Daemon blindly imports corrupt archives from 'root'

  • Done
  • quality assurance status badge
Details
2 participants
  • Eric Hanchrow
  • Ludovic Courtès
Owner
unassigned
Submitted by
Eric Hanchrow
Severity
normal
E
E
Eric Hanchrow wrote on 26 Aug 2015 21:54
"make check" failure in 0.8.3
(address . bug-guix@gnu.org)
CAHZoxq8_QewQP92qcF0KmKFrS7Jo8DmY7CP-4EGY1AmSZgMkHw@mail.gmail.com
I created a Vagrant virtual machine using their "ubuntu/trusty64" box (

I connected to it via "vagrant ssh"; that gave me a shell prompt. I can't
remember whether that gave me a root prompt or not; if it didn't, then I'd
have typed "sudo -s".

I ran "aptitude" and installed some packages in order to build guix from
source: g++ guile-2.0-dev libbz2-dev libgcrypt11-dev libsqlite3-dev sqlite3

I unpacked the 0.8.3 source tarball into /usr/local/src.

I typed "./configure", then "make", then "make check".

I saw


============================================================================


Testsuite summary for GNU Guix 0.8.3

============================================================================


# TOTAL: 44

# PASS: 41

# SKIP: 0

# XFAIL: 0

# FAIL: 3

# XPASS: 0

# ERROR: 0

============================================================================


See ./test-suite.log

Please report to bug-guix@gnu.org

So ... here I am, reporting it!
Attachment: file
Attachment: test-suite.log
L
L
Ludovic Courtès wrote on 27 Aug 2015 11:09
(name . Eric Hanchrow)(address . eric.hanchrow@gmail.com)(address . 21354@debbugs.gnu.org)
87mvxd3xoa.fsf@gnu.org
Hi,

I see you were running the test suite as ‘root’. It’s usually not
considered a good idea, but here this has allowed us to find a bug, so
thanks. :-)

Eric Hanchrow <eric.hanchrow@gmail.com> skribis:

Toggle quote (11 lines)
> %%%% Starting test store (Writing full log to "store.log")
>
> ;;; ("/usr/local/src/guix-0.8.3/test-tmp/var/log/guix/drvs/ga/y376758c2j5c8ia6aw1aar0j57snnn-the-thing.drv.bz2")
>
> ;;; ("/usr/local/src/guix-0.8.3/test-tmp/var/log/guix/drvs/4f/4iprr205w93hihpx2cqs2bz9phaq91-the-thing.drv.bz2")
>
> ;;; (spi (#<<substitutable> path: "/usr/local/src/guix-0.8.3/test-tmp/store/7fnh7srm99a45vlvask08w35hbginm0f-guile-bootstrap-2.0" deriver: "/usr/local/src/guix-0.8.3/test-tmp/store/j3fnxhyy2sz7vb2qq7yq06zc1597faix-guile-bootstrap-2.0.drv" refs: () dl-size: 0 nar-size: 1234>))
>
> ;;; (corrupt #<condition &nix-protocol-error [message: "some substitutes for the outputs of derivation `/usr/local/src/guix-0.8.3/test-tmp/store/7v37cm5jy9y3l9j4apn68389r530jnd6-corrupt-substitute.drv' failed (usually happens due to networking issues); try `--fallback' to build derivation from source " status: 1] 3471840>)
> tests/store.scm:595: FAIL import corrupt path

This is due to a regression in 322eeb87, whereby ‘root’ would be allowed
to import unsigned or corrupt paths (via ‘guix archive --import’.)

Commit ef80ca9 fixes that regression.

Toggle quote (11 lines)
> FAIL: tests/syscalls
> ====================
>
> warning: daemon is running as root, so using `--build-users-group' is highly recommended
> %%%% Starting test syscalls (Writing full log to "syscalls.log")
> %%%% Starting test syscalls (Writing full log to "syscalls.log")
> %%%% Starting test syscalls (Writing full log to "syscalls.log")
> %%%% Starting test syscalls (Writing full log to "syscalls.log")
> %%%% Starting test syscalls (Writing full log to "syscalls.log")
> tests/syscalls.scm:200: FAIL set-network-interface-address

Fixed in commit 54e515e (this test must be skipped when run as root.)

Toggle quote (4 lines)
> FAIL: tests/guix-gc
> ===================
>

[...]

Toggle quote (13 lines)
> In guix/store.scm:
> 812: 2 [run-gc #<build-daemon 256.14 2747c80> 1 () 18446744073709551615]
> In srfi/srfi-1.scm:
> 534: 1 [unfold #<procedure 27e24a0 at guix/serialization.scm:162:12 (t-7727)> ...]
> In unknown file:
> ?: 0 [utf8->string #vu8(47 117 115 114 47 108 111 99 97 108 47 115 114 99 47 103 117 105 120 45 48 46 56 46 51 47 116 101 115 116 45 116 109 112 47 115 116 111 114 101 47 114 57 57 52 52 97 54 104 121 102 48 97 98 121 51 119 49 119 98 57 99 106 98 148 106 107 99 53 52 48 115 103 45 116 101 120 116)]
>
> ERROR: In procedure utf8->string:
> ERROR: Throw to key `decoding-error' with args `("scm_from_stringn" "input locale conversion error" 84 #vu8(47 117 115 114 47 108 111 99 97 108 47 115 114 99 47 103 117 105 120 45 48 46 56 46 51 47 116 101 115 116 45 116 109 112 47 115 116 111 114 101 47 114 57 57 52 52 97 54 104 121 102 48 97 98 121 51 119 49 119 98 57 99 106 98 148 106 107 99 53 52 48 115 103 45 116 101 120 116))'.
> unexpected Nix daemon error: reading from file: Connection reset by peer
> + rm -f guix-gc-root
> FAIL tests/guix-gc.sh (exit status: 1)

I think this one was caused by the first bug above: We imported a
corrupt item in the store, so that item has a file name that is not
valid UTF-8, hence this conversion failure.

Could you apply the given patches (you can take them from
with ‘patch -p1 < patch’ from the top-level source directory), and then
run:

rm -rf test-tmp && make check

and report the result?

Thank you!

Ludo’.
L
L
Ludovic Courtès wrote on 11 Sep 2015 19:22
(name . Eric Hanchrow)(address . eric.hanchrow@gmail.com)(address . 21354-done@debbugs.gnu.org)
87vbbgc1mo.fsf@gnu.org
ludo@gnu.org (Ludovic Courtès) skribis:

Toggle quote (9 lines)
> Could you apply the given patches (you can take them from
> <http://git.savannah.gnu.org/cgit/guix.git/log/>, and then apply them
> with ‘patch -p1 < patch’ from the top-level source directory), and then
> run:
>
> rm -rf test-tmp && make check
>
> and report the result?

I’m closing this bug. Please reopen it if you think commits ef80ca9 and
54e515e did not fix it.

Ludo’.
Closed
L
L
Ludovic Courtès wrote on 11 Sep 2015 19:23
retitle
(address . request@debbugs.gnu.org)
87r3m4c1kz.fsf@gnu.org
retitle 21354 Daemon blindly imports corrupt archives from 'root'
thanks
?