Commit Graph

15 Commits

Author SHA1 Message Date
Ludovic Courtès
bfe82fe2f6
pack: Relocatable wrapper leaves root available to child processes.
Fixes <https://bugs.gnu.org/44261>.
Reported by Jan Nieuwenhuizen <janneke@gnu.org>.

* gnu/packages/aux-files/run-in-namespace.c (exec_in_user_namespace):
Add call to 'prctl'.  Call 'mount' for NEW_ROOT and define 'is_tmpfs'.
When IS_TMPFS is true, call 'umount' and 'rmdir' after 'waitpid';
otherwise, call 'rm_rf' only when 'waitpid' returns -1 the second time.
(exec_with_loader): Call 'prctl'.  Remove NEW_ROOT only when 'waitpid'
returns -1 the second time, otherwise leave it behind.
* tests/guix-pack-relocatable.sh (wait_for_file): New function.
Add test.
2020-10-31 23:16:43 +01:00
Eric Bavier
a73896425e
guix: pack: Fix offset calculation for store directory mount point.
Fixes wrapping of non-package things, where the target store directory may
differ in length from the original.

* guix/scripts/pack.scm (wrapped-package)<build-wrapper>: Define
WRAPPER_PROGRAM macro with wrapper's file name.
* gnu/packages/aux-files/run-in-namespace.c (main): Offset index by len of
that file name.
2020-10-30 10:00:29 -05:00
Ludovic Courtès
28dce8f02d
pack: fakechroot: Honor $LD_LIBRARY_PATH.
Until now, when using the "fakechroot" engine, $LD_LIBRARY_PATH would
always be ignored.  However, it's useful in some cases to allow users to
specify LD_LIBRARY_PATH, so honor it.

* gnu/packages/aux-files/run-in-namespace.c (concat_paths): New function.
(exec_with_loader): Concatenante $LD_LIBRARY_PATH to the relocated
AUDIT_LIBRARY_PATH.
2020-08-27 19:58:16 +02:00
Ludovic Courtès
c088aa2988
pack: "fakechroot" engine always creates its store.
Previously it would silently fail to create the /gnu/store symlink when
the host has a read-only /gnu as is the case in these tests.

* gnu/packages/aux-files/run-in-namespace.c (exec_with_loader): Unlink
the ancestor of ORIGINAL_STORE under NEW_ROOT.  Check the return value
of 'symlink' when creating NEW_STORE.
* tests/guix-pack-relocatable.sh: Check the contents of the store as
seen by the wrapped executable, with all three engines, and with both
"/gnu" and "/gnu/store" erased.
2020-07-28 14:41:05 +02:00
Ludovic Courtès
c6c0d5a22c
pack: "fakechroot" execution engine can load its audit module.
Fixes <https://bugs.gnu.org/42558>.

Until now, loading 'pack-audit.so' in a truly non-Guix environment would
usually fail because 'pack-audit.so' depends on 'libgcc_s.so' and
'libc.so', none of which could be found.

Furthermore, the test was not working as expected: the trick

  unshare -mrf sh -c 'mount -t tmpfs none /gnu ; ...'

would allow the fakechroot engine to make its store available as
/gnu/store as a result of another bug.

* gnu/packages/aux-files/run-in-namespace.c (relocated_search_path): New
function.
(exec_with_loader): Pass "--library-path" to the loader.
* guix/scripts/pack.scm (wrapped-package)[build](runpath): New procedure.
(elf-loader-compile-flags): Pass "-DLOADER_AUDIT_RUNPATH".
* tests/guix-pack-relocatable.sh: Remove 'STORE_PARENT'.
(run_without_store): New function.  Erase $NIX_STORE_DIR instead of
$STORE_PARENT.
Use 'run_without_store' throughout.
2020-07-28 14:41:04 +02:00
Ludovic Courtès
6456232164
pack: Add relocation via ld.so and fakechroot.
* gnu/packages/aux-files/run-in-namespace.c (HAVE_EXEC_WITH_LOADER): New
macro.
(bind_mount): Rename to...
(mirror_directory): ... this.  Add 'firmlink' argument and use it
instead of calling mkdir/open/close/mount directly.
(bind_mount, make_symlink): New functions.
(exec_in_user_namespace): Adjust accordingly.
(exec_with_loader) [HAVE_EXEC_WITH_LOADER]: New function.
(exec_performance): New function.
(engines): Add them.
* guix/scripts/pack.scm (wrapped-package)[fakechroot-library]
[audit-module]: New procedures.
[audit-source]: New variable.
[build](elf-interpreter, elf-loader-compile-flags): New procedures.
(build-wrapper): Use them.
* tests/guix-pack-relocatable.sh: Test with
'GUIX_EXECUTION_ENGINE=fakechroot'.
* doc/guix.texi (Invoking guix pack): Document the 'performance' and
'fakechroot' engines.
* gnu/packages/aux-files/pack-audit.c: New file.
* Makefile.am (AUX_FILES): Add it.
2020-05-14 17:21:27 +02:00
Ludovic Courtès
0cd13e72f2
pack: Factorize store references in wrapper.
* gnu/packages/aux-files/run-in-namespace.c (original_store): New variable.
(exec_in_user_namespace, exec_with_proot, main): Use it instead of the
literal "@STORE_DIRECTORY@".
2020-05-14 17:21:27 +02:00
Ludovic Courtès
fde2aec3f4
pack: Wrapper honors 'GUIX_EXECUTION_ENGINE' environment variable.
* gnu/packages/aux-files/run-in-namespace.c (struct engine): New type.
(exec_default): New function.
(engines): New variable.
(execution_engine): New function.
(main): Use it instead of calling 'exec_in_user_namespace' and
'exec_with_proot' directly.
* tests/guix-pack-relocatable.sh: Add test with 'GUIX_EXECUTION_ENGINE'.
* doc/guix.texi (Invoking guix pack): Document 'GUIX_EXECUTION_ENGINE'.
2020-05-14 17:21:27 +02:00
Ludovic Courtès
bdb9b4e8d3
pack: Factorize 'exec_in_user_namespace' wrapper.
* gnu/packages/aux-files/run-in-namespace.c (exec_in_user_namespace):
New function, with code taken from...
(main): ... here.  Call it.
2020-05-07 23:52:25 +02:00
Ludovic Courtès
14928af2af
pack: Add 'xmalloc' in wrapper.
* gnu/packages/aux-files/run-in-namespace.c (xmalloc): New function.
(concat): Use it.
2020-05-07 23:52:25 +02:00
Ludovic Courtès
4a53c19a32
pack: Fix off-by-one in PRoot handling in the wrapper.
* gnu/packages/aux-files/run-in-namespace.c (exec_with_proot): Make
'proot_argv' one element larger to account for the terminating NULL.
2020-05-07 23:52:25 +02:00
Ludovic Courtès
2520059bdb
pack: 'guix pack -R' wrapper correctly reports exit code.
Fixes <https://bugs.gnu.org/40816>.
Reported by Jan (janneke) Nieuwenhuizen <janneke@gnu.org>.

* gnu/packages/aux-files/run-in-namespace.c (main): In the 'default'
case, check 'WIFEXITED (status)' and exit with the corresponding code in
that case.  Exit with 255 in other cases.
* tests/guix-pack-relocatable.sh: Add test.
2020-04-24 16:21:13 +02:00
Ludovic Courtès
99aec37a78
pack: "-RR" produces PRoot-enabled relocatable binaries.
* gnu/packages/aux-files/run-in-namespace.c (exec_with_proot): New
function.
(main): When 'clone' fails, call 'rm_rf'.
[PROOT_PROGRAM]: When 'clone' fails, call 'exec_with_proot'.
* guix/scripts/pack.scm (wrapped-package): Add #:proot?.
[proot]: New procedure.
[build]: Compile with -DPROOT_PROGRAM when PROOT? is true.
* guix/scripts/pack.scm (%options): Set the 'relocatable?' value to
'proot when "-R" is passed several times.
(guix-pack): Pass #:proot? to 'wrapped-package'.
* tests/guix-pack-relocatable.sh: Use "-RR" on Intel systems that lack
user namespace support.
* doc/guix.texi (Invoking guix pack): Document -RR.
2019-03-15 23:27:59 +01:00
Ludovic Courtès
30da3173d5
pack: Relocatable wrapper now properly maps the current UID/GID.
* gnu/packages/aux-files/run-in-namespace.c (write_id_map)
(disallow_setgroups): New functions.
(main): Use 'clone' via 'syscall' instead of 'fork' followed by
'unshare'.  Add calls to 'disallow_setgroups' and 'write_id_map' in the
parent process.
2018-05-11 18:42:42 +02:00
Ludovic Courtès
47a60325ca
pack: Add '--relocatable'.
* gnu/packages/aux-files/run-in-namespace.c: New file.
* Makefile.am (AUX_FILES): Add it.
* guix/scripts/pack.scm (<c-compiler>): New record type.
(c-compiler, bootstrap-c-compiler, c-compiler-compiler): New procedures.
(self-contained-tarball): Use
'relative-file-name' for the SOURCE -> TARGET symlink.
(docker-image): Add 'defmod' to please Geiser.
(wrapped-package, map-manifest-entries): New procedures.
(%options, show-help): Add --relocatable.
(guix-pack): Honor it.
2018-05-10 14:53:57 +02:00