nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update 'nix-upstream' sub-module; adjust build system, doc, and substituter. 

* nix-upstream: Update sub-module.
* daemon.am (libutil_a_SOURCES): Add affinity.cc.
  (libutil_headers): Add affinity.hh.
  (libexec_PROGRAMS, nix_setuid_helper_SOURCES,
  nix_setuid_helper_CPPFLAGS, nix_setuid_helper_LDADD): Remove.
* doc/guix.texi (Setting Up the Daemon): Remove paragraph about
  'nix-setuid-helper'.
* guix/scripts/substitute-binary.scm (guix-substitute-binary): Exit 0 when
  %CACHE-URL has an HTTP scheme and looking up its host fails.
  Always print a newline to stdout when starting.
This commit is contained in:
Ludovic Courtès 2014-01-18 16:48:29 +01:00
parent b97c95eb3c
commit d43eb499a6
4 changed files with 29 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
daemon.am
View File

@ -1,5 +1,5 @@
# GNU Guix --- Functional package management for GNU # GNU Guix --- Functional package management for GNU
# Copyright © 2012, 2013 Ludovic Courtès <ludo@gnu.org> # Copyright © 2012, 2013, 2014 Ludovic Courtès <ludo@gnu.org>
# #
# This file is part of GNU Guix. # This file is part of GNU Guix.
# #
@ -56,6 +56,7 @@ libformat_a_CPPFLAGS = \
libutil_a_SOURCES = \ libutil_a_SOURCES = \
nix/libutil/archive.cc \ nix/libutil/archive.cc \
nix/libutil/affinity.cc \
nix/libutil/serialise.cc \ nix/libutil/serialise.cc \
nix/libutil/util.cc \ nix/libutil/util.cc \
nix/libutil/xml-writer.cc \ nix/libutil/xml-writer.cc \
@ -63,6 +64,7 @@ libutil_a_SOURCES = \
nix/libutil/gcrypt-hash.cc nix/libutil/gcrypt-hash.cc
libutil_headers = \ libutil_headers = \
nix/libutil/affinity.hh \
nix/libutil/hash.hh \ nix/libutil/hash.hh \
nix/libutil/serialise.hh \ nix/libutil/serialise.hh \
nix/libutil/xml-writer.hh \ nix/libutil/xml-writer.hh \
@ -153,16 +155,6 @@ guix_register_LDADD = \
$(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS)
libexec_PROGRAMS = nix-setuid-helper
nix_setuid_helper_SOURCES = \
nix/nix-setuid-helper/nix-setuid-helper.cc
nix_setuid_helper_CPPFLAGS = \
$(libutil_a_CPPFLAGS)
nix_setuid_helper_LDADD = \
libutil.a libformat.a
noinst_HEADERS = \ noinst_HEADERS = \
$(libformat_headers) $(libutil_headers) $(libstore_headers) \ $(libformat_headers) $(libutil_headers) $(libstore_headers) \
$(guix_daemon_headers) $(guix_daemon_headers)

16
doc/guix.texi
View File

@ -245,21 +245,7 @@ archive}):
# guix archive --generate-key # guix archive --generate-key
@end example @end example
Guix may also be used in a single-user setup, with @command{guix-daemon} If you are installing Guix as an unprivileged user, it is still
running as an unprivileged user. However, to maximize non-interference
of build processes, the daemon still needs to perform certain operations
that are restricted to @code{root} on GNU/Linux: it should be able to
run build processes in a chroot, and to run them under different UIDs.
To that end, the @command{nix-setuid-helper} program is provided; it is
a small C program (less than 300 lines) that, if it is made setuid
@code{root}, can be executed by the daemon to perform these operations
on its behalf. The @code{root}-owned @file{/etc/nix-setuid.conf} file
is read by @command{nix-setuid-helper}; it should contain exactly two
words: the user name under which the authorized @command{guix-daemon}
runs, and the name of the build users group.
If you are installing Guix as an unprivileged user and do not have the
ability to make @file{nix-setuid-helper} setuid-@code{root}, it is still
possible to run @command{guix-daemon}. However, build processes will possible to run @command{guix-daemon}. However, build processes will
not be isolated from one another, and not from the rest of the system. not be isolated from one another, and not from the rest of the system.
Thus, build processes may interfere with each other, and may access Thus, build processes may interfere with each other, and may access

25
guix/scripts/substitute-binary.scm
View File

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU ;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
;;; ;;;
;;; This file is part of GNU Guix. ;;; This file is part of GNU Guix.
;;; ;;;
@ -486,6 +486,29 @@ Internal tool to substitute a pre-built binary to a local build.\n"))
"Implement the build daemon's substituter protocol." "Implement the build daemon's substituter protocol."
(mkdir-p %narinfo-cache-directory) (mkdir-p %narinfo-cache-directory)
(maybe-remove-expired-cached-narinfo) (maybe-remove-expired-cached-narinfo)
;; Starting from commit 22144afa in Nix, we are allowed to bail out directly
;; when we know we cannot substitute, but we must emit a newline on stdout
;; when everything is alright.
(let ((uri (string->uri %cache-url)))
(case (uri-scheme uri)
((http)
;; Exit gracefully if there's no network access.
(let ((host (uri-host uri)))
(catch 'getaddrinfo-error
(lambda ()
(getaddrinfo host))
(lambda (key error)
(warning (_ "failed to look up host '~a' (~a), \
substituter disabled~%")
host (gai-strerror error))
(exit 0)))))
(else #t)))
;; Say hello (see above.)
(newline)
(force-output (current-output-port))
(with-networking (with-networking
(match args (match args
(("--query") (("--query")

2
nix-upstream

@ -1 +1 @@
Subproject commit 1b6ee8f4c7e74f75e1f49b43cf22be7730b30649 Subproject commit bf0ad8aabca67b4faabe3a1ac3c57884ae9924f4