Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove world-writability from {profiles,gcroots}/per-user #3136

Merged
merged 9 commits into from Oct 9, 2019
Merged

Remove world-writability from {profiles,gcroots}/per-user #3136

merged 9 commits into from Oct 9, 2019

Conversation

edolstra
Copy link
Member

@edolstra edolstra commented Oct 9, 2019

These directories are now created on demand by the daemon.

Also some simplifications to the profile scripts.

Alternative to #3134, #3135.

@edolstra edolstra mentioned this pull request Oct 9, 2019
Merged
@grahamc
Copy link
Member

grahamc commented Oct 9, 2019

The install matrix failed on almost all cases: https://buildkite.com/organizations/grahamc/pipelines/nix-install-matrix/builds/33/jobs/b20b2d91-a52a-41be-b210-ca8b6a5709eb/artifacts/bdfccc3f-8bd0-4917-b266-96a5a0ce0b23

Seems the problem is quite consistently:

error: opening lock file '/nix/var/nix/db/big-lock': Permission denied

I ran this after the first push. I'll re-run (but on a bigger server so it doesn't take 2h...)

@edolstra
Copy link
Member Author

edolstra commented Oct 9, 2019

Where are you seeing that? Your link shows a lot of "command not found" errors.

@grahamc
Copy link
Member

grahamc commented Oct 9, 2019

Oops, corrected link: https://buildkite.com/organizations/grahamc/pipelines/nix-install-matrix/builds/72/jobs/d3c62ce0-0303-45ef-8120-4fb8efae434e/artifacts/d6e535d9-2b17-470d-8722-d63dbece492e

@grahamc
Copy link
Member

grahamc commented Oct 9, 2019

Looks good from the install test matrix:

2.3: https://buildkite.com/organizations/grahamc/pipelines/nix-install-matrix/builds/33/jobs/b20b2d91-a52a-41be-b210-ca8b6a5709eb/artifacts/bdfccc3f-8bd0-4917-b266-96a5a0ce0b23
this new build: https://buildkite.com/organizations/grahamc/pipelines/nix-install-matrix/builds/73/jobs/1c0b0150-92d2-4a5f-a024-b986f7b76432/artifacts/527f7457-2a7b-45ed-b220-681068399d04

@grahamc
Copy link
Member

grahamc commented Oct 9, 2019

pro tip: open them in two windows next to each other, and zoom out of the page as much as possible to compare.

alyssais
alyssais approved these changes Oct 9, 2019
View reviewed changes
Copy link
Member

@alyssais alyssais left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code LGTM although haven’t tested it. And @edolstra is right that this feels less error-prone than having to check in the profiles.

@alyssais
Copy link
Member

alyssais commented Oct 9, 2019

Can we please have the CVE in at least one of the commit messages, for future reference?

@edolstra edolstra merged commit 94dfb6b into master Oct 9, 2019
@edolstra edolstra deleted the no-world-writable branch October 9, 2019 21:35
@flokli flokli mentioned this pull request Oct 10, 2019
Closed
@zimbatm zimbatm mentioned this pull request Oct 11, 2019
Closed
matthewbauer referenced this pull request in NixOS/nixpkgs Oct 11, 2019
@edolstra
nix: 2.3 -> 2.3.1
3ab3614
@ldesgoui ldesgoui mentioned this pull request Aug 1, 2021
Closed
@abathur abathur mentioned this pull request Feb 7, 2022
Open
@abathur abathur mentioned this pull request Mar 17, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthewbauer matthewbauer matthewbauer left review comments

@alyssais alyssais alyssais approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@edolstra @grahamc @alyssais @matthewbauer @domenkozar