pull: Fail if cache directory ownership is suspect.

New users frequently run ‘sudo guix pull’ which breaks subsequent
unprivileged ‘guix pull’s until manually fixed with chmod -R.

* guix/scripts/pull.scm (guix-pull): Fail if the cache directory (or
its innermost extant parent) is not owned by the user pulling the Guix,
with a hint about ‘sudo -i’.
This commit is contained in:
Tobias Geerinckx-Rice 2022-06-05 02:00:05 +02:00
parent 34c7c922f5
commit 7c52cad046
No known key found for this signature in database
GPG key ID: 0DB0FF884F556D79

View file

@ -49,6 +49,7 @@ (define-module (guix scripts pull)
#:autoload (gnu packages bootstrap) (%bootstrap-guile)
#:autoload (gnu packages certs) (le-certs)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-11)
#:use-module (srfi srfi-26)
#:use-module (srfi srfi-34)
#:use-module (srfi srfi-35)
@ -810,6 +811,33 @@ (define (no-arguments arg _)
((assoc-ref opts 'generation)
(process-generation-change opts profile))
(else
;; Bail out early when users accidentally run, e.g., sudo guix pull.
;; If CACHE-DIRECTORY doesn't yet exist, test where it would end up.
(let-values (((stats dir) (let loop ((dir (cache-directory)))
(let ((stats (stat dir #f)))
(if stats
(values stats dir)
(loop (dirname dir)))))))
(let ((dir:uid (stat:uid stats))
(our:uid (getuid)))
(unless (= dir:uid our:uid)
(let* ((user (lambda (uid) ; handle the unthinkable invalid UID
(or (false-if-exception (passwd:name
(getpwuid uid)))
uid)))
(our:user (user our:uid))
(dir:user (user dir:uid)))
(raise
(condition
(&message
(message
(format #f (G_ "directory ~a is not owned by user ~a")
dir dir:user)))
(&fix-hint
(hint
(format #f (G_ "You should run this command as ~a; use sudo -i or equivalent if you really want to pull as ~a.")
dir:user our:user)))))))))
(with-store store
(with-status-verbosity (assoc-ref opts 'verbosity)
(parameterize ((%current-system (assoc-ref opts 'system))