[Nix-dev] Re: /etc/{passwd, group} don't match the build user effective UID/GID
Eelco Dolstra
e.dolstra at tudelft.nl
Mon Dec 7 17:36:17 CET 2009
Hi,
(This was originally sent to the non-existent nix-dev at nixos.org...)
Ludovic Courtès wrote:
> Consequently, I’m inclined to remove this snippet altogether, which
> should allow the patch above to work as expected.
The entire snippet? You still need to discover the build users...
The reason for using supplementary group membership instead of primary group
membership is so that we can use getgrnam to get all the build users at once.
Without it, we would have to query the entire password file with getpwent,
looking for users that have pw_gid set to the build group. This could be much
slower (say, if you have 50000 users in LDAP...).
Maybe what you want is:
group = "nixbld";
extraGroups = ["nixbld"];
BTW, this line in build.cc should be changed:
writeStringToFile(chrootRootDir + "/etc/passwd",
(format(
"nixbld:x:%1%:65534:Nix build user:/:/noshell\n"
"nobody:x:65534:65534:Nobody:/:/noshell\n")
% (buildUser.enabled() ? buildUser.getUID() : getuid())).str());
Otherwise "id" will still get confused in a chroot.
--
Eelco Dolstra | http://www.st.ewi.tudelft.nl/~dolstra/
More information about the nix-dev
mailing list