e='robots' content='noindex, nofollow'/>
aboutsummaryrefslogtreecommitdiff
path: root/nix/nix-daemon
AgeCommit message (Expand)Author
2019-11-26guix build, daemon: Rename "--no-build-hook" to "--no-offload"....This is a followup to bc69ea2d605810cc32e13ed03d5848b8dc358b61. * guix/scripts/build.scm (show-build-options-help): Rename "--no-build-hook" to "--no-offload". (%standard-build-options): Likewise, and warn when "--no-build-hook" is passed. * nix/nix-daemon/guix-daemon.cc (options): Add "--no-offload" and mark "--no-build-hook" as hidden. * guix/scripts/offload.scm: Adjust comment. * doc/guix.texi (Invoking guix-daemon, Common Build Options): Replace "--no-build-hook" with "--no-offload". * etc/completion/fish/guix.fish, etc/completion/zsh/_guix: Adjust accordingly. Ludovic Courtès
2019-10-16daemon: Make 'profiles/per-user' non-world-writable....Fixes <https://bugs.gnu.org/37744>. Reported at <https://www.openwall.com/lists/oss-security/2019/10/09/4>. Based on Nix commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d by Eelco Dolstra <edolstra@gmail.com>. * nix/libstore/local-store.cc (LocalStore::LocalStore): Set 'perUserDir' to #o755 instead of #o1777. (LocalStore::createUser): New function. * nix/libstore/local-store.hh (LocalStore): Add it. * nix/libstore/store-api.hh (StoreAPI): Add it. * nix/nix-daemon/nix-daemon.cc (performOp): In 'wopSetOptions', add condition to handle "user-name" property and honor it. (processConnection): Add 'userId' parameter. Call 'store->createUser' when userId is not -1. * guix/profiles.scm (ensure-profile-directory): Note that this is now handled by the daemon. * guix/store.scm (current-user-name): New procedure. (set-build-options): Add #:user-name parameter and pass it to the daemon. * tests/guix-daemon.sh: Test the creation of 'profiles/per-user' when listening on a TCP socket. * tests/store.scm ("profiles/per-user exists and is not writable") ("profiles/per-user/$USER exists"): New tests. Ludovic Courtès
2019-09-16daemon: Include 'config.h' in 'nix-daemon.cc'....* nix/nix-daemon/nix-daemon.cc: Include 'config.h'. Timothy Sample
2019-09-08daemon: Run 'guix substitute' directly and assume a single substituter....The daemon had a mechanism that allows it to handle a list of substituters and try them sequentially; this removes it. * nix/scripts/substitute.in: Remove. * nix/local.mk (nodist_pkglibexec_SCRIPTS): Remove. * config-daemon.ac: Don't output 'nix/scripts/substitute'. * nix/libstore/build.cc (SubstitutionGoal)[subs, sub, hasSubstitute]: Remove. [tryNext]: Make private. (SubstitutionGoal::SubstitutionGoal, SubstitutionGoal::init): Remove now unneeded initializers. (SubstitutionGoal::tryNext): Adjust to assume a single substituter: call 'amDone' upfront when we couldn't find substitutes. (SubstitutionGoal::tryToRun): Adjust to run 'guix substitute' via 'settings.guixProgram'. (SubstitutionGoal::finished): Call 'amDone(ecFailed)' upon failure instead of setting 'state' to 'tryNext'. * nix/libstore/globals.hh (Settings)[substituters]: Remove. * nix/libstore/local-store.cc (LocalStore::~LocalStore): Adjust to handle a single substituter. (LocalStore::startSubstituter): Remove 'path' parameter. Adjust to invoke 'settings.guixProgram'. Don't refer to 'run.program', which no longer exists. (LocalStore::querySubstitutablePaths): Adjust for 'runningSubstituters' being a singleton instead of a list. (LocalStore::querySubstitutablePathInfos): Likewise, and remove 'substituter' parameter. * nix/libstore/local-store.hh (RunningSubstituter)[program]: Remove. (LocalStore)[runningSubstituters]: Remove. [runningSubstituter]: New field. [querySubstitutablePathInfos]: Remove 'substituter' parameter. [startSubstituter]: Remove 'substituter' parameter. * nix/nix-daemon/guix-daemon.cc (main): Remove references to 'settings.substituters'. * nix/nix-daemon/nix-daemon.cc (performOp): Ignore the user's "build-use-substitutes" value when 'settings.useSubstitutes' is false. Ludovic Courtès
2019-09-08daemon: Run 'guix offload' directly....* nix/scripts/offload.in: Remove. * nix/local.mk (nodist_pkglibexec_SCRIPTS) [BUILD_DAEMON_OFFLOAD]: Remove 'scripts/offload'. * config-daemon.ac: Don't output 'nix/scripts/offload'. * build-aux/pre-inst-env.in: Don't set 'NIX_BUILD_HOOK'. * nix/libstore/build.cc (HookInstance::HookInstance): Run 'guix offload'. (DerivationGoal::tryBuildHook): Remove reference to 'NIX_BUILD_HOOK'. * nix/nix-daemon/guix-daemon.cc (main) [HAVE_DAEMON_OFFLOAD_HOOK]: Don't set 'NIX_BUILD_HOOK'. * nix/nix-daemon/nix-daemon.cc (performOp) [!HAVE_DAEMON_OFFLOAD_HOOK]: Leave 'settings.useBuildHook' unchanged. Ludovic Courtès
2019-02-04daemon: Add "/guix" to default 'nixLibexecDir'....This makes it easier to run the uninstalled daemon. * nix/local.mk (libstore_a_CPPFLAGS): Append "/guix" to NIX_LIBEXEC_DIR. * build-aux/pre-inst-env.in (NIX_LIBEXEC_DIR): Adjust comment. * nix/libstore/builtins.cc (builtinDownload): Remove SUBDIR and its use. * nix/libstore/local-store.cc (runAuthenticationProgram): Ditto. * nix/libstore/gc.cc (addAdditionalRoots): Remove "/guix" prefix. * nix/nix-daemon/guix-daemon.cc (main): Ditto. Ludovic Courtès
2019-02-04daemon: Remove the 'NIX_SUBSTITUTERS' environment variable....* nix/libstore/globals.cc (Settings:update): Remove changes to 'substituters'. * nix/nix-daemon/guix-daemon.cc (main): Set 'settings.substituters' directly instead of changing the 'NIX_SUBSTITUTERS' environment variable. * build-aux/pre-inst-env.in: Remove reference to 'NIX_SUBSTITUTERS'. Ludovic Courtès
2018-12-16daemon: Use unbranded phrases in comments and messages....* nix/libstore/build.cc, nix/libstore/globals.cc, nix/libstore/gc.cc, nix/libstore/local-store.cc, nix/libstore/optimise-store.cc, nix/libstore/store-api.cc, nix/libutil/archive.cc, nix/nix-daemon/nix-daemon.cc: Replace "Nix store" by "store", and "Nix daemon" by "build daemon". Ludovic Courtès
2018-11-24daemon: Ignore '--keep-failed' for TCP/IP clients....* nix/nix-daemon/nix-daemon.cc (performOp) <wopSetOptions>: When 'isRemoteConnection' is true, set 'settings.keepFailed' to zero. * doc/guix.texi (Common Build Options): Document this behavior. Ludovic Courtès
2018-11-14daemon: Install 'authenticate' script under LIBEXECDIR/guix....That way it is handled in the same way as other helper scripts. * nix/scripts/guix-authenticate.in: Rename to... * nix/scripts/authenticate.in: ... this. * config-daemon.ac: Adjust accordingly. * nix/local.mk (libstore_a_CPPFLAGS): Remove -DOPENSSL_PATH. (nodist_libexec_SCRIPTS): Remove. (nodist_pkglibexec_SCRIPTS): New variable. * nix/nix-daemon/guix-daemon.cc (main): Remove 'setenv' call for "PATH". * nix/libstore/local-store.cc (runAuthenticationProgram): New function. (LocalStore::exportPath, LocalStore::importPath): Use it instead of 'runProgram' and OPENSSL_PATH. Ludovic Courtès
2018-10-15daemon: Support multiplexed build output....This allows clients to tell whether output comes from the daemon or, if it comes from a builder, from which builder it comes. The latter is particularly useful when MAX-BUILD-JOBS > 1. * nix/libstore/build.cc (DerivationGoal::tryBuildHook) (DerivationGoal::startBuilder): Print the child's PID in "@ build-started" traces. (DerivationGoal::handleChildOutput): Define 'prefix', pass it to 'writeToStderr'. * nix/libstore/globals.cc (Settings:Settings): Initialize 'multiplexedBuildOutput'. (Settings::update): Likewise. * nix/libstore/globals.hh (Settings)[multiplexedBuildOutput]: New field. Update 'printBuildTrace' documentation. * nix/libstore/worker-protocol.hh (PROTOCOL_VERSION): Bump to 0.163. * nix/nix-daemon/nix-daemon.cc (performOp) <wopSetOptions>: Special-case "multiplexed-build-output" and remove "use-ssh-substituter". * guix/store.scm (set-build-options): Add #:multiplexed-build-output? and honor it. (%protocol-version): Bump to #x163. * tests/store.scm ("multiplexed-build-output"): New test. fixlet Ludovic Courtès
2018-04-19guix-daemon: Disable garbage collection for remote connections....* nix/nix-daemon/nix-daemon.cc (isRemoteConnection): New variable. (performOp): For wopCollectGarbage, throw an error when isRemoteConnection is set. (acceptConnection): Set isRemoteConnection when connection is not AF_UNIX. * tests/guix-daemon.sh: Add a test for the new behavior. Roel Janssen
2018-01-07daemon: Make libbz2 an optional dependency....* config-daemon.ac: Don't bail out when libbz2 is missing. Define 'HAVE_LIBBZ2' Automake conditional. * nix/libstore/build.cc: Wrap relevant bits in '#if HAVE_BZLIB_H'. * nix/libstore/globals.cc (Settings::Settings): 'logCompression' defaults to COMPRESSION_GZIP when HAVE_BZLIB_H is false. * nix/libstore/globals.hh (CompressionType): Make 'COMPRESSION_BZIP2' conditional on HAVE_BZLIB_H. * nix/local.mk (guix_register_LDADD, guix_daemon_LDADD): Add -lbz2 only when HAVE_LIBBZ2. * nix/nix-daemon/guix-daemon.cc (parse_opt): Ignore "bzip2" when not HAVE_BZLIB_H. Ludovic Courtès
2018-01-07daemon: Add gzip log compression....* nix/nix-daemon/guix-daemon.cc (GUIX_OPT_LOG_COMPRESSION): New macro. (options): Mark "disable-log-compression" as hidden and add "log-compression". (parse_opt): Handle GUIX_OPT_LOG_COMPRESSION. * nix/libstore/build.cc (DerivationGoal): Add 'gzLogFile'. (openLogFile): Initialize it when 'logCompression' is COMPRESSION_GZIP. (closeLogFile, handleChildOutput): Honor 'gzLogFile'. * nix/libstore/globals.hh (Settings)[compressLog]: Remove. [logCompression]: New field. (CompressionType): New enum. * nix/libstore/globals.cc (Settings::Settings): Initialize it. (update): Remove '_get' call for 'compressLog'. * nix/local.mk (guix_daemon_LDADD, guix_register_LDADD): Add -lz. * guix/store.scm (log-file): Handle '.gz' log files. * tests/guix-daemon.sh: Add test with '--log-compression=gzip'. * doc/guix.texi (Invoking guix-daemon): Adjust accordingly. * config-daemon.ac: Check for libz and zlib.h. Ludovic Courtès
2017-07-17daemon: Flush the sink upon 'exportPath' errors....Prior to this change, errors such as wrong permissions on /etc/guix/signing-key.sec would give: guix-daemon: nix/libutil/serialise.cc:15: virtual nix::BufferedSink::~BufferedSink(): Assertion `!bufPos' failed. This patch correctly propagates the error to the client and thus changes that to: error: build failed: file `/etc/guix/signing-key.sec' should be secret (inaccessible to everybody else)! * nix/nix-daemon/nix-daemon.cc (performOp): Wrap 'exportPath' call in 'try' block. Co-authored-by: Ludovic Courtès <ludo@gnu.org> Jan Nieuwenhuizen
2017-07-10daemon: Allow compilation with GCC 4.9....Reported by Ricardo Wurmus. * nix/nix-daemon/nix-daemon.cc (acceptConnection): Remove intermediate 'inaddr' variables that relied on implicit casts. This fixes compilation with GCC 4.9. Ludovic Courtès
2017-06-22daemon: Set TCP_NODELAY and TCP_QUICKACK on remote sockets....* nix/nix-daemon/nix-daemon.cc (acceptConnection): Set TCP_NODELAY and TCP_QUICKACK on REMOTE.