Fixes <https://bugs.gnu.org/37744>.
Reported at <https://www.openwall.com/lists/oss-security/2019/10/09/4>.
Based on Nix commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d
by Eelco Dolstra <edolstra@gmail.com>.
* nix/libstore/local-store.cc (LocalStore::LocalStore): Set 'perUserDir'
to #o755 instead of #o1777.
(LocalStore::createUser): New function.
* nix/libstore/local-store.hh (LocalStore): Add it.
* nix/libstore/store-api.hh (StoreAPI): Add it.
* nix/nix-daemon/nix-daemon.cc (performOp): In 'wopSetOptions', add
condition to handle "user-name" property and honor it.
(processConnection): Add 'userId' parameter. Call 'store->createUser'
when userId is not -1.
* guix/profiles.scm (ensure-profile-directory): Note that this is now
handled by the daemon.
* guix/store.scm (current-user-name): New procedure.
(set-build-options): Add #:user-name parameter and pass it to the daemon.
* tests/guix-daemon.sh: Test the creation of 'profiles/per-user' when
listening on a TCP socket.
* tests/store.scm ("profiles/per-user exists and is not writable")
("profiles/per-user/$USER exists"): New tests.
This allows callers to request the substitution of a single derivation
output.
* guix/store.scm (build-things): Accept derivation/output pairs among
THINGS.
* guix/derivations.scm (build-derivations): Likewise.
* tests/store.scm ("substitute + build-things with specific output"):
New test.
* tests/derivations.scm ("build-derivations with specific output"):
New test.
* doc/guix.texi (The Store): Adjust accordingly.
Until now, something like "guix build sed -v1 --check" would not get a
'build-succeeded' event, which in turn meant that the spinner would not
be erased upon build completion.
* nix/libstore/build.cc (DerivationGoal::registerOutputs): When
'buildMode' is bmCheck and 'settings.printBuildTrace' emit a
"@ build-succeeded" trace upon success.
* tests/store.scm ("build-succeeded trace in check mode"): New test.
This allows clients to tell whether output comes from the daemon or, if
it comes from a builder, from which builder it comes. The latter is
particularly useful when MAX-BUILD-JOBS > 1.
* nix/libstore/build.cc (DerivationGoal::tryBuildHook)
(DerivationGoal::startBuilder): Print the child's PID in "@ build-started"
traces.
(DerivationGoal::handleChildOutput): Define 'prefix', pass it to
'writeToStderr'.
* nix/libstore/globals.cc (Settings:Settings): Initialize
'multiplexedBuildOutput'.
(Settings::update): Likewise.
* nix/libstore/globals.hh (Settings)[multiplexedBuildOutput]: New field.
Update 'printBuildTrace' documentation.
* nix/libstore/worker-protocol.hh (PROTOCOL_VERSION): Bump to 0.163.
* nix/nix-daemon/nix-daemon.cc (performOp) <wopSetOptions>: Special-case
"multiplexed-build-output" and remove "use-ssh-substituter".
* guix/store.scm (set-build-options): Add #:multiplexed-build-output?
and honor it.
(%protocol-version): Bump to #x163.
* tests/store.scm ("multiplexed-build-output"): New test.
fixlet
* guix/store.scm (%not-slash): New variable.
(add-file-tree-to-store, interned-file-tree): New procedures.
* tests/store.scm ("add-file-tree-to-store"): New test.
This is a follow-up to commit 40e89f5be6.
* tests/store.scm ("dead path can be explicitly collected"): Don't check
that (> freed 0).
* gnu/packages/package-management.scm (guix)[arguments]<#:phases>: Remove
workaround for the same problem.
Fixes a mistake in a9a0227c01.
* tests/store.scm ("current-build-output-port, UTF-8 + garbage"):
Inverse the 'cond-expand' clauses since the 'guile-2.0' feature doesn't
exist.
* guix/serialization.scm (write-bytevector): New procedure.
(write-string): Rewrite in terms of 'write-bytevector'.
* guix/store.scm (write-arg): Add 'bytevector' case.
(add-data-to-store): New procedure, from former 'add-text-to-store'.
(add-text-to-store): Rewrite in terms of 'add-data-to-store'.
* tests/store.scm ("add-data-to-store"): New test.
Fixes <http://bugs.gnu.org/20217>.
* nix/libstore/worker-protocol.hh (PROTOCOL_VERSION): Bump to 0x161.
* nix/nix-daemon/nix-daemon.cc (performOp): "build-max-jobs",
"build-max-silent-time", and "build-cores" are no longer read upfront;
instead, read them from the key/value list at the end.
* nix/nix-daemon/guix-daemon.cc (main): Explicitly set
'settings.maxBuildJobs'.
* guix/store.scm (%protocol-version): Bump to #x161.
(set-build-options): #:max-build-jobs, #:max-silent-time, and
#:build-cores now default to #f. Adjust handshake to new protocol.
* tests/store.scm ("build-cores"): New test.
* tests/guix-daemon.sh: Add test for default "build-cores" value.
* guix/store.scm (open-connection): Guard body against 'nar-error?' and
re-raise as '&nix-connection-error'.
* tests/store.scm ("connection handshake error"): New test.
Reported by Federico Beffa <beffa@ieee.org>
at <https://lists.gnu.org/archive/html/guix-devel/2016-05/msg00928.html>.
* nix/libstore/local-store.cc (LocalStore::querySubstitutablePaths)
(LocalStore::querySubstitutablePathInfos): Return when
'settings.useSubstitutes' is false.
* tests/store.scm ("references/substitutes missing reference info"):
Make sure to return #f on failure.
* tests/store.scm ("substitutable-path-info when substitutes are turned off"):
("substitutable-paths when substitutes are turned off"): New tests.
Before that '.log' files for scheme tests were fragmented and not
included in test-suite.log. This unifies the semantics of SRFI-64 API
with Automake test suite.
* build-aux/test-driver.scm: New file.
* Makefile.am (SCM_LOG_DRIVER, AM_SCM_LOG_DRIVER_FLAGS): New variables.
(SCM_LOG_COMPILER, AM_SCM_LOG_FLAGS): Delete variables.
(AM_TESTS_ENVIRONMENT): Set GUILE_AUTO_COMPILE to 0.
* test-env.in: Silence guix-daemon.
* doc/guix.texi (Running the Test Suite): Describe how to display the
detailed results. Bug reports require only 'test-suite.log' file.
* tests/base32.scm, tests/build-utils.scm, tests/builders.scm,
tests/challenge.scm, tests/cpan.scm, tests/cpio.scm, tests/cran.scm,
tests/cve.scm, tests/derivations.scm, tests/elpa.scm,
tests/file-systems.scm, tests/gem.scm, tests/gexp.scm,
tests/gnu-maintenance.scm, tests/grafts.scm, tests/graph.scm,
tests/gremlin.scm, tests/hackage.scm, tests/hash.scm,
tests/import-utils.scm, tests/lint.scm, tests/monads.scm, tests/nar.scm,
tests/packages.scm, tests/pk-crypto.scm, tests/pki.scm,
tests/profiles.scm, tests/publish.scm, tests/pypi.scm,
tests/records.scm, tests/scripts-build.scm, tests/scripts.scm,
tests/services.scm, tests/sets.scm, tests/size.scm, tests/snix.scm,
tests/store.scm, tests/substitute.scm, tests/syscalls.scm,
tests/system.scm, tests/ui.scm, tests/union.scm, tests/upstream.scm,
tests/utils.scm: Don't exit at the end of test groups.
* tests/containers.scm: Likewise. Use 'test-skip' instead of exiting
with error code 77.
Before that, 'guix build --substitute-urls=""' would lead to using the
daemon's own URL list instead of the empty list. The 'or*' hack, which
is to blame, had become unnecessary since commit
fb4bf72be3.
Reported by Mark H Weaver <mhw@netris.org>.
* guix/scripts/substitute.scm (or*): Remove.
(%cache-urls): Use 'or' instead of 'or*'.
* tests/store.scm ("substitute query, alternating URLs"): Add test with
empty URL list.
* doc/guix.texi (Common Build Options): Mention the empty string.
* guix/store.scm (read-path-info): Use #f when we get the empty string
for DERIVER.
* guix/scripts/publish.scm (narinfo-string): Adjust accordingly.
* tests/store.scm ("path-info-deriver"): New test.
* guix/store.scm (%protocol-version): Set minor to 15.
(build-mode): New enumerate type.
(build-things): Add 'mode' parameter; pass it to the RPC.
* tests/store.scm ("build-things, check mode"): New check.
* guix/scripts/substitute.scm (or*): New macro.
(%cache-url): Honor "untrusted-substitute-urls".
* guix/tests.scm (%test-substitute-urls): New variable.
(open-connection-for-tests): Use it.
* tests/derivations.scm ("derivation-prerequisites-to-build and substitutes",
"derivation-prerequisites-to-build and substitutes, non-substitutable
build", "derivation-prerequisites-to-build and substitutes, local build"):
Pass it to 'set-build-options'.
* tests/guix-daemon.sh: Likewise.
* tests/store.scm ("substitute query, alternating URLs"): New test.
("substitute query", "substitute", "substitute + build-things with output
path", "substitute, corrupt output hash", "substitute --fallback"): Pass
#:substitute-urls to 'set-build-options'.
This ensures that switching between different substitute servers doesn't lead
to a polluted narinfo cache.
* guix/scripts/substitute.scm (narinfo-cache-file): Add 'cache-url'
parameter. Add the base32 of CACHE-URL as a sub-directory under
%NARINFO-CACHE-DIRECTORY. Update callers.
(cached-narinfo): Likewise. Call 'mkdir-p' on the dirname of the cache
file. Update callers.
(remove-expired-cached-narinfos): Add 'directory' parameter and use it
instead of %NARINFO-CACHE-DIRECTORY.
(narinfo-cache-directories): New procedure.
(maybe-remove-expired-cached-narinfo): Call 'remove-expired-cached-narinfos'
for each item returned by 'narinfo-cache-directories'.
* guix/store.scm (<path-info>): New record type.
(read-path-info): New procedure.
(read-arg): Add 'path-info' syntax.
(query-path-info): New variable.
* tests/store.scm ("query-path-info"): New test.
* guix/serialization.scm (read-maybe-utf8-string): New procedure.
* guix/store.scm (process-stderr): Use it for the build log and errors.
* tests/store.scm ("current-build-output-port, UTF-8",
"current-build-output-port, UTF-8 + garbage"): New tests.
* guix/store.scm (operation-id): Rename 'build-derivations' to
'build-things', as per Nix commit 1aba0bf0.
(build-derivations): Rename to...
(build-things): ... this. Keep 'build-derivations' as an alias.
(build): New procedure.
* tests/store.scm ("build-things with output path",
"substitute + build-things with output path"): New tests.
* guix/tests.scm (%substitute-directory): New variable.
(call-with-derivation-narinfo): Use it.
(call-with-derivation-substitute): New procedure.
(with-derivation-substitute): New macro.
* tests/store.scm ("substitute"): Use 'with-derivation-substitute'.
("substitute, corrupt output hash"): Likewise.
* guix/tests.scm (derivation-narinfo): Turn 'nar' into a keyword
parameter. Add #:sha256 parameter, and honor it.
(call-with-derivation-narinfo): Add #:sha256 and pass it to
'derivation-narinfo'.
(with-derivation-narinfo): Extend with support for (sha256 => value).
* tests/store.scm ("substitute query"): Use 'with-derivation-narinfo'.
("substitute"): Likewise.
("substitute, corrupt output hash"): Likewise.
("substitute --fallback"): Likewise.
* tests/derivations.scm: Remove Emacs local variable.
* guix/store.scm (run-gc): Add calls to 'hash-clear!'.
* tests/store.scm ("add-text-to-store vs. delete-paths",
"add-to-store vs. delete-paths"): New tests.