/gnu/tests/

l'>...This is a followup to 8f4ffb3fae133bb21d7991e97c2f19a7108b1143. Commit 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 fell short in two ways: (1) it didn’t have any effet for fixed-output derivations performed in a chroot, which is the case for all of them except those using “builtin:download” and “builtin:git-download”, and (2) it did not preserve ownership when copying, leading to “suspicious ownership or permission […] rejecting this build output” errors. * nix/libstore/build.cc (DerivationGoal::buildDone): Account for ‘chrootRootDir’ when copying ‘drv.outputs’. * nix/libutil/util.cc (copyFileRecursively): Add ‘fchown’ and ‘fchownat’ calls to preserve file ownership; this is necessary for chrooted fixed-output derivation builds. * nix/libutil/util.hh: Update comment. Change-Id: Ib59f040e98fed59d1af81d724b874b592cbef156 Ludovic Courtès 2024-03-11daemon: Protect against FD escape when building fixed-output derivations (CVE......This fixes a security issue (CVE-2024-27297) whereby a fixed-output derivation build process could open a writable file descriptor to its output, send it to some outside process for instance over an abstract AF_UNIX socket, which would then allow said process to modify the file in the store after it has been marked as “valid”. Vulnerability discovered by puck <https://github.com/puckipedia>. Nix security advisory: https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 Nix fix: https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9 * nix/libutil/util.cc (readDirectory): Add variants that take a DIR* and a file descriptor. Rewrite the ‘Path’ variant accordingly. (copyFile, copyFileRecursively): New functions. * nix/libutil/util.hh (copyFileRecursively): New declaration. * nix/libstore/build.cc (DerivationGoal::buildDone): When ‘fixedOutput’ is true, call ‘copyFileRecursively’ followed by ‘rename’ on each output. Change-Id: I7952d41093eed26e123e38c14a4c1424be1ce1c4 Reported-by: Picnoir <picnoir@alternativebit.fr>, Théophane Hufschmitt <theophane.hufschmitt@tweag.io> Change-Id: Idb5f2757f35af86b032a9851cecb19b70227bd88 Ludovic Courtès 2024-01-05daemon: Change default ‘timeout’ and ‘max-silent-time’ values....Having a timeout seems generally preferable as it makes sure build slots are not kept busy for no good reason (few package builds, if any, are expected to exceed these values). * nix/libstore/globals.cc (Settings::Settings): Change ‘maxSilentTime’ and ‘buildTimeout’. * gnu/services/base.scm (<guix-configuration>)[max-silent-time] [timeout]: Change default values. * doc/guix.texi (Invoking guix-daemon, Base Services): Adjust accordingly. Change-Id: I25c50893f3f7fcca451b8f093d9d4d1a15fa58d8 Ludovic Courtès 2023-12-17daemon: Fix my own whitespace errors....This follows up on commit d993ed43b2bae8717437aa27d9d33fd223a6411f and was entirely predictable. The noise, sorry for it. Change-Id: I8ddb8cfe33db3864949f6589cc091616a90ebc5b Tobias Geerinckx-Rice 2023-12-10daemon: Sacrifice builders on OOM....* nix/libstore/build.cc (DerivationGoal::runChild): Maximise our OOM score adjustment. Change-Id: I418c763b499ca16e1ffe3c6033319112b9744f51 Tobias Geerinckx-Rice 2023-12-11daemon: Implement ‘substitute-urls’ RPC....* nix/libstore/worker-protocol.hh (PROTOCOL_VERSION): Bump. (WorkerOp): Add ‘wopSubstituteURLs’. * nix/nix-daemon/nix-daemon.cc (performOp): Implement it. * guix/store.scm (%protocol-version): Bump. (operation-id): Add ‘substitute-urls’. (substitute-urls): New procedure. * tests/store.scm ("substitute-urls, default") ("substitute-urls, client-specified URLs") ("substitute-urls, disabled"): New tests. Change-Id: I2c0119500c3a1eecfa5ebf32463ffb0f173161de Ludovic Courtès 2023-12-04daemon: Simplify “empty status” substitute error message....* nix/libstore/build.cc (SubstitutionGoal::finished): Don’t show what the empty status looks like. Change-Id: Ie898432aeb047aff3d59024de6ed6d18f68903c4 Ludovic Courtès 2023-09-24Revert "build: Add missing guix-gc.timer file to binary tarball."...This reverts commit 69f6edc1a8596d2cb4c67e0435d35633af6f3cbc. The intention is good, but nodist_systemdservice_DATA are meant to be disposable artefacts generated from corresponding ‘.in’ files. etc/guix-gc.timer doesn't fit that description, breaking builds: $ make clean && make … make[2]: *** No rule to make target 'etc/guix-gc.timer', needed by 'all-am'. Stop. Tobias Geerinckx-Rice 2023-09-26daemon: Add “git-download” built-in builder....The new builder makes it possible to break cycles that occurs when the fixed-output derivation for the source of a dependency of ‘git’ would itself depend on ‘git’. * guix/scripts/perform-download.scm (perform-git-download): New procedure. (perform-download): Move fixed-output derivation check to… (guix-perform-download): … here. Invoke ‘perform-download’ or ‘perform-git-download’ depending on what ‘derivation-builder’ returns. * nix/libstore/builtins.cc (builtins): Add “git-download”. * tests/derivations.scm ("built-in-builders"): Update. ("'git-download' built-in builder") ("'git-download' built-in builder, invalid hash") ("'git-download' built-in builder, invalid commit") ("'git-download' built-in builder, not found"): New tests. Ludovic Courtès 2023-09-09daemon: Fix build with GCC 13....The sqlite.hh file uses fixed-width integer types from stdint.h. As such, it needs to include <cstdint>. Without this include, the file doesn't compile successfully with GCC13. See: https://gcc.gnu.org/gcc-13/porting_to.html#header-dep-changes * nix/libstore/sqlite.hh: include <cstdint> Signed-off-by: Sören Tempel <soeren@soeren-tempel.net> Signed-off-by: Ludovic Courtès <ludo@gnu.org> Sören Tempel 2023-08-31build: Add missing guix-gc.timer file to binary tarball....Partially fixes <https://issues.guix.gnu.org/65117>. * nix/local.mk (nodist_systemdservice_DATA): Add etc/guix-gc.timer. Maxim Cournoyer 2023-01-09daemon: Improve error message for wrong hash sizes....* nix/libutil/hash.cc (parseHash): Show the hash algorithm name and expected size in the error message. * tests/derivations.scm ("fixed-output derivation, invalid hash size"): New test. Ludovic Courtès 2022-12-18daemon: Make "opening file" error messages distinguishable....* nix/libstore/build.cc (DerivationGoal::openLogFile): Customize "opening file" error message. * nix/libutil/hash.cc (hashFile): Likewise. * nix/libutil/util.cc (readFile, writeFile): Likewise. Ludovic Courtès 2022-10-17Revert "nix: Guard against removing temporary roots of living processes."...This reverts commit bb0beaecdee1a2315a1269b1746d238c8ab0e699. This change broke a number of tests that assumed the previous behavior. Ludovic Courtès 2022-10-07nix: Guard against removing temporary roots of living processes....Fixes <https://issues.guix.gnu.org/25018>. * nix/libstore/gc.cc (readTempRoots): Add a check to guard against removing the temporary roots of a living process. Signed-off-by: Maxim Cournoyer <maxim.cournoyer@gmail.com> Ludovic Courtès 2022-09-11daemon: Remove unused function findOutput....* nix/libstore/misc.cc (findOutput): Remove it. * nix/libstore/misc.hh (findOutput): Likewise. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Maxime Devos 2022-09-11daemon: Remove unused function exportPaths....* nix/libstore/store-api.cc (exportPaths): Remove it. * nix/libstore/store-api.hh (exportPaths): Likewise. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Maxime Devos 2022-09-11daemon: Remove unused function openStore....* nix/libstore/store-api.cc (openStore): Remove it. * nix/libstore/store-api.hh (openStore): Likewise. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Maxime Devos 2022-06-05daemon: Quote consistently within a string....* nix/libstore/build.cc (DerivationGoal::registerOutput): ‘’ → `'. Tobias Geerinckx-Rice 2022-05-29daemon: Clarify ‘--check’ error when outputs are missing....Drop the confusing ‘invalid’ jargon and display a hint like we do for ‘--fallback’. * nix/libstore/build.cc (DerivationGoal::outputsSubstituted): Rewrite error message. Tobias Geerinckx-Rice 2022-05-18daemon: runChild() is forbidden to talk during environment set up...DerivationGoal::startBuilder() is waiting for an empty line as a check that the environment set up is fine. Fixes <https://issues.guix.gnu.org/55324>. * nix/libstore/build.cc (DerivationGoal::runChild): Remove 'debug' statement corresponding to bind mounts. Signed-off-by: Ludovic Courtès <ludo@gnu.org> yarl-baudig@mailoo.org 2022-04-14daemon: Support systemd-style socket activation....* nix/nix-daemon/guix-daemon.cc (SD_LISTEN_FDS_START): New macro. (systemd_activation_sockets): New function. (main): Use it. Remove obsolete 'printMsg' call. * doc/guix.texi (Invoking guix-daemon): Document socket activation. Ludovic Courtès 2022-01-18daemon: Always default to gzip for log compression....* nix/libstore/globals.cc (Settings::Settings): Have 'logCompression' default to COMPRESSION_GZIP unconditionally. * gnu/services/base.scm (<guix-configuration>)[log-compression]: Default to 'gzip. * doc/guix.texi (Invoking guix-daemon, Base Services): Adjust accordingly. Ludovic Courtès 2021-11-27daemon: Print the line whence we expect an integer....* nix/libstore/local-store.cc (LocalStore::getLineFromSubstituter): Include the malformed substituter stream line in the error message. Tobias Geerinckx-Rice 2021-11-25daemon: Read substitute nar size as 'unsigned long long'....Fixes <https://issues.guix.gnu.org/46212>. Reported by Christopher Baines <mail@cbaines.net>. Previously, the nar size returned by 'guix substitute' would be read as an 'int'; thus, values above 2^31 - 1 would be read and then stored as negative integers in the database. Regression introduced in 9dfa20a22ae0be3d3b01a7b3d422af97428c627e. * nix/libstore/build.cc (SubstitutionGoal::finished): Use templatized 'string2Int' instead of 'std::atoi' to get an 'unsigned long long', which is the type of 'hash.second'. * tests/store.scm ("substitute and large size"): New test. Ludovic Courtès 2021-11-25daemon: Read unsigned nar size and download size from substituter....Fixes <https://issues.guix.gnu.org/51983>. Reported by Tobias Geerinckx-Rice <me@tobias.gr>. * nix/libstore/local-store.cc (LocalStore::querySubstitutablePathInfos): Expect 'unsigned long long' for 'downloadSize' and 'narSize'. * tests/store.scm ("substitute query and large size"): New test. Ludovic Courtès 2021-11-19daemon: Micro-optimize 'deletePath'....'remove' calls 'unlink' first and falls back to 'rmdir' upon EISDIR. This change gets rid of the 'unlink' call for every directory being removed. * nix/libutil/util.cc (_deletePath): Call 'unlink' or 'rmdir' depending on 'st.st_mode', rather than call 'remove'. Ludovic Courtès 2021-11-16daemon: Do not deduplicate files smaller than 8 KiB....Files smaller than 8 KiB typically represent ~70% of the entries in /gnu/store/.links but only contribute to ~4% of the space savings afforded by deduplication. Not considering these files for deduplication speeds up file insertion in the store and, more importantly, leaves 'removeUnusedLinks' with fewer entries to traverse, thereby speeding it up proportionally. Partly fixes <https://issues.guix.gnu.org/24937>. * config-daemon.ac: Remove symlink hard link check and CAN_LINK_SYMLINK definition. * guix/store/deduplication.scm (%deduplication-minimum-size): New variable. (deduplicate)[loop]: Do not recurse when FILE's size is below %DEDUPLICATION-MINIMUM-SIZE. (dump-port): New procedure. (dump-file/deduplicate)[hash]: Turn into... [dump-and-compute-hash]: ... this thunk. Call 'deduplicate' only when SIZE is greater than %DEDUPLICATION-MINIMUM-SIZE; otherwise call 'dump-port'. * nix/libstore/gc.cc (LocalStore::removeUnusedLinks): Drop files where st.st_size < deduplicationMinSize. * nix/libstore/local-store.hh (deduplicationMinSize): New declaration. * nix/libstore/optimise-store.cc (deduplicationMinSize): New variable. (LocalStore::optimisePath_): Return when PATH is a symlink or smaller than 'deduplicationMinSize'. * tests/derivations.scm ("identical files are deduplicated"): Produce files bigger than %DEDUPLICATION-MINIMUM-SIZE. * tests/nar.scm ("restore-file-set with directories (signed, valid)"): Likewise. * tests/store-deduplication.scm ("deduplicate, below %deduplication-minimum-size"): New test. ("deduplicate", "deduplicate, ENOSPC"): Produce files bigger than %DEDUPLICATION-MINIMUM-SIZE. * tests/store.scm ("substitute, deduplication"): Likewise. Ludovic Courtès 2021-10-01build: Don’t delete ‘guix-gc.timer’ file....Without this invoking ‘make clean’ would remove ‘guix-gc.timer’, and ‘make’ would fail with. make[2]: *** No rule to make target 'etc/guix-gc.timer', needed by 'all-am'. Stop. * nix/local.mk (nodist_systemdservice_DATA): Remove ‘guix-gc.timer’. Xinglu Chen 2021-09-20etc: Add systemd files for running ‘guix gc’ periodically...* etc/guix-gc.service.in: New file. * etc/guix-gc.timer: Likewise. * .gitignore: Ignore generated ‘guix-gc.service’. * nix/local.mk (nodist_systemdservice_DATA): Add ‘guix-gc.service’ and ‘guix-gc.timer’. (EXTRA_DIST): Add ‘guix-gc.service.in’ and ‘guix-gc.timer’. * doc/guix.texi (Binary Installation): Mention the new systemd files. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Thiago Jung Bauermann 2021-04-09daemon: 'guix substitute' replies on FD 4....This avoids the situation where error messages would unintentionally go to stderr and be wrongfully interpreted as a reply by the daemon. Fixes <https://bugs.gnu.org/46362>. This is a followup to ee3226e9d54891c7e696912245e4904435be191c. * guix/scripts/substitute.scm (display-narinfo-data): Add 'port' parameter and honor it. (process-query): Likewise. (process-substitution): Likewise. (%error-to-file-descriptor-4?, with-redirected-error-port): Remove. (%reply-file-descriptor): New variable. (guix-substitute): Remove use of 'with-redirected-error-port'. Define 'reply-port' and pass it to 'process-query' and 'process-substitution'. * nix/libstore/build.cc (SubstitutionGoal::handleChildOutput): Swap 'builderOut' and 'fromAgent'. * nix/libstore/local-store.cc (LocalStore::getLineFromSubstituter): Likewise. * tests/substitute.scm <top level>: Set '%reply-file-descriptor' rather than '%error-to-file-descriptor-4?'. Ludovic Courtès 2021-04-03daemon: Remove dead code....Reported by Noisytoot on #guix. * nix/nix-daemon/shared.hh (showManPage): Remove. * nix/nix-daemon/nix-daemon.cc (printHelp, programId): Remove. Ludovic Courtès 2021-03-30gnu: guix: Fix openrc init scripts....Fixes <https://bugs.gnu.org/46871>. * gnu/packages/package-management.scm (guix)[arguments]: Fix openrc init. * nix/local.mk (openrcservicedir): Likewise. Signed-off-by: Efraim Flashner <efraim@flashner.co.il> zimoun 2021-03-18daemon: Prevent privilege escalation with '--keep-failed' [security]....Fixes <https://bugs.gnu.org/47229>. Reported by Nathan Nye of WhiteBeam Security. * nix/libstore/build.cc (DerivationGoal::startBuilder): When 'useChroot' is true, add "/top" to 'tmpDir'. (DerivationGoal::deleteTmpDir): Adjust accordingly. When 'settings.keepFailed' is true, chown in two steps: first the "/top" sub-directory, and then rename "/top" to its parent. Ludovic Courtès 2021-03-17daemon: Correctly handle '--discover' with no value....Previously, we'd get: $ guix-daemon --discover error: basic_string::_M_construct null not valid * nix/nix-daemon/guix-daemon.cc (parse_opt): Change second argument to 'settings.set' to properly handle case where ARG is NULL. Ludovic Courtès