diff options
| -rw-r--r-- | daemon.am | 14 | ||||
| -rw-r--r-- | doc/guix.texi | 16 | ||||
| -rwxr-xr-x | guix/scripts/substitute-binary.scm | 25 | ||||
| m--------- | nix-upstream | 10 |
4 files changed, 33 insertions, 32 deletions
diff --git a/daemon.am b/daemon.am index 60bbaf73ed..f4700f0b07 100644 --- a/daemon.am +++ b/daemon.am @@ -1,5 +1,5 @@ # GNU Guix --- Functional package management for GNU -# Copyright © 2012, 2013 Ludovic Courtès <ludo@gnu.org> +# Copyright © 2012, 2013, 2014 Ludovic Courtès <ludo@gnu.org> # # This file is part of GNU Guix. # @@ -56,6 +56,7 @@ libformat_a_CPPFLAGS = \ libutil_a_SOURCES = \ nix/libutil/archive.cc \ + nix/libutil/affinity.cc \ nix/libutil/serialise.cc \ nix/libutil/util.cc \ nix/libutil/xml-writer.cc \ @@ -63,6 +64,7 @@ libutil_a_SOURCES = \ nix/libutil/gcrypt-hash.cc libutil_headers = \ + nix/libutil/affinity.hh \ nix/libutil/hash.hh \ nix/libutil/serialise.hh \ nix/libutil/xml-writer.hh \ @@ -153,16 +155,6 @@ guix_register_LDADD = \ $(SQLITE3_LIBS) $(LIBGCRYPT_LIBS) -libexec_PROGRAMS = nix-setuid-helper -nix_setuid_helper_SOURCES = \ - nix/nix-setuid-helper/nix-setuid-helper.cc - -nix_setuid_helper_CPPFLAGS = \ - $(libutil_a_CPPFLAGS) - -nix_setuid_helper_LDADD = \ - libutil.a libformat.a - noinst_HEADERS = \ $(libformat_headers) $(libutil_headers) $(libstore_headers) \ $(guix_daemon_headers) diff --git a/doc/guix.texi b/doc/guix.texi index 2081dd13ad..2c40fa83f3 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -245,21 +245,7 @@ archive}): # guix archive --generate-key @end example -Guix may also be used in a single-user setup, with @command{guix-daemon} -running as an unprivileged user. However, to maximize non-interference -of build processes, the daemon still needs to perform certain operations -that are restricted to @code{root} on GNU/Linux: it should be able to -run build processes in a chroot, and to run them under different UIDs. -To that end, the @command{nix-setuid-helper} program is provided; it is -a small C program (less than 300 lines) that, if it is made setuid -@code{root}, can be executed by the daemon to perform these operations -on its behalf. The @code{root}-owned @file{/etc/nix-setuid.conf} file -is read by @command{nix-setuid-helper}; it should contain exactly two -words: the user name under which the authorized @command{guix-daemon} -runs, and the name of the build users group. - -If you are installing Guix as an unprivileged user and do not have the -ability to make @file{nix-setuid-helper} setuid-@code{root}, it is still +If you are installing Guix as an unprivileged user, it is still possible to run @command{guix-daemon}. However, build processes will not be isolated from one another, and not from the rest of the system. Thus, build processes may interfere with each other, and may access diff --git a/guix/scripts/substitute-binary.scm b/guix/scripts/substitute-binary.scm index 901b3fb064..3aaa1c4284 100755 --- a/guix/scripts/substitute-binary.scm +++ b/guix/scripts/substitute-binary.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -486,6 +486,29 @@ Internal tool to substitute a pre-built binary to a local build.\n")) "Implement the build daemon's substituter protocol." (mkdir-p %narinfo-cache-directory) (maybe-remove-expired-cached-narinfo) + + ;; Starting from commit 22144afa in Nix, we are allowed to bail out directly + ;; when we know we cannot substitute, but we must emit a newline on stdout + ;; when everything is alright. + (let ((uri (string->uri %cache-url))) + (case (uri-scheme uri) + ((http) + ;; Exit gracefully if there's no network access. + (let ((host (uri-host uri))) + (catch 'getaddrinfo-error + (lambda () + (getaddrinfo host)) + (lambda (key error) + (warning (_ "failed to look up host '~a' (~a), \ +substituter disabled~%") + host (gai-strerror error)) + (exit 0))))) + (else #t))) + + ;; Say hello (see above.) + (newline) + (force-output (current-output-port)) + (with-networking (match args (("--query") diff --git a/nix-upstream b/nix-upstream -Subproject 1b6ee8f4c7e74f75e1f49b43cf22be7730b3064 +Subproject bf0ad8aabca67b4faabe3a1ac3c57884ae9924f |