;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017, 2018, 2019, 2020, 2022 Ludovic Courtès ;;; Copyright © 2020 Mathieu Othacehe ;;; Copyright © 2022 Leo Nikkilä ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (gnu build shepherd) #:use-module (gnu system file-systems) #:use-module (gnu build linux-container) #:use-module (guix build utils) #:us
aboutsummaryrefslogtreecommitdiff
path: root/etc/substitutes/ci.guix.info.pub
diff options
context:
space:
mode:
authorTobias Geerinckx-Rice <me@tobias.gr>2021-12-16 01:12:10 +0100
committerTobias Geerinckx-Rice <me@tobias.gr>2021-12-16 01:55:34 +0100
commitceb9c6c50ed2c0d127189bb5d28832b6538aa7a2 (patch)
treecc528b9e85f93b440f3318d33e97b5a4b1a295cd /etc/substitutes/ci.guix.info.pub
parent18b1497673b92b6a0947839f9757a561a77d0d5f (diff)
downloadguix-ceb9c6c50ed2c0d127189bb5d28832b6538aa7a2.tar.gz
guix-ceb9c6c50ed2c0d127189bb5d28832b6538aa7a2.zip
gnu: nss-certs: Avoid top-level reference to NSS.
This is the only hammer I know for dealing with module cycles and effectively fixes, for example, ‘guix show nss’ today. It's also a very poor solution. * gnu/packages/certs.scm (nss-certs)[version, source]: Copy verbatim from the nss package rather than referring to it at the top level. Reported by several users of #guix.
Diffstat (limited to 'etc/substitutes/ci.guix.info.pub')
0 files changed, 0 insertions, 0 deletions
generated by cgit
'(mnt ipc). MAPPINGS is the list of to make in the case of a separate mount namespace, in addition to essential bind-mounts such /proc." (define container-directory (match command ((program _ ...) (string-append "/var/run/containers/" (basename program))))) (define auto-mappings `(,@(if log-file (list (file-system-mapping (source log-file) (target source) (writable? #t))) '()))) (define mounts (append (map file-system-mapping->bind-mount (append auto-mappings mappings)) (default-mounts #:namespaces namespaces))) (lambda args (mkdir-p container-directory) (when log-file ;; Create LOG-FILE so we can map it in the container. (unless (file-exists? log-file) (call-with-output-file log-file (const #t)) (when user (let ((pw (getpwnam user))) (chown log-file (passwd:uid pw) (passwd:gid pw)))))) (let ((pid (run-container container-directory mounts namespaces 1 (lambda () (exec-command* command #:user user #:group group #:supplementary-groups supplementary-groups #:pid-file pid-file #:log-file log-file #:directory directory #:environment-variables environment-variables))))) (if pid-file (if (or (memq 'mnt namespaces) (memq 'pid namespaces)) (read-pid-file/container pid pid-file #:max-delay pid-file-timeout) (read-pid-file pid-file #:max-delay pid-file-timeout)) pid)))) (define* (fork+exec-command/container command #:key pid #:allow-other-keys #:rest args) "This is a variant of 'fork+exec-command' procedure, that joins the namespaces of process PID beforehand. If there is no support for containers, on Hurd systems for instance, fallback to direct forking." (define (strip-pid args) ;; TODO: Replace with 'strip-keyword-arguments' when that no longer pulls ;; in (guix config). (let loop ((args args) (result '())) (match args (() (reverse result)) ((#:pid _ . rest) (loop rest result)) ((head . rest) (loop rest (cons head result)))))) (let ((container-support? (file-exists? "/proc/self/ns"))) (if (and container-support? (not (and pid (= pid (getpid))))) (container-excursion* pid (lambda () ;; Note: In the Shepherd 0.9, 'fork+exec-command' expects to be ;; called from the shepherd process (because it creates a pipe to ;; capture stdout/stderr and spawns a logging fiber) so we cannot ;; use it here. (match (primitive-fork) (0 (dynamic-wind (const #t) (lambda () (apply exec-command* command (strip-pid args))) (lambda () (primitive-_exit 127)))) (pid pid)))) ;XXX: assuming the same PID namespace (apply fork+exec-command command (strip-pid args))))) ;; Local Variables: ;; eval: (put 'container-excursion* 'scheme-indent-function 1) ;; End: ;;; shepherd.scm ends here