mirror of
https://git.savannah.gnu.org/git/guix.git
synced 2026-04-07 05:30:38 +02:00
eab097c682
Fixes <https://issues.guix.gnu.org/78067>. Previously sshd would use /gnu/store/…-openssh-…/var/empty as its PRIVSEP_PATH. However, when using the unprivileged daemon, that directory would belong to guix-daemon:guix-daemon, leading to this error: sshd[234]: fatal: /gnu/store/…-openssh-10.0p1/var/empty must be owned by root and not group or world-writable. Fix that by switching to /var/empty. * gnu/packages/patches/openssh-trust-guix-store-directory.patch (openssh): Adjust to trust files in guix store owned by guix-daemon. * gnu/packages/ssh.scm (openssh)[arguments]: Remove ‘reset-/var/empty’ phase; change ‘install’ phase to not create PRIVSEP_PATH.. Append ending slash when substituting STORE_DIRECTORY. Change-Id: I3bd01f8b9d6406e3b886eea8f4b8c265a51cc72f Reported-by: Zack Weinberg <zack@owlfolio.org> Signed-off-by: Ludovic Courtès <ludo@gnu.org>