guix/nix, branch koszko

build: Fix generation of `guix-gc.timer' file in VPATH builds.

2025-05-26T12:07:24Z

* nix/local.mk (etc/guix-%.service): Replace `$@.in' with `$<'. Change-Id: I247c46faeaf0bff229e052365118fe79c0eea8d8

build: Fix substitutions for .service files.

2025-05-14T20:39:03Z

Fixes . This is a followup to 107eb8ee8f5f9192c795abeb47885b49a57bacd4. * nix/local.mk (etc/guix-%.service): Add ‘g’ for ‘@localstatedir@’ substitution. Substitute ‘@storedir@’. Reported-by: Ido Yariv Change-Id: I9b53d3a6d713a000bc0a7a57f667badc00d2dff8

daemon: Replace ‘random_shuffle’ with ‘shuffle’.

2025-05-12T08:40:02Z

‘std::random_shuffle’ was removed in C++14. * nix/libstore/gc.cc (LocalStore::collectGarbage): Use ‘std::random’ and ‘std::shuffle’. Change-Id: If91ed3ec3596a419ae7c87d7ce677e0970853e9f Signed-off-by: Ludovic Courtès

daemon: Use the guest GID in /etc/group.

2025-04-25T18:25:54Z

Partly fixes . Fixes a bug whereby, when running guix-daemon unprivileged, /etc/group would contain the wrong GID for the “nixbld” group. This inconsistency would lead to failures in the Coreutils test suite, for instance. * nix/libstore/build.cc (DerivationGoal::startBuilder): Use ‘guestGID’ when writing /etc/group. * tests/store.scm ("/etc/passwd and /etc/group"): New test. Reported-by: keinflue Change-Id: I739bc96c4c935fd9015a45e2bfe5b3e3f90554a9

daemon: Catch SIGINT, SIGTERM, and SIGHUP for proper termination.

2025-04-14T15:33:11Z

Previously the daemon would not install handlers for these signals. It would thus terminate abruptly when receiving them, without properly closing the SQLite database. Consequently, the database’s WAL file, which is normally deleted by the last client closing the database (via ‘sqlite3_close’), would not be deleted when the guix-daemon process is terminated; instead, it would persist and possibly keep growing beyond reason. This patch fixes that. * nix/nix-daemon/nix-daemon.cc (handleSignal, setTerminationSignalHandler): New functions. (processConnection): Call it. Reported-by: Christopher Baines Change-Id: I07e510a1242e92b6a629d60eb840e029c0f921be

daemon: Do not make chroot root directory read-only.

2025-04-11T10:18:01Z

Fixes . Commit 40f69b586a440d0397fa3dfe03b95a0f44e4d242 made chroot root directory read-only; as a consequence, build processes attempting to write to the root directory would now get EROFS instead of EACCES. It turns out that a number of test suites (Go, Ruby, SCons, Shepherd) would fail because of this observable difference. To restore previous behavior in build environments while still preventing build processes from exposing their root directory to outside processes, this patch (1) keeps the root writable but #o555 by default, thereby restoring the EACCES behavior, and (2) ensures that the parent of the chroot root directory is itself user-accessible only. * nix/libstore/build.cc (class DerivationGoal)[chrootRootTop]: New field. (DerivationGoal::startBuilder): Initialize ‘chrootRootTop’ and make it ‘AutoDelete’. Replace ‘mount’ call that made the root directory read-only by a mere ‘chmod_’ call. * tests/store.scm ("build root cannot be made world-readable"): Remove. ("writing to build root leads to EACCES"): New test. Reported-by: Ada Stevenson Reported-by: keinflue Suggested-by: Reepca Russelstein Change-Id: I5912e8b3b293f8242a010cfc79255fc981314445

daemon: Move comments where they belong.

2025-03-26T16:57:44Z

* nix/libstore/build.cc (DerivationGoal::startBuilder): Shuffle comments for clarity. Change-Id: I6557c103ade4a3ab046354548ea193c68f8c9c05

daemon: Drop Linux ambient capabilities before executing builder.

2025-03-26T16:57:44Z

* config-daemon.ac: Check for . * nix/libstore/build.cc (DerivationGoal::runChild): When ‘useChroot’ is true, call ‘prctl’ to drop all ambient capabilities. Change-Id: If34637fc508e5fb6d278167f5df7802fc595284f

daemon: Create /var/guix/profiles/per-user unconditionally.

2025-03-26T16:57:44Z

* nix/libstore/local-store.cc (LocalStore::LocalStore): Create ‘perUserDir’ unconditionally. Change-Id: I5188320f9630a81d16f79212d0fffabd55d94abe

daemon: Allow running as non-root with unprivileged user namespaces.

2025-03-26T16:57:43Z

Many thanks to Reepca Russelstein for their review and guidance on these changes. * nix/libstore/build.cc (guestUID, guestGID): New variables. (DerivationGoal)[readiness]: New field. (initializeUserNamespace): New function. (DerivationGoal::runChild): When ‘readiness.readSide’ is positive, read from it. (DerivationGoal::startBuilder): Call ‘chown’ only when ‘buildUser.enabled()’ is true. Pass CLONE_NEWUSER to ‘clone’ when ‘buildUser.enabled()’ is false or not running as root. Retry ‘clone’ without CLONE_NEWUSER upon EPERM. (DerivationGoal::registerOutputs): Make ‘actualPath’ writable before ‘rename’. (DerivationGoal::deleteTmpDir): Catch ‘SysError’ around ‘_chown’ call. * nix/libstore/local-store.cc (LocalStore::createUser): Do nothing if ‘dirs’ already exists. Warn instead of failing when failing to chown ‘dir’. * guix/substitutes.scm (%narinfo-cache-directory): Check for ‘_NIX_OPTIONS’ rather than getuid() == 0 to determine the cache location. * doc/guix.texi (Build Environment Setup): Reorganize a bit. Add section headings “Daemon Running as Root” and “The Isolated Build Environment”. Add “Daemon Running Without Privileges” subsection. Remove paragraph about ‘--disable-chroot’. (Invoking guix-daemon): Warn against ‘--disable-chroot’ and explain why. * tests/derivations.scm ("builder is outside the store"): New test. Reviewed-by: Reepca Russelstein