diff options
Diffstat (limited to 'gnu/build')
| -rw-r--r-- | gnu/build/file-systems.scm | 118 | ||||
| -rw-r--r-- | gnu/build/secret-service.scm | 90 | ||||
| -rw-r--r-- | gnu/build/shepherd.scm | 89 |
3 files changed, 204 insertions, 93 deletions
diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm index d95340df83..b06a4cc25c 100644 --- a/gnu/build/file-systems.scm +++ b/gnu/build/file-systems.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2020, 2021 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2014-2018, 2020-2022 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2016, 2017 David Craven <david@craven.ch> ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com> ;;; Copyright © 2019 Guillaume Le Vaillant <glv@posteo.net> @@ -54,6 +54,7 @@ bind-mount + system*/tty mount-flags->bit-mask check-file-system mount-file-system @@ -67,6 +68,33 @@ ;;; ;;; Code: +(define (system*/console program . args) + "Run PROGRAM with ARGS in a tty on top of /dev/console. The return value is +as for 'system*'." + (match (primitive-fork) + (0 + (dynamic-wind + (const #t) + (lambda () + (login-tty (open-fdes "/dev/console" O_RDWR)) + (apply execlp program program args)) + (lambda () + (primitive-_exit 127)))) + (pid + (cdr (waitpid pid))))) + +(define (system*/tty program . args) + "Run PROGRAM with ARGS, creating a tty if its standard input isn't one. +The return value is as for 'system*'. + +This is necessary for commands such as 'cryptsetup open' or 'fsck' that may +need to interact with the user but might be invoked from shepherd, where +standard input is /dev/null." + (apply (if (isatty? (current-input-port)) + system* + system*/console) + program args)) + (define (bind-mount source target) "Bind-mount SOURCE at TARGET." (mount source target "" MS_BIND)) @@ -180,13 +208,13 @@ true, check the file system even if it's marked as clean. If REPAIR is false, do not write to the file system to fix errors. If it's #t, fix all errors. Otherwise, fix only those considered safe to repair automatically." (match (status:exit-val - (apply system* `("e2fsck" "-v" "-C" "0" - ,@(if force? '("-f") '()) - ,@(match repair - (#f '("-n")) - (#t '("-y")) - (_ '("-p"))) - ,device))) + (apply system*/tty "e2fsck" "-v" "-C" "0" + `(,@(if force? '("-f") '()) + ,@(match repair + (#f '("-n")) + (#t '("-y")) + (_ '("-p"))) + ,device))) (0 'pass) (1 'errors-corrected) (2 'reboot-required) @@ -312,14 +340,14 @@ errors. Otherwise, fix only those considered safe to repair automatically." (status ;; A number, or #f on abnormal termination (e.g., assertion failure). (status:exit-val - (apply system* `("bcachefs" "fsck" "-v" - ,@(if force? '("-f") '()) - ,@(match repair - (#f '("-n")) - (#t '("-y")) - (_ '("-p"))) - ;; Make each multi-device member a separate argument. - ,@(string-split device #\:)))))) + (apply system*/tty "bcachefs" "fsck" "-v" + `(,@(if force? '("-f") '()) + ,@(match repair + (#f '("-n")) + (#t '("-y")) + (_ '("-p"))) + ;; Make each multi-device member a separate argument. + ,@(string-split device #\:)))))) (match (and=> status (cut logand <> (lognot ignored-bits))) (0 'pass) (1 'errors-corrected) @@ -364,17 +392,17 @@ false, do not write to DEVICE. If it's #t, fix any errors found. Otherwise, fix only those considered safe to repair automatically." (if force? (match (status:exit-val - (apply system* `("btrfs" "check" "--progress" - ;; Btrfs's ‘--force’ is not relevant to us here. - ,@(match repair - ;; Upstream considers ALL repairs dangerous - ;; and will warn the user at run time. - (#t '("--repair")) - (_ '("--readonly" ; a no-op for clarity - ;; A 466G file system with 180G used is - ;; enough to kill btrfs with 6G of RAM. - "--mode" "lowmem"))) - ,device))) + (apply system*/tty "btrfs" "check" "--progress" + ;; Btrfs's ‘--force’ is not relevant to us here. + `(,@(match repair + ;; Upstream considers ALL repairs dangerous + ;; and will warn the user at run time. + (#t '("--repair")) + (_ '("--readonly" ; a no-op for clarity + ;; A 466G file system with 180G used is + ;; enough to kill btrfs with 6G of RAM. + "--mode" "lowmem"))) + ,device))) (0 'pass) (_ 'fatal-error)) 'pass)) @@ -412,11 +440,11 @@ ignored: a full file system scan is always performed. If REPAIR is false, do not write to the file system to fix errors. Otherwise, automatically fix them using the least destructive approach." (match (status:exit-val - (apply system* `("fsck.vfat" "-v" - ,@(match repair - (#f '("-n")) - (_ '("-a"))) ; no 'safe/#t distinction - ,device))) + (system*/tty "fsck.vfat" "-v" + (match repair + (#f "-n") + (_ "-a")) ;no 'safe/#t distinction + device)) (0 'pass) (1 'errors-corrected) (_ 'fatal-error))) @@ -545,7 +573,7 @@ do not write to the file system to fix errors, and replay the transaction log only if FORCE? is true. Otherwise, replay the transaction log before checking and automatically fix found errors." (match (status:exit-val - (apply system* + (apply system*/tty `("jfs_fsck" "-v" ;; The ‘LEVEL’ logic is convoluted. To quote fsck/xchkdsk.c ;; (‘-p’, ‘-a’, and ‘-r’ are aliases in every way): @@ -621,10 +649,10 @@ REPAIR are true, automatically fix found errors." "warning: forced check of F2FS ~a implies repairing any errors~%" device)) (match (status:exit-val - (apply system* `("fsck.f2fs" - ,@(if force? '("-f") '()) - ,@(if repair '("-p") '("--dry-run")) - ,device))) + (apply system*/tty "fsck.f2fs" + `(,@(if force? '("-f") '()) + ,@(if repair '("-p") '("--dry-run")) + ,device))) ;; 0 and -1 are the only two possibilities according to the man page. (0 'pass) (_ 'fatal-error))) @@ -709,9 +737,9 @@ ignored: a full check is always performed. Repair is not possible: if REPAIR is true and the volume has been repaired by an external tool, clear the volume dirty flag to indicate that it's now safe to mount." (match (status:exit-val - (apply system* `("ntfsfix" - ,@(if repair '("--clear-dirty") '("--no-action")) - ,device))) + (system*/tty "ntfsfix" + (if repair "--clear-dirty" "--no-action") + device)) (0 'pass) (_ 'fatal-error))) @@ -754,11 +782,11 @@ write to DEVICE. If it's #t, replay the log, check, and fix any errors found. Otherwise, only replay the log, and check without attempting further repairs." (define (xfs_repair) (status:exit-val - (apply system* `("xfs_repair" "-Pv" - ,@(match repair - (#t '("-e")) - (_ '("-n"))) ; will miss some errors - ,device)))) + (system*/tty "xfs_repair" "-Pv" + (match repair + (#t "-e") + (_ "-n")) ;will miss some errors + device))) (if force? ;; xfs_repair fails with exit status 2 if the log is dirty, which is ;; likely in situations where you're running xfs_repair. Only the kernel diff --git a/gnu/build/secret-service.scm b/gnu/build/secret-service.scm index 4e183e11e8..1baa058635 100644 --- a/gnu/build/secret-service.scm +++ b/gnu/build/secret-service.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2020, 2021 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2020-2022 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org> ;;; ;;; This file is part of GNU Guix. @@ -47,6 +47,52 @@ ;; to syslog. #'(format (current-output-port) fmt args ...)))))) +(define-syntax with-modules + (syntax-rules () + "Dynamically load the given MODULEs at run time, making the chosen +bindings available within the lexical scope of BODY." + ((_ ((module #:select (bindings ...)) rest ...) body ...) + (let* ((iface (resolve-interface 'module)) + (bindings (module-ref iface 'bindings)) + ...) + (with-modules (rest ...) body ...))) + ((_ () body ...) + (begin body ...)))) + +(define (wait-for-readable-fd port timeout) + "Wait until PORT has data available for reading or TIMEOUT has expired. +Return #t in the former case and #f in the latter case." + (match (resolve-module '(fibers) #f) ;using Fibers? + (#f + (log "blocking on socket...~%") + (match (select (list port) '() '() timeout) + (((_) () ()) #t) + ((() () ()) #f))) + (fibers + ;; We're running on the Shepherd 0.9+ with Fibers. Arrange to make a + ;; non-blocking wait so that other fibers can be scheduled in while we + ;; wait for PORT. + (with-modules (((fibers) #:select (spawn-fiber sleep)) + ((fibers channels) + #:select (make-channel put-message get-message))) + ;; Make PORT non-blocking. + (let ((flags (fcntl port F_GETFL))) + (fcntl port F_SETFL (logior O_NONBLOCK flags))) + + (let ((channel (make-channel))) + (spawn-fiber + (lambda () + (sleep timeout) ;suspends the fiber + (put-message channel 'timeout))) + (spawn-fiber + (lambda () + (lookahead-u8 port) ;suspends the fiber + (put-message channel 'readable))) + (log "suspending fiber on socket...~%") + (match (get-message channel) + ('readable #t) + ('timeout #f))))))) + (define* (secret-service-send-secrets port secret-root #:key (retry 60) (handshake-timeout 120)) @@ -74,7 +120,10 @@ wait for at most HANDSHAKE-TIMEOUT seconds for handshake to complete. Return (log "sending secrets to ~a~%" port) (let ((sock (socket AF_INET SOCK_STREAM 0)) - (addr (make-socket-address AF_INET INADDR_LOOPBACK port))) + (addr (make-socket-address AF_INET INADDR_LOOPBACK port)) + (sleep (if (resolve-module '(fibers) #f) + (module-ref (resolve-interface '(fibers)) 'sleep) + sleep))) ;; Connect to QEMU on the forwarded port. The 'connect' call succeeds as ;; soon as QEMU is ready, even if there's no server listening on the ;; forward port inside the guest. @@ -93,23 +142,22 @@ wait for at most HANDSHAKE-TIMEOUT seconds for handshake to complete. Return ;; Wait for "hello" message from the server. This is the only way to know ;; that we're really connected to the server inside the guest. - (match (select (list sock) '() '() handshake-timeout) - (((_) () ()) - (match (read sock) - (('secret-service-server ('version version ...)) - (log "sending files from ~s...~%" secret-root) - (send-files sock) - (log "done sending files to port ~a~%" port) - (close-port sock) - secret-root) - (x - (log "invalid handshake ~s~%" x) - (close-port sock) - #f))) - ((() () ()) ;timeout - (log "timeout while sending files to ~a~%" port) - (close-port sock) - #f)))) + (if (wait-for-readable-fd sock handshake-timeout) + (match (read sock) + (('secret-service-server ('version version ...)) + (log "sending files from ~s...~%" secret-root) + (send-files sock) + (log "done sending files to port ~a~%" port) + (close-port sock) + secret-root) + (x + (log "invalid handshake ~s~%" x) + (close-port sock) + #f)) + (begin ;timeout + (log "timeout while sending files to ~a~%" port) + (close-port sock) + #f)))) (define (delete-file* file) "Ensure FILE does not exist." @@ -202,4 +250,8 @@ and #f otherwise." (close-port port)) result)) +;;; Local Variables: +;;; eval: (put 'with-modules 'scheme-indent-function 1) +;;; End: + ;;; secret-service.scm ends here diff --git a/gnu/build/shepherd.scm b/gnu/build/shepherd.scm index 778e3fc627..d52e53eb78 100644 --- a/gnu/build/shepherd.scm +++ b/gnu/build/shepherd.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2017, 2018, 2019, 2020, 2022 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2020 Mathieu Othacehe <othacehe@gnu.org> +;;; Copyright © 2022 Leo Nikkilä <hello@lnikki.la> ;;; ;;; This file is part of GNU Guix. ;;; @@ -103,8 +104,13 @@ separate mount and PID name space. Return the \"outer\" PID. " (match (container-excursion* pid (lambda () - (read-pid-file pid-file - #:max-delay max-delay))) + ;; XXX: Trick for Shepherd 0.9: prevent 'read-pid-file' from + ;; using (@ (fibers) sleep), which would try to suspend the + ;; current task, which doesn't work in this extra process. + (with-continuation-barrier + (lambda () + (read-pid-file pid-file + #:max-delay max-delay))))) (#f ;; Send SIGTERM to the whole process group. (catch-system-error (kill (- pid) SIGTERM)) @@ -114,6 +120,28 @@ separate mount and PID name space. Return the \"outer\" PID. " ;; PID is always 1, but that's not what Shepherd needs to know. pid))) +(define* (exec-command* command #:key user group log-file pid-file + (supplementary-groups '()) + (directory "/") (environment-variables (environ))) + "Like 'exec-command', but first restore signal handles modified by +shepherd (PID 1)." + ;; First restore the default handlers. + (for-each (cut sigaction <> SIG_DFL) %precious-signals) + + ;; Unblock any signals that have been blocked by the parent process. + (unblock-signals %precious-signals) + + (mkdir-p "/var/run") + (clean-up pid-file) + + (exec-command command + #:user user + #:group group + #:supplementary-groups supplementary-groups + #:log-file log-file + #:directory directory + #:environment-variables environment-variables)) + (define* (make-forkexec-constructor/container command #:key (namespaces @@ -121,6 +149,7 @@ separate mount and PID name space. Return the \"outer\" PID. " (mappings '()) (user #f) (group #f) + (supplementary-groups '()) (log-file #f) pid-file (pid-file-timeout 5) @@ -164,24 +193,16 @@ namespace, in addition to essential bind-mounts such /proc." (let ((pid (run-container container-directory mounts namespaces 1 (lambda () - ;; First restore the default handlers. - (for-each (cut sigaction <> SIG_DFL) - %precious-signals) - - ;; Unblock any signals that have been blocked - ;; by the parent process. - (unblock-signals %precious-signals) - - (mkdir-p "/var/run") - (clean-up pid-file) - - (exec-command command - #:user user - #:group group - #:log-file log-file - #:directory directory - #:environment-variables - environment-variables))))) + (exec-command* command + #:user user + #:group group + #:supplementary-groups + supplementary-groups + #:pid-file pid-file + #:log-file log-file + #:directory directory + #:environment-variables + environment-variables))))) (if pid-file (if (or (memq 'mnt namespaces) (memq 'pid namespaces)) (read-pid-file/container pid pid-file @@ -209,14 +230,24 @@ on Hurd systems for instance, fallback to direct forking." ((head . rest) (loop rest (cons head result)))))) - (let ((container-support? - (file-exists? "/proc/self/ns")) - (fork-proc (lambda () - (apply fork+exec-command command - (strip-pid args))))) - (if container-support? - (container-excursion* pid fork-proc) - (fork-proc)))) + (let ((container-support? (file-exists? "/proc/self/ns"))) + (if (and container-support? + (not (and pid (= pid (getpid))))) + (container-excursion* pid + (lambda () + ;; Note: In the Shepherd 0.9, 'fork+exec-command' expects to be + ;; called from the shepherd process (because it creates a pipe to + ;; capture stdout/stderr and spawns a logging fiber) so we cannot + ;; use it here. + (match (primitive-fork) + (0 (dynamic-wind + (const #t) + (lambda () + (apply exec-command* command (strip-pid args))) + (lambda () + (primitive-_exit 127)))) + (pid pid)))) ;XXX: assuming the same PID namespace + (apply fork+exec-command command (strip-pid args))))) ;; Local Variables: ;; eval: (put 'container-excursion* 'scheme-indent-function 1) |