Commit graph

63 commits

Author SHA1 Message Date
Ludovic Courtès
f9b1bb916c
daemon: Read substitute nar size as 'unsigned long long'.
Fixes <https://issues.guix.gnu.org/46212>.
Reported by Christopher Baines <mail@cbaines.net>.

Previously, the nar size returned by 'guix substitute' would be read as
an 'int'; thus, values above 2^31 - 1 would be read and then stored as
negative integers in the database.

Regression introduced in 9dfa20a22a.

* nix/libstore/build.cc (SubstitutionGoal::finished): Use templatized
'string2Int' instead of 'std::atoi' to get an 'unsigned long long',
which is the type of 'hash.second'.
* tests/store.scm ("substitute and large size"): New test.
2021-11-25 00:17:21 +01:00
Ludovic Courtès
2d73086262
daemon: 'guix substitute' replies on FD 4.
This avoids the situation where error messages would unintentionally go
to stderr and be wrongfully interpreted as a reply by the daemon.

Fixes <https://bugs.gnu.org/46362>.
This is a followup to ee3226e9d5.

* guix/scripts/substitute.scm (display-narinfo-data): Add 'port'
parameter and honor it.
(process-query): Likewise.
(process-substitution): Likewise.
(%error-to-file-descriptor-4?, with-redirected-error-port): Remove.
(%reply-file-descriptor): New variable.
(guix-substitute): Remove use of 'with-redirected-error-port'.  Define
'reply-port' and pass it to 'process-query' and 'process-substitution'.
* nix/libstore/build.cc (SubstitutionGoal::handleChildOutput): Swap
'builderOut' and 'fromAgent'.
* nix/libstore/local-store.cc (LocalStore::getLineFromSubstituter):
Likewise.
* tests/substitute.scm <top level>: Set '%reply-file-descriptor'
rather than '%error-to-file-descriptor-4?'.
2021-04-09 17:46:38 +02:00
Ludovic Courtès
ec7fb66994
daemon: Prevent privilege escalation with '--keep-failed' [security].
Fixes <https://bugs.gnu.org/47229>.
Reported by Nathan Nye of WhiteBeam Security.

* nix/libstore/build.cc (DerivationGoal::startBuilder): When 'useChroot'
is true, add "/top" to 'tmpDir'.
(DerivationGoal::deleteTmpDir): Adjust accordingly.  When
'settings.keepFailed' is true, chown in two steps: first the "/top"
sub-directory, and then rename "/top" to its parent.
2021-03-18 12:18:56 +01:00
Ludovic Courtès
c7c7f068c1
daemon: Delegate deduplication to 'guix substitute'.
This removes the main source of latency between subsequent downloads.

* nix/libstore/build.cc (SubstitutionGoal::tryToRun): Add a
"deduplicate" key to ENV.
(SubstitutionGoal::finished): Remove call to 'optimisePath'.
* guix/scripts/substitute.scm (process-substitution)[destination-in-store?]
[dump-file/deduplicate*]: New variables.
Pass #:dump-file to 'restore-file'.
* guix/scripts/substitute.scm (guix-substitute)[deduplicate?]: New
variable.
Pass #:deduplicate? to 'process-substitution'.
* guix/serialization.scm (dump-file): Export and augment 'dump-file'.
2020-12-19 23:25:01 +01:00
Ludovic Courtès
15cf28fbb4
daemon: Do not reset timestamps and permissions on substituted items.
'guix substitute' now takes care of it via 'restore-file'.

* nix/libstore/build.cc (SubstitutionGoal::finished): Remove call to
'canonicalisePathMetaData'.
2020-12-19 23:25:01 +01:00
Ludovic Courtès
9dfa20a22a
daemon: Let 'guix substitute' perform hash checks.
This way, the hash of the store item can be computed as it is restored,
thereby avoiding an additional file tree traversal ('hashPath' call)
later on in the daemon.  Consequently, it should reduce latency between
subsequent substitute downloads.

This is a followup to 5ff521452b.

* guix/scripts/substitute.scm (narinfo-hash-algorithm+value): New
procedure.
(process-substitution): Wrap INPUT into a hash input port, 'hashed', and
read from it.  Compare the actual and expected hashes, and print a
"hash-mismatch" status line when they differ.  When they match, print
not just "success" but also the nar hash and size.
* nix/libstore/build.cc (class SubstitutionGoal)[expectedHashStr]:
Remove.
(SubstitutionGoal::finished): Tokenize 'status'.  Parse it and handle
"success" and "hash-mismatch" accordingly.  Call 'hashPath' only when
the returned hash is not SHA256.
(SubstitutionGoal::handleChildOutput): Remove 'expectedHashStr'
handling.
* tests/substitute.scm ("substitute, invalid hash"): Rename to...
("substitute, invalid narinfo hash"): ... this.
("substitute, invalid hash"): New test.
2020-12-19 23:25:00 +01:00
Ludovic Courtès
bfe4cdf88e
daemon: Raise an error if substituter doesn't send the expected hash.
It was already impossible in practice for 'expectedHashStr' to be empty
if 'status' == "success".

* nix/libstore/build.cc (SubstitutionGoal::finished): Throw 'SubstError'
when 'expectedHashStr' is empty.
2020-12-08 22:30:08 +01:00
Ludovic Courtès
5ff521452b
substitute: Cache and reuse connections while substituting.
That way, when fetching a series of substitutes from the same server(s),
the connection is reused instead of being closed/opened for each
substitutes, which saves on network round trips and TLS handshakes.

* guix/http-client.scm (http-fetch): Add #:keep-alive? and honor it.
* guix/progress.scm (progress-report-port): Add #:close? parameter and
honor it.
* guix/scripts/substitute.scm (at-most): Return the tail as a second
value.
(fetch): Add #:port and #:keep-alive? and honor them.
(%max-cached-connections): New variable.
(open-connection-for-uri/cached, call-with-cached-connection): New
procedures.
(with-cached-connection): New macro.
(process-substitution): Wrap 'fetch' call in 'with-cached-connection'.
Pass #:close? to 'progress-report-port'.
2020-12-08 22:30:08 +01:00
Ludovic Courtès
711df9ef3c
daemon: Run 'guix substitute --substitute' as an agent.
This avoids spawning one substitute process per substitution.

* nix/libstore/build.cc (class Worker)[substituter]: New field.
[outPipe, logPipe, pid]: Remove.
(class SubstitutionGoal)[expectedHashStr, status, substituter]: New fields.
(SubstitutionGoal::timedOut): Adjust to check 'substituter'.
(SubstitutionGoal::tryToRun): Remove references to 'outPipe' and
'logPipe'.  Run "guix substitute --substitute" as an 'Agent'.  Send the
request with 'writeLine'.
(SubstitutionGoal::finished): Likewise.
(SubstitutionGoal::handleChildOutput): Change to fill in
'expectedHashStr' and 'status'.
(SubstitutionGoal::handleEOF): Call 'wakeUp' unconditionally.
(SubstitutionGoal::~SubstitutionGoal): Adjust to check 'substituter'.
* guix/scripts/substitute.scm (process-substitution): Write "success\n"
to stdout upon success.
(%error-to-file-descriptor-4?): New variable.
(guix-substitute): Set 'current-error-port' to file descriptor 4
unless (%error-to-file-descriptor-4?) is false.
Remove "--substitute" arguments.  Loop reading line from stdin.
* tests/substitute.scm <top level>: Call '%error-to-file-descriptor-4?'.
(request-substitution): New procedure.
("substitute, no signature")
("substitute, invalid hash")
("substitute, unauthorized key")
("substitute, authorized key")
("substitute, unauthorized narinfo comes first")
("substitute, unsigned narinfo comes first")
("substitute, first narinfo is unsigned and has wrong hash")
("substitute, first narinfo is unsigned and has wrong refs")
("substitute, two invalid narinfos")
("substitute, narinfo with several URLs"): Adjust to new "guix
substitute --substitute" calling convention.
2020-12-08 22:30:08 +01:00
Ludovic Courtès
79c6614f58
daemon: Use 'Agent' to spawn 'guix substitute --query'.
* nix/libstore/local-store.hh (RunningSubstituter): Remove.
(LocalStore)[runningSubstituter]: Change to unique_ptr<Agent>.
[setSubstituterEnv, didSetSubstituterEnv]: Remove.
[getLineFromSubstituter, getIntLineFromSubstituter]: Take an 'Agent'.
* nix/libstore/local-store.cc (LocalStore::~LocalStore): Remove
reference to 'runningSubstituter'.
(LocalStore::setSubstituterEnv, LocalStore::startSubstituter): Remove.
(LocalStore::getLineFromSubstituter): Adjust to 'run' being an 'Agent'.
(LocalStore::querySubstitutablePaths): Spawn substituter agent if
needed.  Adjust to 'Agent' interface.
(LocalStore::querySubstitutablePathInfos): Likewise.
* nix/libstore/build.cc (SubstitutionGoal::tryToRun): Remove call to
'setSubstituterEnv' and add 'setenv' call for "_NIX_OPTIONS" instead.
(SubstitutionGoal::finished): Remove 'readLine' call for 'dummy'.
* guix/scripts/substitute.scm (%allow-unauthenticated-substitutes?):
Remove second argument to 'make-parameter'.
(process-query): Call 'warn-about-missing-authentication'
when (%allow-unauthenticated-substitutes?) is #t.
(guix-substitute): Wrap body in 'parameterize'.  Set 'guix-warning-port'
too.  No longer exit when 'substitute-urls' returns the empty list.  No
longer print newline initially.
* tests/substitute.scm (test-quit): Parameterize 'current-error-port' to
account for the port changes in 'guix-substitute'.
2020-12-08 22:30:08 +01:00
Ludovic Courtès
56fc14577e
daemon: Remove unneeded forward declaration.
This is a followup to ee9dff34f9.

* nix/libstore/build.cc: Remove 'struct Agent' forward declaration.
2020-12-01 00:10:48 +01:00
Ludovic Courtès
d4fac4be0d
daemon: Remove pre-Guix hack.
* nix/libstore/build.cc (DerivationGoal::startBuilder): Remove
"NIX_OUTPUT_CHECKED" hack.
2020-11-29 23:55:56 +01:00
Maxim Cournoyer
0fa0e8df60
nix: Honor '--rounds' when also using '--check'.
Fixes <https://issues.guix.gnu.org/40144>.

Until now, the '--rounds' option, when also using '--check', was ignored.
This change makes it possible to use both, so that an item that has already
been built once can be rebuilt as many times as desired.

* nix/libstore/build.cc: Remove the conditionals causing the daemon to
complete a build task early when 'buildMode' is equal to 'nix::bmCheck'.

Reported-by: Brice Waegeneire <brice@waegenei.re>
2020-10-09 16:55:22 -04:00
Ludovic Courtès
9556ac498f
daemon: Try to execute derivation builders only for matching OS kernels.
Fixes <https://bugs.gnu.org/43668>.

Previously, guix-daemon would try to run GNU/Hurd executables on
GNU/Linux.  execve(2) would succeed, but the executable would
immediately crash.

This change prevents it from attempting to execute "i586-gnu" code on
"*-linux", while preserving the binfmt_misc-friendly behavior
implemented in commit 7bf2a70a4f.

* nix/libstore/build.cc (sameOperatingSystemKernel): New function.
(DerivationGoal::runChild): Call 'execve' only when
'sameOperatingSystemKernel' returns true.
2020-10-01 12:45:38 +02:00
Ludovic Courtès
ee9dff34f9
daemon: Move 'Agent' to libutil.
* nix/libstore/build.cc (DerivationGoal::tryBuildHook): Add "offload" to
'args' and pass settings.guixProgram as the first argument to
Agent::Agent.
(pathNullDevice, commonChildInit, Agent, Agent::Agent)
(Agent::~Agent): Move to...
* nix/libutil/util.cc: ... here.
* nix/libutil/util.hh (struct Agent, commonChildInit): New
declarations.
2020-09-14 15:42:55 +02:00
Ludovic Courtès
7809071c82
daemon: Generalize 'HookInstance' to 'Agent'.
* nix/libstore/build.cc (HookInstance): Rename to...
(Agent): ... this.  Rename 'toHook' and 'fromHook' similarly and update
users.  Change constructor to require a command and an argument list.
(DerivationGoal::tryBuildHook): Pass arguments to the 'Agent'
constructor.
2020-09-14 15:42:55 +02:00
Manolis Ragkousis
9c3b28b911
daemon: Do not use clone on the Hurd.
Checking for CLONE_NEWNS is only needed for using tha Linux specific clone(2),
otherwise we can use fork(2).  Using clone on the Hurd needs some work, only
support LINUX for now.  See
https://lists.gnu.org/archive/html/guix-devel/2020-03/msg00190.html

* nix/libstore/build.cc (CHROOT_ENABLED): Break into CHROOT_ENABLED
and CLONE_ENABLED.
(DerivationGoal::startBuilder): Replace CHROOT_ENABLED with __linux__.
(DerivationGoal::runChild): Only define pivot_root() if SYS_pivot_root is
defined.

Co-authored-by: Jan Nieuwenhuizen <janneke@gnu.org>
2020-03-26 12:59:33 +01:00
Ludovic Courtès
298fb2907e
daemon: Don't include <linux/fs.h>.
As of GNU libc 2.29, <sys/mount.h> declares all the constants and
functions we need, so there's no use in including <linux/fs.h> anymore.
This silences annoying warnings like this one:

  In file included from nix/libstore/local-store.cc:32:0:
  /gnu/store/…-linux-libre-headers-4.19.56/include/linux/fs.h:108:0: warning: "MS_RDONLY" redefined
   #define MS_RDONLY  1 /* Mount read-only */

  In file included from nix/libstore/local-store.cc:28:0:
  /gnu/store/…-glibc-2.29/include/sys/mount.h:36:0: note: this is the location of the previous definition
   #define MS_RDONLY MS_RDONLY

* config-daemon.ac: Remove check for <linux/fs.h>.
* nix/libstore/build.cc: Remove conditional inclusion of <linux/fs.h>.
* nix/libstore/local-store.cc: Remove "#if HAVE_LINUX_FS_H" and
inclusion of <linux/fs.h>.
2019-11-13 23:26:35 +01:00
Ludovic Courtès
af73beeba1
daemon: Unregister build hook from the worker's children upon build failure.
Fixes <https://bugs.gnu.org/38062>.
This is a followup to ada9a19a2d.

* nix/libstore/build.cc (DerivationGoal::killChild): Add conditional
call to 'worker.childTerminated' for 'hook->pid'.
2019-11-04 23:35:32 +01:00
Ludovic Courtès
ada9a19a2d
daemon: Strictly respect timeouts for 'guix offload'.
Until now it was up to 'guix offload' to honor timeouts.  Unfortunately
it would sometimes fail to do that, for example due to the libssh bug at
<https://bugs.libssh.org/T33>.  With this change, 'guix offload' is
automatically killed by the daemon when one of the timeouts expires.

Thus, data transfers performed by 'guix offload' now count as part of
the timeouts, rather than just actual build time.

* nix/libstore/build.cc (DerivationGoal::tryBuildHook): Pass true as the
'respectTimeouts' argument to 'childStarted'.
2019-09-28 22:56:40 +02:00
Ludovic Courtès
f6919ebdc6
daemon: Run 'guix substitute' directly and assume a single substituter.
The daemon had a mechanism that allows it to handle a list of
substituters and try them sequentially; this removes it.

* nix/scripts/substitute.in: Remove.
* nix/local.mk (nodist_pkglibexec_SCRIPTS): Remove.
* config-daemon.ac: Don't output 'nix/scripts/substitute'.
* nix/libstore/build.cc (SubstitutionGoal)[subs, sub, hasSubstitute]:
Remove.
[tryNext]: Make private.
(SubstitutionGoal::SubstitutionGoal, SubstitutionGoal::init): Remove now
unneeded initializers.
(SubstitutionGoal::tryNext): Adjust to assume a single substituter: call
'amDone' upfront when we couldn't find substitutes.
(SubstitutionGoal::tryToRun): Adjust to run 'guix substitute' via
'settings.guixProgram'.
(SubstitutionGoal::finished): Call 'amDone(ecFailed)' upon failure
instead of setting 'state' to 'tryNext'.
* nix/libstore/globals.hh (Settings)[substituters]: Remove.
* nix/libstore/local-store.cc (LocalStore::~LocalStore): Adjust to
handle a single substituter.
(LocalStore::startSubstituter): Remove 'path' parameter.  Adjust to
invoke 'settings.guixProgram'.  Don't refer to 'run.program', which no
longer exists.
(LocalStore::querySubstitutablePaths): Adjust for 'runningSubstituters'
being a singleton instead of a list.
(LocalStore::querySubstitutablePathInfos): Likewise, and remove
'substituter' parameter.
* nix/libstore/local-store.hh (RunningSubstituter)[program]: Remove.
(LocalStore)[runningSubstituters]: Remove.
[runningSubstituter]: New field.
[querySubstitutablePathInfos]: Remove 'substituter' parameter.
[startSubstituter]: Remove 'substituter' parameter.
* nix/nix-daemon/guix-daemon.cc (main): Remove references to
'settings.substituters'.
* nix/nix-daemon/nix-daemon.cc (performOp): Ignore the user's
"build-use-substitutes" value when 'settings.useSubstitutes' is false.
2019-09-08 11:49:24 +02:00
Ludovic Courtès
bc69ea2d60
daemon: Run 'guix offload' directly.
* nix/scripts/offload.in: Remove.
* nix/local.mk (nodist_pkglibexec_SCRIPTS) [BUILD_DAEMON_OFFLOAD]:
Remove 'scripts/offload'.
* config-daemon.ac: Don't output 'nix/scripts/offload'.
* build-aux/pre-inst-env.in: Don't set 'NIX_BUILD_HOOK'.
* nix/libstore/build.cc (HookInstance::HookInstance): Run 'guix
offload'.
(DerivationGoal::tryBuildHook): Remove reference to 'NIX_BUILD_HOOK'.
* nix/nix-daemon/guix-daemon.cc (main) [HAVE_DAEMON_OFFLOAD_HOOK]: Don't
set 'NIX_BUILD_HOOK'.
* nix/nix-daemon/nix-daemon.cc (performOp) [!HAVE_DAEMON_OFFLOAD_HOOK]:
Leave 'settings.useBuildHook' unchanged.
2019-09-08 11:49:24 +02:00
Ludovic Courtès
76533c52c0
daemon: Replace "illegal" by "invalid" in error messages.
* nix/libstore/build.cc (parseReferenceSpecifiers): Replace "illegal" by
"invalid".
* nix/libstore/globals.cc (Settings::pack): Likewise.
* nix/libstore/store-api.cc (checkStoreName): Likewise.
2019-06-13 00:44:01 +02:00
Ludovic Courtès
d591242808
daemon: Emit a 'build-succeeded' event in check mode.
Until now, something like "guix build sed -v1 --check" would not get a
'build-succeeded' event, which in turn meant that the spinner would not
be erased upon build completion.

* nix/libstore/build.cc (DerivationGoal::registerOutputs): When
'buildMode' is bmCheck and 'settings.printBuildTrace' emit a
"@ build-succeeded" trace upon success.
* tests/store.scm ("build-succeeded trace in check mode"): New test.
2019-02-06 23:06:18 +01:00
Ludovic Courtès
8327e73396
daemon: Use unbranded phrases in comments and messages.
* nix/libstore/build.cc, nix/libstore/globals.cc,
nix/libstore/gc.cc, nix/libstore/local-store.cc,
nix/libstore/optimise-store.cc, nix/libstore/store-api.cc,
nix/libutil/archive.cc, nix/nix-daemon/nix-daemon.cc: Replace "Nix
store" by "store", and "Nix daemon" by "build daemon".
2018-12-16 16:28:07 +01:00
Ludovic Courtès
6ef61cc4c3
daemon: Support multiplexed build output.
This allows clients to tell whether output comes from the daemon or, if
it comes from a builder, from which builder it comes.  The latter is
particularly useful when MAX-BUILD-JOBS > 1.

* nix/libstore/build.cc (DerivationGoal::tryBuildHook)
(DerivationGoal::startBuilder): Print the child's PID in "@ build-started"
traces.
(DerivationGoal::handleChildOutput): Define 'prefix', pass it to
'writeToStderr'.
* nix/libstore/globals.cc (Settings:Settings): Initialize
'multiplexedBuildOutput'.
(Settings::update): Likewise.
* nix/libstore/globals.hh (Settings)[multiplexedBuildOutput]: New field.
Update 'printBuildTrace' documentation.
* nix/libstore/worker-protocol.hh (PROTOCOL_VERSION): Bump to 0.163.
* nix/nix-daemon/nix-daemon.cc (performOp) <wopSetOptions>: Special-case
"multiplexed-build-output" and remove "use-ssh-substituter".
* guix/store.scm (set-build-options): Add #:multiplexed-build-output?
and honor it.
(%protocol-version): Bump to #x163.
* tests/store.scm ("multiplexed-build-output"): New test.

fixlet
2018-10-15 22:40:35 +02:00
Ludovic Courtès
dc0f74e5fc
Add (guix status) and use it for pretty colored output.
* guix/progress.scm (progress-reporter/trace): New procedure.
(%progress-interval): New variable.
(progress-reporter/file): Use it.
* guix/scripts/build.scm (set-build-options-from-command-line): Pass
 #:print-extended-build-trace?.
(%default-options): Add 'print-extended-build-trace?'.
(guix-build): Parameterize CURRENT-TERMINAL-COLUMNS.  Use
'build-status-updater'.
* guix/scripts/environment.scm (%default-options): Add
'print-extended-build-trace?'.
(guix-environment): Wrap body in 'with-status-report'.
* guix/scripts/pack.scm (%default-options): Add 'print-build-trace?' and
'print-extended-build-trace?'.
(guix-pack): Wrap body in 'with-status-report'.
* guix/scripts/package.scm (%default-options, guix-package): Likewise.
* guix/scripts/system.scm (%default-options, guix-system): Likewise.
* guix/scripts/pull.scm (%default-options, guix-pull): Likewise.
* guix/scripts/substitute.scm (progress-report-port): Don't call STOP
when TOTAL is zero.
(process-substitution): Add #:print-build-trace? and honor it.
(guix-substitute)[print-build-trace?]: New variable.
Pass #:print-build-trace? to 'process-substitution'.
* guix/status.scm: New file.
* guix/store.scm (set-build-options): Add #:print-extended-build-trace?;
pass it into PAIRS.
(%protocol-version): Bump.
(protocol-version, nix-server-version): New procedures.
(current-store-protocol-version): New variable.
(with-store, build-things): Parameterize it.
* guix/ui.scm (build-output-port): Remove.
(colorize-string): Export.
* po/guix/POTFILES.in: Add guix/status.scm.
* tests/status.scm: New file.
* Makefile.am (SCM_TESTS): Add it.
* nix/libstore/worker-protocol.hh (PROTOCOL_VERSION): Bump to 0x162.
* nix/libstore/build.cc (DerivationGoal::registerOutputs)
(SubstitutionGoal::finished): Print a "@ hash-mismatch" trace before
throwing.
2018-09-27 23:21:53 +02:00
Efraim Flashner
162825f965
daemon: Allow building for armhf-linux on aarch64-linux.
* nix/libstore/build.cc (canBuildLocally): Allow building armhf-linux
builds on aarch64-linux.
(DerivationGoal::runChild) Throw error if attempting to build for
armhf-linux on an unsupported platform.
* doc/guix.texi (Invoking guix build): Document how to build natively
for armhf-linux on aarch64-linux.  Add note that on some aarch64
machines this is unsupported.
2018-05-17 20:37:27 +03:00
Ludovic Courtès
7bf2a70a4f
daemon: Always try to execute the builder regardless of the platform.
* nix/libstore/build.cc (runChild): Move platform check after 'execve'
call.  Check specifically for ENOEXEC.
2018-01-11 10:25:06 +01:00
Ludovic Courtès
f997137d0e
daemon: Make libbz2 an optional dependency.
* config-daemon.ac: Don't bail out when libbz2 is missing.  Define
'HAVE_LIBBZ2' Automake conditional.
* nix/libstore/build.cc: Wrap relevant bits in '#if HAVE_BZLIB_H'.
* nix/libstore/globals.cc (Settings::Settings): 'logCompression'
defaults to COMPRESSION_GZIP when HAVE_BZLIB_H is false.
* nix/libstore/globals.hh (CompressionType): Make 'COMPRESSION_BZIP2'
conditional on HAVE_BZLIB_H.
* nix/local.mk (guix_register_LDADD, guix_daemon_LDADD): Add -lbz2 only
when HAVE_LIBBZ2.
* nix/nix-daemon/guix-daemon.cc (parse_opt): Ignore "bzip2" when not
HAVE_BZLIB_H.
2018-01-07 23:47:22 +01:00
Ludovic Courtès
29a6866886
daemon: Add gzip log compression.
* nix/nix-daemon/guix-daemon.cc (GUIX_OPT_LOG_COMPRESSION): New macro.
(options): Mark "disable-log-compression" as hidden and add
"log-compression".
(parse_opt): Handle GUIX_OPT_LOG_COMPRESSION.
* nix/libstore/build.cc (DerivationGoal): Add 'gzLogFile'.
(openLogFile): Initialize it when 'logCompression' is COMPRESSION_GZIP.
(closeLogFile, handleChildOutput): Honor 'gzLogFile'.
* nix/libstore/globals.hh (Settings)[compressLog]: Remove.
[logCompression]: New field.
(CompressionType): New enum.
* nix/libstore/globals.cc (Settings::Settings): Initialize it.
(update): Remove '_get' call for 'compressLog'.
* nix/local.mk (guix_daemon_LDADD, guix_register_LDADD): Add -lz.
* guix/store.scm (log-file): Handle '.gz' log files.
* tests/guix-daemon.sh: Add test with '--log-compression=gzip'.
* doc/guix.texi (Invoking guix-daemon): Adjust accordingly.
* config-daemon.ac: Check for libz and zlib.h.
2018-01-07 23:47:22 +01:00
Jörg Thalheim
842e0e439a
Simplify remouting with MS_PRIVATE in sandbox build
also fix race condition if mounts are added after mountinfo is read.
2017-08-18 11:31:17 +02:00
Mark H Weaver
a1aa5dabaa
daemon: Ensure the child stack is aligned on a 16-byte boundary.
* nix/libstore/build.cc (DerivationGoal::startBuilder): When calling 'clone',
ensure that the stack is aligned on a 16-byte boundary.
2017-08-07 16:41:03 -04:00
Efraim Flashner
31ed845b70
daemon: On aarch64, use increments of 16 on the stack.
* nix/libstore/build.cc (DerivationGoal::startBuilder): When on aarch64,
when calling clone(), increment the stack by 16.
2017-08-05 22:38:48 +03:00
Mark H Weaver
7656739771
Revert "daemon: Ensure proper alignment on the stack."
This reverts commit ab4ccc8fcf.
2017-08-05 01:57:25 -04:00
Ludovic Courtès
f0a0b58bfa
daemon: Report hash mismatches in a cleaner way.
Suggested by Hartmut Goebel.

* nix/libstore/build.cc (DerivationGoal::registerOutputs): Report hash
mismatches on 3 lines for clarity.
(SubstitutionGoal::finished): Likewise.
2017-05-30 18:08:37 +02:00
Efraim Flashner
ab4ccc8fcf
daemon: Ensure proper alignment on the stack.
* nix/libstore/build.cc (startBuilder): When calling 'clone', increase
the step to 16 and ensure it aligns properly on the stack.
2017-02-20 13:09:03 +02:00
Ludovic Courtès
9b5364a3af
daemon: Allow check builds of 'builtin:download' derivations.
Fixes <http://bugs.gnu.org/25089>.
Reported by Leo Famulari <leo@famulari.name>.

* nix/libstore/build.cc (DerivationGoal::runChild): In the 'isBuiltin'
case, check whether DRV's output is in 'redirectedOutputs', and pass an
'output' argument to the built-in builder.
(DerivationGoal::addHashRewrite): Add 'printMsg' call.
* nix/libstore/builtins.hh (derivationBuilder): Add 'output' parameter.
* nix/libstore/builtins.cc (builtinDownload): Likewise.
Add OUTPUT to ARGV.
* guix/scripts/perform-download.scm (perform-download): Add 'output'
parameter.
(guix-perform-download): Adjust 'match' clauses accordingly.
* tests/derivations.scm ("'download' built-in builder, check mode"): New
test.
2017-01-11 17:06:31 +01:00
Ludovic Courtès
8ecc3c6c44
daemon: Allow fixed-output derivation builds with TMPDIR set.
Fixes <http://bugs.gnu.org/25242>.
Reported by Leo Famulari <leo@famulari.name>.
The regression was introduced in 94d92c7796.

* nix/libstore/build.cc (DerivationGoal::startBuilder): Set 'useChroot'
as a function 'of isBuiltin(drv)'.
(DerivationGoal::runChild): Use 'useChroot' instead of
'useChroot && !isBuiltin(drv)'.
2016-12-29 18:22:49 +01:00
Hartmut Goebel
2608e40988
daemon: Set ownership of kept build directories to the calling user.
Fixes <http://bugs.gnu.org/15890>.

* nix/libstore/globals.hh (Settings) Add clientUid and clientGid.
* nix/nix-daemon/nix-daemon.cc (daemonLoop] Store UID and GID of the
  caller in settings.
* nix/libstore/build.cc (_chown): New function.
  (DerivationGoal::deleteTmpDir): Use it, change ownership of build
  directory if it is kept and the new owner is not root.
2016-12-09 15:46:09 +01:00
Ludovic Courtès
94d92c7796
daemon: Add "builtin:download" derivation builder.
This ensures that 1) the derivation doesn't change when Guix changes;
2) the derivation closure doesn't contain Guix and its dependencies; 3)
we don't have to rely on ugly chroot hacks.

Adapted from Nix commit 0a2bee307b20411f5b0dda0c662b1f9bb9e0e131.

* nix/libstore/build.cc (DerivationGoal::runChild): Add special case for
'isBuiltin(drv)'.  Disable chroot when 'isBuiltin(drv)'.
* nix/libstore/builtins.cc, nix/libstore/builtins.hh,
nix/scripts/download.in, guix/scripts/perform-download.scm: New files.
* guix/ui.scm (show-guix-help)[internal?]: Add 'perform-download'.
* nix/local.mk (libstore_a_SOURCES): Add builtins.cc.
(libstore_headers): Add builtins.hh.
(nodist_pkglibexec_SCRIPTS): Add 'scripts/download'.
* config-daemon.ac: Emit 'scripts/download'.
* Makefile.am (MODULES): Add 'guix/scripts/perform-download.scm'.
* tests/derivations.scm ("unknown built-in builder")
("'download' built-in builder")
("'download' built-in builder, invalid hash")
("'download' built-in builder, not found")
("'download' built-in builder, not fixed-output"): New tests.

Co-authored-by: Eelco Dolstra <eelco.dolstra@logicblox.com>
2016-11-16 18:19:47 +01:00
Ludovic Courtès
4078fa8f72
daemon: Fix typo.
Fixes a regression/typo introduced in
e08380fb6c.

* nix/libstore/build.cc (DerivationGoal::startBuilder): Canonicalize
"/tmp", not "/tmp/guix-build".
2016-05-31 18:22:14 +02:00
Eelco Dolstra
b4528110c6
daemon: rounds: Keep the differing output if -K is given.
Regardless of -K, we now also print which output differs.
2016-05-31 14:25:28 +02:00
Eelco Dolstra
7f3b2510d6
daemon: check: Keep the differing output if -K is given.
This makes it easier to investigate the non-determinism, e.g.

  $ nix-build pkgs/stdenv/linux -A stage1.pkgs.zlib --check -K
  error: derivation ‘/nix/store/l54i8wlw22656i4pk05c52ngv9rpl39q-zlib-1.2.8.drv’ may not be deterministic: output ‘/nix/store/11a27shh6n2ivi4a7s964i65ql80cf27-zlib-1.2.8’ differs from ‘/nix/store/11a27shh6n2ivi4a7s964i65ql80cf27-zlib-1.2.8-check’

  $ diffoscope /nix/store/11a27shh6n2ivi4a7s964i65ql80cf27-zlib-1.2.8 /nix/store/11a27shh6n2ivi4a7s964i65ql80cf27-zlib-1.2.8-check
  ...
  ├── lib/libz.a
  │   ├── metadata
  │   │ @@ -1,15 +1,15 @@
  │   │ -rw-r--r-- 30001/30000   3096 Jan 12 15:20 2016 adler32.o
  ...
  │   │ +rw-r--r-- 30001/30000   3096 Jan 12 15:28 2016 adler32.o
  ...

Co-authored-by: Ludovic Courtès <ludo@gnu.org>
2016-05-31 14:25:28 +02:00
Eelco Dolstra
7889e72dad
daemon: check: Fix "failed to produce output path".
This occured when sandbox building is disabled, at least one output
exists, and at least one other output does not.
2016-05-31 14:25:28 +02:00
Eelco Dolstra
f83e82cd00
daemon: check: Fix assertion failure when some outputs are missing.
E.g.

  $ nix-build pkgs/stdenv/linux/ -A stage1.pkgs.perl --check
  nix-store: src/libstore/build.cc:1323: void nix::DerivationGoal::tryToBuild(): Assertion `buildMode != bmCheck || validPaths.size() == drv->outputs.size()' failed.

when perl.out exists but perl.man doesn't. The fix is to only check
the outputs that exist. Note that "nix-build -A stage1.pkgs.all
--check" will still give a (proper) error in this case.
2016-05-31 14:25:28 +02:00
Eelco Dolstra
c56cd90cc9
daemon: When repairing, rebuild if there is no substituter. 2016-05-31 14:25:28 +02:00
Eelco Dolstra
1a9574e3a7
daemon: Fix --repair failure on multiple-output derivations.
If repair found a corrupted/missing path that depended on a
multiple-output derivation, and some of the outputs of the latter were
not present, it failed with a message like

  error: path ‘/nix/store/cnfn9d5fjys1y93cz9shld2xwaibd7nn-bash-4.3-p42-doc’ is not valid

Co-authored-by: Ludovic Courtès <ludo@gnu.org>
2016-05-31 14:25:28 +02:00
Eelco Dolstra
e08380fb6c
daemon: Handle /tmp being a symlink.
* nix/libstore/build.cc (DerivationGoal::startBuilder): Call 'canonPath'
on "/tmp".
2016-05-31 14:25:28 +02:00
Ludovic Courtès
7a57c96a10 daemon: Build in /tmp/guix-build-*.
* nix/libstore/build.cc (DerivationGoal::startBuilder): Use "guix-build"
instead of "nix-build" for TMPDIR.
* doc/guix.texi (Build Environment Setup): Adjust accordingly.
2015-12-30 18:01:01 +01:00