Hi everyone,
I just followed the update instructions from the daemon on the Guix
blog. After performing the update, I tried to run the script
content-addressed-mirrors-vuln-check.scm again. It failed:
$ guix repl -- content-addressed-mirrors-vuln-check.scm
substitute: looking for substitutes on 'https://bordeaux.guix.gnu.org'...
100.0%
substitute: looking for substitutes on 'https://ci.guix.gnu.org'... 100.0%
building path(s)
`/gnu/store/343kv27cy2rdizxdjnfsnyswzjyl5fya-content-addressed-mirrors-vuln-check'
Backtrace:
17 (primitive-load "/gnu/store/8qlbc0qq3iinbs0aqmrxmvkgm56…")
In guix/ui.scm:
2399:7 16 (run-guix . _)
2362:10 15 (run-guix-command _ . _)
In ice-9/boot-9.scm:
1752:10 14 (with-exception-handler _ _ #:unwind? _ # _)
In guix/scripts/perform-download.scm:
106:2 13 (perform-download _ "/gnu/store/343kv27cy2rdizxdjnfsny…" …)
In ice-9/ports.scm:
433:17 12 (call-with-port #<input: /gnu/store/ddr4i1pa8455zg28lz…> …)
In guix/scripts/perform-download.scm:
90:7 11 (_ _)
In ice-9/sandbox.scm:
168:2 10 (eval-in-sandbox (map (lambda (proc) (proc "co…" …)) #) …)
97:8 9 (call-with-time-limit _ #<procedure 7ffff1f8bb40 at ic…> …)
145:13 8 (call-with-allocation-limit _ #<procedure 7ffff1f99ca0…> …)
In unknown file:
7 (call-with-stack-overflow-handler 1250000 #<procedure …> …)
6 (eval (map (lambda (proc) (proc "content-addre…" …)) #) #)
In ice-9/eval.scm:
196:43 5 (_ #f)
619:8 4 (_ #f)
191:27 3 (_ #f)
223:20 2 (proc #<module (#{ g108}#) 7ffff1f1df00>)
In unknown file:
1 (%resolve-variable (7 . mkdir) #<module (#{ g108}#) 7ff…>)
In ice-9/boot-9.scm:
1685:16 0 (raise-exception _ #:continuable? _)
ice-9/boot-9.scm:1685:16: In procedure raise-exception:
error: mkdir: unbound variable
builder for
`/gnu/store/wk1wmpjldxpdjb53r827f6nk5j8y8awg-content-addressed-mirrors-vuln-check.drv'
failed with exit code 1
content-addressed-mirrors can evaluate arbitrary code, guix-daemon is
VULNERABLE
I suppose this is not expected. Does this mean that the update failed?
Or something else?
Cheers,
Konrad.
