mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2025-01-26 12:39:36 -05:00
pull: Fail if cache directory ownership is suspect.
New users frequently run ‘sudo guix pull’ which breaks subsequent unprivileged ‘guix pull’s until manually fixed with chmod -R. * guix/scripts/pull.scm (guix-pull): Fail if the cache directory (or its innermost extant parent) is not owned by the user pulling the Guix, with a hint about ‘sudo -i’.
This commit is contained in:
parent
34c7c922f5
commit
7c52cad046
1 changed files with 28 additions and 0 deletions
|
@ -49,6 +49,7 @@ (define-module (guix scripts pull)
|
|||
#:autoload (gnu packages bootstrap) (%bootstrap-guile)
|
||||
#:autoload (gnu packages certs) (le-certs)
|
||||
#:use-module (srfi srfi-1)
|
||||
#:use-module (srfi srfi-11)
|
||||
#:use-module (srfi srfi-26)
|
||||
#:use-module (srfi srfi-34)
|
||||
#:use-module (srfi srfi-35)
|
||||
|
@ -810,6 +811,33 @@ (define (no-arguments arg _)
|
|||
((assoc-ref opts 'generation)
|
||||
(process-generation-change opts profile))
|
||||
(else
|
||||
;; Bail out early when users accidentally run, e.g., ’sudo guix pull’.
|
||||
;; If CACHE-DIRECTORY doesn't yet exist, test where it would end up.
|
||||
(let-values (((stats dir) (let loop ((dir (cache-directory)))
|
||||
(let ((stats (stat dir #f)))
|
||||
(if stats
|
||||
(values stats dir)
|
||||
(loop (dirname dir)))))))
|
||||
(let ((dir:uid (stat:uid stats))
|
||||
(our:uid (getuid)))
|
||||
(unless (= dir:uid our:uid)
|
||||
(let* ((user (lambda (uid) ; handle the unthinkable invalid UID
|
||||
(or (false-if-exception (passwd:name
|
||||
(getpwuid uid)))
|
||||
uid)))
|
||||
(our:user (user our:uid))
|
||||
(dir:user (user dir:uid)))
|
||||
(raise
|
||||
(condition
|
||||
(&message
|
||||
(message
|
||||
(format #f (G_ "directory ‘~a’ is not owned by user ~a")
|
||||
dir dir:user)))
|
||||
(&fix-hint
|
||||
(hint
|
||||
(format #f (G_ "You should run this command as ~a; use ‘sudo -i’ or equivalent if you really want to pull as ~a.")
|
||||
dir:user our:user)))))))))
|
||||
|
||||
(with-store store
|
||||
(with-status-verbosity (assoc-ref opts 'verbosity)
|
||||
(parameterize ((%current-system (assoc-ref opts 'system))
|
||||
|
|
Loading…
Reference in a new issue