2015-03-17 15:21:31 +01:00
|
|
|
|
;;; GNU Guix --- Functional package management for GNU
|
|
|
|
|
;;; Copyright © 2015 David Thompson <davet@gnu.org>
|
2017-03-22 09:50:06 +01:00
|
|
|
|
;;; Copyright © 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
|
2015-03-17 15:21:31 +01:00
|
|
|
|
;;;
|
|
|
|
|
;;; This file is part of GNU Guix.
|
|
|
|
|
;;;
|
|
|
|
|
;;; GNU Guix is free software; you can redistribute it and/or modify it
|
|
|
|
|
;;; under the terms of the GNU General Public License as published by
|
|
|
|
|
;;; the Free Software Foundation; either version 3 of the License, or (at
|
|
|
|
|
;;; your option) any later version.
|
|
|
|
|
;;;
|
|
|
|
|
;;; GNU Guix is distributed in the hope that it will be useful, but
|
|
|
|
|
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
;;; GNU General Public License for more details.
|
|
|
|
|
;;;
|
|
|
|
|
;;; You should have received a copy of the GNU General Public License
|
|
|
|
|
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
|
|
(define-module (guix scripts publish)
|
|
|
|
|
#:use-module ((system repl server) #:prefix repl:)
|
|
|
|
|
#:use-module (ice-9 binary-ports)
|
|
|
|
|
#:use-module (ice-9 format)
|
|
|
|
|
#:use-module (ice-9 match)
|
|
|
|
|
#:use-module (ice-9 regex)
|
2016-10-19 14:28:56 +02:00
|
|
|
|
#:use-module (ice-9 rdelim)
|
2017-04-17 23:13:40 +02:00
|
|
|
|
#:use-module (ice-9 threads)
|
2015-03-17 15:21:31 +01:00
|
|
|
|
#:use-module (rnrs bytevectors)
|
|
|
|
|
#:use-module (srfi srfi-1)
|
|
|
|
|
#:use-module (srfi srfi-2)
|
2016-07-18 23:58:34 +02:00
|
|
|
|
#:use-module (srfi srfi-9)
|
2015-07-20 00:37:47 +02:00
|
|
|
|
#:use-module (srfi srfi-9 gnu)
|
2016-06-09 23:33:20 +02:00
|
|
|
|
#:use-module (srfi srfi-19)
|
2015-03-17 15:21:31 +01:00
|
|
|
|
#:use-module (srfi srfi-26)
|
2016-07-20 16:54:31 +02:00
|
|
|
|
#:use-module (srfi srfi-34)
|
2015-03-17 15:21:31 +01:00
|
|
|
|
#:use-module (srfi srfi-37)
|
|
|
|
|
#:use-module (web http)
|
|
|
|
|
#:use-module (web request)
|
|
|
|
|
#:use-module (web response)
|
|
|
|
|
#:use-module (web server)
|
|
|
|
|
#:use-module (web uri)
|
2017-04-19 23:39:27 +02:00
|
|
|
|
#:autoload (sxml simple) (sxml->xml)
|
2015-03-17 15:21:31 +01:00
|
|
|
|
#:use-module (guix base32)
|
|
|
|
|
#:use-module (guix base64)
|
|
|
|
|
#:use-module (guix config)
|
|
|
|
|
#:use-module (guix derivations)
|
|
|
|
|
#:use-module (guix hash)
|
|
|
|
|
#:use-module (guix pki)
|
|
|
|
|
#:use-module (guix pk-crypto)
|
2017-04-17 23:13:40 +02:00
|
|
|
|
#:use-module (guix workers)
|
2015-03-17 15:21:31 +01:00
|
|
|
|
#:use-module (guix store)
|
2016-10-19 14:28:56 +02:00
|
|
|
|
#:use-module ((guix serialization) #:select (write-file))
|
2016-07-18 23:58:34 +02:00
|
|
|
|
#:use-module (guix zlib)
|
2017-04-18 23:12:35 +02:00
|
|
|
|
#:use-module (guix cache)
|
2015-03-17 15:21:31 +01:00
|
|
|
|
#:use-module (guix ui)
|
2015-09-10 11:37:36 +02:00
|
|
|
|
#:use-module (guix scripts)
|
2017-04-17 23:13:40 +02:00
|
|
|
|
#:use-module ((guix utils)
|
|
|
|
|
#:select (with-atomic-file-output compressed-file?))
|
2017-04-18 23:12:35 +02:00
|
|
|
|
#:use-module ((guix build utils)
|
|
|
|
|
#:select (dump-port mkdir-p find-files))
|
2017-03-22 09:50:06 +01:00
|
|
|
|
#:export (%public-key
|
|
|
|
|
%private-key
|
|
|
|
|
|
|
|
|
|
guix-publish))
|
2015-03-17 15:21:31 +01:00
|
|
|
|
|
|
|
|
|
(define (show-help)
|
|
|
|
|
(format #t (_ "Usage: guix publish [OPTION]...
|
|
|
|
|
Publish ~a over HTTP.\n") %store-directory)
|
|
|
|
|
(display (_ "
|
|
|
|
|
-p, --port=PORT listen on PORT"))
|
2015-05-12 21:20:19 +02:00
|
|
|
|
(display (_ "
|
|
|
|
|
--listen=HOST listen on the network interface for HOST"))
|
2015-03-17 15:21:31 +01:00
|
|
|
|
(display (_ "
|
2015-05-12 11:41:55 +02:00
|
|
|
|
-u, --user=USER change privileges to USER as soon as possible"))
|
2016-07-18 23:58:34 +02:00
|
|
|
|
(display (_ "
|
|
|
|
|
-C, --compression[=LEVEL]
|
|
|
|
|
compress archives at LEVEL"))
|
2017-04-17 23:13:40 +02:00
|
|
|
|
(display (_ "
|
|
|
|
|
-c, --cache=DIRECTORY cache published items to DIRECTORY"))
|
|
|
|
|
(display (_ "
|
|
|
|
|
--workers=N use N workers to bake items"))
|
2016-06-09 23:33:20 +02:00
|
|
|
|
(display (_ "
|
|
|
|
|
--ttl=TTL announce narinfos can be cached for TTL seconds"))
|
2017-03-22 14:00:06 +01:00
|
|
|
|
(display (_ "
|
|
|
|
|
--nar-path=PATH use PATH as the prefix for nar URLs"))
|
2017-03-22 11:26:05 +01:00
|
|
|
|
(display (_ "
|
|
|
|
|
--public-key=FILE use FILE as the public key for signatures"))
|
|
|
|
|
(display (_ "
|
|
|
|
|
--private-key=FILE use FILE as the private key for signatures"))
|
2015-05-12 11:41:55 +02:00
|
|
|
|
(display (_ "
|
2015-03-17 15:21:31 +01:00
|
|
|
|
-r, --repl[=PORT] spawn REPL server on PORT"))
|
|
|
|
|
(newline)
|
|
|
|
|
(display (_ "
|
|
|
|
|
-h, --help display this help and exit"))
|
|
|
|
|
(display (_ "
|
|
|
|
|
-V, --version display version information and exit"))
|
|
|
|
|
(newline)
|
|
|
|
|
(show-bug-report-information))
|
|
|
|
|
|
2015-05-12 21:20:19 +02:00
|
|
|
|
(define (getaddrinfo* host)
|
|
|
|
|
"Like 'getaddrinfo', but properly report errors."
|
|
|
|
|
(catch 'getaddrinfo-error
|
|
|
|
|
(lambda ()
|
|
|
|
|
(getaddrinfo host))
|
|
|
|
|
(lambda (key error)
|
|
|
|
|
(leave (_ "lookup of host '~a' failed: ~a~%")
|
|
|
|
|
host (gai-strerror error)))))
|
|
|
|
|
|
2016-07-18 23:58:34 +02:00
|
|
|
|
;; Nar compression parameters.
|
|
|
|
|
(define-record-type <compression>
|
|
|
|
|
(compression type level)
|
|
|
|
|
compression?
|
|
|
|
|
(type compression-type)
|
|
|
|
|
(level compression-level))
|
|
|
|
|
|
|
|
|
|
(define %no-compression
|
|
|
|
|
(compression 'none 0))
|
|
|
|
|
|
|
|
|
|
(define %default-gzip-compression
|
|
|
|
|
;; Since we compress on the fly, default to fast compression.
|
|
|
|
|
(compression 'gzip 3))
|
|
|
|
|
|
2017-04-17 23:11:28 +02:00
|
|
|
|
(define (actual-compression item requested)
|
|
|
|
|
"Return the actual compression used for ITEM, which may be %NO-COMPRESSION
|
|
|
|
|
if ITEM is already compressed."
|
|
|
|
|
(if (compressed-file? item)
|
|
|
|
|
%no-compression
|
|
|
|
|
requested))
|
|
|
|
|
|
2015-03-17 15:21:31 +01:00
|
|
|
|
(define %options
|
|
|
|
|
(list (option '(#\h "help") #f #f
|
|
|
|
|
(lambda _
|
|
|
|
|
(show-help)
|
|
|
|
|
(exit 0)))
|
|
|
|
|
(option '(#\V "version") #f #f
|
|
|
|
|
(lambda _
|
|
|
|
|
(show-version-and-exit "guix publish")))
|
2015-05-12 11:41:55 +02:00
|
|
|
|
(option '(#\u "user") #t #f
|
|
|
|
|
(lambda (opt name arg result)
|
|
|
|
|
(alist-cons 'user arg result)))
|
2015-03-17 15:21:31 +01:00
|
|
|
|
(option '(#\p "port") #t #f
|
|
|
|
|
(lambda (opt name arg result)
|
|
|
|
|
(alist-cons 'port (string->number* arg) result)))
|
2015-05-12 21:20:19 +02:00
|
|
|
|
(option '("listen") #t #f
|
|
|
|
|
(lambda (opt name arg result)
|
|
|
|
|
(match (getaddrinfo* arg)
|
|
|
|
|
((info _ ...)
|
|
|
|
|
(alist-cons 'address (addrinfo:addr info)
|
|
|
|
|
result))
|
|
|
|
|
(()
|
|
|
|
|
(leave (_ "lookup of host '~a' returned nothing")
|
|
|
|
|
name)))))
|
2016-07-18 23:58:34 +02:00
|
|
|
|
(option '(#\C "compression") #f #t
|
|
|
|
|
(lambda (opt name arg result)
|
|
|
|
|
(match (if arg (string->number* arg) 3)
|
|
|
|
|
(0
|
|
|
|
|
(alist-cons 'compression %no-compression result))
|
|
|
|
|
(level
|
2016-07-19 16:46:16 +02:00
|
|
|
|
(if (zlib-available?)
|
|
|
|
|
(alist-cons 'compression
|
|
|
|
|
(compression 'gzip level)
|
|
|
|
|
result)
|
|
|
|
|
(begin
|
|
|
|
|
(warning (_ "zlib support is missing; \
|
|
|
|
|
compression disabled~%"))
|
|
|
|
|
result))))))
|
2017-04-17 23:13:40 +02:00
|
|
|
|
(option '(#\c "cache") #t #f
|
|
|
|
|
(lambda (opt name arg result)
|
|
|
|
|
(alist-cons 'cache arg result)))
|
|
|
|
|
(option '("workers") #t #f
|
|
|
|
|
(lambda (opt name arg result)
|
|
|
|
|
(alist-cons 'workers (string->number* arg)
|
|
|
|
|
result)))
|
2016-06-09 23:33:20 +02:00
|
|
|
|
(option '("ttl") #t #f
|
|
|
|
|
(lambda (opt name arg result)
|
|
|
|
|
(let ((duration (string->duration arg)))
|
|
|
|
|
(unless duration
|
|
|
|
|
(leave (_ "~a: invalid duration~%") arg))
|
|
|
|
|
(alist-cons 'narinfo-ttl (time-second duration)
|
|
|
|
|
result))))
|
2017-03-22 14:00:06 +01:00
|
|
|
|
(option '("nar-path") #t #f
|
|
|
|
|
(lambda (opt name arg result)
|
|
|
|
|
(alist-cons 'nar-path arg result)))
|
2017-03-22 11:26:05 +01:00
|
|
|
|
(option '("public-key") #t #f
|
|
|
|
|
(lambda (opt name arg result)
|
|
|
|
|
(alist-cons 'public-key-file arg result)))
|
|
|
|
|
(option '("private-key" "secret-key") #t #f
|
|
|
|
|
(lambda (opt name arg result)
|
|
|
|
|
(alist-cons 'private-key-file arg result)))
|
2015-03-17 15:21:31 +01:00
|
|
|
|
(option '(#\r "repl") #f #t
|
|
|
|
|
(lambda (opt name arg result)
|
|
|
|
|
;; If port unspecified, use default Guile REPL port.
|
|
|
|
|
(let ((port (and arg (string->number* arg))))
|
|
|
|
|
(alist-cons 'repl (or port 37146) result))))))
|
|
|
|
|
|
|
|
|
|
(define %default-options
|
2015-05-12 21:20:19 +02:00
|
|
|
|
`((port . 8080)
|
2016-07-18 23:58:34 +02:00
|
|
|
|
|
2017-03-22 14:00:06 +01:00
|
|
|
|
;; By default, serve nars under "/nar".
|
|
|
|
|
(nar-path . "nar")
|
|
|
|
|
|
2017-03-22 09:50:06 +01:00
|
|
|
|
(public-key-file . ,%public-key-file)
|
|
|
|
|
(private-key-file . ,%private-key-file)
|
|
|
|
|
|
2016-07-18 23:58:34 +02:00
|
|
|
|
;; Default to fast & low compression.
|
|
|
|
|
(compression . ,(if (zlib-available?)
|
|
|
|
|
%default-gzip-compression
|
|
|
|
|
%no-compression))
|
|
|
|
|
|
2017-04-17 23:13:40 +02:00
|
|
|
|
;; Default number of workers when caching is enabled.
|
|
|
|
|
(workers . ,(current-processor-count))
|
|
|
|
|
|
2015-05-12 21:20:19 +02:00
|
|
|
|
(address . ,(make-socket-address AF_INET INADDR_ANY 0))
|
2015-03-17 15:21:31 +01:00
|
|
|
|
(repl . #f)))
|
|
|
|
|
|
2017-03-22 09:50:06 +01:00
|
|
|
|
;; The key pair used to sign narinfos.
|
2015-03-17 15:21:31 +01:00
|
|
|
|
(define %private-key
|
2017-03-22 09:50:06 +01:00
|
|
|
|
(make-parameter #f))
|
2015-03-17 15:21:31 +01:00
|
|
|
|
(define %public-key
|
2017-03-22 09:50:06 +01:00
|
|
|
|
(make-parameter #f))
|
2015-03-17 15:21:31 +01:00
|
|
|
|
|
|
|
|
|
(define %nix-cache-info
|
|
|
|
|
`(("StoreDir" . ,%store-directory)
|
|
|
|
|
("WantMassQuery" . 0)
|
|
|
|
|
("Priority" . 100)))
|
|
|
|
|
|
|
|
|
|
(define (load-derivation file)
|
|
|
|
|
"Read the derivation from FILE."
|
|
|
|
|
(call-with-input-file file read-derivation))
|
|
|
|
|
|
|
|
|
|
(define (signed-string s)
|
|
|
|
|
"Sign the hash of the string S with the daemon's key."
|
2017-03-22 09:50:06 +01:00
|
|
|
|
(let* ((public-key (%public-key))
|
2015-03-17 15:21:31 +01:00
|
|
|
|
(hash (bytevector->hash-data (sha256 (string->utf8 s))
|
|
|
|
|
#:key-type (key-type public-key))))
|
2017-03-22 09:50:06 +01:00
|
|
|
|
(signature-sexp hash (%private-key) public-key)))
|
2015-03-17 15:21:31 +01:00
|
|
|
|
|
|
|
|
|
(define base64-encode-string
|
|
|
|
|
(compose base64-encode string->utf8))
|
|
|
|
|
|
2016-07-18 23:58:34 +02:00
|
|
|
|
(define* (narinfo-string store store-path key
|
2017-03-22 13:31:54 +01:00
|
|
|
|
#:key (compression %no-compression)
|
|
|
|
|
(nar-path "nar"))
|
2016-02-24 13:00:11 +01:00
|
|
|
|
"Generate a narinfo key/value string for STORE-PATH; an exception is raised
|
2016-07-18 23:58:34 +02:00
|
|
|
|
if STORE-PATH is invalid. Produce a URL that corresponds to COMPRESSION. The
|
2017-03-22 13:31:54 +01:00
|
|
|
|
narinfo is signed with KEY. NAR-PATH specifies the prefix for nar URLs."
|
2016-02-24 13:00:11 +01:00
|
|
|
|
(let* ((path-info (query-path-info store store-path))
|
2017-04-17 23:11:28 +02:00
|
|
|
|
(compression (actual-compression store-path compression))
|
2016-07-18 23:58:34 +02:00
|
|
|
|
(url (encode-and-join-uri-path
|
2017-03-22 13:31:54 +01:00
|
|
|
|
`(,@(split-and-decode-uri-path nar-path)
|
2016-07-18 23:58:34 +02:00
|
|
|
|
,@(match compression
|
|
|
|
|
(($ <compression> 'none)
|
|
|
|
|
'())
|
|
|
|
|
(($ <compression> type)
|
|
|
|
|
(list (symbol->string type))))
|
|
|
|
|
,(basename store-path))))
|
2015-07-18 00:14:04 +02:00
|
|
|
|
(hash (bytevector->nix-base32-string
|
2015-03-17 15:21:31 +01:00
|
|
|
|
(path-info-hash path-info)))
|
|
|
|
|
(size (path-info-nar-size path-info))
|
|
|
|
|
(references (string-join
|
|
|
|
|
(map basename (path-info-references path-info))
|
|
|
|
|
" "))
|
2015-09-03 23:37:33 +02:00
|
|
|
|
(deriver (path-info-deriver path-info))
|
2015-03-17 15:21:31 +01:00
|
|
|
|
(base-info (format #f
|
2016-07-18 23:58:34 +02:00
|
|
|
|
"\
|
|
|
|
|
StorePath: ~a
|
2015-03-17 15:21:31 +01:00
|
|
|
|
URL: ~a
|
2016-07-18 23:58:34 +02:00
|
|
|
|
Compression: ~a
|
2015-03-17 15:21:31 +01:00
|
|
|
|
NarHash: sha256:~a
|
|
|
|
|
NarSize: ~d
|
|
|
|
|
References: ~a~%"
|
2016-07-18 23:58:34 +02:00
|
|
|
|
store-path url
|
|
|
|
|
(compression-type compression)
|
|
|
|
|
hash size references))
|
2015-03-17 15:21:31 +01:00
|
|
|
|
;; Do not render a "Deriver" or "System" line if we are rendering
|
|
|
|
|
;; info for a derivation.
|
2016-02-26 23:14:28 +01:00
|
|
|
|
(info (if (not deriver)
|
2015-09-03 23:37:33 +02:00
|
|
|
|
base-info
|
|
|
|
|
(catch 'system-error
|
|
|
|
|
(lambda ()
|
|
|
|
|
(let ((drv (load-derivation deriver)))
|
|
|
|
|
(format #f "~aSystem: ~a~%Deriver: ~a~%"
|
|
|
|
|
base-info (derivation-system drv)
|
|
|
|
|
(basename deriver))))
|
|
|
|
|
(lambda args
|
|
|
|
|
;; DERIVER might be missing, but that's fine:
|
|
|
|
|
;; it's only used for <substitutable> where it's
|
|
|
|
|
;; optional. 'System' is currently unused.
|
|
|
|
|
(if (= ENOENT (system-error-errno args))
|
|
|
|
|
base-info
|
|
|
|
|
(apply throw args))))))
|
2015-03-17 15:21:31 +01:00
|
|
|
|
(signature (base64-encode-string
|
|
|
|
|
(canonical-sexp->string (signed-string info)))))
|
|
|
|
|
(format #f "~aSignature: 1;~a;~a~%" info (gethostname) signature)))
|
|
|
|
|
|
|
|
|
|
(define (not-found request)
|
|
|
|
|
"Render 404 response for REQUEST."
|
|
|
|
|
(values (build-response #:code 404)
|
|
|
|
|
(string-append "Resource not found: "
|
|
|
|
|
(uri-path (request-uri request)))))
|
|
|
|
|
|
|
|
|
|
(define (render-nix-cache-info)
|
|
|
|
|
"Render server information."
|
|
|
|
|
(values '((content-type . (text/plain)))
|
|
|
|
|
(lambda (port)
|
|
|
|
|
(for-each (match-lambda
|
|
|
|
|
((key . value)
|
|
|
|
|
(format port "~a: ~a~%" key value)))
|
|
|
|
|
%nix-cache-info))))
|
|
|
|
|
|
2016-07-18 23:58:34 +02:00
|
|
|
|
(define* (render-narinfo store request hash
|
2017-03-22 13:31:54 +01:00
|
|
|
|
#:key ttl (compression %no-compression)
|
|
|
|
|
(nar-path "nar"))
|
2016-06-09 23:33:20 +02:00
|
|
|
|
"Render metadata for the store path corresponding to HASH. If TTL is true,
|
|
|
|
|
advertise it as the maximum validity period (in seconds) via the
|
|
|
|
|
'Cache-Control' header. This allows 'guix substitute' to cache it for an
|
2017-03-22 13:31:54 +01:00
|
|
|
|
appropriate duration. NAR-PATH specifies the prefix for nar URLs."
|
2016-02-24 13:00:11 +01:00
|
|
|
|
(let ((store-path (hash-part->path store hash)))
|
|
|
|
|
(if (string-null? store-path)
|
|
|
|
|
(not-found request)
|
2016-06-09 23:33:20 +02:00
|
|
|
|
(values `((content-type . (application/x-nix-narinfo))
|
|
|
|
|
,@(if ttl
|
|
|
|
|
`((cache-control (max-age . ,ttl)))
|
|
|
|
|
'()))
|
2015-03-17 15:21:31 +01:00
|
|
|
|
(cut display
|
2017-03-22 09:50:06 +01:00
|
|
|
|
(narinfo-string store store-path (%private-key)
|
2017-03-22 13:31:54 +01:00
|
|
|
|
#:nar-path nar-path
|
2016-07-18 23:58:34 +02:00
|
|
|
|
#:compression compression)
|
|
|
|
|
<>)))))
|
|
|
|
|
|
2017-04-17 23:13:40 +02:00
|
|
|
|
(define* (nar-cache-file directory item
|
|
|
|
|
#:key (compression %no-compression))
|
|
|
|
|
(string-append directory "/"
|
|
|
|
|
(symbol->string (compression-type compression))
|
|
|
|
|
"/" (basename item) ".nar"))
|
|
|
|
|
|
|
|
|
|
(define* (narinfo-cache-file directory item
|
|
|
|
|
#:key (compression %no-compression))
|
|
|
|
|
(string-append directory "/"
|
|
|
|
|
(symbol->string (compression-type compression))
|
|
|
|
|
"/" (basename item)
|
|
|
|
|
".narinfo"))
|
|
|
|
|
|
|
|
|
|
(define run-single-baker
|
|
|
|
|
(let ((baking (make-weak-value-hash-table))
|
|
|
|
|
(mutex (make-mutex)))
|
|
|
|
|
(lambda (item thunk)
|
|
|
|
|
"Run THUNK, which is supposed to bake ITEM, but make sure only one
|
|
|
|
|
thread is baking ITEM at a given time."
|
|
|
|
|
(define selected?
|
|
|
|
|
(with-mutex mutex
|
|
|
|
|
(and (not (hash-ref baking item))
|
|
|
|
|
(begin
|
|
|
|
|
(hash-set! baking item (current-thread))
|
|
|
|
|
#t))))
|
|
|
|
|
|
|
|
|
|
(when selected?
|
|
|
|
|
(dynamic-wind
|
|
|
|
|
(const #t)
|
|
|
|
|
thunk
|
|
|
|
|
(lambda ()
|
|
|
|
|
(with-mutex mutex
|
|
|
|
|
(hash-remove! baking item))))))))
|
|
|
|
|
|
|
|
|
|
(define-syntax-rule (single-baker item exp ...)
|
|
|
|
|
"Bake ITEM by evaluating EXP, but make sure there's only one baker for ITEM
|
|
|
|
|
at a time."
|
|
|
|
|
(run-single-baker item (lambda () exp ...)))
|
|
|
|
|
|
|
|
|
|
|
2017-04-18 23:12:35 +02:00
|
|
|
|
(define (narinfo-files cache)
|
|
|
|
|
"Return the list of .narinfo files under CACHE."
|
|
|
|
|
(if (file-is-directory? cache)
|
|
|
|
|
(find-files cache
|
|
|
|
|
(lambda (file stat)
|
|
|
|
|
(string-suffix? ".narinfo" file)))
|
|
|
|
|
'()))
|
|
|
|
|
|
2017-04-17 23:13:40 +02:00
|
|
|
|
(define* (render-narinfo/cached store request hash
|
|
|
|
|
#:key ttl (compression %no-compression)
|
|
|
|
|
(nar-path "nar")
|
|
|
|
|
cache pool)
|
|
|
|
|
"Respond to the narinfo request for REQUEST. If the narinfo is available in
|
|
|
|
|
CACHE, then send it; otherwise, return 404 and \"bake\" that nar and narinfo
|
|
|
|
|
requested using POOL."
|
2017-04-18 23:12:35 +02:00
|
|
|
|
(define (delete-entry narinfo)
|
|
|
|
|
;; Delete NARINFO and the corresponding nar from CACHE.
|
|
|
|
|
(let ((nar (string-append (string-drop-right narinfo
|
|
|
|
|
(string-length ".narinfo"))
|
|
|
|
|
".nar")))
|
|
|
|
|
(delete-file* narinfo)
|
|
|
|
|
(delete-file* nar)))
|
|
|
|
|
|
2017-04-17 23:13:40 +02:00
|
|
|
|
(let* ((item (hash-part->path store hash))
|
|
|
|
|
(compression (actual-compression item compression))
|
|
|
|
|
(cached (and (not (string-null? item))
|
|
|
|
|
(narinfo-cache-file cache item
|
|
|
|
|
#:compression compression))))
|
|
|
|
|
(cond ((string-null? item)
|
|
|
|
|
(not-found request))
|
|
|
|
|
((file-exists? cached)
|
|
|
|
|
;; Narinfo is in cache, send it.
|
|
|
|
|
(values `((content-type . (application/x-nix-narinfo))
|
|
|
|
|
,@(if ttl
|
|
|
|
|
`((cache-control (max-age . ,ttl)))
|
|
|
|
|
'()))
|
|
|
|
|
(lambda (port)
|
|
|
|
|
(display (call-with-input-file cached
|
|
|
|
|
read-string)
|
|
|
|
|
port))))
|
|
|
|
|
((valid-path? store item)
|
|
|
|
|
;; Nothing in cache: bake the narinfo and nar in the background and
|
|
|
|
|
;; return 404.
|
|
|
|
|
(eventually pool
|
|
|
|
|
(single-baker item
|
|
|
|
|
;; (format #t "baking ~s~%" item)
|
|
|
|
|
(bake-narinfo+nar cache item
|
|
|
|
|
#:ttl ttl
|
|
|
|
|
#:compression compression
|
2017-04-18 23:12:35 +02:00
|
|
|
|
#:nar-path nar-path))
|
|
|
|
|
|
|
|
|
|
(when ttl
|
|
|
|
|
(single-baker 'cache-cleanup
|
|
|
|
|
(maybe-remove-expired-cache-entries cache
|
|
|
|
|
narinfo-files
|
|
|
|
|
#:entry-expiration
|
|
|
|
|
(file-expiration-time ttl)
|
|
|
|
|
#:delete-entry delete-entry
|
|
|
|
|
#:cleanup-period ttl))))
|
2017-04-17 23:13:40 +02:00
|
|
|
|
(not-found request))
|
|
|
|
|
(else
|
|
|
|
|
(not-found request)))))
|
|
|
|
|
|
|
|
|
|
(define* (bake-narinfo+nar cache item
|
|
|
|
|
#:key ttl (compression %no-compression)
|
|
|
|
|
(nar-path "/nar"))
|
|
|
|
|
"Write the narinfo and nar for ITEM to CACHE."
|
|
|
|
|
(let* ((compression (actual-compression item compression))
|
|
|
|
|
(nar (nar-cache-file cache item
|
|
|
|
|
#:compression compression))
|
|
|
|
|
(narinfo (narinfo-cache-file cache item
|
|
|
|
|
#:compression compression)))
|
|
|
|
|
|
|
|
|
|
(mkdir-p (dirname nar))
|
|
|
|
|
(match (compression-type compression)
|
|
|
|
|
('gzip
|
|
|
|
|
;; Note: the file port gets closed along with the gzip port.
|
|
|
|
|
(call-with-gzip-output-port (open-output-file (string-append nar ".tmp"))
|
|
|
|
|
(lambda (port)
|
|
|
|
|
(write-file item port))
|
|
|
|
|
#:level (compression-level compression))
|
|
|
|
|
(rename-file (string-append nar ".tmp") nar))
|
|
|
|
|
('none
|
|
|
|
|
;; When compression is disabled, we retrieve files directly from the
|
|
|
|
|
;; store; no need to cache them.
|
|
|
|
|
#t))
|
|
|
|
|
|
|
|
|
|
(mkdir-p (dirname narinfo))
|
|
|
|
|
(with-atomic-file-output narinfo
|
|
|
|
|
(lambda (port)
|
|
|
|
|
;; Open a new connection to the store. We cannot reuse the main
|
|
|
|
|
;; thread's connection to the store since we would end up sending
|
|
|
|
|
;; stuff concurrently on the same channel.
|
|
|
|
|
(with-store store
|
|
|
|
|
(display (narinfo-string store item
|
|
|
|
|
(%private-key)
|
|
|
|
|
#:nar-path nar-path
|
|
|
|
|
#:compression compression)
|
|
|
|
|
port))))))
|
|
|
|
|
|
2016-07-18 23:58:34 +02:00
|
|
|
|
;; XXX: Declare the 'Guix-Compression' HTTP header, which is in fact for
|
|
|
|
|
;; internal consumption: it allows us to pass the compression info to
|
|
|
|
|
;; 'http-write', as part of the workaround to <http://bugs.gnu.org/21093>.
|
|
|
|
|
(declare-header! "Guix-Nar-Compression"
|
|
|
|
|
(lambda (str)
|
|
|
|
|
(match (call-with-input-string str read)
|
|
|
|
|
(('compression type level)
|
|
|
|
|
(compression type level))))
|
|
|
|
|
compression?
|
|
|
|
|
(lambda (compression port)
|
|
|
|
|
(match compression
|
|
|
|
|
(($ <compression> type level)
|
|
|
|
|
(write `(compression ,type ,level) port)))))
|
|
|
|
|
|
|
|
|
|
(define* (render-nar store request store-item
|
|
|
|
|
#:key (compression %no-compression))
|
2015-03-17 15:21:31 +01:00
|
|
|
|
"Render archive of the store path corresponding to STORE-ITEM."
|
|
|
|
|
(let ((store-path (string-append %store-directory "/" store-item)))
|
|
|
|
|
;; The ISO-8859-1 charset *must* be used otherwise HTTP clients will
|
|
|
|
|
;; interpret the byte stream as UTF-8 and arbitrarily change invalid byte
|
|
|
|
|
;; sequences.
|
2016-02-25 11:48:17 +01:00
|
|
|
|
(if (valid-path? store store-path)
|
2016-07-18 23:58:34 +02:00
|
|
|
|
(values `((content-type . (application/x-nix-archive
|
|
|
|
|
(charset . "ISO-8859-1")))
|
|
|
|
|
(guix-nar-compression . ,compression))
|
2015-07-20 00:37:47 +02:00
|
|
|
|
;; XXX: We're not returning the actual contents, deferring
|
|
|
|
|
;; instead to 'http-write'. This is a hack to work around
|
|
|
|
|
;; <http://bugs.gnu.org/21093>.
|
|
|
|
|
store-path)
|
2015-03-17 15:21:31 +01:00
|
|
|
|
(not-found request))))
|
|
|
|
|
|
2017-04-17 23:13:40 +02:00
|
|
|
|
(define* (render-nar/cached store cache request store-item
|
|
|
|
|
#:key (compression %no-compression))
|
|
|
|
|
"Respond to REQUEST with a nar for STORE-ITEM. If the nar is in CACHE,
|
|
|
|
|
return it; otherwise, return 404."
|
|
|
|
|
(let ((cached (nar-cache-file cache store-item
|
|
|
|
|
#:compression compression)))
|
|
|
|
|
(if (file-exists? cached)
|
|
|
|
|
(values `((content-type . (application/octet-stream
|
|
|
|
|
(charset . "ISO-8859-1"))))
|
|
|
|
|
;; XXX: We're not returning the actual contents, deferring
|
|
|
|
|
;; instead to 'http-write'. This is a hack to work around
|
|
|
|
|
;; <http://bugs.gnu.org/21093>.
|
|
|
|
|
cached)
|
|
|
|
|
(not-found request))))
|
|
|
|
|
|
2016-07-20 16:54:31 +02:00
|
|
|
|
(define (render-content-addressed-file store request
|
|
|
|
|
name algo hash)
|
|
|
|
|
"Return the content of the result of the fixed-output derivation NAME that
|
|
|
|
|
has the given HASH of type ALGO."
|
|
|
|
|
;; TODO: Support other hash algorithms.
|
|
|
|
|
(if (and (eq? algo 'sha256) (= 32 (bytevector-length hash)))
|
|
|
|
|
(let ((item (fixed-output-path name hash
|
|
|
|
|
#:hash-algo algo
|
|
|
|
|
#:recursive? #f)))
|
|
|
|
|
(if (valid-path? store item)
|
|
|
|
|
(values `((content-type . (application/octet-stream
|
|
|
|
|
(charset . "ISO-8859-1"))))
|
|
|
|
|
;; XXX: We're not returning the actual contents, deferring
|
|
|
|
|
;; instead to 'http-write'. This is a hack to work around
|
|
|
|
|
;; <http://bugs.gnu.org/21093>.
|
|
|
|
|
item)
|
|
|
|
|
(not-found request)))
|
|
|
|
|
(not-found request)))
|
|
|
|
|
|
2017-04-19 23:39:27 +02:00
|
|
|
|
(define (render-home-page request)
|
|
|
|
|
"Render the home page."
|
|
|
|
|
(values `((content-type . (text/html (charset . "UTF-8"))))
|
|
|
|
|
(call-with-output-string
|
|
|
|
|
(lambda (port)
|
|
|
|
|
(sxml->xml '(html
|
|
|
|
|
(head (title "GNU Guix Substitute Server"))
|
|
|
|
|
(body
|
|
|
|
|
(h1 "GNU Guix Substitute Server")
|
|
|
|
|
(p "Hi, "
|
|
|
|
|
(a (@ (href
|
|
|
|
|
"https://gnu.org/s/guix/manual/html_node/Invoking-guix-publish.html"))
|
|
|
|
|
(tt "guix publish"))
|
|
|
|
|
" speaking. Welcome!")))
|
|
|
|
|
port)))))
|
|
|
|
|
|
2015-03-17 15:21:31 +01:00
|
|
|
|
(define extract-narinfo-hash
|
|
|
|
|
(let ((regexp (make-regexp "^([a-df-np-sv-z0-9]{32}).narinfo$")))
|
|
|
|
|
(lambda (str)
|
|
|
|
|
"Return the hash within the narinfo resource string STR, or false if STR
|
|
|
|
|
is invalid."
|
|
|
|
|
(and=> (regexp-exec regexp str)
|
|
|
|
|
(cut match:substring <> 1)))))
|
|
|
|
|
|
|
|
|
|
(define (get-request? request)
|
|
|
|
|
"Return #t if REQUEST uses the GET method."
|
|
|
|
|
(eq? (request-method request) 'GET))
|
|
|
|
|
|
|
|
|
|
(define (request-path-components request)
|
|
|
|
|
"Split the URI path of REQUEST into a list of component strings. For
|
|
|
|
|
example: \"/foo/bar\" yields '(\"foo\" \"bar\")."
|
|
|
|
|
(split-and-decode-uri-path (uri-path (request-uri request))))
|
|
|
|
|
|
2015-07-19 23:58:37 +02:00
|
|
|
|
|
|
|
|
|
;;;
|
|
|
|
|
;;; Server.
|
|
|
|
|
;;;
|
|
|
|
|
|
|
|
|
|
(define %http-write
|
|
|
|
|
(@@ (web server http) http-write))
|
|
|
|
|
|
2015-07-20 00:37:47 +02:00
|
|
|
|
(define (sans-content-length response)
|
|
|
|
|
"Return RESPONSE without its 'content-length' header."
|
|
|
|
|
(set-field response (response-headers)
|
|
|
|
|
(alist-delete 'content-length
|
|
|
|
|
(response-headers response)
|
|
|
|
|
eq?)))
|
|
|
|
|
|
2016-12-04 00:38:30 +01:00
|
|
|
|
(define (with-content-length response length)
|
|
|
|
|
"Return RESPONSE with a 'content-length' header set to LENGTH."
|
|
|
|
|
(set-field response (response-headers)
|
|
|
|
|
(alist-cons 'content-length length
|
|
|
|
|
(alist-delete 'content-length
|
|
|
|
|
(response-headers response)
|
|
|
|
|
eq?))))
|
|
|
|
|
|
2015-10-06 23:45:38 +02:00
|
|
|
|
(define-syntax-rule (swallow-EPIPE exp ...)
|
|
|
|
|
"Swallow EPIPE errors raised by EXP..."
|
|
|
|
|
(catch 'system-error
|
|
|
|
|
(lambda ()
|
|
|
|
|
exp ...)
|
|
|
|
|
(lambda args
|
|
|
|
|
(if (= EPIPE (system-error-errno args))
|
|
|
|
|
(values)
|
|
|
|
|
(apply throw args)))))
|
|
|
|
|
|
2016-07-18 23:58:34 +02:00
|
|
|
|
(define-syntax-rule (swallow-zlib-error exp ...)
|
|
|
|
|
"Swallow 'zlib-error' exceptions raised by EXP..."
|
|
|
|
|
(catch 'zlib-error
|
|
|
|
|
(lambda ()
|
|
|
|
|
exp ...)
|
|
|
|
|
(const #f)))
|
|
|
|
|
|
|
|
|
|
(define (nar-response-port response)
|
|
|
|
|
"Return a port on which to write the body of RESPONSE, the response of a
|
|
|
|
|
/nar request, according to COMPRESSION."
|
|
|
|
|
(match (assoc-ref (response-headers response) 'guix-nar-compression)
|
|
|
|
|
(($ <compression> 'gzip level)
|
|
|
|
|
;; Note: We cannot used chunked encoding here because
|
|
|
|
|
;; 'make-gzip-output-port' wants a file port.
|
|
|
|
|
(make-gzip-output-port (response-port response)
|
|
|
|
|
#:level level
|
|
|
|
|
#:buffer-size (* 64 1024)))
|
|
|
|
|
(($ <compression> 'none)
|
|
|
|
|
(response-port response))
|
|
|
|
|
(#f
|
|
|
|
|
(response-port response))))
|
|
|
|
|
|
2015-07-19 23:58:37 +02:00
|
|
|
|
(define (http-write server client response body)
|
|
|
|
|
"Write RESPONSE and BODY to CLIENT, possibly in a separate thread to avoid
|
|
|
|
|
blocking."
|
|
|
|
|
(match (response-content-type response)
|
|
|
|
|
(('application/x-nix-archive . _)
|
|
|
|
|
;; Sending the the whole archive can take time so do it in a separate
|
|
|
|
|
;; thread so that the main thread can keep working in the meantime.
|
|
|
|
|
(call-with-new-thread
|
|
|
|
|
(lambda ()
|
2015-07-20 00:37:47 +02:00
|
|
|
|
(let* ((response (write-response (sans-content-length response)
|
|
|
|
|
client))
|
2016-07-18 23:58:34 +02:00
|
|
|
|
(port (begin
|
|
|
|
|
(force-output client)
|
|
|
|
|
(nar-response-port response))))
|
2015-07-20 00:37:47 +02:00
|
|
|
|
;; XXX: Given our ugly workaround for <http://bugs.gnu.org/21093> in
|
|
|
|
|
;; 'render-nar', BODY here is just the file name of the store item.
|
|
|
|
|
;; We call 'write-file' from here because we know that's the only
|
|
|
|
|
;; way to avoid building the whole nar in memory, which could
|
|
|
|
|
;; quickly become a real problem. As a bonus, we even do
|
|
|
|
|
;; sendfile(2) directly from the store files to the socket.
|
2016-07-18 23:58:34 +02:00
|
|
|
|
(swallow-zlib-error
|
|
|
|
|
(swallow-EPIPE
|
|
|
|
|
(write-file (utf8->string body) port)))
|
|
|
|
|
(swallow-zlib-error
|
|
|
|
|
(close-port port))
|
2015-07-20 00:37:47 +02:00
|
|
|
|
(values)))))
|
2016-07-20 16:54:31 +02:00
|
|
|
|
(('application/octet-stream . _)
|
|
|
|
|
;; Send a raw file in a separate thread.
|
|
|
|
|
(call-with-new-thread
|
|
|
|
|
(lambda ()
|
|
|
|
|
(catch 'system-error
|
|
|
|
|
(lambda ()
|
|
|
|
|
(call-with-input-file (utf8->string body)
|
|
|
|
|
(lambda (input)
|
|
|
|
|
(let* ((size (stat:size (stat input)))
|
2016-12-04 00:38:30 +01:00
|
|
|
|
(response (write-response (with-content-length response
|
|
|
|
|
size)
|
2016-07-20 16:54:31 +02:00
|
|
|
|
client))
|
|
|
|
|
(output (response-port response)))
|
2017-04-18 00:28:39 +02:00
|
|
|
|
(if (file-port? output)
|
|
|
|
|
(sendfile output input size)
|
|
|
|
|
(dump-port input output))
|
2016-07-20 16:54:31 +02:00
|
|
|
|
(close-port output)
|
|
|
|
|
(values)))))
|
|
|
|
|
(lambda args
|
|
|
|
|
;; If the file was GC'd behind our back, that's fine. Likewise if
|
|
|
|
|
;; the client closes the connection.
|
|
|
|
|
(unless (memv (system-error-errno args)
|
|
|
|
|
(list ENOENT EPIPE ECONNRESET))
|
|
|
|
|
(apply throw args))
|
|
|
|
|
(values))))))
|
2015-07-19 23:58:37 +02:00
|
|
|
|
(_
|
|
|
|
|
;; Handle other responses sequentially.
|
|
|
|
|
(%http-write server client response body))))
|
|
|
|
|
|
|
|
|
|
(define-server-impl concurrent-http-server
|
|
|
|
|
;; A variant of Guile's built-in HTTP server that offloads possibly long
|
|
|
|
|
;; responses to a different thread.
|
|
|
|
|
(@@ (web server http) http-open)
|
|
|
|
|
(@@ (web server http) http-read)
|
|
|
|
|
http-write
|
|
|
|
|
(@@ (web server http) http-close))
|
|
|
|
|
|
2016-07-18 23:58:34 +02:00
|
|
|
|
(define* (make-request-handler store
|
|
|
|
|
#:key
|
2017-04-17 23:13:40 +02:00
|
|
|
|
cache pool
|
2016-07-18 23:58:34 +02:00
|
|
|
|
narinfo-ttl
|
2017-03-22 13:31:54 +01:00
|
|
|
|
(nar-path "nar")
|
2016-07-18 23:58:34 +02:00
|
|
|
|
(compression %no-compression))
|
2017-03-22 13:31:54 +01:00
|
|
|
|
(define nar-path?
|
|
|
|
|
(let ((expected (split-and-decode-uri-path nar-path)))
|
|
|
|
|
(cut equal? expected <>)))
|
|
|
|
|
|
2015-03-17 15:21:31 +01:00
|
|
|
|
(lambda (request body)
|
|
|
|
|
(format #t "~a ~a~%"
|
|
|
|
|
(request-method request)
|
|
|
|
|
(uri-path (request-uri request)))
|
2016-07-20 16:54:31 +02:00
|
|
|
|
(if (get-request? request) ;reject POST, PUT, etc.
|
2015-03-17 15:21:31 +01:00
|
|
|
|
(match (request-path-components request)
|
|
|
|
|
;; /nix-cache-info
|
|
|
|
|
(("nix-cache-info")
|
|
|
|
|
(render-nix-cache-info))
|
2017-04-19 23:39:27 +02:00
|
|
|
|
;; /
|
|
|
|
|
((or () ("index.html"))
|
|
|
|
|
(render-home-page request))
|
2015-03-17 15:21:31 +01:00
|
|
|
|
;; /<hash>.narinfo
|
|
|
|
|
(((= extract-narinfo-hash (? string? hash)))
|
2016-06-09 23:33:20 +02:00
|
|
|
|
;; TODO: Register roots for HASH that will somehow remain for
|
|
|
|
|
;; NARINFO-TTL.
|
2017-04-17 23:13:40 +02:00
|
|
|
|
(if cache
|
|
|
|
|
(render-narinfo/cached store request hash
|
|
|
|
|
#:cache cache
|
|
|
|
|
#:pool pool
|
|
|
|
|
#:ttl narinfo-ttl
|
|
|
|
|
#:nar-path nar-path
|
|
|
|
|
#:compression compression)
|
|
|
|
|
(render-narinfo store request hash
|
|
|
|
|
#:ttl narinfo-ttl
|
|
|
|
|
#:nar-path nar-path
|
|
|
|
|
#:compression compression)))
|
2017-03-22 13:31:54 +01:00
|
|
|
|
;; /nar/file/NAME/sha256/HASH
|
|
|
|
|
(("file" name "sha256" hash)
|
|
|
|
|
(guard (c ((invalid-base32-character? c)
|
|
|
|
|
(not-found request)))
|
|
|
|
|
(let ((hash (nix-base32-string->bytevector hash)))
|
|
|
|
|
(render-content-addressed-file store request
|
|
|
|
|
name 'sha256 hash))))
|
2016-07-18 23:58:34 +02:00
|
|
|
|
|
|
|
|
|
;; Use different URLs depending on the compression type. This
|
|
|
|
|
;; guarantees that /nar URLs remain valid even when 'guix publish'
|
|
|
|
|
;; is restarted with different compression parameters.
|
|
|
|
|
|
|
|
|
|
;; /nar/gzip/<store-item>
|
2017-03-22 13:31:54 +01:00
|
|
|
|
((components ... "gzip" store-item)
|
|
|
|
|
(if (and (nar-path? components) (zlib-available?))
|
2017-04-17 23:13:40 +02:00
|
|
|
|
(let ((compression (match compression
|
|
|
|
|
(($ <compression> 'gzip)
|
|
|
|
|
compression)
|
|
|
|
|
(_
|
|
|
|
|
%default-gzip-compression))))
|
|
|
|
|
(if cache
|
|
|
|
|
(render-nar/cached store cache request store-item
|
|
|
|
|
#:compression compression)
|
|
|
|
|
(render-nar store request store-item
|
|
|
|
|
#:compression compression)))
|
2016-07-18 23:58:34 +02:00
|
|
|
|
(not-found request)))
|
2016-07-20 16:54:31 +02:00
|
|
|
|
|
2017-03-22 13:31:54 +01:00
|
|
|
|
;; /nar/<store-item>
|
|
|
|
|
((components ... store-item)
|
|
|
|
|
(if (nar-path? components)
|
|
|
|
|
(render-nar store request store-item
|
|
|
|
|
#:compression %no-compression)
|
|
|
|
|
(not-found request)))
|
|
|
|
|
|
|
|
|
|
(x (not-found request)))
|
2015-03-17 15:21:31 +01:00
|
|
|
|
(not-found request))))
|
|
|
|
|
|
2016-06-09 23:33:20 +02:00
|
|
|
|
(define* (run-publish-server socket store
|
2017-03-22 13:31:54 +01:00
|
|
|
|
#:key (compression %no-compression)
|
2017-04-17 23:13:40 +02:00
|
|
|
|
(nar-path "nar") narinfo-ttl
|
|
|
|
|
cache pool)
|
2016-07-18 23:58:34 +02:00
|
|
|
|
(run-server (make-request-handler store
|
2017-04-17 23:13:40 +02:00
|
|
|
|
#:cache cache
|
|
|
|
|
#:pool pool
|
2017-03-22 13:31:54 +01:00
|
|
|
|
#:nar-path nar-path
|
2016-07-18 23:58:34 +02:00
|
|
|
|
#:narinfo-ttl narinfo-ttl
|
|
|
|
|
#:compression compression)
|
2015-07-19 23:58:37 +02:00
|
|
|
|
concurrent-http-server
|
2015-05-12 11:41:55 +02:00
|
|
|
|
`(#:socket ,socket)))
|
|
|
|
|
|
2015-05-12 21:20:19 +02:00
|
|
|
|
(define (open-server-socket address)
|
|
|
|
|
"Return a TCP socket bound to ADDRESS, a socket address."
|
|
|
|
|
(let ((sock (socket (sockaddr:fam address) SOCK_STREAM 0)))
|
2015-05-12 11:41:55 +02:00
|
|
|
|
(setsockopt sock SOL_SOCKET SO_REUSEADDR 1)
|
2015-05-12 21:20:19 +02:00
|
|
|
|
(bind sock address)
|
2015-05-12 11:41:55 +02:00
|
|
|
|
sock))
|
|
|
|
|
|
|
|
|
|
(define (gather-user-privileges user)
|
|
|
|
|
"Switch to the identity of USER, a user name."
|
|
|
|
|
(catch 'misc-error
|
|
|
|
|
(lambda ()
|
|
|
|
|
(let ((user (getpw user)))
|
|
|
|
|
(setgroups #())
|
|
|
|
|
(setgid (passwd:gid user))
|
|
|
|
|
(setuid (passwd:uid user))))
|
|
|
|
|
(lambda (key proc message args . rest)
|
|
|
|
|
(leave (_ "user '~a' not found: ~a~%")
|
|
|
|
|
user (apply format #f message args)))))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
;;;
|
|
|
|
|
;;; Entry point.
|
|
|
|
|
;;;
|
2015-03-17 15:21:31 +01:00
|
|
|
|
|
|
|
|
|
(define (guix-publish . args)
|
|
|
|
|
(with-error-handling
|
2015-05-12 21:20:19 +02:00
|
|
|
|
(let* ((opts (args-fold* args %options
|
|
|
|
|
(lambda (opt name arg result)
|
|
|
|
|
(leave (_ "~A: unrecognized option~%") name))
|
|
|
|
|
(lambda (arg result)
|
2015-07-23 09:40:05 +02:00
|
|
|
|
(leave (_ "~A: extraneous argument~%") arg))
|
2015-05-12 21:20:19 +02:00
|
|
|
|
%default-options))
|
|
|
|
|
(user (assoc-ref opts 'user))
|
|
|
|
|
(port (assoc-ref opts 'port))
|
2016-06-09 23:33:20 +02:00
|
|
|
|
(ttl (assoc-ref opts 'narinfo-ttl))
|
2016-07-18 23:58:34 +02:00
|
|
|
|
(compression (assoc-ref opts 'compression))
|
2015-05-12 21:20:19 +02:00
|
|
|
|
(address (let ((addr (assoc-ref opts 'address)))
|
|
|
|
|
(make-socket-address (sockaddr:fam addr)
|
|
|
|
|
(sockaddr:addr addr)
|
|
|
|
|
port)))
|
|
|
|
|
(socket (open-server-socket address))
|
2017-03-22 14:00:06 +01:00
|
|
|
|
(nar-path (assoc-ref opts 'nar-path))
|
2017-03-22 09:50:06 +01:00
|
|
|
|
(repl-port (assoc-ref opts 'repl))
|
2017-04-17 23:13:40 +02:00
|
|
|
|
(cache (assoc-ref opts 'cache))
|
|
|
|
|
(workers (assoc-ref opts 'workers))
|
2017-03-22 09:50:06 +01:00
|
|
|
|
|
|
|
|
|
;; Read the key right away so that (1) we fail early on if we can't
|
|
|
|
|
;; access them, and (2) we can then drop privileges.
|
|
|
|
|
(public-key (read-file-sexp (assoc-ref opts 'public-key-file)))
|
|
|
|
|
(private-key (read-file-sexp (assoc-ref opts 'private-key-file))))
|
2015-05-12 11:41:55 +02:00
|
|
|
|
|
|
|
|
|
(when user
|
|
|
|
|
;; Now that we've read the key material and opened the socket, we can
|
|
|
|
|
;; drop privileges.
|
|
|
|
|
(gather-user-privileges user))
|
|
|
|
|
|
|
|
|
|
(when (zero? (getuid))
|
|
|
|
|
(warning (_ "server running as root; \
|
|
|
|
|
consider using the '--user' option!~%")))
|
2017-03-22 09:50:06 +01:00
|
|
|
|
|
|
|
|
|
(parameterize ((%public-key public-key)
|
|
|
|
|
(%private-key private-key))
|
|
|
|
|
(format #t (_ "publishing ~a on ~a, port ~d~%")
|
|
|
|
|
%store-directory
|
|
|
|
|
(inet-ntop (sockaddr:fam address) (sockaddr:addr address))
|
|
|
|
|
(sockaddr:port address))
|
|
|
|
|
(when repl-port
|
|
|
|
|
(repl:spawn-server (repl:make-tcp-server-socket #:port repl-port)))
|
|
|
|
|
(with-store store
|
|
|
|
|
(run-publish-server socket store
|
2017-04-17 23:13:40 +02:00
|
|
|
|
#:cache cache
|
|
|
|
|
#:pool (and cache (make-pool workers))
|
2017-03-22 14:00:06 +01:00
|
|
|
|
#:nar-path nar-path
|
2017-03-22 09:50:06 +01:00
|
|
|
|
#:compression compression
|
|
|
|
|
#:narinfo-ttl ttl))))))
|
2017-04-17 23:13:40 +02:00
|
|
|
|
|
|
|
|
|
;;; Local Variables:
|
|
|
|
|
;;; eval: (put 'single-baker 'scheme-indent-function 1)
|
|
|
|
|
;;; End:
|