lix/src/libstore
Jade Lovelace 9909a175bf Fix /etc/group having desynced IDs from the actual UID in the sandbox
This was found when `logrotate.conf` failed to build in a NixOS system
with:

    /nix/store/26zdl4pyw5qazppj8if5lm8bjzxlc07l-coreutils-9.3/bin/id: cannot find name for group ID 30000

This was surprising because it seemed to mean that /etc/group was busted
in the sandbox. Indeed it was:

    root0:
    nixbld:!💯
    nogroup65534:

We diagnosed this to sandboxUid() being called before
usingUserNamespace() was called, in setting up /etc/group inside the
sandbox. This code desperately needs refactoring.

We also moved the /etc/group code to be with the /etc/passwd code, but
honestly this code is all spaghetti'd all over the place and needs some
more serious tidying than we did here.

We also moved some checks to be earlier to improve locality with where
the things they are checking come from.

Change-Id: Ie29798771f3593c46ec313a32960fa955054aceb
2024-05-04 17:36:50 -07:00
..
build Fix /etc/group having desynced IDs from the actual UID in the sandbox 2024-05-04 17:36:50 -07:00
builtins filetransfer: remove decompress request parameter 2024-04-25 01:33:08 +02:00
linux libstore/local-derivation-goal: prohibit creating setuid/setgid binaries 2024-05-03 16:29:06 +02:00
platform gc: Find roots using libproc on Darwin 2024-04-25 23:24:21 -04:00
binary-cache-store.cc libutil: make AutoCloseFD a better resource 2024-03-18 15:42:52 -06:00
binary-cache-store.hh Merge pull request #6258 from obsidiansystems/gcc-bug-ergonomics 2024-03-04 05:24:33 +01:00
build-result.cc Merge pull request #9094 from obsidiansystems/test-proto 2024-03-04 04:36:23 +01:00
build-result.hh Merge pull request #9094 from obsidiansystems/test-proto 2024-03-04 04:36:23 +01:00
builtins.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
ca-specific-schema.sql ca: add sqlite index on RealisationsRefs(realisationReference) 2022-04-21 10:06:39 +02:00
common-protocol-impl.hh Merge pull request #9099 from obsidiansystems/common-proto 2024-03-04 04:36:58 +01:00
common-protocol.cc Merge pull request #9099 from obsidiansystems/common-proto 2024-03-04 04:36:58 +01:00
common-protocol.hh Merge pull request #9099 from obsidiansystems/common-proto 2024-03-04 04:36:58 +01:00
content-address.cc Fix various clang-tidy lints 2024-03-29 20:26:38 -07:00
content-address.hh Fix various clang-tidy lints 2024-03-29 20:26:38 -07:00
crypto.cc Make sodium a required dependency 2021-01-06 17:56:53 +01:00
crypto.hh Finish converting existing comments for internal API docs (#8146) 2023-04-07 13:55:28 +00:00
daemon.cc libstore: un-inline copyNAR expansions 2024-03-24 15:24:02 +01:00
daemon.hh Add Store::isTrustedClient() 2023-04-06 19:59:57 -04:00
derivations.cc HOT SALE: 15% off your build times! 2024-03-27 03:52:57 +00:00
derivations.hh Merge pull request #9563 from obsidiansystems/tryResolve-evalStore 2024-03-04 07:11:25 +01:00
derived-path-map.cc Revert "Adapt scheduler to work with dynamic derivations" 2023-10-02 15:05:23 +00:00
derived-path-map.hh pragma once and ///@file everything missing it 2024-04-08 15:40:12 -07:00
derived-path.cc Merge pull request #9582 from pennae/misc-opts 2024-03-04 07:32:31 +01:00
derived-path.hh Introduce OutputName and OutputNameView type aliases 2023-08-25 09:55:07 -04:00
downstream-placeholder.cc Introduce OutputName and OutputNameView type aliases 2023-08-25 09:55:07 -04:00
downstream-placeholder.hh Introduce OutputName and OutputNameView type aliases 2023-08-25 09:55:07 -04:00
dummy-store.cc Push getFSAccessor unsupported(...) down Store class hierarchy 2023-04-13 13:39:44 -04:00
dummy-store.md Support per-store Markdown documentation 2023-03-21 14:03:40 +01:00
export-import.cc libstore: un-inline copyNAR expansions 2024-03-24 15:24:02 +01:00
filetransfer.cc filetransfer: don't decompress in curl wrapper itself 2024-04-26 15:26:37 +00:00
filetransfer.hh filetransfer: remove dataCallback from interface 2024-04-26 15:26:37 +00:00
fs-accessor.hh Finish converting existing comments for internal API docs (#8146) 2023-04-07 13:55:28 +00:00
gc-store.hh libstore: Create platform LocalStore subclasses 2024-04-23 16:17:05 +00:00
gc.cc libstore: Create platform LocalStore subclasses 2024-04-23 16:17:05 +00:00
globals.cc libutil: remove exception handling workingness check 2024-03-19 06:09:42 -06:00
globals.hh libstore: fix glossary link in documentation 2024-04-11 02:34:45 +02:00
http-binary-cache-store.cc Delete hasPrefix and hasSuffix from the codebase 2024-03-17 20:17:19 -07:00
http-binary-cache-store.md Support per-store Markdown documentation 2023-03-21 14:03:40 +01:00
indirect-root-store.hh Clean up store hierarchy with IndirectRootStore 2023-07-24 09:19:44 -04:00
legacy-ssh-store.cc Revert "libstore: remove one Resource::good flag" 2024-04-05 20:13:02 +00:00
legacy-ssh-store.md Support per-store Markdown documentation 2023-03-21 14:03:40 +01:00
length-prefixed-protocol-helper.hh Merge pull request #9099 from obsidiansystems/common-proto 2024-03-04 04:36:58 +01:00
local-binary-cache-store.cc Delete hasPrefix and hasSuffix from the codebase 2024-03-17 20:17:19 -07:00
local-binary-cache-store.md Support per-store Markdown documentation 2023-03-21 14:03:40 +01:00
local-fs-store.cc getBuildLog: factor out resolving derivations 2022-12-15 15:58:54 -05:00
local-fs-store.hh Merge pull request #6258 from obsidiansystems/gcc-bug-ergonomics 2024-03-04 05:24:33 +01:00
local-store.cc libstore: Create platform LocalStore subclasses 2024-04-23 16:17:05 +00:00
local-store.hh libstore: Create platform LocalStore subclasses 2024-04-23 16:17:05 +00:00
local-store.md Tweaks 2023-03-23 15:32:59 +01:00
local.mk gc: Find roots using libproc on Darwin 2024-04-25 23:24:21 -04:00
lock.cc libutil: make AutoCloseFD a better resource 2024-03-18 15:42:52 -06:00
lock.hh Finish converting existing comments for internal API docs (#8146) 2023-04-07 13:55:28 +00:00
log-store.cc Move the getBuildLog implementation to its own implementation file 2023-01-13 11:05:44 +01:00
log-store.hh Finish converting existing comments for internal API docs (#8146) 2023-04-07 13:55:28 +00:00
machines.cc ssh-ng: Set log-fd for ssh to 4 by default 2024-04-26 19:04:06 +02:00
machines.hh Merge pull request #9841 from obsidiansystems/float-speed-factor 2024-03-04 08:40:38 +01:00
make-content-addressed.cc Merge pull request #8650 from obsidiansystems/content-address-simpler 2023-07-21 13:46:53 +02:00
make-content-addressed.hh makeContentAddressed: Add single path helper 2023-06-30 18:22:47 +02:00
meson.build gc: Find roots using libproc on Darwin 2024-04-25 23:24:21 -04:00
misc.cc Merge pull request #9589 from obsidiansystems/floating-content-addressing-derivations-eval-store 2024-03-04 07:15:08 +01:00
names.cc return string_views from forceString* 2022-01-27 17:15:43 +01:00
names.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
nar-accessor.cc Add explicit case statements where -Wswitch-enum would report them 2023-04-03 18:17:32 +02:00
nar-accessor.hh Finish converting existing comments for internal API docs (#8146) 2023-04-07 13:55:28 +00:00
nar-info-disk-cache.cc Use "raw pattern" for content address types 2023-03-30 17:12:49 -04:00
nar-info-disk-cache.hh Finish converting existing comments for internal API docs (#8146) 2023-04-07 13:55:28 +00:00
nar-info.cc Make "NAR info file is corrupt" messages more informative 2023-04-18 14:10:49 +02:00
nar-info.hh Merge remote-tracking branch 'upstream/master' into path-info 2023-04-07 20:39:04 -04:00
nix-store.pc.in Fix building with GCC 9 2023-02-10 18:38:57 +01:00
optimise-store.cc util.hh: split out signals stuff 2024-03-11 00:52:09 -07:00
outputs-spec.cc Merge pull request #9172 from tfc/bad-moves 2024-03-04 04:41:52 +01:00
outputs-spec.hh Introduce OutputName and OutputNameView type aliases 2023-08-25 09:55:07 -04:00
parsed-derivations.cc Fix exportReferencesGraph when given store subpath 2024-04-21 10:27:32 +00:00
parsed-derivations.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
path-info.cc Merge pull request #6223 from obsidiansystems/worker-proto-with-version 2024-03-04 04:59:31 +01:00
path-info.hh Merge pull request #9238 from tfc/small-improvements2 2024-03-04 05:18:05 +01:00
path-references.cc Make RewritingSink accept a map of rewrites 2023-05-24 14:11:50 +02:00
path-references.hh pragma once and ///@file everything missing it 2024-04-08 15:40:12 -07:00
path-regex.hh Disallow store path names that are . or .. (plus opt. -) 2024-05-02 19:34:38 +02:00
path-with-outputs.cc Fixing #7479 2023-08-18 11:44:00 -04:00
path-with-outputs.hh Make the Derived Path family of types inductive for dynamic derivations 2023-08-10 00:08:32 -04:00
path.cc Disallow store path names that are . or .. (plus opt. -) 2024-05-02 19:34:38 +02:00
path.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
pathlocks.cc libutil: make AutoCloseFD a better resource 2024-03-18 15:42:52 -06:00
pathlocks.hh Finish converting existing comments for internal API docs (#8146) 2023-04-07 13:55:28 +00:00
platform.cc gc: Find roots using libproc on Darwin 2024-04-25 23:24:21 -04:00
profiles.cc Merge pull request #9041 from trofi/profiles-sign 2024-03-04 04:36:10 +01:00
profiles.hh Clean up a few things related to profiles (#8526) 2023-06-19 04:04:59 +00:00
realisation.cc libstore: also pass unwanted outputs to the post-build-hook 2023-05-08 12:58:59 +02:00
realisation.hh Introduce OutputName and OutputNameView type aliases 2023-08-25 09:55:07 -04:00
remote-fs-accessor.cc libutil: make AutoCloseFD a better resource 2024-03-18 15:42:52 -06:00
remote-fs-accessor.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
remote-store-connection.hh pragma once and ///@file everything missing it 2024-04-08 15:40:12 -07:00
remote-store.cc Revert "libutil: remove Pool::Handle::bad" 2024-04-05 20:13:02 +00:00
remote-store.hh libutil: remove Pool::flushBad 2024-03-31 00:07:09 +00:00
s3-binary-cache-store.cc Delete hasPrefix and hasSuffix from the codebase 2024-03-17 20:17:19 -07:00
s3-binary-cache-store.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
s3-binary-cache-store.md Support per-store Markdown documentation 2023-03-21 14:03:40 +01:00
s3.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
schema.sql schema.sql: add comment about hash being in base16 2022-06-01 14:59:57 +02:00
serve-protocol-impl.hh Merge pull request #9137 from obsidiansystems/serve-protocol 2024-03-04 04:37:05 +01:00
serve-protocol.cc Merge pull request #9560 from obsidiansystems/serve-proto-unkeyed-valid-path-info-serializer 2024-03-07 12:37:33 +01:00
serve-protocol.hh Merge pull request #9560 from obsidiansystems/serve-proto-unkeyed-valid-path-info-serializer 2024-03-07 12:37:33 +01:00
sqlite.cc util.hh: split out signals stuff 2024-03-11 00:52:09 -07:00
sqlite.hh Merge pull request #9925 from 9999years/fmt-cleanup 2024-03-09 07:00:13 -07:00
ssh-store-config.hh Merge pull request #6258 from obsidiansystems/gcc-bug-ergonomics 2024-03-04 05:24:33 +01:00
ssh-store.cc ssh-ng: Set log-fd for ssh to 4 by default 2024-04-26 19:04:06 +02:00
ssh-store.md Support per-store Markdown documentation 2023-03-21 14:03:40 +01:00
ssh.cc libstore/ssh: shut 2024-04-27 12:05:17 +03:00
ssh.hh Fix ControlMaster behaviour 2023-05-16 18:50:09 +04:00
store-api.cc Fix progress bar on copyPaths 2024-04-27 18:03:15 +00:00
store-api.hh Make things that can throw not noexcept anymore 2024-03-29 20:26:38 -07:00
store-cast.hh Ensure all headers have #pragma once and are in API docs 2023-03-31 23:19:44 -04:00
uds-remote-store.cc Clean up store hierarchy with IndirectRootStore 2023-07-24 09:19:44 -04:00
uds-remote-store.hh Clean up store hierarchy with IndirectRootStore 2023-07-24 09:19:44 -04:00
uds-remote-store.md Support per-store Markdown documentation 2023-03-21 14:03:40 +01:00
worker-protocol-impl.hh Merge pull request #9099 from obsidiansystems/common-proto 2024-03-04 04:36:58 +01:00
worker-protocol.cc Merge pull request #6223 from obsidiansystems/worker-proto-with-version 2024-03-04 04:59:31 +01:00
worker-protocol.hh Merge pull request #6223 from obsidiansystems/worker-proto-with-version 2024-03-04 04:59:31 +01:00