aboutsummaryrefslogtreecommitdiff

t'>AgeCommit message (Expand)Author 2019-11-26guix build, daemon: Rename "--no-build-hook" to "--no-offload"....This is a followup to bc69ea2d605810cc32e13ed03d5848b8dc358b61. * guix/scripts/build.scm (show-build-options-help): Rename "--no-build-hook" to "--no-offload". (%standard-build-options): Likewise, and warn when "--no-build-hook" is passed. * nix/nix-daemon/guix-daemon.cc (options): Add "--no-offload" and mark "--no-build-hook" as hidden. * guix/scripts/offload.scm: Adjust comment. * doc/guix.texi (Invoking guix-daemon, Common Build Options): Replace "--no-build-hook" with "--no-offload". * etc/completion/fish/guix.fish, etc/completion/zsh/_guix: Adjust accordingly. Ludovic Courtès 2019-10-16daemon: Make 'profiles/per-user' non-world-writable....Fixes <https://bugs.gnu.org/37744>. Reported at <https://www.openwall.com/lists/oss-security/2019/10/09/4>. Based on Nix commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d by Eelco Dolstra <edolstra@gmail.com>. * nix/libstore/local-store.cc (LocalStore::LocalStore): Set 'perUserDir' to #o755 instead of #o1777. (LocalStore::createUser): New function. * nix/libstore/local-store.hh (LocalStore): Add it. * nix/libstore/store-api.hh (StoreAPI): Add it. * nix/nix-daemon/nix-daemon.cc (performOp): In 'wopSetOptions', add condition to handle "user-name" property and honor it. (processConnection): Add 'userId' parameter. Call 'store->createUser' when userId is not -1. * guix/profiles.scm (ensure-profile-directory): Note that this is now handled by the daemon. * guix/store.scm (current-user-name): New procedure. (set-build-options): Add #:user-name parameter and pass it to the daemon. * tests/guix-daemon.sh: Test the creation of 'profiles/per-user' when listening on a TCP socket. * tests/store.scm ("profiles/per-user exists and is not writable") ("profiles/per-user/$USER exists"): New tests. Ludovic Courtès 2019-09-16daemon: Include 'config.h' in 'nix-daemon.cc'....* nix/nix-daemon/nix-daemon.cc: Include 'config.h'. Timothy Sample 2019-09-08daemon: Run 'guix substitute' directly and assume a single substituter....The daemon had a mechanism that allows it to handle a list of substituters and try them sequentially; this removes it. * nix/scripts/substitute.in: Remove. * nix/local.mk (nodist_pkglibexec_SCRIPTS): Remove. * config-daemon.ac: Don't output 'nix/scripts/substitute'. * nix/libstore/build.cc (SubstitutionGoal)[subs, sub, hasSubstitute]: Remove. [tryNext]: Make private. (SubstitutionGoal::SubstitutionGoal, SubstitutionGoal::init): Remove now unneeded initializers. (SubstitutionGoal::tryNext): Adjust to assume a single substituter: call 'amDone' upfront when we couldn't find substitutes. (SubstitutionGoal::tryToRun): Adjust to run 'guix substitute' via 'settings.guixProgram'. (SubstitutionGoal::finished): Call 'amDone(ecFailed)' upon failure instead of setting 'state' to 'tryNext'. * nix/libstore/globals.hh (Settings)[substituters]: Remove. * nix/libstore/local-store.cc (LocalStore::~LocalStore): Adjust to handle a single substituter. (LocalStore::startSubstituter): Remove 'path' parameter. Adjust to invoke 'settings.guixProgram'. Don't refer to 'run.program', which no longer exists. (LocalStore::querySubstitutablePaths): Adjust for 'runningSubstituters' being a singleton instead of a list. (LocalStore::querySubstitutablePathInfos): Likewise, and remove 'substituter' parameter. * nix/libstore/local-store.hh (RunningSubstituter)[program]: Remove. (LocalStore)[runningSubstituters]: Remove. [runningSubstituter]: New field. [querySubstitutablePathInfos]: Remove 'substituter' parameter. [startSubstituter]: Remove 'substituter' parameter. * nix/nix-daemon/guix-daemon.cc (main): Remove references to 'settings.substituters'. * nix/nix-daemon/nix-daemon.cc (performOp): Ignore the user's "build-use-substitutes" value when 'settings.useSubstitutes' is false. Ludovic Courtès 2019-09-08daemon: Run 'guix offload' directly....* nix/scripts/offload.in: Remove. * nix/local.mk (nodist_pkglibexec_SCRIPTS) [BUILD_DAEMON_OFFLOAD]: Remove 'scripts/offload'. * config-daemon.ac: Don't output 'nix/scripts/offload'. * build-aux/pre-inst-env.in: Don't set 'NIX_BUILD_HOOK'. * nix/libstore/build.cc (HookInstance::HookInstance): Run 'guix offload'. (DerivationGoal::tryBuildHook): Remove reference to 'NIX_BUILD_HOOK'. * nix/nix-daemon/guix-daemon.cc (main) [HAVE_DAEMON_OFFLOAD_HOOK]: Don't set 'NIX_BUILD_HOOK'. * nix/nix-daemon/nix-daemon.cc (performOp) [!HAVE_DAEMON_OFFLOAD_HOOK]: Leave 'settings.useBuildHook' unchanged. Ludovic Courtès 2019-02-04daemon: Add "/guix" to default 'nixLibexecDir'....This makes it easier to run the uninstalled daemon. * nix/local.mk (libstore_a_CPPFLAGS): Append "/guix" to NIX_LIBEXEC_DIR. * build-aux/pre-inst-env.in (NIX_LIBEXEC_DIR): Adjust comment. * nix/libstore/builtins.cc (builtinDownload): Remove SUBDIR and its use. * nix/libstore/local-store.cc (runAuthenticationProgram): Ditto. * nix/libstore/gc.cc (addAdditionalRoots): Remove "/guix" prefix. * nix/nix-daemon/guix-daemon.cc (main): Ditto. Ludovic Courtès 2019-02-04daemon: Remove the 'NIX_SUBSTITUTERS' environment variable....* nix/libstore/globals.cc (Settings:update): Remove changes to 'substituters'. * nix/nix-daemon/guix-daemon.cc (main): Set 'settings.substituters' directly instead of changing the 'NIX_SUBSTITUTERS' environment variable. * build-aux/pre-inst-env.in: Remove reference to 'NIX_SUBSTITUTERS'. Ludovic Courtès 2018-12-16daemon: Use unbranded phrases in comments and messages....* nix/libstore/build.cc, nix/libstore/globals.cc, nix/libstore/gc.cc, nix/libstore/local-store.cc, nix/libstore/optimise-store.cc, nix/libstore/store-api.cc, nix/libutil/archive.cc, nix/nix-daemon/nix-daemon.cc: Replace "Nix store" by "store", and "Nix daemon" by "build daemon". Ludovic Courtès 2018-11-24daemon: Ignore '--keep-failed' for TCP/IP clients....* nix/nix-daemon/nix-daemon.cc (performOp) <wopSetOptions>: When 'isRemoteConnection' is true, set 'settings.keepFailed' to zero. * doc/guix.texi (Common Build Options): Document this behavior. Ludovic Courtès 2018-11-14daemon: Install 'authenticate' script under LIBEXECDIR/guix....That way it is handled in the same way as other helper scripts. * nix/scripts/guix-authenticate.in: Rename to... * nix/scripts/authenticate.in: ... this. * config-daemon.ac: Adjust accordingly. * nix/local.mk (libstore_a_CPPFLAGS): Remove -DOPENSSL_PATH. (nodist_libexec_SCRIPTS): Remove. (nodist_pkglibexec_SCRIPTS): New variable. * nix/nix-daemon/guix-daemon.cc (main): Remove 'setenv' call for "PATH". * nix/libstore/local-store.cc (runAuthenticationProgram): New function. (LocalStore::exportPath, LocalStore::importPath): Use it instead of 'runProgram' and OPENSSL_PATH. Ludovic Courtès 2018-10-15daemon: Support multiplexed build output....This allows clients to tell whether output comes from the daemon or, if it comes from a builder, from which builder it comes. The latter is particularly useful when MAX-BUILD-JOBS > 1. * nix/libstore/build.cc (DerivationGoal::tryBuildHook) (DerivationGoal::startBuilder): Print the child's PID in "@ build-started" traces. (DerivationGoal::handleChildOutput): Define 'prefix', pass it to 'writeToStderr'. * nix/libstore/globals.cc (Settings:Settings): Initialize 'multiplexedBuildOutput'. (Settings::update): Likewise. * nix/libstore/globals.hh (Settings)[multiplexedBuildOutput]: New field. Update 'printBuildTrace' documentation. * nix/libstore/worker-protocol.hh (PROTOCOL_VERSION): Bump to 0.163. * nix/nix-daemon/nix-daemon.cc (performOp) <wopSetOptions>: Special-case "multiplexed-build-output" and remove "use-ssh-substituter". * guix/store.scm (set-build-options): Add #:multiplexed-build-output? and honor it. (%protocol-version): Bump to #x163. * tests/store.scm ("multiplexed-build-output"): New test. fixlet Ludovic Courtès 2018-04-19guix-daemon: Disable garbage collection for remote connections....* nix/nix-daemon/nix-daemon.cc (isRemoteConnection): New variable. (performOp): For wopCollectGarbage, throw an error when isRemoteConnection is set. (acceptConnection): Set isRemoteConnection when connection is not AF_UNIX. * tests/guix-daemon.sh: Add a test for the new behavior. Roel Janssen 2018-01-07daemon: Make libbz2 an optional dependency....* config-daemon.ac: Don't bail out when libbz2 is missing. Define 'HAVE_LIBBZ2' Automake conditional. * nix/libstore/build.cc: Wrap relevant bits in '#if HAVE_BZLIB_H'. * nix/libstore/globals.cc (Settings::Settings): 'logCompression' defaults to COMPRESSION_GZIP when HAVE_BZLIB_H is false. * nix/libstore/globals.hh (CompressionType): Make 'COMPRESSION_BZIP2' conditional on HAVE_BZLIB_H. * nix/local.mk (guix_register_LDADD, guix_daemon_LDADD): Add -lbz2 only when HAVE_LIBBZ2. * nix/nix-daemon/guix-daemon.cc (parse_opt): Ignore "bzip2" when not HAVE_BZLIB_H. Ludovic Courtès 2018-01-07daemon: Add gzip log compression....* nix/nix-daemon/guix-daemon.cc (GUIX_OPT_LOG_COMPRESSION): New macro. (options): Mark "disable-log-compression" as hidden and add "log-compression". (parse_opt): Handle GUIX_OPT_LOG_COMPRESSION. * nix/libstore/build.cc (DerivationGoal): Add 'gzLogFile'. (openLogFile): Initialize it when 'logCompression' is COMPRESSION_GZIP. (closeLogFile, handleChildOutput): Honor 'gzLogFile'. * nix/libstore/globals.hh (Settings)[compressLog]: Remove. [logCompression]: New field. (CompressionType): New enum. * nix/libstore/globals.cc (Settings::Settings): Initialize it. (update): Remove '_get' call for 'compressLog'. * nix/local.mk (guix_daemon_LDADD, guix_register_LDADD): Add -lz. * guix/store.scm (log-file): Handle '.gz' log files. * tests/guix-daemon.sh: Add test with '--log-compression=gzip'. * doc/guix.texi (Invoking guix-daemon): Adjust accordingly. * config-daemon.ac: Check for libz and zlib.h. Ludovic Courtès 2017-07-17daemon: Flush the sink upon 'exportPath' errors....Prior to this change, errors such as wrong permissions on /etc/guix/signing-key.sec would give: guix-daemon: nix/libutil/serialise.cc:15: virtual nix::BufferedSink::~BufferedSink(): Assertion `!bufPos' failed. This patch correctly propagates the error to the client and thus changes that to: error: build failed: file `/etc/guix/signing-key.sec' should be secret (inaccessible to everybody else)! * nix/nix-daemon/nix-daemon.cc (performOp): Wrap 'exportPath' call in 'try' block. Co-authored-by: Ludovic Courtès <ludo@gnu.org> Jan Nieuwenhuizen 2017-07-10daemon: Allow compilation with GCC 4.9....Reported by Ricardo Wurmus. * nix/nix-daemon/nix-daemon.cc (acceptConnection): Remove intermediate 'inaddr' variables that relied on implicit casts. This fixes compilation with GCC 4.9. Ludovic Courtès 2017-06-22daemon: Set TCP_NODELAY and TCP_QUICKACK on remote sockets....* nix/nix-daemon/nix-daemon.cc (acceptConnection): Set TCP_NODELAY and TCP_QUICKACK on REMOTE. Ludovic Courtès 2017-06-22daemon: '--listen' can be passed several times, can specify TCP endpoints....* nix/nix-daemon/guix-daemon.cc (DEFAULT_GUIX_PORT): New macro. (listen_options): New variable. (parse_opt): Push back '--listen' options to LISTEN_OPTIONS. (open_unix_domain_socket, open_inet_socket) (listening_sockets): New functions. (main): Use it. Pass SOCKETS to 'run'. * nix/nix-daemon/nix-daemon.cc (matchUser): Remove. (SD_LISTEN_FDS_START): Remove. (acceptConnection): New function. (daemonLoop): Rewrite to take a vector of file descriptors, to select(2) on them, and to call 'acceptConnection'. (run): Change to take a vector of file descriptors. * tests/guix-daemon.sh: Add test. Ludovic Courtès 2017-06-04daemon: Add '--timeout' and '--max-silent-time'....* nix/nix-daemon/guix-daemon.cc (GUIX_OPT_TIMEOUT) (GUIX_OPT_MAX_SILENT_TIME): New macros. * nix/nix-daemon/guix-daemon.cc (options): Add '--timeout' and '--max-silent-time'. (parse_opt): Honor them. * tests/guix-daemon.sh: Add test. * doc/guix.texi (Invoking guix-daemon): Document the options. (Common Build Options): Properly describe default timeout/max-silent-time value. Add cross-ref to "Invoking guix-daemon". Ludovic Courtès 2017-01-15daemon: Client settings no longer override daemon settings....Fixes <http://bugs.gnu.org/20217>. * nix/libstore/worker-protocol.hh (PROTOCOL_VERSION): Bump to 0x161. * nix/nix-daemon/nix-daemon.cc (performOp): "build-max-jobs", "build-max-silent-time", and "build-cores" are no longer read upfront; instead, read them from the key/value list at the end. * nix/nix-daemon/guix-daemon.cc (main): Explicitly set 'settings.maxBuildJobs'. * guix/store.scm (%protocol-version): Bump to #x161. (set-build-options): #:max-build-jobs, #:max-silent-time, and #:build-cores now default to #f. Adjust handshake to new protocol. * tests/store.scm ("build-cores"): New test. * tests/guix-daemon.sh: Add test for default "build-cores" value. Ludovic Courtès 2016-12-09daemon: Set ownership of kept build directories to the calling user....Fixes <http://bugs.gnu.org/15890>. * nix/libstore/globals.hh (Settings) Add clientUid and clientGid. * nix/nix-daemon/nix-daemon.cc (daemonLoop] Store UID and GID of the caller in settings. * nix/libstore/build.cc (_chown): New function. (DerivationGoal::deleteTmpDir): Use it, change ownership of build directory if it is kept and the new owner is not root. Hartmut Goebel 2016-12-01daemon: Buffer data sent to clients by the 'export-path' RPC....Before that we'd have STDERR_WRITE round trips for very small amounts of data, ranging from a few bytes for the metadata of nars to the size of one file being exported. With this change, something like: guix archive --export /gnu/store/5rrsbaghh5ix1vjcicsl60gsxilhjnf2-coreutils-8.25 | dd of=/dev/null reports a throughput of 35 MB/s instead of 25 MB/s before. * nix/nix-daemon/nix-daemon.cc (TunnelSink): Inherit from 'BufferedSink' rather than 'Sink'. Rename 'operator ()' to 'write'. (performOp) <wopExportPath>: Add 'sink.flush' call. Ludovic Courtès 2016-11-16daemon: Add 'built-in-builders' RPC....* nix/libstore/builtins.cc (builtinBuilderNames): New function. * nix/libstore/builtins.hh (builtinBuilderNames): New declaration. * nix/libstore/worker-protocol.hh (PROTOCOL_VERSION): Bump to 0x160. (WorkerOp)[wopBuiltinBuilders]: New value. * nix/nix-daemon/nix-daemon.cc (performOp): Handle it. * guix/store.scm (operation-id)[built-in-builders]: New value. * guix/store.scm (read-arg): Add 'string-list'. (built-in-builders): New procedure. * tests/derivations.scm ("built-in-builders"): New test. Ludovic Courtès