Hi Oleg,
Maxim Cournoyer <maxim.courno...@gmail.com> writes:
> Hi Oleg,
>
> [...]
>
>>> Are these chown still useful in the activation snippet?
>>>
>>> (define (nix-activation _)
>>> ;; Return the activation gexp.
>>> #~(begin
>>> (use-modules (guix build utils)
>>> (srfi srfi-26))
>>> (for-each (cut mkdir-p <>) '("/nix/store" "/nix/var/log"
>>> "/nix/var/nix/gcroots/per-user"
>>> "/nix/var/nix/profiles/per-user"))
>>> (chown "/nix/store"
>>> (passwd:uid (getpw "root")) (group:gid (getpw "nixbld01")))
>>> (chmod "/nix/store" #o775)
>>> (for-each (cut chmod <> #o777) '("/nix/var/nix/profiles"
>>> "/nix/var/nix/profiles/per-user"))))
>>>
>>> If they are useful only on the first time, perhaps we could catch the
>>> exceptions for when it runs on an already read-only mounted /nix/store?
>>
>> Indeed, it is a good idea.
>>
>> A hotfix for the issue was discussed and implemented. It has already
>> been pushed to the master branch. The fix involves a simple
>> 'file-exists?' check. You can find more details in the discussion at
>> https://debbugs.gnu.org/cgi/bugreport.cgi?bug=71320
>>
>> What do you think is preferable in this scenario – catching exceptions
>> or sticking with '(unless (file-exists? ...))'? Your thoughts on the
>> best approach here?
>
> Exceptions are usually better than 'check then do' as they avoid the
> TOCTTOU (time-of-check to time-of-use) class of bugs/vulnerabilities.
I'm closing this for now; I'm satisfied that working order has been
restored :-).
--
Thanks,
Maxim
