diff options
author | Ludovic Courtès <ludo@gnu.org> | 2014-01-18 16:48:29 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2014-01-18 22:32:50 +0100 |
commit | d43eb499a6c112af609118803c6cd33fbcedfa43 (patch) | |
tree | 666deede607f0d64ad1266a60317bd6a2ee48a2c | |
parent | b97c95eb3c4894bbbe7b645b163147e3f837e754 (diff) | |
download | guix-d43eb499a6c112af609118803c6cd33fbcedfa43.tar.gz |
Update 'nix-upstream' sub-module; adjust build system, doc, and substituter.
* nix-upstream: Update sub-module. * daemon.am (libutil_a_SOURCES): Add affinity.cc. (libutil_headers): Add affinity.hh. (libexec_PROGRAMS, nix_setuid_helper_SOURCES, nix_setuid_helper_CPPFLAGS, nix_setuid_helper_LDADD): Remove. * doc/guix.texi (Setting Up the Daemon): Remove paragraph about 'nix-setuid-helper'. * guix/scripts/substitute-binary.scm (guix-substitute-binary): Exit 0 when %CACHE-URL has an HTTP scheme and looking up its host fails. Always print a newline to stdout when starting.
-rw-r--r-- | daemon.am | 14 | ||||
-rw-r--r-- | doc/guix.texi | 16 | ||||
-rwxr-xr-x | guix/scripts/substitute-binary.scm | 25 | ||||
m--------- | nix-upstream | 10 |
4 files changed, 33 insertions, 32 deletions
diff --git a/daemon.am b/daemon.am index 60bbaf73ed..f4700f0b07 100644 --- a/daemon.am +++ b/daemon.am @@ -1,5 +1,5 @@ # GNU Guix --- Functional package management for GNU -# Copyright © 2012, 2013 Ludovic Courtès <ludo@gnu.org> +# Copyright © 2012, 2013, 2014 Ludovic Courtès <ludo@gnu.org> # # This file is part of GNU Guix. # @@ -56,6 +56,7 @@ libformat_a_CPPFLAGS = \ libutil_a_SOURCES = \ nix/libutil/archive.cc \ + nix/libutil/affinity.cc \ nix/libutil/serialise.cc \ nix/libutil/util.cc \ nix/libutil/xml-writer.cc \ @@ -63,6 +64,7 @@ libutil_a_SOURCES = \ nix/libutil/gcrypt-hash.cc libutil_headers = \ + nix/libutil/affinity.hh \ nix/libutil/hash.hh \ nix/libutil/serialise.hh \ nix/libutil/xml-writer.hh \ @@ -153,16 +155,6 @@ guix_register_LDADD = \ $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) -libexec_PROGRAMS = nix-setuid-helper -nix_setuid_helper_SOURCES = \ - nix/nix-setuid-helper/nix-setuid-helper.cc - -nix_setuid_helper_CPPFLAGS = \ - $(libutil_a_CPPFLAGS) - -nix_setuid_helper_LDADD = \ - libutil.a libformat.a - noinst_HEADERS = \ $(libformat_headers) $(libutil_headers) $(libstore_headers) \ $(guix_daemon_headers) diff --git a/doc/guix.texi b/doc/guix.texi index 2081dd13ad..2c40fa83f3 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -245,21 +245,7 @@ archive}): # guix archive --generate-key @end example -Guix may also be used in a single-user setup, with @command{guix-daemon} -running as an unprivileged user. However, to maximize non-interference -of build processes, the daemon still needs to perform certain operations -that are restricted to @code{root} on GNU/Linux: it should be able to -run build processes in a chroot, and to run them under different UIDs. -To that end, the @command{nix-setuid-helper} program is provided; it is -a small C program (less than 300 lines) that, if it is made setuid -@code{root}, can be executed by the daemon to perform these operations -on its behalf. The @code{root}-owned @file{/etc/nix-setuid.conf} file -is read by @command{nix-setuid-helper}; it should contain exactly two -words: the user name under which the authorized @command{guix-daemon} -runs, and the name of the build users group. - -If you are installing Guix as an unprivileged user and do not have the -ability to make @file{nix-setuid-helper} setuid-@code{root}, it is still +If you are installing Guix as an unprivileged user, it is still possible to run @command{guix-daemon}. However, build processes will not be isolated from one another, and not from the rest of the system. Thus, build processes may interfere with each other, and may access diff --git a/guix/scripts/substitute-binary.scm b/guix/scripts/substitute-binary.scm index 901b3fb064..3aaa1c4284 100755 --- a/guix/scripts/substitute-binary.scm +++ b/guix/scripts/substitute-binary.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -486,6 +486,29 @@ Internal tool to substitute a pre-built binary to a local build.\n")) "Implement the build daemon's substituter protocol." (mkdir-p %narinfo-cache-directory) (maybe-remove-expired-cached-narinfo) + + ;; Starting from commit 22144afa in Nix, we are allowed to bail out directly + ;; when we know we cannot substitute, but we must emit a newline on stdout + ;; when everything is alright. + (let ((uri (string->uri %cache-url))) + (case (uri-scheme uri) + ((http) + ;; Exit gracefully if there's no network access. + (let ((host (uri-host uri))) + (catch 'getaddrinfo-error + (lambda () + (getaddrinfo host)) + (lambda (key error) + (warning (_ "failed to look up host '~a' (~a), \ +substituter disabled~%") + host (gai-strerror error)) + (exit 0))))) + (else #t))) + + ;; Say hello (see above.) + (newline) + (force-output (current-output-port)) + (with-networking (match args (("--query") diff --git a/nix-upstream b/nix-upstream -Subproject 1b6ee8f4c7e74f75e1f49b43cf22be7730b3064 +Subproject bf0ad8aabca67b4faabe3a1ac3c57884ae9924f |