgJCZME2VBvvUOlj4OPzKtTq5uWjn13oaAyykkv2dXk6vPhD5z7e2dR1vfjcFHsZmcKGa+ltGxiBtqaAmEOy3tO5qT3maJkuKdbMAslb/7Gb8lnaOJ9Aeqv+1IQsq+fSI9MYoZcGzzcbBITxzXQxWHt3AiRqJTjtLKzdygdoFz5Vc4owy6RtWFGAhe/83fiOhqlMC+XFtH9DSOnaifKh1BXy7wZIv3CnTIkwEOa/UMI6ZbFGsqaOOp+k8ru4aXCMYJKKknA===0nkO-----END PGP SIGNATURE-----
L
L
Ludovic Courtès wrote on 1 Apr 15:21 +0200
control message for bug #42129
(address . control@debbugs.gnu.org)
87eefu87jc.fsf@gnu.org
severity 42129 importantquit
L
L
Ludovic Courtès wrote on 2 Apr 09:46 +0200
(address . control@debbugs.gnu.org)
8735w93z94.fsf@gnu.org
tags 42129 + easyquit
L
L
Ludovic Courtès wrote on 2 Apr 09:46 +0200
control message for bug #47297
(address . control@debbugs.gnu.org)
87zgyh2kny.fsf@gnu.org
block 47297 by 42129quit
L
L
Leo Famulari wrote on 9 Apr 00:38 +0200
Re: bug#42129: guix-install.sh does not add build users to kvm group
(name . Marius Bakke)(address . marius@gnu.org)(address . 42129@debbugs.gnu.org)
YG+GA/0KSRuqnbM2@jasmine.lan
On Mon, Jun 29, 2020 at 10:01:54PM +0200, Marius Bakke wrote:
Toggle quote (3 lines)> guix-install.sh should add the build users to the 'kvm' group if present> so that commands that require use of KVM can succeed.
Here is a patch (untested) that makes sure a 'kvm' group exists and addsit to the guixbuilders' groups.
From 929102f7b52d00f731a9f61fb2fe32bad441f1dd Mon Sep 17 00:00:00 2001From: Leo Famulari <leo@famulari.name>Date: Thu, 8 Apr 2021 18:34:43 -0400Subject: [PATCH] guix-install.sh: Add the build users to the 'kvm' group.
* etc/guix-install.sh (sys_create_build_user): Ensure that a 'kvm' group exists,and add it to the guixbuilders' lists of supplementary groups.--- etc/guix-install.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-)
Toggle diff (31 lines)diff --git a/etc/guix-install.sh b/etc/guix-install.shindex c84e7b7577..15fa44f1e2 100755--- a/etc/guix-install.sh+++ b/etc/guix-install.sh@@ -330,15 +330,22 @@ sys_create_build_user() _msg "${PAS}group <guixbuild> created" fi + if [ $(getent group kvm) ]; then+ _msg "${INF}group kvm exists"+ else+ groupadd --system kvm+ _msg "${PAS}group <kvm> created"+ fi+ for i in $(seq -w 1 10); do if id "guixbuilder${i}" &>/dev/null; then _msg "${INF}user is already in the system, reset"- usermod -g guixbuild -G guixbuild \+ usermod -g guixbuild -G guixbuild,kvm \ -d /var/empty -s "$(which nologin)" \ -c "Guix build user $i" \ "guixbuilder${i}"; else- useradd -g guixbuild -G guixbuild \+ useradd -g guixbuild -G guixbuild,kvm \ -d /var/empty -s "$(which nologin)" \ -c "Guix build user $i" --system \ "guixbuilder${i}";-- 2.31.1
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmBvhgMACgkQJkb6MLrKfwgM1xAA2mP7NRqSGW2sCjZUhYY1IvCCoFrCfnd2jqnV1n8BtsYcTUDnlnfdILOZufMbSyfMyn0rZQHjdR9zJCAZcD1NKLRku9iFotVu3ai8qa72mJ+XA1gNX55r6xdVFGAhp4kAYJxRYY58hUO/mYQ69HHoy0hHuCCl+H/VfMuqNkHn1ukip9F1I90q9qdnuwnda3GuL5eFdtqio5MaVuVf6eDNhX+yaXYUAY/D361Q3v5b6l4BxEjQHa7bbgjdcAHLWxbxGROtqBZ7JLZk6b7zxso85a6euQCFTCnHwS+oLAORNW/Bqi80GfQ2RLoWDoqekRpDUJ68XfVXva+8Y5O6RBfMqrKLAdiIh3ptgcUZAJal5N8ClWtKR4VQOc4XAUuN08LFome0k1B9wWVKwU1lM5EHC3Ah9cbE3K4le1m679wNkrbALdnmc9YExwl6IutG3hkzhWa7zKaZF6nMpaQayAxXBxEbJcx5faWmWUhnIlPsPW99K5BUb5ZOqg9sh46W39sVXjOPiPuEKkoD7qtaeVAdJ9xa2NikTwXH6yfTO3Vvj3jY1ep7BtKqk9o52Ikk6Qt5VNKktoOpk3cGD/oMz7MUxeSxsXrxYHtgr6pHhH8DRhBFhZ1LChpbX935CrWqbmR5qVkPkjLAyRhkPKtP+1/5QimQ7IOOzkeL3w8pT5VOBuQ==vyZm-----END PGP SIGNATURE-----

L
L
Leo Famulari wrote on 9 Apr 01:03 +0200
(name . Marius Bakke)(address . marius@gnu.org)(address . 42129@debbugs.gnu.org)
YG+LvpQrqF0icNPd@jasmine.lan
On Thu, Apr 08, 2021 at 06:38:59PM -0400, Leo Famulari wrote:
Toggle quote (7 lines)> On Mon, Jun 29, 2020 at 10:01:54PM +0200, Marius Bakke wrote:> > guix-install.sh should add the build users to the 'kvm' group if present> > so that commands that require use of KVM can succeed.> > Here is a patch (untested) that makes sure a 'kvm' group exists and adds> it to the guixbuilders' groups.
I realized that you specified that the build users should be added tothe kvm group 'if' it is present. So, here is a revised patch.
From 1a9fd7decd843f21c36d8ec4d1e218f478b983cf Mon Sep 17 00:00:00 2001From: Leo Famulari <leo@famulari.name>Date: Thu, 8 Apr 2021 18:34:43 -0400Subject: [PATCH v2] guix-install.sh: Add the build users to the 'kvm' group.
* etc/guix-install.sh (sys_create_build_user): If a 'kvm' group exists,add it to the guixbuilders' lists of supplementary groups.--- etc/guix-install.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-)
Toggle diff (29 lines)diff --git a/etc/guix-install.sh b/etc/guix-install.shindex c84e7b7577..f3fcbf5d05 100755--- a/etc/guix-install.sh+++ b/etc/guix-install.sh@@ -330,15 +330,20 @@ sys_create_build_user() _msg "${PAS}group <guixbuild> created" fi + if [ $(getent group kvm) ]; then+ _msg "${INF}group kvm exists and build users will be added to it"+ local KVMGROUP=,kvm+ fi+ for i in $(seq -w 1 10); do if id "guixbuilder${i}" &>/dev/null; then _msg "${INF}user is already in the system, reset"- usermod -g guixbuild -G guixbuild \+ usermod -g guixbuild -G guixbuild{$KVMGROUP} \ -d /var/empty -s "$(which nologin)" \ -c "Guix build user $i" \ "guixbuilder${i}"; else- useradd -g guixbuild -G guixbuild \+ useradd -g guixbuild -G guixbuild{$KVMGROUP} \ -d /var/empty -s "$(which nologin)" \ -c "Guix build user $i" --system \ "guixbuilder${i}";-- 2.31.1
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmBvi74ACgkQJkb6MLrKfwhpxQ//dyXoDK/WMy2lEeEB7UlUt7ImGZkj3TMh+sxJnwmMyNykC6mxxxUQuiwRy2ziqdNcUI/WdxLj3oTeZ17BLqrsKHLawJFNSqH8qVFksPHkljssfSFrYMCElIMcGnjQ72iVe/jg/iYfyl22A/qYibuH8c2JGbxpOxD2WUHInOIwsNXaizpIQYJgw6tbF5cXPn4rMW/JtwcOe5pYgWic/z5eCE81+RjMqpMlYrpESiZ4CReSt1aCJlL3rmoT/ERSezNAcnASlt6KTUfe6DJHAKtdQf9siywe8Jt/m5junZMr4VA98Y1AJVyUvysfZ8ixZlSLiSpGlQIHYeTM3SqWmjpJbGYmjJtoqX0zBViRhpii9pYGqG6kW/yp4UaPZZPZ971LkZKiEbPdN3QjGqqPjoMN3AcibnAiyoHasLbVOypS0zbCa49KIl0UEvggMOON/0LemIme2LzltpOlCxk7+e3izYbTq4vE1np3lffX+y+iEqAA5TE9L+eWGHnPAC7tWuGT6Rfyl4lp38/g/8FXh9i40nVmrgZT9VidL4J4lkjCdVEHGoQwhAWa2ui7lLh+U+A8yNJHCZYPd2+NaWrnduZiB3ze9dmjRIq7MVrqA3L1BEkLSavwBqEKqh/XcI2gn/bPf9zoYnNHCbeB97rOuIfa4oPw5+RVCrXWK+iBWJlYTVE==e4ui-----END PGP SIGNATURE-----

L
L
Leo Famulari wrote 5 days ago
(name . Marius Bakke)(address . marius@gnu.org)(address . 42129-done@debbugs.gnu.org)
YHdDmkj2OHpBWNEP@jasmine.lan
On Thu, Apr 08, 2021 at 07:03:26PM -0400, Leo Famulari wrote:
Toggle quote (8 lines)> From 1a9fd7decd843f21c36d8ec4d1e218f478b983cf Mon Sep 17 00:00:00 2001> From: Leo Famulari <leo@famulari.name>> Date: Thu, 8 Apr 2021 18:34:43 -0400> Subject: [PATCH v2] guix-install.sh: Add the build users to the 'kvm' group.> > * etc/guix-install.sh (sys_create_build_user): If a 'kvm' group exists,> add it to the guixbuilders' lists of supplementary groups.
I tested, fixed bugs, and pushed as 8e214c53a48a841887a59f24a20e7392b5e59b55
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmB3Q5oACgkQJkb6MLrKfwhUpxAA6cDg9ih/ochJxkcIJe+C6hueYYumzbohQmVgsOBPz6ubSuy+wCNJFXtt3wFtq+ogVKIW4s2/6WFRIEsZAduRKCzfuRr/gKxq6Rh4GaXrIfhjclzv/UVEO+etrgpd2SxYJ+gytr7VHCV6kewpQboS8aVuh0x0YCTRGgkibkJN9JHTnJG8jUoAaMez0u8VDemkGAk09jhO0ylTplqooLw3jM2tzuwR8BssGdamk1d6cPTfeC3fODguD4RmKYoyCKeaMXhapiPzh9yiIVruzqcKw39vmMvB57uhO7qM9p+JhFKl3QhhvdrTGokPzjePGF5FuB/zxEO4WwmBrAOIiRDXmaZcJ739AcDVh04yavwG/qjYb9/lWrS1HK/1NCIIXAUUi81TYFwfmrGHk0IU7HduU7ouR98SEYlngJ/HYN1/8kUu7Nho3yF509UvNRmS/+pdma0vtkI5R9mES7/gf4zU0KgnySlk2iT9PL6kMbckUyp73Nh/DJxRozVxDzHrr+Q35Ttjsm45NjH1HH7y7a/83+7xOPCq12W1D+bY7nLt1S+j9vk096sHl/dp9qyEFtLsvuTzT0hFlvh05T5TbM8n8Ll8T6gRBGh4FMxTQ3owOcIPoXt316sBBxjFFMCVLvgHLVQcmnHsvingbywtJhKVWntm4C1x0lbjGPabxgP0Wvg==hMQP-----END PGP SIGNATURE-----

Closed
?