summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2014-01-18 16:48:29 +0100
committerLudovic Courtès <ludo@gnu.org>2014-01-18 22:32:50 +0100
commitd43eb499a6c112af609118803c6cd33fbcedfa43 (patch)
tree666deede607f0d64ad1266a60317bd6a2ee48a2c
parentb97c95eb3c4894bbbe7b645b163147e3f837e754 (diff)
downloadguix-d43eb499a6c112af609118803c6cd33fbcedfa43.tar.gz
Update 'nix-upstream' sub-module; adjust build system, doc, and substituter.
* nix-upstream: Update sub-module.
* daemon.am (libutil_a_SOURCES): Add affinity.cc.
  (libutil_headers): Add affinity.hh.
  (libexec_PROGRAMS, nix_setuid_helper_SOURCES,
  nix_setuid_helper_CPPFLAGS, nix_setuid_helper_LDADD): Remove.
* doc/guix.texi (Setting Up the Daemon): Remove paragraph about
  'nix-setuid-helper'.
* guix/scripts/substitute-binary.scm (guix-substitute-binary): Exit 0 when
  %CACHE-URL has an HTTP scheme and looking up its host fails.
  Always print a newline to stdout when starting.
-rw-r--r--daemon.am14
-rw-r--r--doc/guix.texi16
-rwxr-xr-xguix/scripts/substitute-binary.scm25
m---------nix-upstream10
4 files changed, 33 insertions, 32 deletions
diff --git a/daemon.am b/daemon.am
index 60bbaf73ed..f4700f0b07 100644
--- a/daemon.am
+++ b/daemon.am
@@ -1,5 +1,5 @@
 # GNU Guix --- Functional package management for GNU
-# Copyright © 2012, 2013 Ludovic Courtès <ludo@gnu.org>
+# Copyright © 2012, 2013, 2014 Ludovic Courtès <ludo@gnu.org>
 #
 # This file is part of GNU Guix.
 #
@@ -56,6 +56,7 @@ libformat_a_CPPFLAGS =				\
 
 libutil_a_SOURCES =				\
   nix/libutil/archive.cc			\
+  nix/libutil/affinity.cc			\
   nix/libutil/serialise.cc			\
   nix/libutil/util.cc				\
   nix/libutil/xml-writer.cc			\
@@ -63,6 +64,7 @@ libutil_a_SOURCES =				\
   nix/libutil/gcrypt-hash.cc
 
 libutil_headers =				\
+  nix/libutil/affinity.hh			\
   nix/libutil/hash.hh				\
   nix/libutil/serialise.hh			\
   nix/libutil/xml-writer.hh			\
@@ -153,16 +155,6 @@ guix_register_LDADD =				\
   $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS)
 
 
-libexec_PROGRAMS = nix-setuid-helper
-nix_setuid_helper_SOURCES =			\
-  nix/nix-setuid-helper/nix-setuid-helper.cc
-
-nix_setuid_helper_CPPFLAGS =			\
-  $(libutil_a_CPPFLAGS)
-
-nix_setuid_helper_LDADD =			\
-  libutil.a libformat.a
-
 noinst_HEADERS =						\
   $(libformat_headers) $(libutil_headers) $(libstore_headers)	\
   $(guix_daemon_headers)
diff --git a/doc/guix.texi b/doc/guix.texi
index 2081dd13ad..2c40fa83f3 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -245,21 +245,7 @@ archive}):
 # guix archive --generate-key
 @end example
 
-Guix may also be used in a single-user setup, with @command{guix-daemon}
-running as an unprivileged user.  However, to maximize non-interference
-of build processes, the daemon still needs to perform certain operations
-that are restricted to @code{root} on GNU/Linux: it should be able to
-run build processes in a chroot, and to run them under different UIDs.
-To that end, the @command{nix-setuid-helper} program is provided; it is
-a small C program (less than 300 lines) that, if it is made setuid
-@code{root}, can be executed by the daemon to perform these operations
-on its behalf.  The @code{root}-owned @file{/etc/nix-setuid.conf} file
-is read by @command{nix-setuid-helper}; it should contain exactly two
-words: the user name under which the authorized @command{guix-daemon}
-runs, and the name of the build users group.
-
-If you are installing Guix as an unprivileged user and do not have the
-ability to make @file{nix-setuid-helper} setuid-@code{root}, it is still
+If you are installing Guix as an unprivileged user, it is still
 possible to run @command{guix-daemon}.  However, build processes will
 not be isolated from one another, and not from the rest of the system.
 Thus, build processes may interfere with each other, and may access
diff --git a/guix/scripts/substitute-binary.scm b/guix/scripts/substitute-binary.scm
index 901b3fb064..3aaa1c4284 100755
--- a/guix/scripts/substitute-binary.scm
+++ b/guix/scripts/substitute-binary.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -486,6 +486,29 @@ Internal tool to substitute a pre-built binary to a local build.\n"))
   "Implement the build daemon's substituter protocol."
   (mkdir-p %narinfo-cache-directory)
   (maybe-remove-expired-cached-narinfo)
+
+  ;; Starting from commit 22144afa in Nix, we are allowed to bail out directly
+  ;; when we know we cannot substitute, but we must emit a newline on stdout
+  ;; when everything is alright.
+  (let ((uri (string->uri %cache-url)))
+    (case (uri-scheme uri)
+      ((http)
+       ;; Exit gracefully if there's no network access.
+       (let ((host (uri-host uri)))
+         (catch 'getaddrinfo-error
+           (lambda ()
+             (getaddrinfo host))
+           (lambda (key error)
+             (warning (_ "failed to look up host '~a' (~a), \
+substituter disabled~%")
+                      host (gai-strerror error))
+             (exit 0)))))
+      (else #t)))
+
+  ;; Say hello (see above.)
+  (newline)
+  (force-output (current-output-port))
+
   (with-networking
    (match args
      (("--query")
diff --git a/nix-upstream b/nix-upstream
-Subproject 1b6ee8f4c7e74f75e1f49b43cf22be7730b3064
+Subproject bf0ad8aabca67b4faabe3a1ac3c57884ae9924f