guix lint: permission denied for cve checker

Done

Details

4 participants

Jonathan Brielmaier
Leo Famulari
Ludovic Courtès
Maxim Cournoyer

Owner: unassigned

Submitted by: Jonathan Brielmaier

Severity: normal

Debbugs page

Jonathan Brielmaier wrote 5 years ago

Recipients:(name . bug-guix)(address . bug-guix@gnu.org)

Message-ID:11047e71-4c2a-1ee3-e2c2-75e182f2faa7@web.de

When running guix lint with the cve checker I get the following error:

```
guix lint icecat --checkers=cve
fetching CVE database for 2020...view1 [cve]...
Backtrace:
          12 (primitive-load "/home/jonathan/.config/guix/current/bi?")
In guix/ui.scm:
  2046:12 11 (run-guix-command _ . _)
In srfi/srfi-1.scm:
    634:9 10 (for-each #<procedure 7fe83940afc0 at guix/scripts/lin?> ?)
In guix/scripts/lint.scm:
     60:4  9 (run-checkers #<package icecat@68.11.0-guix0-preview1 ?> ?)
In srfi/srfi-1.scm:
    634:9  8 (for-each #<procedure 7fe83094da20 at guix/scripts/lin?> ?)
In guix/scripts/lint.scm:
    69:21  7 (_ _)
In guix/lint.scm:
   1110:4  6 (check-vulnerabilities #<package icecat@68.11.0-guix0-?> ?)
   1102:9  5 (_ _)
In unknown file:
           4 (force #<promise #<procedure 7fe8387c8820 at guix/lint.?>)
In guix/lint.scm:
   1085:2  3 (_)
   1044:2  2 (call-with-networking-fail-safe _ _ _)
In ice-9/boot-9.scm:
  1736:10  1 (with-exception-handler _ _ #:unwind? _ # _)
  1669:16  0 (raise-exception _ #:continuable? _)

ice-9/boot-9.scm:1669:16: In procedure raise-exception:
In procedure mkdir: Permission denied
```

I'm on a pretty new guix and I did observe this issue for quite a while:
```
guix describe
  guix 697e54b
    Repository-URL: https://git.savannah.gnu.org/git/guix.git
    Branch: master
    Commit: 697e54b2a16575afa9457456fa2a27b0e5895caa
```

Leo Famulari wrote 5 years ago

Recipients:(name . Jonathan Brielmaier)(address . jonathan.brielmaier@web.de)(address . 42859@debbugs.gnu.org)

Message-ID:20200814182757.GA23337@jasmine.lan

On Fri, Aug 14, 2020 at 02:26:03PM +0200, Jonathan Brielmaier wrote:

Toggle quote (5 lines)> When running guix lint with the cve checker I get the following error:
> 
> ```
> guix lint icecat --checkers=cve
> fetching CVE database for 2020...view1 [cve]...

[...]

Toggle quote (3 lines)

> In procedure mkdir: Permission denied

> ```

Do you know which directory that is? You can run the comand with `strace

-f` to check.

It works for me on Debian...

Jonathan Brielmaier wrote 5 years ago

Recipients:(name . Leo Famulari)(address . leo@famulari.name)(address . 42859@debbugs.gnu.org)

Message-ID:335a65e3-53a5-8c5b-2388-12553e3236b9@web.de

On 14.08.20 20:27, Leo Famulari wrote:

Toggle quote (13 lines)> On Fri, Aug 14, 2020 at 02:26:03PM +0200, Jonathan Brielmaier wrote:
>> When running guix lint with the cve checker I get the following error:
>>
>> ```
>> guix lint icecat --checkers=cve
>> fetching CVE database for 2020...view1 [cve]...
> [...]
>> In procedure mkdir: Permission denied
>> ```
>
> Do you know which directory that is? You can run the comand with `strace
> -f` to check.

Ah thanks for that hint!

[...]
[pid 20797] mkdir("/home/jonathan/.cache/guix", 0777) = -1 EEXIST (Die
Datei existiert bereits)
[pid 20797] mkdir("/home/jonathan/.cache/guix/http", 0777) = -1 EACCES
(Keine Berechtigung)
[pid 20797] write(2, "Backtrace:\n", 11Backtrace:
) = 11
[...]

ll /home/jonathan/.cache/guix
insgesamt 8
drwxr-xr-x 3 root root 4096 17. Jun 00:00 authentication/
drwxr-xr-x 6 root root 4096  7. Jun 11:53 checkouts/

So i wonder now why it's owned by root and not by jonathan:users like
the rest (apart from guile) in ~/.cache/

Ludovic Courtès wrote 5 years ago

Recipients:(name . Jonathan Brielmaier)(address . jonathan.brielmaier@web.de)

Message-ID:87ft8awd3p.fsf@gnu.org

Jonathan Brielmaier <jonathan.brielmaier@web.de> skribis:

Toggle quote (33 lines)> On 14.08.20 20:27, Leo Famulari wrote:
>> On Fri, Aug 14, 2020 at 02:26:03PM +0200, Jonathan Brielmaier wrote:
>>> When running guix lint with the cve checker I get the following error:
>>>
>>> ```
>>> guix lint icecat --checkers=cve
>>> fetching CVE database for 2020...view1 [cve]...
>> [...]
>>> In procedure mkdir: Permission denied
>>> ```
>>
>> Do you know which directory that is? You can run the comand with `strace
>> -f` to check.
>
> Ah thanks for that hint!
>
> [...]
> [pid 20797] mkdir("/home/jonathan/.cache/guix", 0777) = -1 EEXIST (Die
> Datei existiert bereits)
> [pid 20797] mkdir("/home/jonathan/.cache/guix/http", 0777) = -1 EACCES
> (Keine Berechtigung)
> [pid 20797] write(2, "Backtrace:\n", 11Backtrace:
> ) = 11
> [...]
>
> ll /home/jonathan/.cache/guix
> insgesamt 8
> drwxr-xr-x 3 root root 4096 17. Jun 00:00 authentication/
> drwxr-xr-x 6 root root 4096  7. Jun 11:53 checkouts/
>
> So i wonder now why it's owned by root and not by jonathan:users like
> the rest (apart from guile) in ~/.cache/

Perhaps you previously ran “sudo guix lint -c cve” or something?

Commit 4c5edee1ef2aff2b8f3782ccb03723a6428bf600 leads to a clearer error

message pointing at the faulty directory permissions.

I think we’re done?

Thanks,

Ludo’.

Maxim Cournoyer wrote 3 years ago

Recipients:(name . Ludovic Courtès)(address . ludo@gnu.org)

Message-ID:87bktsz966.fsf@gmail.com

Hi,

Ludovic Courtès <ludo@gnu.org> writes:

Toggle quote (42 lines)> Jonathan Brielmaier <jonathan.brielmaier@web.de> skribis:
>
>> On 14.08.20 20:27, Leo Famulari wrote:
>>> On Fri, Aug 14, 2020 at 02:26:03PM +0200, Jonathan Brielmaier wrote:
>>>> When running guix lint with the cve checker I get the following error:
>>>>
>>>> ```
>>>> guix lint icecat --checkers=cve
>>>> fetching CVE database for 2020...view1 [cve]...
>>> [...]
>>>> In procedure mkdir: Permission denied
>>>> ```
>>>
>>> Do you know which directory that is? You can run the comand with `strace
>>> -f` to check.
>>
>> Ah thanks for that hint!
>>
>> [...]
>> [pid 20797] mkdir("/home/jonathan/.cache/guix", 0777) = -1 EEXIST (Die
>> Datei existiert bereits)
>> [pid 20797] mkdir("/home/jonathan/.cache/guix/http", 0777) = -1 EACCES
>> (Keine Berechtigung)
>> [pid 20797] write(2, "Backtrace:\n", 11Backtrace:
>> ) = 11
>> [...]
>>
>> ll /home/jonathan/.cache/guix
>> insgesamt 8
>> drwxr-xr-x 3 root root 4096 17. Jun 00:00 authentication/
>> drwxr-xr-x 6 root root 4096  7. Jun 11:53 checkouts/
>>
>> So i wonder now why it's owned by root and not by jonathan:users like
>> the rest (apart from guile) in ~/.cache/
>
> Perhaps you previously ran “sudo guix lint -c cve” or something?
>
> Commit 4c5edee1ef2aff2b8f3782ccb03723a6428bf600 leads to a clearer error
> message pointing at the faulty directory permissions.
>
> I think we’re done?

I think so! Closing.

Thanks,

Maxim

Closed

Your comment

This issue is archived.

To comment on this conversation send an email to 42859@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it

mumi current 42859

Then, you may apply the latest patchset in this issue (with sign off)

mumi am -- -s

Or, compose a reply to this issue

mumi compose

Or, send patches to this issue

mumi send-email *.patch

You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags

mumi command -t +confirmed -t +easy

Or, remove the moreinfo tag and set the help tag

mumi command -t -moreinfo -t +help

is:open	open issues
is:done	closed issues
submitter:<who>	search issue submitter
author:<who>	search by message author
date:yesterday..now	search by issue date
mdate:3m..2d	search by message date