Issue trying to guix pull

  • Done
  • quality assurance status badge
Details
2 participants
  • Michael Ford
  • pelzflorian (Florian Pelz)
Owner
unassigned
Submitted by
Michael Ford
Severity
normal
M
M
Michael Ford wrote on 12 Mar 17:55 +0100
(address . bug-guix@gnu.org)
CAFyhPjVi7NZdeeeNYRz-NSaCKa704We6c-y21Hz7F5DWuqs4hQ@mail.gmail.com
If I currently try and do a "guix pull" on a Fedora aarch64 machine, I
currently see:

guix pull
Updating channel 'guix' from Git repository at
Building from this channel:
openssl-1.1.1u-doc 2.2MiB


18.5MiB/s 00:00 ???????????????????? 100.0%
openssl-1.1.1u 1.7MiB


2.1MiB/s 00:01 ???????????????????? 100.0%
building /gnu/store/p9nimij8lz4yln5jd3gm0kdhirrwz56h-guix-1.4.0-18.4c94b9e-checkout.drv...
-suspicious ownership or permission on
`/gnu/store/bj2rp8ql9zxnv4l9gvlhph55fa241mk4-guix-1.4.0-18.4c94b9e-checkout';
rejecting this build output
Backtrace:
14 (primitive-load
"/gnu/store/6wkj5bhjiqgappk2b1h8pb2snjmx835q-compute-guix-derivation")
In ice-9/eval.scm:
155:9 13 (_ _)
159:9 12 (_ #(#(#(#(#(#(#(#(#(#(#(#(#(#(#(#(#<directory (guile-u?>
?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?) ?))
In ice-9/boot-9.scm:
152:2 11 (with-fluid* _ _ _)
152:2 10 (with-fluid* _ _ _)
In ./guix/store.scm:
2180:24 9 (run-with-store #<store-connection 256.100 ffff9ae5aeb0>
#<procedure ffff7acc4d70 at ./guix/self.scm:1?> ?)
2008:8 8 (_ #<store-connection 256.100 ffff9ae5aeb0>)
In ./guix/gexp.scm:
299:22 7 (_ #<store-connection 256.100 ffff9ae5aeb0>)
1201:2 6 (_ #<store-connection 256.100 ffff9ae5aeb0>)
1068:2 5 (_ #<store-connection 256.100 ffff9ae5aeb0>)
909:4 4 (_ #<store-connection 256.100 ffff9ae5aeb0>)
In ./guix/store.scm:
2065:12 3 (_ #<store-connection 256.100 ffff9ae5aeb0>)
1403:5 2 (map/accumulate-builds #<store-connection 256.100
ffff9ae5aeb0> #<procedure ffff79981ea0 at ./guix/sto?> ?)
1419:15 1 (_ #<store-connection 256.100 ffff9ae5aeb0>
("/gnu/store/lg4cmmjzqxwdl8px3fpnzaqliwz6xwkw-guix-daem?" ?) ?)
1419:15 0 (loop #f)

./guix/store.scm:1419:15: In procedure loop:
ERROR:
1. &store-protocol-error:
message: "build of
`/gnu/store/lg4cmmjzqxwdl8px3fpnzaqliwz6xwkw-guix-daemon-1.4.0-18.4c94b9e.drv'
failed"
status: 1
guix pull: error: You found a bug: the program
'/gnu/store/6wkj5bhjiqgappk2b1h8pb2snjmx835q-compute-guix-derivation'
failed to compute the derivation for Guix (version:
"447e9c96259e8fa15a828de9b2dd3400e2ffafe6"; system: "aarch64-linux";
host version: "0547fe862cfdb53d408e777e6137d9222100cb50"; pull-version: 1).
Please report the COMPLETE output above by email to <bug-guix@gnu.org>.

guix --version is:
guix (GNU Guix) 0547fe862cfdb53d408e777e6137d9222100cb50
Copyright (C) 2024 the Guix authors
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
P
P
pelzflorian (Florian Pelz) wrote on 12 Mar 20:23 +0100
(name . Michael Ford)(address . fanquake@gmail.com)(address . 69755@debbugs.gnu.org)
87a5n3tftj.fsf@pelzflorian.de
Hello Michael.

Michael Ford <fanquake@gmail.com> writes:
Toggle quote (6 lines)
> building /gnu/store/p9nimij8lz4yln5jd3gm0kdhirrwz56h-guix-1.4.0-18.4c94b9e-checkout.drv...
> -suspicious ownership or permission on
> `/gnu/store/bj2rp8ql9zxnv4l9gvlhph55fa241mk4-guix-1.4.0-18.4c94b9e-checkout';
> rejecting this build output
> Backtrace:

A probable fix was pushed by Ludovic recently.
Does it work? Can this issue be closed?

commit ff1251de0bc327ec478fc66a562430fbf35aef42
Author: Ludovic Courtès <ludo@gnu.org>
Date: Tue Mar 12 11:53:35 2024 +0100

daemon: Address shortcoming in previous security fix for CVE-2024-27297.
This is a followup to 8f4ffb3fae133bb21d7991e97c2f19a7108b1143.
Commit 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 fell short in two
ways: (1) it didn’t have any effet for fixed-output derivations
performed in a chroot, which is the case for all of them except those
using “builtin:download” and “builtin:git-download”, and (2) it did not
preserve ownership when copying, leading to “suspicious ownership or
permission […] rejecting this build output” errors.

Regards,
Florian
P
P
pelzflorian (Florian Pelz) wrote on 12 Mar 20:33 +0100
(name . Michael Ford)(address . fanquake@gmail.com)(address . 69755@debbugs.gnu.org)
87bk7jp7nf.fsf@pelzflorian.de
Sorry, I forgot, you might need to roll back first, if you had pulled
the broken in-between Guix revision.

guix pull --roll-back

I believe the in-between Guixes cannot be fixed.
Thank you for reporting.

Regards,
Florian
M
M
Michael Ford wrote on 12 Mar 20:33 +0100
(name . pelzflorian (Florian Pelz))(address . pelzflorian@pelzflorian.de)(address . 69755@debbugs.gnu.org)
CAFyhPjVK--y4NN7RHMDymSLQrm_PsSvGxmTt9ORgWr+UeKoZWA@mail.gmail.com
Toggle quote (3 lines)
> A probable fix was pushed by Ludovic recently.
> Does it work? Can this issue be closed?

The commit I'm building in the issue report (447e9c9) is more recent
than ff1251de0bc327ec478fc66a562430fbf35aef42. The issue
still exists as of now.


On Tue, 12 Mar 2024 at 19:23, pelzflorian (Florian Pelz)
<pelzflorian@pelzflorian.de> wrote:
Toggle quote (30 lines)
>
> Hello Michael.
>
> Michael Ford <fanquake@gmail.com> writes:
> > building /gnu/store/p9nimij8lz4yln5jd3gm0kdhirrwz56h-guix-1.4.0-18.4c94b9e-checkout.drv...
> > -suspicious ownership or permission on
> > `/gnu/store/bj2rp8ql9zxnv4l9gvlhph55fa241mk4-guix-1.4.0-18.4c94b9e-checkout';
> > rejecting this build output
> > Backtrace:
>
> A probable fix was pushed by Ludovic recently.
> Does it work? Can this issue be closed?
>
> commit ff1251de0bc327ec478fc66a562430fbf35aef42
> Author: Ludovic Courtès <ludo@gnu.org>
> Date: Tue Mar 12 11:53:35 2024 +0100
>
> daemon: Address shortcoming in previous security fix for CVE-2024-27297.
>
> This is a followup to 8f4ffb3fae133bb21d7991e97c2f19a7108b1143.
>
> Commit 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 fell short in two
> ways: (1) it didn’t have any effet for fixed-output derivations
> performed in a chroot, which is the case for all of them except those
> using “builtin:download” and “builtin:git-download”, and (2) it did not
> preserve ownership when copying, leading to “suspicious ownership or
> permission […] rejecting this build output” errors.
>
> Regards,
> Florian
M
M
Michael Ford wrote on 13 Mar 11:11 +0100
(name . pelzflorian (Florian Pelz))(address . pelzflorian@pelzflorian.de)(address . 69755@debbugs.gnu.org)
CAFyhPjViJobmrUQnQ1EnviRZ1no+HVkEA=yYtu1eD5UkXtmWZQ@mail.gmail.com
Toggle quote (1 lines)
> Sorry, I forgot, you might need to roll back first, if you had pulled
the broken in-between Guix revision.

Thanks for the followup.
It looks like rolling-back has resolved the problem now.
So this issue can be closed.

On Tue, 12 Mar 2024 at 19:33, pelzflorian (Florian Pelz)
<pelzflorian@pelzflorian.de> wrote:
Toggle quote (11 lines)
>
> Sorry, I forgot, you might need to roll back first, if you had pulled
> the broken in-between Guix revision.
>
> guix pull --roll-back
>
> I believe the in-between Guixes cannot be fixed.
> Thank you for reporting.
>
> Regards,
> Florian
P
P
pelzflorian (Florian Pelz) wrote on 13 Mar 12:24 +0100
(name . Michael Ford)(address . fanquake@gmail.com)(address . 69755-done@debbugs.gnu.org)
87wmq6fk70.fsf@pelzflorian.de
Michael Ford <fanquake@gmail.com> writes:
Toggle quote (3 lines)
> It looks like rolling-back has resolved the problem now.
> So this issue can be closed.

Closing. Thank you!

Regards,
Florian
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 69755@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 69755
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch