aboutsummaryrefslogtreecommitdiff
((debbugs-host . "debbugs.gnu.org")
 (patch-email-address . "guix-patches@gnu.org")
 (mumi-host . "issues.guix.gnu.org"))
generated by cgit
h>Author 2024-06-26etc: Add explicit ‘--substitute-urls’ in guix-daemon service files.Ludovic Courtès Having substitute URLs explicitly listed in the service startup file makes it clearer what should be modified to permanently change the list of substitute URLs. * config-daemon.ac: Rename ‘guix_substitute_urls’ to ‘GUIX_SUBSTITUTE_URLS’ and substitute it. * nix/local.mk (etc/guix-%.service, etc/init.d/guix-daemon) (etc/guix-%.conf): Substitute it. * etc/guix-daemon.conf.in, etc/guix-daemon.service.in, etc/init.d/guix-daemon.in: Add an explicit ‘--substitute-urls’ option. Change-Id: Ie491b7fab5c42e54dca582801c03805a85de2bf9 2024-05-13daemon: Loop over ‘copy_file_range’ upon short writes.Ludovic Courtès Fixes <https://issues.guix.gnu.org/70877>. * nix/libutil/util.cc (copyFile): Loop over ‘copy_file_range’ instead of throwing upon short write. Reported-by: Ricardo Wurmus <rekado@elephly.net> Change-Id: Id7b8a65ea59006c2d91bc23732309a68665b9ca0 2024-03-12daemon: Address shortcoming in previous security fix for CVE-2024-27297.Ludovic Courtès This is a followup to 8f4ffb3fae133bb21d7991e97c2f19a7108b1143. Commit 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 fell short in two ways: (1) it didn’t have any effet for fixed-output derivations performed in a chroot, which is the case for all of them except those using “builtin:download” and “builtin:git-download”, and (2) it did not preserve ownership when copying, leading to “suspicious ownership or permission […] rejecting this build output” errors. * nix/libstore/build.cc (DerivationGoal::buildDone): Account for ‘chrootRootDir’ when copying ‘drv.outputs’. * nix/libutil/util.cc (copyFileRecursively): Add ‘fchown’ and ‘fchownat’ calls to preserve file ownership; this is necessary for chrooted fixed-output derivation builds. * nix/libutil/util.hh: Update comment. Change-Id: Ib59f040e98fed59d1af81d724b874b592cbef156 2024-03-11daemon: Protect against FD escape when building fixed-output derivations ↵Ludovic Courtès (CVE-2024-27297). This fixes a security issue (CVE-2024-27297) whereby a fixed-output derivation build process could open a writable file descriptor to its output, send it to some outside process for instance over an abstract AF_UNIX socket, which would then allow said process to modify the file in the store after it has been marked as “valid”. Vulnerability discovered by puck <https://github.com/puckipedia>. Nix security advisory: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 Nix fix: https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9 * nix/libutil/util.cc (readDirectory): Add variants that take a DIR* and a file descriptor. Rewrite the ‘Path’ variant accordingly. (copyFile, copyFileRecursively): New functions. * nix/libutil/util.hh (copyFileRecursively): New declaration. * nix/libstore/build.cc (DerivationGoal::buildDone): When ‘fixedOutput’ is true, call ‘copyFileRecursively’ followed by ‘rename’ on each output. Change-Id: I7952d41093eed26e123e38c14a4c1424be1ce1c4 Reported-by: Picnoir <picnoir@alternativebit.fr>, Théophane Hufschmitt <theophane.hufschmitt@tweag.io> Change-Id: Idb5f2757f35af86b032a9851cecb19b70227bd88 2024-01-05daemon: Change default ‘timeout’ and ‘max-silent-time’ values.Ludovic Courtès Having a timeout seems generally preferable as it makes sure build slots are not kept busy for no good reason (few package builds, if any, are expected to exceed these values). * nix/libstore/globals.cc (Settings::Settings): Change ‘maxSilentTime’ and ‘buildTimeout’. * gnu/services/base.scm (<guix-configuration>)[max-silent-time] [timeout]: Change default values. * doc/guix.texi (Invoking guix-daemon, Base Services): Adjust accordingly. Change-Id: I25c50893f3f7fcca451b8f093d9d4d1a15fa58d8 2023-12-17daemon: Fix my own whitespace errors.Tobias Geerinckx-Rice This follows up on commit d993ed43b2bae8717437aa27d9d33fd223a6411f and was entirely predictable. The noise, sorry for it. Change-Id: I8ddb8cfe33db3864949f6589cc091616a90ebc5b 2023-12-10daemon: Sacrifice builders on OOM.Tobias Geerinckx-Rice * nix/libstore/build.cc (DerivationGoal::runChild): Maximise our OOM score adjustment. Change-Id: I418c763b499ca16e1ffe3c6033319112b9744f51 2023-12-11daemon: Implement ‘substitute-urls’ RPC.Ludovic Courtès * nix/libstore/worker-protocol.hh (PROTOCOL_VERSION): Bump. (WorkerOp): Add ‘wopSubstituteURLs’. * nix/nix-daemon/nix-daemon.cc (performOp): Implement it. * guix/store.scm (%protocol-version): Bump. (operation-id): Add ‘substitute-urls’. (substitute-urls): New procedure. * tests/store.scm ("substitute-urls, default") ("substitute-urls, client-specified URLs") ("substitute-urls, disabled"): New tests. Change-Id: I2c0119500c3a1eecfa5ebf32463ffb0f173161de 2023-12-04daemon: Simplify “empty status” substitute error message.Ludovic Courtès * nix/libstore/build.cc (SubstitutionGoal::finished): Don’t show what the empty status looks like. Change-Id: Ie898432aeb047aff3d59024de6ed6d18f68903c4 2023-09-24Revert "build: Add missing guix-gc.timer file to binary tarball."Tobias Geerinckx-Rice This reverts commit 69f6edc1a8596d2cb4c67e0435d35633af6f3cbc. The intention is good, but nodist_systemdservice_DATA are meant to be disposable artefacts generated from corresponding ‘.in’ files. etc/guix-gc.timer doesn't fit that description, breaking builds: $ make clean && make … make[2]: *** No rule to make target 'etc/guix-gc.timer', needed by 'all-am'. Stop. 2023-09-26daemon: Add “git-download” built-in builder.Ludovic Courtès The new builder makes it possible to break cycles that occurs when the fixed-output derivation for the source of a dependency of ‘git’ would itself depend on ‘git’. * guix/scripts/perform-download.scm (perform-git-download): New procedure. (perform-download): Move fixed-output derivation check to… (guix-perform-download): … here. Invoke ‘perform-download’ or ‘perform-git-download’ depending on what ‘derivation-builder’ returns. * nix/libstore/builtins.cc (builtins): Add “git-download”. * tests/derivations.scm ("built-in-builders"): Update. ("'git-download' built-in builder") ("'git-download' built-in builder, invalid hash") ("'git-download' built-in builder, invalid commit") ("'git-download' built-in builder, not found"): New tests. 2023-09-09daemon: Fix build with GCC 13.Sören Tempel The sqlite.hh file uses fixed-width integer types from stdint.h. As such, it needs to include <cstdint>. Without this include, the file doesn't compile successfully with GCC13. See: https://gcc.gnu.org/gcc-13/porting_to.html#header-dep-changes * nix/libstore/sqlite.hh: include <cstdint> Signed-off-by: Sören Tempel <soeren@soeren-tempel.net> Signed-off-by: Ludovic Courtès <ludo@gnu.org> 2023-08-31build: Add missing guix-gc.timer file to binary tarball.Maxim Cournoyer Partially fixes <https://issues.guix.gnu.org/65117>. * nix/local.mk (nodist_systemdservice_DATA): Add etc/guix-gc.timer. 2023-01-09daemon: Improve error message for wrong hash sizes.Ludovic Courtès * nix/libutil/hash.cc (parseHash): Show the hash algorithm name and expected size in the error message. * tests/derivations.scm ("fixed-output derivation, invalid hash size"): New test. 2022-12-18daemon: Make "opening file" error messages distinguishable.Ludovic Courtès * nix/libstore/build.cc (DerivationGoal::openLogFile): Customize "opening file" error message. * nix/libutil/hash.cc (hashFile): Likewise. * nix/libutil/util.cc (readFile, writeFile): Likewise. 2022-10-17Revert "nix: Guard against removing temporary roots of living processes."Ludovic Courtès This reverts commit bb0beaecdee1a2315a1269b1746d238c8ab0e699. This change broke a number of tests that assumed the previous behavior. 2022-10-07nix: Guard against removing temporary roots of living processes.Ludovic Courtès Fixes <https://issues.guix.gnu.org/25018>. * nix/libstore/gc.cc (readTempRoots): Add a check to guard against removing the temporary roots of a living process. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> 2022-09-11daemon: Remove unused function findOutput.Maxime Devos * nix/libstore/misc.cc (findOutput): Remove it. * nix/libstore/misc.hh (findOutput): Likewise. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> 2022-09-11daemon: Remove unused function exportPaths.Maxime Devos * nix/libstore/store-api.cc (exportPaths): Remove it. * nix/libstore/store-api.hh (exportPaths): Likewise. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> 2022-09-11daemon: Remove unused function openStore.Maxime Devos * nix/libstore/store-api.cc (openStore): Remove it. * nix/libstore/store-api.hh (openStore): Likewise. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> 2022-06-05daemon: Quote consistently within a string.Tobias Geerinckx-Rice * nix/libstore/build.cc (DerivationGoal::registerOutput): ‘’ → `'. 2022-05-29daemon: Clarify ‘--check’ error when outputs are missing.Tobias Geerinckx-Rice Drop the confusing ‘invalid’ jargon and display a hint like we do for ‘--fallback’. * nix/libstore/build.cc (DerivationGoal::outputsSubstituted): Rewrite error message. 2022-05-18daemon: runChild() is forbidden to talk during environment set upyarl-baudig@mailoo.org DerivationGoal::startBuilder() is waiting for an empty line as a check that the environment set up is fine. Fixes <https://issues.guix.gnu.org/55324>. * nix/libstore/build.cc (DerivationGoal::runChild): Remove 'debug' statement corresponding to bind mounts. Signed-off-by: Ludovic Courtès <ludo@gnu.org> 2022-04-14daemon: Support systemd-style socket activation.Ludovic Courtès * nix/nix-daemon/guix-daemon.cc (SD_LISTEN_FDS_START): New macro. (systemd_activation_sockets): New function. (main): Use it. Remove obsolete 'printMsg' call. * doc/guix.texi (Invoking guix-daemon): Document socket activation.