aboutsummaryrefslogtreecommitdiff
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 Alex Kost <alezost@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

;;;
;;; Generate AUTHORS file for directory with the Guix git repository.
;;;

(use-modules
 (ice-9 popen)
 (ice-9 rdelim)
 (ice-9 match)
 (srfi srfi-1)
 (guix config)
 (guix utils)
 (guix build utils))

(define %guix-dir
  (make-parameter #f))

(define-syntax-rule (append-maybe init-lst (test add-lst) ...)
  (let* ((lst init-lst)
         (lst (if test
                  (append lst add-lst)
                  lst))
         ...)
    lst))

(define (command-output cmd . args)
  "Execute CMD with ARGS and return its output without trailing newspace."
  (let* ((port (apply open-pipe* OPEN_READ cmd args))
         (output (read-string port)))
    (close-port port)
    (string-trim-right output #\newline)))

(define (git-output . args)
  "Execute git command with ARGS and return its output without trailing
newspace."
  (with-directory-excursion (%guix-dir)
    (apply command-output "git" args)))

(define* (contributors-string #:optional (range "HEAD"))
  "Return a string with names of people contributed to commit RANGE."
  (git-output "shortlog" "--numbered" "--summary" "--email" range))

(define* (tags #:key pattern sort)
  "Return a list of the git repository tags.
PATTERN is passed to '--list' and SORT is passed to '--sort' options of
'git tag' command."
  (let* ((args (append-maybe
                '("tag")
                (pattern (list "--list" pattern))
                (sort    (list "--sort" sort))))
         (output (apply git-output args)))
    (string-split output #\newline)))

(define (version-tags)
  "Return only version tags (v0.8, etc.) sorted from the biggest version
to the smallest one."
  (tags #:pattern "v*"
        #:sort "-version:refname"))

(define (generate-authors-file file)
  "Generate authors FILE."
  (define previous-release-tag
    (find (lambda (tag)
            (version>? %guix-version
                       (substring tag 1))) ; remove leading 'v'
          (version-tags)))

  (define release-range
    (string-append previous-release-tag "..HEAD"))

  (with-output-to-file file
    (lambda ()
      (display "\
GNU Guix consists of Scheme code that implements the deployment model
of the Nix package management tool.  In fact, it currently talks to a
build daemon whose code comes from Nix (see the manual for details.)

Nix was initially written by Eelco Dolstra; other people have been
contributing to it.  See `nix/AUTHORS' for details.\n\n")
      (format #t "Contributors to GNU Guix ~a:\n\n"
              %guix-version)
      (display (contributors-string release-range))
      (newline) (newline)
      (display "Overall contributors:\n\n")
      (display (contributors-string))
      (newline))))

(define (show-help)
  (match (command-line)
    ((me _ ...)
     (format #t "Usage: guile ~a DIRECTORY AUTHORS
Generate AUTHORS file for DIRECTORY with the Guix git repository.\n"
             me))))

(match (command-line)
  ((_ guix-dir authors-file)
   (parameterize ((%guix-dir guix-dir))
     (generate-authors-file authors-file)))
  (_
   (show-help)
   (exit 1)))

;;; generate-authors.scm ends here
generated by cgit
is is necessary for chrooted fixed-output derivation builds. * nix/libutil/util.hh: Update comment. Change-Id: Ib59f040e98fed59d1af81d724b874b592cbef156 Ludovic Courtès 2024-03-11daemon: Protect against FD escape when building fixed-output derivations (CVE......This fixes a security issue (CVE-2024-27297) whereby a fixed-output derivation build process could open a writable file descriptor to its output, send it to some outside process for instance over an abstract AF_UNIX socket, which would then allow said process to modify the file in the store after it has been marked as “valid”. Vulnerability discovered by puck <https://github.com/puckipedia>. Nix security advisory: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 Nix fix: https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9 * nix/libutil/util.cc (readDirectory): Add variants that take a DIR* and a file descriptor. Rewrite the ‘Path’ variant accordingly. (copyFile, copyFileRecursively): New functions. * nix/libutil/util.hh (copyFileRecursively): New declaration. * nix/libstore/build.cc (DerivationGoal::buildDone): When ‘fixedOutput’ is true, call ‘copyFileRecursively’ followed by ‘rename’ on each output. Change-Id: I7952d41093eed26e123e38c14a4c1424be1ce1c4 Reported-by: Picnoir <picnoir@alternativebit.fr>, Théophane Hufschmitt <theophane.hufschmitt@tweag.io> Change-Id: Idb5f2757f35af86b032a9851cecb19b70227bd88 Ludovic Courtès 2024-01-05daemon: Change default ‘timeout’ and ‘max-silent-time’ values....Having a timeout seems generally preferable as it makes sure build slots are not kept busy for no good reason (few package builds, if any, are expected to exceed these values). * nix/libstore/globals.cc (Settings::Settings): Change ‘maxSilentTime’ and ‘buildTimeout’. * gnu/services/base.scm (<guix-configuration>)[max-silent-time] [timeout]: Change default values. * doc/guix.texi (Invoking guix-daemon, Base Services): Adjust accordingly. Change-Id: I25c50893f3f7fcca451b8f093d9d4d1a15fa58d8 Ludovic Courtès 2023-12-17daemon: Fix my own whitespace errors....This follows up on commit d993ed43b2bae8717437aa27d9d33fd223a6411f and was entirely predictable. The noise, sorry for it. Change-Id: I8ddb8cfe33db3864949f6589cc091616a90ebc5b Tobias Geerinckx-Rice 2023-12-10daemon: Sacrifice builders on OOM....* nix/libstore/build.cc (DerivationGoal::runChild): Maximise our OOM score adjustment. Change-Id: I418c763b499ca16e1ffe3c6033319112b9744f51 Tobias Geerinckx-Rice 2023-12-11daemon: Implement ‘substitute-urls’ RPC....* nix/libstore/worker-protocol.hh (PROTOCOL_VERSION): Bump. (WorkerOp): Add ‘wopSubstituteURLs’. * nix/nix-daemon/nix-daemon.cc (performOp): Implement it. * guix/store.scm (%protocol-version): Bump. (operation-id): Add ‘substitute-urls’. (substitute-urls): New procedure. * tests/store.scm ("substitute-urls, default") ("substitute-urls, client-specified URLs") ("substitute-urls, disabled"): New tests. Change-Id: I2c0119500c3a1eecfa5ebf32463ffb0f173161de Ludovic Courtès 2023-12-04daemon: Simplify “empty status” substitute error message....* nix/libstore/build.cc (SubstitutionGoal::finished): Don’t show what the empty status looks like. Change-Id: Ie898432aeb047aff3d59024de6ed6d18f68903c4 Ludovic Courtès 2023-09-24Revert "build: Add missing guix-gc.timer file to binary tarball."...This reverts commit 69f6edc1a8596d2cb4c67e0435d35633af6f3cbc. The intention is good, but nodist_systemdservice_DATA are meant to be disposable artefacts generated from corresponding ‘.in’ files. etc/guix-gc.timer doesn't fit that description, breaking builds: $ make clean && make … make[2]: *** No rule to make target 'etc/guix-gc.timer', needed by 'all-am'. Stop. Tobias Geerinckx-Rice 2023-09-26daemon: Add “git-download” built-in builder....The new builder makes it possible to break cycles that occurs when the fixed-output derivation for the source of a dependency of ‘git’ would itself depend on ‘git’. * guix/scripts/perform-download.scm (perform-git-download): New procedure. (perform-download): Move fixed-output derivation check to… (guix-perform-download): … here. Invoke ‘perform-download’ or ‘perform-git-download’ depending on what ‘derivation-builder’ returns. * nix/libstore/builtins.cc (builtins): Add “git-download”. * tests/derivations.scm ("built-in-builders"): Update. ("'git-download' built-in builder") ("'git-download' built-in builder, invalid hash") ("'git-download' built-in builder, invalid commit") ("'git-download' built-in builder, not found"): New tests. Ludovic Courtès 2023-09-09daemon: Fix build with GCC 13....The sqlite.hh file uses fixed-width integer types from stdint.h. As such, it needs to include <cstdint>. Without this include, the file doesn't compile successfully with GCC13. See: https://gcc.gnu.org/gcc-13/porting_to.html#header-dep-changes * nix/libstore/sqlite.hh: include <cstdint> Signed-off-by: Sören Tempel <soeren@soeren-tempel.net> Signed-off-by: Ludovic Courtès <ludo@gnu.org> Sören Tempel 2023-08-31build: Add missing guix-gc.timer file to binary tarball....Partially fixes <https://issues.guix.gnu.org/65117>. * nix/local.mk (nodist_systemdservice_DATA): Add etc/guix-gc.timer. Maxim Cournoyer 2023-01-09daemon: Improve error message for wrong hash sizes....* nix/libutil/hash.cc (parseHash): Show the hash algorithm name and expected size in the error message. * tests/derivations.scm ("fixed-output derivation, invalid hash size"): New test. Ludovic Courtès 2022-12-18daemon: Make "opening file" error messages distinguishable....* nix/libstore/build.cc (DerivationGoal::openLogFile): Customize "opening file" error message. * nix/libutil/hash.cc (hashFile): Likewise. * nix/libutil/util.cc (readFile, writeFile): Likewise. Ludovic Courtès 2022-10-17Revert "nix: Guard against removing temporary roots of living processes."...This reverts commit bb0beaecdee1a2315a1269b1746d238c8ab0e699. This change broke a number of tests that assumed the previous behavior. Ludovic Courtès 2022-10-07nix: Guard against removing temporary roots of living processes....Fixes <https://issues.guix.gnu.org/25018>. * nix/libstore/gc.cc (readTempRoots): Add a check to guard against removing the temporary roots of a living process. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Ludovic Courtès 2022-09-11daemon: Remove unused function findOutput....* nix/libstore/misc.cc (findOutput): Remove it. * nix/libstore/misc.hh (findOutput): Likewise. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Maxime Devos 2022-09-11daemon: Remove unused function exportPaths....* nix/libstore/store-api.cc (exportPaths): Remove it. * nix/libstore/store-api.hh (exportPaths): Likewise. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Maxime Devos 2022-09-11daemon: Remove unused function openStore....* nix/libstore/store-api.cc (openStore): Remove it. * nix/libstore/store-api.hh (openStore): Likewise. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Maxime Devos 2022-06-05daemon: Quote consistently within a string....* nix/libstore/build.cc (DerivationGoal::registerOutput): ‘’ → `'. Tobias Geerinckx-Rice 2022-05-29daemon: Clarify ‘--check’ error when outputs are missing....Drop the confusing ‘invalid’ jargon and display a hint like we do for ‘--fallback’. * nix/libstore/build.cc (DerivationGoal::outputsSubstituted): Rewrite error message. Tobias Geerinckx-Rice 2022-05-18daemon: runChild() is forbidden to talk during environment set up...DerivationGoal::startBuilder() is waiting for an empty line as a check that the environment set up is fine. Fixes <https://issues.guix.gnu.org/55324>. * nix/libstore/build.cc (DerivationGoal::runChild): Remove 'debug' statement corresponding to bind mounts. Signed-off-by: Ludovic Courtès <ludo@gnu.org> yarl-baudig@mailoo.org 2022-04-14daemon: Support systemd-style socket activation....* nix/nix-daemon/guix-daemon.cc (SD_LISTEN_FDS_START): New macro. (systemd_activation_sockets): New function. (main): Use it. Remove obsolete 'printMsg' call. * doc/guix.texi (Invoking guix-daemon): Document socket activation. Ludovic Courtès