> A probable fix was pushed by Ludovic recently. > Does it work? Can this issue be closed?
The commit I'm building in the issue report (447e9c9) is more recent than ff1251de0bc327ec478fc66a562430fbf35aef42. The issue still exists as of now. On Tue, 12 Mar 2024 at 19:23, pelzflorian (Florian Pelz) <pelzflor...@pelzflorian.de> wrote: > > Hello Michael. > > Michael Ford <fanqu...@gmail.com> writes: > > building > > /gnu/store/p9nimij8lz4yln5jd3gm0kdhirrwz56h-guix-1.4.0-18.4c94b9e-checkout.drv... > > -suspicious ownership or permission on > > `/gnu/store/bj2rp8ql9zxnv4l9gvlhph55fa241mk4-guix-1.4.0-18.4c94b9e-checkout'; > > rejecting this build output > > Backtrace: > > A probable fix was pushed by Ludovic recently. > Does it work? Can this issue be closed? > > commit ff1251de0bc327ec478fc66a562430fbf35aef42 > Author: Ludovic Courtès <l...@gnu.org> > Date: Tue Mar 12 11:53:35 2024 +0100 > > daemon: Address shortcoming in previous security fix for CVE-2024-27297. > > This is a followup to 8f4ffb3fae133bb21d7991e97c2f19a7108b1143. > > Commit 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 fell short in two > ways: (1) it didn’t have any effet for fixed-output derivations > performed in a chroot, which is the case for all of them except those > using “builtin:download” and “builtin:git-download”, and (2) it did not > preserve ownership when copying, leading to “suspicious ownership or > permission […] rejecting this build output” errors. > > Regards, > Florian
