bartronx7/guix
1
0
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2026-01-25 12:05:19 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions
guix/guix
History
Reepca Russelstein 9202921e81
perform-download: Use (ice-9 sandbox) for mirrors. 
"guix perform-download" is used to implement the daemon's "download" and
"git-download" builtin builders.  Because these are builtins, it runs without
any additional isolation beyond merely running as a build user.  In such a
context, allowing arbitrary user-supplied code to be evaluated will easily
lead to the build user being taken over, which can then be used to corrupt
future builds, enable exploitation of certain vulnerabilities, and in the case
of the rootless daemon completely take over guix-daemon.

Use (ice-9 sandbox) to ensure that only safe bindings are available during the
evaluation of the content-addressed-mirrors file.

* guix/perform-download.scm (%safe-bindings, %sandbox-module): new variables.
  (syntax-noop): new syntax.
  (eval-content-addressed-mirrors, assert-store-file,
   call-with-input-file/no-symlinks): new procedures.
  (perform-download): use assert-store-file to ensure files are in the store
  before being read.  Use call-with-input-file/no-symlinks for opening
  untrusted files.  Use eval-content-addressed-mirrors to evaluate the
  content-addressed-mirrors file.

Change-Id: I8ed27a95d84dbcc7d72d0d75f172d113f8be6c79
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2025-09-01 16:13:29 +02:00
..
build download: Handle content-addressed-mirrors returning #f. 2025-09-01 16:13:19 +02:00
build-system build-system: cargo: Deprecate #:cargo-inputs and #:cargo-development-inputs. 2025-08-21 19:09:04 +08:00
import import: pypi: Use autoload instead of use-module. 2025-08-22 19:27:45 +01:00
platforms guix: Add loongarch platform. 2025-01-25 01:05:22 +08:00
scripts perform-download: Use (ice-9 sandbox) for mirrors. 2025-09-01 16:13:29 +02:00
store
tests
android-repo-download.scm
avahi.scm
base16.scm
base32.scm
base64.scm
build-system.scm
bzr-download.scm
cache.scm cache: Remove unused import. 2025-04-14 17:31:49 +02:00
channels.scm maint: Change main repository URL to git.guix.gnu.org. 2025-05-23 11:19:07 +02:00
ci.scm
colors.scm
combinators.scm
config.scm.in
cpio.scm
cpu.scm guix: cpu: Recognize CPUs through GCC-15. 2025-08-06 12:02:52 +03:00
cve.scm cve: Upgrade to JSON 2.0 feeds. 2025-08-31 12:39:24 +02:00
cvs-download.scm
d3.v3.js
deprecation.scm
derivations.scm derivations: Fix indentation. 2025-02-22 23:55:24 +09:00
describe.scm ui: Search channels for guix extensions 2025-03-08 17:40:58 +01:00
diagnostics.scm
discovery.scm
docker.scm pack: Include store parent directories in the Docker layer. 2025-06-03 15:09:54 +02:00
download.scm download: Remove unreachable mirror URL. 2025-04-03 22:28:10 +09:00
elf.scm
ftp-client.scm
gexp.scm gexp: Attempt to set LC_CTYPE in compiled-modules. 2025-07-18 20:17:27 +02:00
git-authenticate.scm git-authenticate: Print a clear error message for malformed keys. 2025-08-23 16:57:21 +02:00
git-download.scm
git.scm git: Move ‘core.autocrlf’ settings. 2025-06-16 23:11:10 +02:00
glob.scm
gnu-maintenance.scm gnu-maintenance: Update Savannah release monitoring URL. 2025-07-13 16:39:14 +02:00
gnupg.scm gnupg: Automatically fallback to 'always policy when non-interactive. 2025-02-28 13:36:44 +09:00
grafts.scm grafts: Allow file-like objects in the ‘replacement’ field of <graft>. 2025-01-28 14:56:14 +01:00
graph.js
graph.scm
hash.scm
hg-download.scm gnu: mercurial: Add package and rename former to mercurial/pinned. 2025-08-31 12:21:12 +02:00
http-client.scm guix: Avoid ‘fdatasync’ call for caches and regular files. 2025-04-14 17:31:50 +02:00
i18n.scm
inferior.scm inferior: Add #:verify-certificate? to ‘cached-channel-instance’. 2024-12-25 23:51:10 +01:00
ipfs.scm
least-authority.scm least-authority: Export default preserved environment variables. 2025-04-19 21:13:21 +09:00
licenses.scm licenses: Add CERN Open Hardware Licence. 2025-08-03 10:58:14 +02:00
lint.scm guix: lint: Fix typos in module. 2025-08-06 12:14:23 +03:00
man-db.scm man-db: Support mdoc-formatted man pages. 2025-04-11 12:18:02 +02:00
memoization.scm
modules.scm
monad-repl.scm
monads.scm gexp: ‘with-parameters’ properly handles ‘%graft?’. 2025-03-05 00:28:49 +01:00
nar.scm
narinfo.scm
openpgp.scm
packages.scm packages: Add riscv64-linux to %cuirass-supported-systems. 2025-04-25 20:25:27 +02:00
pki.scm pki: Always make /etc/guix/acl world-readable. 2025-07-16 23:50:38 +02:00
platform.scm
profiles.scm profiles: Allow modification of package properties in packages->manifest. 2025-06-26 16:56:51 +02:00
profiling.scm
progress.scm
quirks.scm
read-print.scm read-print: Attempt to indent package arguments less. 2025-02-09 01:00:00 +01:00
records.scm records: Remove unneed autoload. 2025-07-01 17:46:01 +08:00
remote.scm remote: Do not double-quote the repl-command. 2024-12-12 12:52:08 +01:00
repl.scm
rpm.scm
scripts.scm
search-paths.scm search-paths: $Add XDG_DATA_DIRS. 2025-03-18 16:12:38 +09:00
self.scm self: Install systemd ‘.service’ files. 2025-04-20 17:58:11 +02:00
serialization.scm
sets.scm
ssh.scm pki: Always make /etc/guix/acl world-readable. 2025-07-16 23:50:38 +02:00
status.scm status: Colorize more test output. 2025-06-19 10:51:10 +03:00
store.scm gexp: ‘with-parameters’ properly handles ‘%graft?’. 2025-03-05 00:28:49 +01:00
substitutes.scm guix: Avoid ‘fdatasync’ call for caches and regular files. 2025-04-14 17:31:50 +02:00
svn-download.scm gnu: subversion: Add package and rename former to subversion/pinned. 2025-08-31 12:21:09 +02:00
swh.scm swh: Catch swh-error when downloading from SWH Vault. 2025-07-17 16:41:28 +02:00
tests.scm
transformations.scm gnu: go-1.23: Add aarch64 micro-architecture compiler support. 2025-08-06 12:02:52 +03:00
ui.scm guix gc: Adjust size suffix based on the amount of data. 2025-07-28 13:57:53 +03:00
upstream.scm upstream: Do not update to same version. 2025-04-27 13:01:48 +01:00
utils.scm scripts: import: Support expressions defined by 'define. 2025-08-21 19:08:18 +08:00
workers.scm