guix/tests
Ludovic Courtès 81c580c866
daemon: Make 'profiles/per-user' non-world-writable.
Fixes <https://bugs.gnu.org/37744>.
Reported at <https://www.openwall.com/lists/oss-security/2019/10/09/4>.

Based on Nix commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d
by Eelco Dolstra <edolstra@gmail.com>.

* nix/libstore/local-store.cc (LocalStore::LocalStore): Set 'perUserDir'
to #o755 instead of #o1777.
(LocalStore::createUser): New function.
* nix/libstore/local-store.hh (LocalStore): Add it.
* nix/libstore/store-api.hh (StoreAPI): Add it.
* nix/nix-daemon/nix-daemon.cc (performOp): In 'wopSetOptions', add
condition to handle "user-name" property and honor it.
(processConnection): Add 'userId' parameter.  Call 'store->createUser'
when userId is not -1.
* guix/profiles.scm (ensure-profile-directory): Note that this is now
handled by the daemon.
* guix/store.scm (current-user-name): New procedure.
(set-build-options): Add #:user-name parameter and pass it to the daemon.
* tests/guix-daemon.sh: Test the creation of 'profiles/per-user' when
listening on a TCP socket.
* tests/store.scm ("profiles/per-user exists and is not writable")
("profiles/per-user/$USER exists"): New tests.
2019-10-16 22:53:40 +02:00
..
accounts.scm accounts: Delete duplicate entries. 2019-08-28 00:27:14 +02:00
base16.scm utils: Move base16 procedures to (guix base16). 2017-03-16 22:50:14 +01:00
base32.scm Switch to Guile-Gcrypt. 2018-09-04 17:25:11 +02:00
base64.scm
bournish.scm bournish: Extend 'rm' command. 2017-01-26 13:49:56 +01:00
build-utils.scm utils: Add 'invoke/quiet'. 2019-06-17 16:13:36 +02:00
builders.scm tests: Remove expensive and pointless test. 2019-06-14 21:57:18 +02:00
cache.scm cache: Work around 'time-monotonic' bug in Guile 2.2.2. 2017-04-22 14:42:15 +02:00
challenge.scm tests: Add 'test-assertm' to (guix tests). 2018-11-12 23:37:13 +01:00
channels.scm channels: Allow news entries to refer to a tag. 2019-09-23 10:38:44 +02:00
combinators.scm utils: Move combinators to (guix combinators). 2016-05-04 23:35:55 +02:00
containers.scm tests: Skip container test when lacking kernel support. 2019-10-15 10:21:41 +02:00
cpan.scm Revert "import: cpan: Adapt for the change to guile-json version 3." 2019-08-22 14:24:11 -04:00
cpio.scm
cran.scm import: cran: Robustify cran-package?. 2017-05-13 12:40:20 +02:00
crate.scm import: crate: Correct interpretation of dual-licensing strings. 2019-09-04 13:02:27 +02:00
cve-sample.xml
cve.scm cve: Use a more compact format for the list of package/versions. 2016-05-28 01:07:12 +02:00
debug-link.scm tests: Add 'test-assertm' to (guix tests). 2018-11-12 23:37:13 +01:00
derivations.scm Merge branch 'master' into core-updates 2019-09-06 20:46:00 -04:00
discovery.scm discovery: Recurse into directories pointed to by a symlink. 2017-07-03 23:51:23 +02:00
elpa.scm tests: elpa: Don't actually download files. 2018-03-18 22:33:41 +01:00
file-systems.scm uuid: Move tests to 'tests/uuid.scm'. 2017-09-14 00:10:13 +02:00
gem.scm Switch to Guile-Gcrypt. 2018-09-04 17:25:11 +02:00
gexp.scm gexp: Catch and report non-self-quoting gexp inputs. 2019-09-23 23:41:19 +02:00
git.scm git: Add 'commit-difference'. 2019-09-23 10:38:43 +02:00
glob.scm glob: Add an extra glob pattern compilation stage. 2018-03-18 22:57:17 +01:00
gnu-maintenance.scm
grafts.scm Merge branch 'master' into core-updates 2019-06-27 23:33:48 +02:00
graph.scm Merge branch 'staging' into core-updates 2019-03-23 23:16:55 +01:00
gremlin.scm gremlin: Adjust tests for foreign distros. 2019-05-18 12:10:15 +02:00
guix-archive.sh
guix-authenticate.sh
guix-build-branch.sh tests: Adjust '--with-commit' test. 2019-09-04 13:02:27 +02:00
guix-build.sh ui: 'warn-about-load-error' provides hints for unbound variables. 2019-07-20 01:32:17 +02:00
guix-daemon.sh daemon: Make 'profiles/per-user' non-world-writable. 2019-10-16 22:53:40 +02:00
guix-describe.sh Add 'guix describe'. 2018-09-07 11:40:22 +02:00
guix-download.sh guix download: Support retrieving local file without the URI scheme. 2017-08-20 20:55:45 +08:00
guix-environment-container.sh environment: '--container' honors '--preserve'. 2019-10-03 23:48:59 +02:00
guix-environment.sh Merge branch 'master' into core-updates 2019-08-22 15:53:27 -04:00
guix-gc.sh guix gc: Add '--list-roots'. 2019-04-10 17:09:47 +02:00
guix-graph.sh graph: Allow store file names for 'derivation' and 'references' graphs. 2016-05-21 01:35:14 +02:00
guix-hash.sh guix hash: Interpret '-' as standard input. 2016-10-28 22:30:17 +02:00
guix-lint.sh tests: Do not run 'cve' checker in 'tests/guix-lint.sh'. 2016-05-24 14:45:18 +02:00
guix-pack-localstatedir.sh pack: '--localstatedir' and '-R' tests gracefully handle missing /gnu/store. 2019-05-18 12:23:31 +02:00
guix-pack-relocatable.sh pack: '-R' honors the requested output. 2019-08-23 18:41:49 +02:00
guix-pack.sh pack: Add '--root'. 2019-05-22 00:09:41 +02:00
guix-package-aliases.sh guix package: '--show' ignores deprecated packages. 2019-09-21 16:48:36 +02:00
guix-package-net.sh tests: Make builds less expensive. 2019-06-14 21:57:39 +02:00
guix-package.sh guix package: Add '--list-profiles'. 2019-09-26 11:43:26 +02:00
guix-system.sh tests: Adjust wildcard when testing OS examples. 2019-04-29 21:57:52 +02:00
hackage.scm import: hackage: Add two expected failing test cases. 2019-06-20 14:07:01 +02:00
import-utils.scm maint: Switch to Guile-JSON 3.x. 2019-07-25 00:16:41 +02:00
inferior.scm inferior: Propagate '&store-protocol-error' error conditions. 2019-09-21 16:48:36 +02:00
lint.scm lint: Add 'archival' checker. 2019-09-02 15:25:01 +02:00
lzlib.scm lzlib: Add 'make-lzip-input-port/compressed'. 2019-05-27 22:47:24 +02:00
modules.scm modules: Raise an error when a dependency could not be found. 2017-05-25 14:25:17 +02:00
monads.scm
nar.scm serialization: 'restore-file' errors out upon non-convertible file names. 2019-01-18 17:51:34 +01:00
networking.scm services: openntpd: Add test for issue #3731. 2019-09-08 23:15:32 +09:00
opam.scm tests: opam: Fix input type in import test. 2019-09-07 22:25:14 +02:00
pack.scm pack: Create /tmp in Docker images. 2019-08-27 12:20:44 +02:00
packages.scm packages: 'supported-package?' binds '%current-system' for graph traversal. 2019-09-06 14:41:58 +02:00
pki.scm Switch to Guile-Gcrypt. 2018-09-04 17:25:11 +02:00
print.scm import: print: Honor the outputs of inputs (!). 2019-06-07 22:49:47 +02:00
processes.scm Add 'guix processes'. 2018-10-29 00:13:38 +01:00
profiles.scm tests: Make builds less expensive. 2019-06-14 21:57:39 +02:00
publish.scm publish: '--compression' can be repeated. 2019-06-02 22:01:57 +02:00
pypi.scm import: pypi: Include optional test inputs as native-inputs. 2019-07-02 10:08:00 +09:00
records.scm records: Support custom 'this' identifiers. 2019-03-30 11:08:39 +01:00
scripts-build.scm guix build: '--with-commit' makes recursive checkouts. 2019-03-17 22:55:01 +01:00
scripts.scm tests: Add missing import. 2019-03-24 00:13:53 +01:00
search-paths.scm build: Remove 'gnu/packages/bootstrap' and its binaries. 2019-06-14 22:09:38 +02:00
services.scm guix system: Add 'reconfigure' module. 2019-07-26 19:19:49 +02:00
sets.scm
signing-key.pub
signing-key.sec
size.scm tests: Add 'test-assertm' to (guix tests). 2018-11-12 23:37:13 +01:00
snix.scm
status.scm status: Keep track of the current build phase. 2019-02-05 12:03:25 +01:00
store-database.scm database: Reset timestamps to one second after the Epoch. 2018-07-20 15:01:33 +02:00
store-deduplication.scm deduplication: Gracefully handle ENOSPC raised by 'link' calls. 2018-12-14 12:07:24 +01:00
store-roots.scm Add (guix store roots). 2019-04-10 17:09:47 +02:00
store.scm daemon: Make 'profiles/per-user' non-world-writable. 2019-10-16 22:53:40 +02:00
substitute.scm substitute: Select the best compression methods. 2019-06-02 22:01:57 +02:00
swh.scm swh: Add hooks for rate limiting handling. 2019-09-02 15:25:01 +02:00
syscalls.scm syscalls: Add 'add-to-entropy-count'. 2019-10-05 22:05:02 +02:00
system.scm system: Mapped devices needed for boot do not yield Shepherd services. 2018-06-21 23:54:15 +02:00
test.drv
texlive.scm guix: Add texlive importer. 2017-06-15 17:03:19 +02:00
ui.scm ui: 'relevance' connects regexps with a logical and. 2019-09-19 23:24:04 +02:00
union.scm tests: Make builds less expensive. 2019-06-14 21:57:39 +02:00
upstream.scm upstream: Temporarily skip failing test. 2019-01-28 23:13:40 +01:00
utils.scm utils: canonical-newline-port: Fix handling of carriage return at buffer end. 2019-06-20 14:07:01 +02:00
uuid.scm uuid: 'fat-uuid->string' preserves leading zeros. 2019-05-07 12:18:44 +02:00
workers.scm workers: Add test with exceptions. 2017-11-17 10:47:49 +01:00
zlib.scm tests: Gracefully skip zlib test when zlib is missing. 2019-04-16 17:30:22 +02:00