guix-kreyren/tests/guix-daemon.sh
Ludovic Courtès 81c580c866
daemon: Make 'profiles/per-user' non-world-writable.
Fixes <https://bugs.gnu.org/37744>.
Reported at <https://www.openwall.com/lists/oss-security/2019/10/09/4>.

Based on Nix commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d
by Eelco Dolstra <edolstra@gmail.com>.

* nix/libstore/local-store.cc (LocalStore::LocalStore): Set 'perUserDir'
to #o755 instead of #o1777.
(LocalStore::createUser): New function.
* nix/libstore/local-store.hh (LocalStore): Add it.
* nix/libstore/store-api.hh (StoreAPI): Add it.
* nix/nix-daemon/nix-daemon.cc (performOp): In 'wopSetOptions', add
condition to handle "user-name" property and honor it.
(processConnection): Add 'userId' parameter.  Call 'store->createUser'
when userId is not -1.
* guix/profiles.scm (ensure-profile-directory): Note that this is now
handled by the daemon.
* guix/store.scm (current-user-name): New procedure.
(set-build-options): Add #:user-name parameter and pass it to the daemon.
* tests/guix-daemon.sh: Test the creation of 'profiles/per-user' when
listening on a TCP socket.
* tests/store.scm ("profiles/per-user exists and is not writable")
("profiles/per-user/$USER exists"): New tests.
2019-10-16 22:53:40 +02:00

267 lines
8.1 KiB
Bash

# GNU Guix --- Functional package management for GNU
# Copyright © 2012, 2014, 2015, 2016, 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
#
# This file is part of GNU Guix.
#
# GNU Guix is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or (at
# your option) any later version.
#
# GNU Guix is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
#
# Test the daemon and its interaction with 'guix substitute'.
#
set -e
guix-daemon --version
guix build --version
drv="`guix build emacs -d`"
out="`guile -c ' \
(use-modules (guix) (guix grafts) (gnu packages emacs)) \
(define store (open-connection)) \
(%graft? #f)
(display (derivation->output-path (package-derivation store emacs)))'`"
hash_part="`basename $out | cut -c 1-32`"
narinfo="$hash_part.narinfo"
substitute_dir="`echo $GUIX_BINARY_SUBSTITUTE_URL | sed -'es,file://,,g'`"
cat > "$substitute_dir/nix-cache-info"<<EOF
StoreDir: `dirname $drv`
WantMassQuery: 0
EOF
cat > "$substitute_dir/$narinfo"<<EOF
StorePath: $out
URL: /nowhere/example.nar
Compression: none
NarSize: 1234
References:
System: `guile -c '(use-modules (guix)) (display (%current-system))'`
Deriver: $drv
EOF
# Remove the cached narinfo.
rm -f "$XDG_CACHE_HOME/guix/substitute/$hash_part"
# Make sure we see the substitute.
guile -c "
(use-modules (guix))
(define store (open-connection))
(set-build-options store #:use-substitutes? #t
#:substitute-urls (list \"$GUIX_BINARY_SUBSTITUTE_URL\"))
(exit (has-substitutes? store \"$out\"))"
# Now, run guix-daemon --no-substitutes.
socket="$GUIX_STATE_DIRECTORY/alternate-socket"
guix-daemon --no-substitutes --listen="$socket" --disable-chroot &
daemon_pid=$!
trap 'kill $daemon_pid' EXIT
# Make sure we DON'T see the substitute.
guile -c "
(use-modules (guix))
(define store (open-connection \"$socket\"))
;; This setting MUST NOT override the daemon's --no-substitutes.
(set-build-options store #:use-substitutes? #t
#:substitute-urls (list \"$GUIX_BINARY_SUBSTITUTE_URL\"))
(exit (not (has-substitutes? store \"$out\")))"
kill "$daemon_pid"
# Pass several '--listen' options, and make sure they are all honored.
guix-daemon --disable-chroot --listen="$socket" --listen="$socket-second" \
--listen="localhost" --listen="localhost:9876" &
daemon_pid=$!
for uri in "$socket" "$socket-second" \
"guix://localhost" "guix://localhost:9876"
do
GUIX_DAEMON_SOCKET="$uri" guix build guile-bootstrap
done
kill "$daemon_pid"
# Make sure 'profiles/per-user' is created when connecting over TCP.
orig_GUIX_STATE_DIRECTORY="$GUIX_STATE_DIRECTORY"
GUIX_STATE_DIRECTORY="$GUIX_STATE_DIRECTORY-2"
guix-daemon --disable-chroot --listen="localhost:9877" &
daemon_pid=$!
GUIX_DAEMON_SOCKET="guix://localhost:9877"
export GUIX_DAEMON_SOCKET
test ! -d "$GUIX_STATE_DIRECTORY/profiles/per-user"
guix build guile-bootstrap -d
test -d "$GUIX_STATE_DIRECTORY/profiles/per-user/$USER"
kill "$daemon_pid"
unset GUIX_DAEMON_SOCKET
GUIX_STATE_DIRECTORY="$orig_GUIX_STATE_DIRECTORY"
# Check the failed build cache.
guix-daemon --no-substitutes --listen="$socket" --disable-chroot \
--cache-failures &
daemon_pid=$!
guile -c "
(use-modules (guix) (guix grafts) (guix tests) (srfi srfi-34))
(define store (open-connection-for-tests \"$socket\"))
;; Disable grafts to avoid building more than needed.
(%graft? #f)
(define (build-without-failing drv)
(lambda (store)
(guard (c ((store-protocol-error? c) (values #t store)))
(build-derivations store (list drv))
(values #f store))))
;; Make sure failed builds are cached and can be removed from
;; the cache.
(run-with-store store
(mlet* %store-monad ((drv (gexp->derivation \"failure\"
#~(begin
(ungexp output)
#f)))
(out -> (derivation->output-path drv))
(ok? (build-without-failing drv)))
;; Note the mixture of monadic and direct style. Don't try
;; this at home!
(return (exit (and ok?
(equal? (query-failed-paths store) (list out))
(begin
(clear-failed-paths store (list out))
(null? (query-failed-paths store)))))))
#:guile-for-build (%guile-for-build)) "
kill "$daemon_pid"
# Make sure the daemon's default 'build-cores' setting is honored.
guix-daemon --listen="$socket" --disable-chroot --cores=42 &
daemon_pid=$!
GUIX_DAEMON_SOCKET="$socket" \
guile -c '
(use-modules (guix) (guix tests))
(with-store store
(let* ((build (add-text-to-store store "build.sh"
"echo $NIX_BUILD_CORES > $out"))
(bash (add-to-store store "bash" #t "sha256"
(search-bootstrap-binary "bash"
(%current-system))))
(drv (derivation store "the-thing" bash
`("-e" ,build)
#:inputs `((,bash) (,build))
#:env-vars `(("x" . ,(random-text))))))
(and (build-derivations store (list drv))
(exit
(= 42 (pk (call-with-input-file (derivation->output-path drv)
read)))))))'
kill "$daemon_pid"
# Make sure the daemon's default 'timeout' and 'max-silent-time' settings are
# honored.
client_code='
(use-modules (guix) (guix tests) (srfi srfi-34))
(with-store store
(let* ((build (add-text-to-store store "build.sh"
"while true ; do : ; done"))
(bash (add-to-store store "bash" #t "sha256"
(search-bootstrap-binary "bash"
(%current-system))))
(drv (derivation store "the-thing" bash
`("-e" ,build)
#:inputs `((,bash) (,build))
#:env-vars `(("x" . ,(random-text))))))
(exit (guard (c ((store-protocol-error? c)
(->bool
(string-contains (pk (store-protocol-error-message c))
"failed"))))
(build-derivations store (list drv))
#f))))'
for option in --max-silent-time=1 --timeout=1
do
guix-daemon --listen="$socket" --disable-chroot "$option" &
daemon_pid=$!
GUIX_DAEMON_SOCKET="$socket" guile -c "$client_code"
kill "$daemon_pid"
done
# Make sure garbage collection from a TCP connection does not work.
tcp_socket="127.0.0.1:9998"
guix-daemon --listen="$tcp_socket" &
daemon_pid=$!
GUIX_DAEMON_SOCKET="guix://$tcp_socket"
export GUIX_DAEMON_SOCKET
if guix gc; then false; else true; fi
unset GUIX_DAEMON_SOCKET
kill "$daemon_pid"
# Log compression.
guix-daemon --listen="$socket" --disable-chroot --debug --log-compression=gzip &
daemon_pid=$!
stamp="compressed-build-log-test-$$-`date +%H%M%S`"
client_code="
(use-modules (guix) (gnu packages bootstrap))
(with-store store
(run-with-store store
(mlet %store-monad ((drv (lower-object
(computed-file \"compressed-log-test\"
#~(begin
(display \"$stamp\")
(newline)
(mkdir #\$output))
#:guile %bootstrap-guile))))
(display (derivation-file-name drv))
(newline)
(return #t))))
"
GUIX_DAEMON_SOCKET="$socket"
export GUIX_DAEMON_SOCKET
drv=`guile -c "$client_code"`
guix build "$drv"
log=`guix build "$drv" --log-file`
test -f "$log"
case "$log" in
*.gz) test "`gunzip -c < "$log"`" = "$stamp" ;;
*) false ;;
esac