GNU bug report logs - #21354
Daemon blindly imports corrupt archives from 'root'

Previous Next

Package: guix;

Reported by: Eric Hanchrow <eric.hanchrow <at> gmail.com>

Date: Wed, 26 Aug 2015 19:55:02 UTC

Severity: normal

Done: ludo <at> gnu.org (Ludovic Courtès)

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 21354 in the body.
You can then email your comments to 21354 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#21354; Package guix. (Wed, 26 Aug 2015 19:55:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Eric Hanchrow <eric.hanchrow <at> gmail.com>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Wed, 26 Aug 2015 19:55:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Eric Hanchrow <eric.hanchrow <at> gmail.com>
To: bug-guix <at> gnu.org
Subject: "make check" failure in 0.8.3
Date: Wed, 26 Aug 2015 19:54:00 +0000

[Message part 1 (text/plain, inline)]
I created a Vagrant virtual machine using their "ubuntu/trusty64" box (
https://atlas.hashicorp.com/ubuntu/boxes/trusty64).

I connected to it via "vagrant ssh"; that gave me a shell prompt.  I can't
remember whether that gave me a root prompt or not; if it didn't, then I'd
have typed "sudo -s".

I ran "aptitude" and installed some packages in order to build guix from
source: g++ guile-2.0-dev libbz2-dev libgcrypt11-dev libsqlite3-dev sqlite3

I unpacked the 0.8.3 source tarball into /usr/local/src.

I typed "./configure", then "make", then "make check".

I saw


============================================================================


Testsuite summary for GNU Guix 0.8.3

============================================================================


# TOTAL: 44

# PASS: 41

# SKIP: 0

# XFAIL: 0

# FAIL: 3

# XPASS: 0

# ERROR: 0

============================================================================


See ./test-suite.log

Please report to bug-guix <at> gnu.org

So ... here I am, reporting it!

[Message part 2 (text/html, inline)]
[test-suite.log (application/octet-stream, attachment)]
Information forwarded to bug-guix <at> gnu.org:
bug#21354; Package guix. (Thu, 27 Aug 2015 09:10:02 GMT) Full text and rfc822 format available.

Message #8 received at 21354 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Eric Hanchrow <eric.hanchrow <at> gmail.com>
Cc: 21354 <at> debbugs.gnu.org
Subject: Re: bug#21354: "make check" failure in 0.8.3
Date: Thu, 27 Aug 2015 11:09:25 +0200

Hi,

I see you were running the test suite as ‘root’.  It’s usually not
considered a good idea, but here this has allowed us to find a bug, so
thanks.  :-)

Eric Hanchrow <eric.hanchrow <at> gmail.com> skribis:

> %%%% Starting test store  (Writing full log to "store.log")
>
> ;;; ("/usr/local/src/guix-0.8.3/test-tmp/var/log/guix/drvs/ga/y376758c2j5c8ia6aw1aar0j57snnn-the-thing.drv.bz2")
>
> ;;; ("/usr/local/src/guix-0.8.3/test-tmp/var/log/guix/drvs/4f/4iprr205w93hihpx2cqs2bz9phaq91-the-thing.drv.bz2")
>
> ;;; (spi (#<<substitutable> path: "/usr/local/src/guix-0.8.3/test-tmp/store/7fnh7srm99a45vlvask08w35hbginm0f-guile-bootstrap-2.0" deriver: "/usr/local/src/guix-0.8.3/test-tmp/store/j3fnxhyy2sz7vb2qq7yq06zc1597faix-guile-bootstrap-2.0.drv" refs: () dl-size: 0 nar-size: 1234>))
>
> ;;; (corrupt #<condition &nix-protocol-error [message: "some substitutes for the outputs of derivation `/usr/local/src/guix-0.8.3/test-tmp/store/7v37cm5jy9y3l9j4apn68389r530jnd6-corrupt-substitute.drv' failed (usually happens due to networking issues); try `--fallback' to build derivation from source " status: 1] 3471840>)
> tests/store.scm:595: FAIL import corrupt path

This is due to a regression in 322eeb87, whereby ‘root’ would be allowed
to import unsigned or corrupt paths (via ‘guix archive --import’.)

Commit ef80ca9 fixes that regression.

> FAIL: tests/syscalls
> ====================
>
> warning: daemon is running as root, so using `--build-users-group' is highly recommended
> %%%% Starting test syscalls  (Writing full log to "syscalls.log")
> %%%% Starting test syscalls  (Writing full log to "syscalls.log")
> %%%% Starting test syscalls  (Writing full log to "syscalls.log")
> %%%% Starting test syscalls  (Writing full log to "syscalls.log")
> %%%% Starting test syscalls  (Writing full log to "syscalls.log")
> tests/syscalls.scm:200: FAIL set-network-interface-address

Fixed in commit 54e515e (this test must be skipped when run as root.)

> FAIL: tests/guix-gc
> ===================
>

[...]

> In guix/store.scm:
>  812: 2 [run-gc #<build-daemon 256.14 2747c80> 1 () 18446744073709551615]
> In srfi/srfi-1.scm:
>  534: 1 [unfold #<procedure 27e24a0 at guix/serialization.scm:162:12 (t-7727)> ...]
> In unknown file:
>    ?: 0 [utf8->string #vu8(47 117 115 114 47 108 111 99 97 108 47 115 114 99 47 103 117 105 120 45 48 46 56 46 51 47 116 101 115 116 45 116 109 112 47 115 116 111 114 101 47 114 57 57 52 52 97 54 104 121 102 48 97 98 121 51 119 49 119 98 57 99 106 98 148 106 107 99 53 52 48 115 103 45 116 101 120 116)]
>
> ERROR: In procedure utf8->string:
> ERROR: Throw to key `decoding-error' with args `("scm_from_stringn" "input locale conversion error" 84 #vu8(47 117 115 114 47 108 111 99 97 108 47 115 114 99 47 103 117 105 120 45 48 46 56 46 51 47 116 101 115 116 45 116 109 112 47 115 116 111 114 101 47 114 57 57 52 52 97 54 104 121 102 48 97 98 121 51 119 49 119 98 57 99 106 98 148 106 107 99 53 52 48 115 103 45 116 101 120 116))'.
> unexpected Nix daemon error: reading from file: Connection reset by peer
> + rm -f guix-gc-root
> FAIL tests/guix-gc.sh (exit status: 1)

I think this one was caused by the first bug above: We imported a
corrupt item in the store, so that item has a file name that is not
valid UTF-8, hence this conversion failure.

Could you apply the given patches (you can take them from
<http://git.savannah.gnu.org/cgit/guix.git/log/>, and then apply them
with ‘patch -p1 < patch’ from the top-level source directory), and then
run:

  rm -rf test-tmp && make check

and report the result?

Thank you!

Ludo’.
Reply sent to ludo <at> gnu.org (Ludovic Courtès):
You have taken responsibility. (Fri, 11 Sep 2015 17:23:02 GMT) Full text and rfc822 format available.
Notification sent to Eric Hanchrow <eric.hanchrow <at> gmail.com>:
bug acknowledged by developer. (Fri, 11 Sep 2015 17:23:02 GMT) Full text and rfc822 format available.

Message #13 received at 21354-done <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Eric Hanchrow <eric.hanchrow <at> gmail.com>
Cc: 21354-done <at> debbugs.gnu.org
Subject: Re: bug#21354: "make check" failure in 0.8.3
Date: Fri, 11 Sep 2015 19:22:07 +0200

ludo <at> gnu.org (Ludovic Courtès) skribis:

> Could you apply the given patches (you can take them from
> <http://git.savannah.gnu.org/cgit/guix.git/log/>, and then apply them
> with ‘patch -p1 < patch’ from the top-level source directory), and then
> run:
>
>   rm -rf test-tmp && make check
>
> and report the result?

I’m closing this bug.  Please reopen it if you think commits ef80ca9 and
54e515e did not fix it.

Ludo’.
Changed bug title to 'Daemon blindly imports corrupt archives from 'root'' from '"make check" failure in 0.8.3' Request was from ludo <at> gnu.org (Ludovic Courtès) to control <at> debbugs.gnu.org. (Fri, 11 Sep 2015 17:24:01 GMT) Full text and rfc822 format available.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sat, 10 Oct 2015 11:24:05 GMT) Full text and rfc822 format available.
This bug report was last modified 8 years and 201 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.