guix on foreign distro won't upgrade, stuck on old commits

DoneSubmitted by Brian Zwahr.
Details
2 participants
  • Brian Zwahr
  • Leo Famulari
Owner
unassigned
Severity
normal
B
B
Brian Zwahr wrote on 7 Apr 22:19 +0200
(address . bug-guix@gnu.org)
65N7RQ.W0VO8QJ1XR662@echosa.net
Hi! It was suggested I email this in by someone in the IRC channel. I'm having an issue where guix always tells me it is "X days old" and that I should run guix pull/guix upgrade. However, running these commands does not fix the issue.
guix describe shows:
```$ guix describeGeneration 9 Mar 25 2021 08:36:11 (current) guix 3f1b2bd repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: 3f1b2bd322b6cdba99a43d08e5e8464f7424cbc5```
Which is, indeed, out of date. IRC folks recommended checking the git status, so I did:
```~/.cache/guix/checkouts/pjmkglp4t7znuugeurpurzikxq3tnlaywmisyr27shj7apsnalwq (master) $ git statusOn branch masterYour branch is behind 'origin/master' by 474 commits, and can be fast-forwarded. (use "git pull" to update your local branch)
nothing to commit, working tree clean```
It is, indeed, out of date, but after a guix pull:
```$ guix pullUpdating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...Building from this channel: guix https://git.savannah.gnu.org/git/guix.git 3f1b2bdComputing Guix derivation for 'x86_64-linux'... |nothing to be done```
It doesn't update and still tells me I'm out of date:
```$ guix upgradeguix upgrade: warning: Your Guix installation is 13 days old.guix upgrade: warning: Consider running 'guix pull' followed by'guix package -u' to get up-to-date packages and security updates.```
It was suggested that I should run this command:
```guix pull --commit=02297d3fe680371a4b97b9c1b770932cbdd55615```
and after doing so, I was then only 1 commit behind instead:
```~/.cache/guix/checkouts/pjmkglp4t7znuugeurpurzikxq3tnlaywmisyr27shj7apsnalwq (master) $ git statusOn branch masterYour branch is behind 'origin/master' by 1 commit, and can be fast-forwarded. (use "git pull" to update your local branch)
nothing to commit, working tree clean```
However, `guix pull` now gives me a new error about needing to downgrade:
```$ guix pullUpdating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...guix pull: error: aborting update of channel 'guix' to commit 3f1b2bd322b6cdba99a43d08e5e8464f7424cbc5, which is not a descendant of 02297d3fe680371a4b97b9c1b770932cbdd55615hint: Use `--allow-downgrades' to force this downgrade.```
and for some reason, I'm back to being almost 500 commits behind again:
```~/.cache/guix/checkouts/pjmkglp4t7znuugeurpurzikxq3tnlaywmisyr27shj7apsnalwq (master) $ git statusOn branch masterYour branch is behind 'origin/master' by 477 commits, and can be fast-forwarded. (use "git pull" to update your local branch)
nothing to commit, working tree clean```
even though `guix describe` now seems to be more up-to-date (apr 7 instead or mar 25)
```$ guix describeGeneration 10 Apr 07 2021 14:38:16 (current) guix 02297d3 repository URL: https://git.savannah.gnu.org/git/guix.git commit: 02297d3fe680371a4b97b9c1b770932cbdd55615```
As a final attempt to solve this, it was suggested that I run `guix pull -l 2>&1 | tee pull-generations.log` and email it to this list. I'm attaching that file here.
Also, after running that command, I'm back to being only 1 commit behind and still get the downgrade error from `guix pull`:
```~/.cache/guix/checkouts/pjmkglp4t7znuugeurpurzikxq3tnlaywmisyr27shj7apsnalwq (master) $ git statusOn branch masterYour branch is behind 'origin/master' by 1 commit, and can be fast-forwarded. (use "git pull" to update your local branch)
nothing to commit, working tree clean```
```$ guix pullUpdating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...guix pull: error: aborting update of channel 'guix' to commit 3f1b2bd322b6cdba99a43d08e5e8464f7424cbc5, which is not a descendant of 02297d3fe680371a4b97b9c1b770932cbdd55615hint: Use `--allow-downgrades' to force this downgrade.```
For now, I'm trying to avoid doing anything else guix-related, so that my system is in the same state and can hopefully be diagnosed and fixed.
Attachment: file
Generation 1 Mar 16 2021 14:50:54 guix 109f584 repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: 109f58444beecd1b9b7c502f2a687a6b91c62dc0Generation 2 Mar 16 2021 15:14:10 guix 109f584 repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: 109f58444beecd1b9b7c502f2a687a6b91c62dc0Generation 3 Mar 17 2021 09:24:14 guix d79d63e repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: d79d63e7829d53f6a501d8df7e264ff70033abca 1 new package: lolcode-lci 5 packages upgraded: emacs-marginalia@0.4, gnome-autoar@0.3.1, komikku@0.27.0, meson@0.57.1, tig@2.5.3Generation 4 Mar 19 2021 13:05:15 guix 1ab03fb repository URL: https://git.savannah.gnu.org/git/guix.git commit: 1ab03fb74505458e7754dce338a5da29dc754d80 5 new packages: countdown, dragon-drop, emacs-kotlin-mode, libucl, psi 28 packages upgraded: bind@9.16.13, busybox@1.33.0, cpupower@5.11.7, dhewm3@1.5.1, di@4.49, elixir@1.11.4, emacs-flymake-shellcheck@0.1-1.ac534e9, emacs-leaf@4.4.4, freefall@5.11.7, goffice@0.10.49, guile2.2-guix@1.2.0-17.ec7fb66, guix@1.2.0-17.ec7fb66, java-openmpi@4.1.0, linux-libre-bpf@5.11.7, linux-libre-headers@5.11.7, linux-libre@5.11.7, openmpi-thread-multiple@4.1.0, openmpi@4.1.0, perf@5.11.7, ruby-kramdown@2.3.1, srt2vtt@0.2, swi-prolog@8.3.20, tmon@5.11.7, turbostat@5.11.7, ungoogled-chromium-wayland@89.0.4389.90-1, ungoogled-chromium@89.0.4389.90-1, vis@0.7, x86-energy-perf-policy@5.11.7
News for channel 'guix' Update on previous `guix-daemon' local privilege escalation commit 9ade2b720af91acecf76278b4d9b99ace406781e
The previous news item described a potential local privilege escalation in `guix-daemon', and claimed that systems with the Linux ``protected hardlink'' (https://www.kernel.org/doc/Documentation/sysctl/fs.txt)feature enabled were unaffected by the vulnerability. This is not entirely correct. Exploiting the bug on such systems is harder, but not impossible. To avoid unpleasant surprises, all users are advised to upgrade `guix-daemon'. Run `info "(guix) Upgrading Guix"' for info on how to do that. See `https://guix.gnu.org/en/blog/2021/risk-of-local-privilege-escalation-via-gu ix-daemon/' for more information on this bug. Risk of local privilege escalation via `guix-daemon' commit ec7fb669945bfb47c5e1fdf7de3a5d07f7002ccf
A security vulnerability that can lead to local privilege escalation has been found in `guix-daemon'. It affects multi-user setups in which `guix-daemon' runs locally. It does _not_ affect multi-user setups where `guix-daemon' runs on a separate machine and is accessed over the network, via `GUIX_DAEMON_SOCKET', as is customary on cluster setups. Machines where the Linux ``protected hardlink'' (https://www.kernel.org/doc/Documentation/sysctl/fs.txt)feature is enabled, which is common, are also unaffected---this is the case when the contents of `/proc/sys/fs/protected_hardlinks' are `1'. The attack consists in having an unprivileged user spawn a build process, for instance with `guix build', that makes its build directory world-writable. The user then creates a hardlink within the build directory to a root-owned file from outside of the build directory, such as `/etc/shadow'. If the user passed the `--keep-failed' option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. At that point, the user has write access to the target file. You are advised to upgrade `guix-daemon'. Run `info "(guix) Upgrading Guix"', for info on how to do that. See `https://issues.guix.gnu.org/47229' for more information on this bug.
Generation 5 Mar 22 2021 09:17:16 guix ee4fc3b repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: ee4fc3b662994e9d041027c4d0799a173a12d35a 30 new packages: fzf, git2cl, go-github-com-akosmarton-papipes, go-github-com-kisielk-gotool, go-github-com-mesilliac-pulse-simple, go-github-com-pborman-getopt, go-go-uber-org-atomic, go-go-uber-org-multierr, go-go-uber-org-zap, go-golang-org-x-lint, go-honnef-co-go-tools, guile-quickcheck, julia-benchmarktools, julia-bufferedstreams, julia-http, julia-inifile, julia-jllwrappers, julia-mbedtls, julia-mbedtls-jll, julia-uris, kappanhang, movim-desktop, psi-plus, qhttp, qite, r-chromstar, r-chromstardata, r-lsa, r-signac, usrsctp 48 packages upgraded: abseil-cpp@20200923.3, balsa@2.6.2, cpupower@5.11.8, drumkv1@0.9.21, emacs-ebuild-mode@1.52, emilua@0.3.0, fet@5.49.1, fluidsynth@2.1.8, freefall@5.11.8, gnumeric@1.12.49, guile-lib@0.2.7, guile2.0-lib@0.2.7, guile2.2-lib@0.2.7, haveged@1.9.14, inxi-minimal@3.3.03-1, inxi@3.3.03-1, jasper@2.0.27, linux-libre-bpf@5.11.8, linux-libre-headers@5.11.8, linux-libre@5.11.8, mbpfan@2.2.1, msmtp@1.8.15, nyxt@2-pre-release-6, oil@0.8.8, openresolv@3.12.0, padthv1@0.9.21, perf@5.11.8, perl-net-http@6.21, poke@1.1, python-httpretty@1.0.5, python-pikepdf@2.9.1, python-pygithub@1.54.1, qtractor@0.9.21, rng-tools@6.12, rust-syn@1.0.64, samplv1@0.9.21, sbcl@2.1.2, synthv1@0.9.21, tmon@5.11.8, turbostat@5.11.8, vim-full@8.2.2632, vim@8.2.2632, wcslib@7.5, webkitgtk@2.30.6, x86-energy-perf-policy@5.11.8, xfsprogs@5.11.0, xxd@8.2.2632, youtube-dl@2021.03.14Generation 6 Mar 23 2021 10:44:55 guix 5802858 repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: 5802858be335c945a80eb4d3528cc3cd55f2bbbe 4 new packages: disarchive, emacs-ivy-avy, emacs-ivy-hydra, emacs-password-store-otp 24 packages upgraded: borg@1.1.16, celluloid@0.21, cgal@5.2.1, cuirass@1.0.0-2.6f4a203, diffoscope@170, efibootmgr@17, emacs-auctex@13.0.5, fcitx5-qt@5.0.5, gtk-layer-shell@0.6.0, libime@1.0.5, man-pages@5.11, minetest-mineclone@0.71.0, minetest@5.4.0, mpg123@1.26.5, perl-moosex-getopt@0.75, python-duniterpy@0.62.0, rpm@4.16.1.3, rust-env-logger@0.8.3, wesnoth-server@1.14.16, wesnoth@1.14.16, wildmidi@0.4.4, xcb-imdkit@1.0.3, xchm@1.32, yggdrasil@0.3.16Generation 7 Mar 23 2021 16:34:52 guix aa13529 repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: aa13529baf498362b5d0c2310d1349692f71a260 2 new packages: libheif, snapcast 7 packages upgraded: giac@1.7.0-1, icecat@78.9.0-guix0-preview1, parallel@20210322, rust-beef@0.5.0, rust-time@0.2.23, rust-tuikit@0.4.5, skim@0.9.4Generation 8 Mar 24 2021 09:25:27 guix 55685e4 repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: 55685e45be072b8b688f5a2bda4fc68147febd3f 5 new packages: cbonsai, java-mxparser, java-xmlpull-api-v1, libdecaf, python-pylibacl 7 packages upgraded: bcunit@3.0.2-0.74021cc, bitcoin-core@0.21.0, ccache@4.2, gnuradio-iqbalance@0.38.2-0.fbee239, gnuradio-osmosdr@0.2.3-0.a100eb0, gnuradio@3.9.0.0, java-xstream@1.4.16Generation 9 Mar 25 2021 08:36:11 guix 3f1b2bd repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: 3f1b2bd322b6cdba99a43d08e5e8464f7424cbc5 9 new packages: cl-html-template, cl-quickproject, drawing, ecl-html-template, ecl-quickproject, emacs-vterm-toggle, gsequencer, sbcl-html-template, sbcl-quickproject 15 packages upgraded: cpupower@5.11.9, emacs-git-gutter@0.91, exo@4.16.1, freefall@5.11.9, linux-libre-bpf@5.11.9, linux-libre-headers@5.11.9, linux-libre@5.11.9, perf@5.11.9, thunar@4.16.6, tmon@5.11.9, turbostat@5.11.9, x86-energy-perf-policy@5.11.9, xfce4-battery-plugin@1.1.4, xfce4-netload-plugin@1.4.0, xfce4-systemload-plugin@1.3.1Generation 10 Apr 07 2021 14:38:16 (current) guix 02297d3 repository URL: https://git.savannah.gnu.org/git/guix.git commit: 02297d3fe680371a4b97b9c1b770932cbdd55615 106 new packages: build, camlidl, cfm, cl-bodge-math, cl-bodge-utilities, cl-conspack, cl-cpus, cl-opengl, cl-rtg-math, cl-shadow, cl-umbra, cli, dream, ecl-bodge-math, ecl-bodge-utilities, ecl-cl-conspack, ecl-cl-cpus, ecl-cl-opengl, ecl-rtg-math, ecl-shadow, ecl-umbra, emacs-cascading-dir-locals, emacs-julia-repl, emacs-julia-snail, emacs-nice-citation, emacs-relative-buffers, emacs-sdcv, emacs-showtip, entt, go-gitlab.com-shackra-goimapnotify, gpart, guile-imanifest, hikari, interception-dual-function-keys, interception-tools, jami-gnome, jami-qt, julia-abstractffts, julia-calculus, julia-chainrules, julia-chainrulescore, julia-chainrulestestutils, julia-colors, julia-colortypes, julia-commonsubexpressions, julia-compilersupportlibraries-jll, julia-constructionbase, julia-diffresults, julia-diffrules, julia-difftests, julia-example, julia-fillarrays, julia-finitedifferences, julia-forwarddiff, julia-irtools, julia-macrotools, julia-nanmath, julia-openspecfun-jll, julia-reexport, julia-requires, julia-richardson, julia-specialfunctions, julia-staticarrays, julia-unitful, julia-zygote, julia-zygoterules, libcutl, librasterlite2, libxlsxwriter, libxsd-frontend, lime, linphone-desktop, mandoc, node-wrappy, opensmtpd-filter-rspamd, pt-scotch-shared, python-flake8-continuation, python-flake8-quotes, python-matrix-client, python-smartypants, python-typogrify, python-urwid-readline, python-zulip, r-gsa, r-samr, rust-endian-type, rust-hamcrest2, rust-nibble-vec, rust-radix-trie, sbcl-bodge-math, sbcl-bodge-utilities, sbcl-cl-conspack, sbcl-cl-cpus, sbcl-cl-opengl, sbcl-rtg-math, sbcl-shadow, sbcl-umbra, scotch-shared, texlive-bera, texlive-fontaxes, texlive-fourier, texlive-mathdesign, texlive-utopia, welle-io, xsd, zulip-term 270 packages upgraded: american-fuzzy-lop@2.57b, asio@1.18.1, autocutsel@0.10.1, autofs@5.1.7, avidemux@2.7.8, babl@0.1.86, bcachefs-static@0.1-4.bb6eccc, bcachefs-tools-static@0.1-4.bb6eccc, bcachefs-tools@0.1-4.bb6eccc, bctoolbox@4.4.34, belcard@4.4.34, belle-sip@4.4.34, belr@4.4.34, bitcoin-unlimited@1.9.1.1, butt@0.1.29, bzrtp@4.4.34, ccls@0.20201219, cl-golden-utils@0.0.0-2.62a5cb9, cl-ironclad@0.55, cl-postmodern@1.32.9, cl-webkit@2.4-13.db85563, containerd@1.4.4, corkscrew@2.0-0.268b71e, cpupower@5.11.11, crypto++@8.5.0, cryptsetup-static@2.3.5, cryptsetup@2.3.5, cuirass@1.0.0-7.1b35a77, curl@7.76.0, di@4.50, diffoscope@172, doctest@2.4.6, drumstick@2.1.1, ecl-cl-webkit@2.4-13.db85563, ecl-golden-utils@0.0.0-2.62a5cb9, ecl-ironclad@0.55, ecl-postmodern@1.32.9, emacs-all-the-icons-dired@1.0-2.fc2dfa1, emacs-auctex@13.0.6, emacs-ggtags@0.9.0, emacs-gif-screencast@1.2, emacs-imenu-list@0.9-1.b502223, emacs-minimal@27.2, emacs-no-x-toolkit@27.2, emacs-no-x@27.2, emacs-ob-sclang@20210329, emacs-org-contrib@20210329, emacs-org-roam@1.2.3-0.8ad57b1, emacs-org@9.4.5, emacs-posframe@0.9.0, emacs-tramp@2.5.0.3, emacs-wide-int@27.2, emacs-xwidgets@27.2, emacs@27.2, facter@4.0.52, fetchmail@6.4.18, flite@2.2, foo2zjs@20200610.1, freefall@5.11.11, gegl@0.4.28, git-annex@8.20210330, git-lfs@2.13.3, git-minimal@2.31.1, git@2.31.1, gnu-efi@3.0.13, go-github-com-sirupsen-logrus@1.8.1, gphoto2@2.5.27, gptfdisk@1.0.7, gramps@5.1.3, grokmirror@2.0.8, guile2.2-guix@1.2.0-19.8f9052d, guix-build-coordinator@0-21.6e7e63f, guix-data-service@0.0.1-26.410f58c, guix@1.2.0-19.8f9052d, hnsd@1.0.0, icedove-wayland@78.9.0, icedove@78.9.0, ilmbase@2.5.5, imagemagick@6.9.12-4, ircii@20210314, knot-resolver@5.3.1, knot@3.0.5, krita@4.4.3, libaom@3.0.0, libgphoto2@2.5.27, libinstpatch@1.1.6, liblinphone@4.4.34, libpano13@2.9.20_rc3, libring@20210326.1.cfba013, libringclient@20210326.1.cfba013, librsvg@2.50.3, libupnp@1.14.4, libvirt-glib@4.0.0, libvirt@7.2.0, links@2.22, linux-libre-bpf@5.11.11, linux-libre-headers@5.11.11, linux-libre@5.11.11, lldpd@1.0.9, mame@0.230, mediastreamer2@4.4.34, mgba@0.9.0, minicom@2.8, mousepad@0.5.4, mpop@1.4.13, mpv@0.33.1, msamr@1.1.3-0.5ab5c09, msopenh264@1.2.1-0.88697cc, mssilk@1.1.1-0.dd0f31e, mswebrtc@1.1.1-0.946ca70, mumi@0.0.1-5.9f070bd, neomutt@20210205, nettle@3.7.2, nginx-documentation@1.19.9-2696-f85798c1c70a, nginx@1.19.9, nnn@3.6, node@14.16.0, nq@0.4, ntl@11.4.4, nushell@0.29.0, nyacc@1.03.6, opendht@2.2.0rc4, openexr@2.5.5, openssl@1.1.1k, ortp@4.4.34, pam-mount@2.18, perf@5.11.11, perl-crypt-rijndael@1.16, perl-data-validate-ip@0.30, perl-digest-hmac@1.04, perl-moose@2.2015, perl-net-cidr-lite@0.22, perl-net-dns@1.30, perl-params-util@1.102, perl-path-tiny@0.118, perl-pdf-api2@2.039, perl-scalar-list-utils@1.56, perl-test-output@1.033, pidgin@2.14.2, pjproject@2.11, plink-ng@2.00a2.3, psm2@11.2.185, python-astor@0.8.1, python-backcall@0.2.0, python-beautifulsoup4@4.9.3, python-django@3.1.8, python-dropbox@11.5.0, python-flake8@3.9.0, python-icalendar@4.0.7, python-ipaddress@1.0.23, python-libvirt@7.2.0, python-pikepdf@2.10.0, python-poppler-qt5@21.1.0, python-pycodestyle@2.7.0, python-pyflakes@2.3.1, python-pyserial@3.5, python-pytest-flake8@1.0.7, python-pytz@2021.1, python-pytzdata@2020.1, python-pyzmq@22.0.3, python-soupsieve@2.2.1, python-tabulate@0.8.9, python-toml@0.10.2, python-tornado@6.1, python-urwid@2.1.2, python2-astor@0.8.1, python2-beautifulsoup4@4.9.3, python2-flake8@3.9.0, python2-ipaddress@1.0.23, python2-libvirt@7.2.0, python2-pycodestyle@2.7.0, python2-pyflakes@2.3.1, python2-pyserial@3.5, python2-pytz@2021.1, python2-pytzdata@2020.1, python2-pyzmq@22.0.3, python2-tabulate@0.8.9, qrencode@4.1.1, quickjs@2021-03-27, restbed@4.7, restinio@0.6.13, rtl8812au-aircrack-ng-linux-module@5.6.4.2-4.059e06a, runc@1.0.0-rc93, rust-lopdf@0.26.0, rust-nix@0.20.0, rust-nu-ansi-term@0.29.0, rust-nu-cli@0.29.0, rust-nu-command@0.29.0, rust-nu-data@0.29.0, rust-nu-engine@0.29.0, rust-nu-errors@0.29.0, rust-nu-json@0.29.0, rust-nu-parser@0.29.0, rust-nu-plugin-binaryview@0.29.0, rust-nu-plugin-chart@0.29.0, rust-nu-plugin-fetch@0.29.0, rust-nu-plugin-from-bson@0.29.0, rust-nu-plugin-from-sqlite@0.29.0, rust-nu-plugin-inc@0.29.0, rust-nu-plugin-match@0.29.0, rust-nu-plugin-post@0.29.0, rust-nu-plugin-ps@0.29.0, rust-nu-plugin-s3@0.29.0, rust-nu-plugin-selector@0.29.0, rust-nu-plugin-start@0.29.0, rust-nu-plugin-sys@0.29.0, rust-nu-plugin-textview@0.29.0, rust-nu-plugin-to-bson@0.29.0, rust-nu-plugin-to-sqlite@0.29.0, rust-nu-plugin-tree@0.29.0, rust-nu-plugin-xpath@0.29.0, rust-nu-plugin@0.29.0, rust-nu-protocol@0.29.0, rust-nu-source@0.29.0, rust-nu-stream@0.29.0, rust-nu-table@0.29.0, rust-nu-test-support@0.29.0, rust-nu-value-ext@0.29.0, rust-rand-core@0.6.2, rust-rocket-codegen@0.4.7, rust-rocket-http@0.4.7, rust-rocket@0.4.7, rust-rustyline@8.0.0, rust-smallvec@1.6.1, rust@1.51.0, saga@7.9.0, sbcl-cl-webkit@2.4-13.db85563, sbcl-golden-utils@0.0.0-2.62a5cb9, sbcl-ironclad@0.55, sbcl-postmodern@1.32.9, sbcl@2.1.3, sg3-utils@1.46, skopeo@1.2.2, spatialite-gui@2.1.0-beta1, spdlog@1.8.5, sqlite@3.32.3, strawberry@0.9.2, stunnel@5.59, suitesparse@5.9.0, svt-hevc@1.5.0, synapse@1.29.0, terminator@2.1.1, tippecanoe@1.36.0, tmon@5.11.11, turbostat@5.11.11, txr@255, tzdata@2021a, ugrep@3.1.11, umoci@0.4.7, urlscan@0.9.6, vim-asyncrun@2.8.5, vim-full@8.2.2689, vim@8.2.2689, vips@8.10.6, virt-manager@3.2.0, vmpk@0.8.2, vsftpd@3.0.3-32.el8, vtk@9.0.1, wavpack@5.4.0, waybar@0.9.5, webkitgtk@2.32.0, wireguard-tools@1.0.20210315, wla-dx@9.12, wsjtx@2.3.1, x86-energy-perf-policy@5.11.11, xscreensaver@5.45, xxd@8.2.2689, youtube-dl@2021.04.01, zabbix-agentd@5.2.6, zabbix-server@5.2.6
News for channel 'guix' Risk of local privilege escalation during user account creation commit 2161820ebbbab62a5ce76c9101ebaec54dc61586
A security vulnerability that can lead to local privilege escalation has been found in the code that creates user accounts on Guix System---Guix on other distros is unaffected. The system is only vulnerable during the activation of user accounts that do not already exist. This bug is fixed and Guix System users are advised to upgrade their system, with a command along the lines of: guix system reconfigure /run/current-system/configuration.scm The attack can happen when `guix system reconfigure' is running. Running `guix system reconfigure' can trigger the creation of new user accounts if the configuration specifies new accounts. If a user whose account is being created manages to log in after the account has been created but before ``skeleton files'' copied to its home directory have the right ownership, they may, by creating an appropriately-named symbolic link in the home directory pointing to a sensitive file, such as `/etc/shadow', get root privileges. See `https://issues.guix.gnu.org/47584'for more information on this bug. New supported platform: powerpc64le-linux commit e52ec6c64a17a99ae4bb6ff02309067499915b06
A new platform, powerpc64le-linux, has been added for little-endian 64-bit Power ISA processors using the Linux-Libre kernel. This includes POWER9 systems such as the RYF Talos II mainboard (https://www.fsf.org/news/talos-ii-mainboard-and-talos-ii-lite-mainboard-now -fsf-certified-to-respect-your-freedom). This platform is available as a "technology preview": although it is supported, substitutes are not yet available from the build farm, and some packages may fail to build. In addition, Guix System is not yet available on this platform. That said, the Guix community is actively working on improving this support, and now is a great time to try it and get involved!
B
B
Brian Zwahr wrote on 9 Apr 03:43 +0200
Re: bug#47644: Acknowledgement (guix on foreign distro won't upgrade, stuck on old commits)
(address . 47644@debbugs.gnu.org)
VRW9RQ.6FW2POB4TT591@echosa.net
Well, I figured out my issue. I had created backup files manifest.scm and channels.scm and put them in the ~/.config/guix directory for storage. Turns out that these files, or at least the channels one, get read and used automatically by `guix pull`. I have moved those files to a different directory for storage and backup, and now everything seems fine.
Turns out the commit that `guix pull` was stuck on was the one defined in my channels.scm file.
If anyone else experiences the same issue, perhaps this will help.
On Wed, Apr 7 2021 at 08:21:02 PM +0000, GNU bug Tracking System <help-debbugs@gnu.org> wrote:
Toggle quote (23 lines)> Thank you for filing a new bug report with debbugs.gnu.org.> > This is an automatically generated reply to let you know your message> has been received.> > Your message is being forwarded to the package maintainers and other> interested parties for their attention; they will reply in due course.> > Your message has been sent to the package maintainer(s):> bug-guix@gnu.org <mailto:bug-guix@gnu.org>> > If you wish to submit further information on this problem, please> send it to 47644@debbugs.gnu.org <mailto:47644@debbugs.gnu.org>.> > Please do not send mail to help-debbugs@gnu.org > <mailto:help-debbugs@gnu.org> unless you wish> to report a problem with the Bug-tracking system.> > --> 47644: <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=47644>> GNU Bug Tracking System> Contact help-debbugs@gnu.org <mailto:help-debbugs@gnu.org> with > problems
Attachment: file
L
L
Leo Famulari wrote on 9 Apr 21:39 +0200
(no subject)
(address . control@debbugs.gnu.org)
YHCti3+9I/HbQARW@jasmine.lan
close 47644
?