From f3853a259b9b0588f6ae4f32c5c56a77ab096e86 Mon Sep 17 00:00:00 2001 From: Julien Lepiller Date: Sat, 10 Jun 2017 11:59:18 +0200 Subject: gnu: services: use seconds instead of duration strings. * gnu/services/dns.scm (zone-file, knot-policy-configuration): Use numbers instead of duration strings. (verify-knot-policy-configuration): Fix typo. * doc/guix.texi (DNS Services): Update documentation. --- doc/guix.texi | 29 ++++++++++++----------------- 1 file changed, 12 insertions(+), 17 deletions(-) (limited to 'doc/guix.texi') diff --git a/doc/guix.texi b/doc/guix.texi index 4933a98ddb..87147802b3 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -13907,26 +13907,21 @@ The serial number of the zone. As this is used to keep track of changes by both slaves and resolvers, it is mandatory that it @emph{never} decreases. Always increment it when you make a change in your zone. -@item @code{refresh} (default: @code{"2d"}) -The frequency at which slaves will do a zone transfer. This value can be -a number of seconds or a number of some unit between: -@itemize -@item m: minute -@item h: hour -@item d: day -@item w: week -@end itemize +@item @code{refresh} (default: @code{(* 2 24 3600)}) +The frequency at which slaves will do a zone transfer. This value is a number +of seconds. It can be computed by multiplications or with +@code{(string->duration)}. -@item @code{retry} (default: @code{"15m"}) +@item @code{retry} (default: @code{(* 15 60)}) The period after which a slave will retry to contact its master when it fails to do so a first time. -@item @code{expiry} (default: @code{"2w"}) +@item @code{expiry} (default: @code{(* 14 24 3600)}) Default TTL of records. Existing records are considered correct for at most this amount of time. After this period, resolvers will invalidate their cache and check again that it still exists. -@item @code{nx} (default: @code{"1h"}) +@item @code{nx} (default: @code{3600}) Default TTL of inexistant records. This delay is usually short because you want your new domains to reach everyone quickly. @@ -14029,17 +14024,17 @@ algorithm, but would be unsecure for other algorithms. The TTL value for DNSKEY records added into zone apex. The special @code{'default} value means same as the zone SOA TTL. -@item @code{zsk-lifetime} (default: @code{"30d"}) +@item @code{zsk-lifetime} (default: @code{(* 30 24 3600)}) The period between ZSK publication and the next rollover initiation. -@item @code{propagation-delay} (default: @code{"1d"}) +@item @code{propagation-delay} (default: @code{(* 24 3600)}) An extra delay added for each key rollover step. This value should be high enough to cover propagation of data from the master server to all slaves. -@item @code{rrsig-lifetime} (default: @code{"14d"}) +@item @code{rrsig-lifetime} (default: @code{(* 14 24 3600)}) A validity period of newly issued signatures. -@item @code{rrsig-refresh} (default: @code{"7d"}) +@item @code{rrsig-refresh} (default: @code{(* 7 24 3600)}) A period how long before a signature expiration the signature will be refreshed. @item @code{nsec3?} (default: @code{#f}) @@ -14052,7 +14047,7 @@ The number of additional times the hashing is performed. The length of a salt field in octets, which is appended to the original owner name before hashing. -@item @code{nsec3-salt-lifetime} (default: @code{"30d"}) +@item @code{nsec3-salt-lifetime} (default: @code{(* 30 24 3600)}) The validity period of newly issued salt field. @end table -- cgit 1.4.1 From 5df1395a8d4bb83e002e1aab5d930edd2b49d27e Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 19 Jun 2017 17:50:28 +0200 Subject: store: Define a default port for TCP connections. * guix/store.scm (%default-guix-port): New variable. (connect-to-daemon)[connect]: Use it when (uri-port uri) is #f. * doc/guix.texi (The Store): Mention the default port number. --- doc/guix.texi | 4 ++-- guix/store.scm | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) (limited to 'doc/guix.texi') diff --git a/doc/guix.texi b/doc/guix.texi index 87147802b3..ee9f80ef4d 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -3770,8 +3770,8 @@ These are for Unix-domain sockets. @item guix These URIs denote connections over TCP/IP, without encryption nor -authentication of the remote host. The URI must always specify both the -host name and port number: +authentication of the remote host. The URI must specify the host name +and optionally a port number (by default port 44146 is used): @example guix://master.guix.example.org:1234 diff --git a/guix/store.scm b/guix/store.scm index 9b4c65532e..d1a4c67ae8 100644 --- a/guix/store.scm +++ b/guix/store.scm @@ -383,6 +383,10 @@ (connect s a) s))) +(define %default-guix-port + ;; Default port when connecting to a daemon over TCP/IP. + 44146) + (define (open-inet-socket host port) "Connect to the Unix-domain socket at HOST:PORT and return it. Raise a '&nix-connection-error' upon error." @@ -446,12 +450,8 @@ name." (open-unix-domain-socket (uri-path uri)))) ('guix (lambda (_) - (unless (uri-port uri) - (raise (condition (&nix-connection-error - (file (uri->string uri)) - (errno EBADR))))) ;bah! - - (open-inet-socket (uri-host uri) (uri-port uri)))) + (open-inet-socket (uri-host uri) + (or (uri-port uri) %default-guix-port)))) ((? symbol? scheme) ;; Try to dynamically load a module for SCHEME. ;; XXX: Errors are swallowed. -- cgit 1.4.1 From 1071f781d97509347144754b3248581cf7c6c1d5 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 19 Jun 2017 17:39:24 +0200 Subject: daemon: '--listen' can be passed several times, can specify TCP endpoints. * nix/nix-daemon/guix-daemon.cc (DEFAULT_GUIX_PORT): New macro. (listen_options): New variable. (parse_opt): Push back '--listen' options to LISTEN_OPTIONS. (open_unix_domain_socket, open_inet_socket) (listening_sockets): New functions. (main): Use it. Pass SOCKETS to 'run'. * nix/nix-daemon/nix-daemon.cc (matchUser): Remove. (SD_LISTEN_FDS_START): Remove. (acceptConnection): New function. (daemonLoop): Rewrite to take a vector of file descriptors, to select(2) on them, and to call 'acceptConnection'. (run): Change to take a vector of file descriptors. * tests/guix-daemon.sh: Add test. --- doc/guix.texi | 55 +++++++- nix/nix-daemon/guix-daemon.cc | 152 +++++++++++++++++++++-- nix/nix-daemon/nix-daemon.cc | 283 +++++++++++++++++++----------------------- tests/guix-daemon.sh | 12 ++ 4 files changed, 327 insertions(+), 175 deletions(-) (limited to 'doc/guix.texi') diff --git a/doc/guix.texi b/doc/guix.texi index ee9f80ef4d..729ec081be 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -1258,12 +1258,47 @@ Assume @var{system} as the current system type. By default it is the architecture/kernel pair found at configure time, such as @code{x86_64-linux}. -@item --listen=@var{socket} -Listen for connections on @var{socket}, the file name of a Unix-domain -socket. The default socket is -@file{@var{localstatedir}/daemon-socket/socket}. This option is only -useful in exceptional circumstances, such as if you need to run several -daemons on the same machine. +@item --listen=@var{endpoint} +Listen for connections on @var{endpoint}. @var{endpoint} is interpreted +as the file name of a Unix-domain socket if it starts with +@code{/} (slash sign). Otherwise, @var{endpoint} is interpreted as a +host name or host name and port to listen to. Here are a few examples: + +@table @code +@item --listen=/gnu/var/daemon +Listen for connections on the @file{/gnu/var/daemon} Unix-domain socket, +creating it if needed. + +@item --listen=localhost +@cindex daemon, remote access +@cindex remote access to the daemon +@cindex daemon, cluster setup +@cindex clusters, daemon setup +Listen for TCP connections on the network interface corresponding to +@code{localhost}, on port 44146. + +@item --listen=128.0.0.42:1234 +Listen for TCP connections on the network interface corresponding to +@code{128.0.0.42}, on port 1234. +@end table + +This option can be repeated multiple times, in which case +@command{guix-daemon} accepts connections on all the specified +endpoints. Users can tell client commands what endpoint to connect to +by setting the @code{GUIX_DAEMON_SOCKET} environment variable +(@pxref{The Store, @code{GUIX_DAEMON_SOCKET}}). + +@quotation Note +The daemon protocol is @emph{unauthenticated and unencrypted}. Using +@code{--listen=@var{host}} is suitable on local networks, such as +clusters, where only trusted nodes may connect to the build daemon. In +other cases where remote access to the daemon is needed, we recommend +using Unix-domain sockets along with SSH. +@end quotation + +When @code{--listen} is omitted, @command{guix-daemon} listens for +connections on the Unix-domain socket located at +@file{@var{localstatedir}/daemon-socket/socket}. @end table @@ -3769,6 +3804,10 @@ These are for Unix-domain sockets. @file{/var/guix/daemon-socket/socket}. @item guix +@cindex daemon, remote access +@cindex remote access to the daemon +@cindex daemon, cluster setup +@cindex clusters, daemon setup These URIs denote connections over TCP/IP, without encryption nor authentication of the remote host. The URI must specify the host name and optionally a port number (by default port 44146 is used): @@ -3781,6 +3820,10 @@ This setup is suitable on local networks, such as clusters, where only trusted nodes may connect to the build daemon at @code{master.guix.example.org}. +The @code{--listen} option of @command{guix-daemon} can be used to +instruct it to listen for TCP connections (@pxref{Invoking guix-daemon, +@code{--listen}}). + @item ssh @cindex SSH access to build daemons These URIs allow you to connect to a remote daemon over diff --git a/nix/nix-daemon/guix-daemon.cc b/nix/nix-daemon/guix-daemon.cc index 0d9c33d1d2..7963358202 100644 --- a/nix/nix-daemon/guix-daemon.cc +++ b/nix/nix-daemon/guix-daemon.cc @@ -1,5 +1,6 @@ /* GNU Guix --- Functional package management for GNU Copyright (C) 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès + Copyright (C) 2006, 2010, 2012, 2014 Eelco Dolstra This file is part of GNU Guix. @@ -30,8 +31,12 @@ #include #include #include +#include +#include +#include #include #include +#include #include #include @@ -43,7 +48,7 @@ char **argvSaved; using namespace nix; /* Entry point in `nix-daemon.cc'. */ -extern void run (Strings args); +extern void run (const std::vector &); /* Command-line options. */ @@ -149,6 +154,12 @@ to live outputs") }, }; +/* Default port for '--listen' on TCP/IP. */ +#define DEFAULT_GUIX_PORT "44146" + +/* List of '--listen' options. */ +static std::list listen_options; + /* Convert ARG to a Boolean value, or throw an error if it does not denote a Boolean. */ static bool @@ -217,15 +228,7 @@ parse_opt (int key, char *arg, struct argp_state *state) settings.keepLog = false; break; case GUIX_OPT_LISTEN: - try - { - settings.nixDaemonSocketFile = canonPath (arg); - } - catch (std::exception &e) - { - fprintf (stderr, _("error: %s\n"), e.what ()); - exit (EXIT_FAILURE); - } + listen_options.push_back (arg); break; case GUIX_OPT_SUBSTITUTE_URLS: settings.set ("substitute-urls", arg); @@ -276,13 +279,134 @@ static const struct argp argp = guix_textdomain }; + +static int +open_unix_domain_socket (const char *file) +{ + /* Create and bind to a Unix domain socket. */ + AutoCloseFD fdSocket = socket (PF_UNIX, SOCK_STREAM, 0); + if (fdSocket == -1) + throw SysError (_("cannot create Unix domain socket")); + + createDirs (dirOf (file)); + + /* Urgh, sockaddr_un allows path names of only 108 characters. + So chdir to the socket directory so that we can pass a + relative path name. */ + if (chdir (dirOf (file).c_str ()) == -1) + throw SysError (_("cannot change current directory")); + Path fileRel = "./" + baseNameOf (file); + + struct sockaddr_un addr; + addr.sun_family = AF_UNIX; + if (fileRel.size () >= sizeof (addr.sun_path)) + throw Error (format (_("socket file name '%1%' is too long")) % fileRel); + strcpy (addr.sun_path, fileRel.c_str ()); + + unlink (file); + + /* Make sure that the socket is created with 0666 permission + (everybody can connect --- provided they have access to the + directory containing the socket). */ + mode_t oldMode = umask (0111); + int res = bind (fdSocket, (struct sockaddr *) &addr, sizeof addr); + umask (oldMode); + if (res == -1) + throw SysError (format (_("cannot bind to socket '%1%'")) % file); + + if (chdir ("/") == -1) /* back to the root */ + throw SysError (_("cannot change current directory")); + + if (listen (fdSocket, 5) == -1) + throw SysError (format (_("cannot listen on socket '%1%'")) % file); + + return fdSocket.borrow (); +} + +/* Return a listening socket for ADDRESS, which has the given LENGTH. */ +static int +open_inet_socket (const struct sockaddr *address, socklen_t length) +{ + AutoCloseFD fd = socket (address->sa_family, SOCK_STREAM, 0); + if (fd == -1) + throw SysError (_("cannot create TCP socket")); + + int res = bind (fd, address, length); + if (res == -1) + throw SysError (_("cannot bind TCP socket")); + + if (listen (fd, 5) == -1) + throw SysError (format (_("cannot listen on TCP socket"))); + + return fd.borrow (); +} + +/* Return a list of file descriptors of listening sockets. */ +static std::vector +listening_sockets (const std::list &options) +{ + std::vector result; + + if (options.empty ()) + { + /* Open the default Unix-domain socket. */ + auto fd = open_unix_domain_socket (settings.nixDaemonSocketFile.c_str ()); + result.push_back (fd); + return result; + } + + /* Open the user-specified sockets. */ + for (const std::string& option: options) + { + if (option[0] == '/') + { + /* Assume OPTION is the file name of a Unix-domain socket. */ + settings.nixDaemonSocketFile = canonPath (option); + int fd = + open_unix_domain_socket (settings.nixDaemonSocketFile.c_str ()); + result.push_back (fd); + } + else + { + /* Assume OPTIONS has the form "HOST" or "HOST:PORT". */ + auto colon = option.find_last_of (":"); + auto host = colon == std::string::npos + ? option : option.substr (0, colon); + auto port = colon == std::string::npos + ? DEFAULT_GUIX_PORT + : option.substr (colon + 1, option.size () - colon - 1); + + struct addrinfo *res, hints; + + memset (&hints, '\0', sizeof hints); + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_NUMERICSERV | AI_ADDRCONFIG; + + int err = getaddrinfo (host.c_str(), port.c_str (), + &hints, &res); + + if (err != 0) + throw Error(format ("failed to look up '%1%': %2%") + % option % gai_strerror (err)); + + printMsg (lvlDebug, format ("listening on '%1%', port '%2%'") + % host % port); + + /* XXX: Pick the first result, RES. */ + result.push_back (open_inet_socket (res->ai_addr, + res->ai_addrlen)); + + freeaddrinfo (res); + } + } + + return result; +} int main (int argc, char *argv[]) { - static const Strings nothing; - setlocale (LC_ALL, ""); bindtextdomain (guix_textdomain, LOCALEDIR); textdomain (guix_textdomain); @@ -359,6 +483,8 @@ main (int argc, char *argv[]) argp_parse (&argp, argc, argv, 0, 0, 0); + auto sockets = listening_sockets (listen_options); + /* Effect all the changes made via 'settings.set'. */ settings.update (); @@ -402,7 +528,7 @@ using `--build-users-group' is highly recommended\n")); printMsg (lvlDebug, format ("listening on `%1%'") % settings.nixDaemonSocketFile); - run (nothing); + run (sockets); } catch (std::exception &e) { diff --git a/nix/nix-daemon/nix-daemon.cc b/nix/nix-daemon/nix-daemon.cc index 79580ffb48..3d8e909901 100644 --- a/nix/nix-daemon/nix-daemon.cc +++ b/nix/nix-daemon/nix-daemon.cc @@ -18,6 +18,7 @@ #include #include #include +#include #include #include #include @@ -809,151 +810,87 @@ static void setSigChldAction(bool autoReap) } -bool matchUser(const string & user, const string & group, const Strings & users) +/* Accept a connection on FDSOCKET and fork a server process to process the + new connection. */ +static void acceptConnection(int fdSocket) { - if (find(users.begin(), users.end(), "*") != users.end()) - return true; - - if (find(users.begin(), users.end(), user) != users.end()) - return true; - - for (auto & i : users) - if (string(i, 0, 1) == "@") { - if (group == string(i, 1)) return true; - struct group * gr = getgrnam(i.c_str() + 1); - if (!gr) continue; - for (char * * mem = gr->gr_mem; *mem; mem++) - if (user == string(*mem)) return true; - } - - return false; -} - - -#define SD_LISTEN_FDS_START 3 - - -static void daemonLoop() -{ - if (chdir("/") == -1) - throw SysError("cannot change current directory"); - - /* Get rid of children automatically; don't let them become - zombies. */ - setSigChldAction(true); - - AutoCloseFD fdSocket; - - /* Handle socket-based activation by systemd. */ - if (getEnv("LISTEN_FDS") != "") { - if (getEnv("LISTEN_PID") != std::to_string(getpid()) || getEnv("LISTEN_FDS") != "1") - throw Error("unexpected systemd environment variables"); - fdSocket = SD_LISTEN_FDS_START; - } - - /* Otherwise, create and bind to a Unix domain socket. */ - else { - - /* Create and bind to a Unix domain socket. */ - fdSocket = socket(PF_UNIX, SOCK_STREAM, 0); - if (fdSocket == -1) - throw SysError("cannot create Unix domain socket"); - - string socketPath = settings.nixDaemonSocketFile; - - createDirs(dirOf(socketPath)); - - /* Urgh, sockaddr_un allows path names of only 108 characters. - So chdir to the socket directory so that we can pass a - relative path name. */ - if (chdir(dirOf(socketPath).c_str()) == -1) - throw SysError("cannot change current directory"); - Path socketPathRel = "./" + baseNameOf(socketPath); - - struct sockaddr_un addr; - addr.sun_family = AF_UNIX; - if (socketPathRel.size() >= sizeof(addr.sun_path)) - throw Error(format("socket path `%1%' is too long") % socketPathRel); - strcpy(addr.sun_path, socketPathRel.c_str()); - - unlink(socketPath.c_str()); - - /* Make sure that the socket is created with 0666 permission - (everybody can connect --- provided they have access to the - directory containing the socket). */ - mode_t oldMode = umask(0111); - int res = bind(fdSocket, (struct sockaddr *) &addr, sizeof(addr)); - umask(oldMode); - if (res == -1) - throw SysError(format("cannot bind to socket `%1%'") % socketPath); - - if (chdir("/") == -1) /* back to the root */ - throw SysError("cannot change current directory"); - - if (listen(fdSocket, 5) == -1) - throw SysError(format("cannot listen on socket `%1%'") % socketPath); - } - - closeOnExec(fdSocket); - - /* Loop accepting connections. */ - while (1) { - - try { - /* Important: the server process *cannot* open the SQLite - database, because it doesn't like forks very much. */ - assert(!store); - - /* Accept a connection. */ - struct sockaddr_un remoteAddr; - socklen_t remoteAddrLen = sizeof(remoteAddr); - - AutoCloseFD remote = accept(fdSocket, - (struct sockaddr *) &remoteAddr, &remoteAddrLen); - checkInterrupt(); - if (remote == -1) { - if (errno == EINTR) - continue; - else - throw SysError("accepting connection"); - } - - closeOnExec(remote); - - bool trusted = false; - pid_t clientPid = -1; + uid_t clientUid = (uid_t) -1; + gid_t clientGid = (gid_t) -1; + try { + /* Important: the server process *cannot* open the SQLite + database, because it doesn't like forks very much. */ + assert(!store); + + /* Accept a connection. */ + struct sockaddr_storage remoteAddr; + socklen_t remoteAddrLen = sizeof(remoteAddr); + + try_again: + AutoCloseFD remote = accept(fdSocket, + (struct sockaddr *) &remoteAddr, &remoteAddrLen); + checkInterrupt(); + if (remote == -1) { + if (errno == EINTR) + goto try_again; + else + throw SysError("accepting connection"); + } + + closeOnExec(remote); + + pid_t clientPid = -1; + bool trusted = false; + + /* Get the identity of the caller, if possible. */ + if (remoteAddr.ss_family == AF_UNIX) { #if defined(SO_PEERCRED) - /* Get the identity of the caller, if possible. */ - ucred cred; - socklen_t credLen = sizeof(cred); - if (getsockopt(remote, SOL_SOCKET, SO_PEERCRED, &cred, &credLen) == -1) - throw SysError("getting peer credentials"); + ucred cred; + socklen_t credLen = sizeof(cred); + if (getsockopt(remote, SOL_SOCKET, SO_PEERCRED, + &cred, &credLen) == -1) + throw SysError("getting peer credentials"); - clientPid = cred.pid; + clientPid = cred.pid; + clientUid = cred.uid; + clientGid = cred.gid; + trusted = clientUid == 0; struct passwd * pw = getpwuid(cred.uid); string user = pw ? pw->pw_name : std::to_string(cred.uid); - struct group * gr = getgrgid(cred.gid); - string group = gr ? gr->gr_name : std::to_string(cred.gid); - - Strings trustedUsers = settings.get("trusted-users", Strings({"root"})); - Strings allowedUsers = settings.get("allowed-users", Strings({"*"})); - - if (matchUser(user, group, trustedUsers)) - trusted = true; - - if (!trusted && !matchUser(user, group, allowedUsers)) - throw Error(format("user `%1%' is not allowed to connect to the Nix daemon") % user); - - printMsg(lvlInfo, format((string) "accepted connection from pid %1%, user %2%" - + (trusted ? " (trusted)" : "")) % clientPid % user); + printMsg(lvlInfo, + format((string) "accepted connection from pid %1%, user %2%") + % clientPid % user); #endif - - /* Fork a child to handle the connection. */ - startProcess([&]() { - fdSocket.close(); + } else { + char address_str[128]; + const char *result; + + if (remoteAddr.ss_family == AF_INET) { + struct sockaddr_in *addr = (struct sockaddr_in *) &remoteAddr; + struct in_addr inaddr = { addr->sin_addr }; + result = inet_ntop(AF_INET, &inaddr, + address_str, sizeof address_str); + } else if (remoteAddr.ss_family == AF_INET6) { + struct sockaddr_in6 *addr = (struct sockaddr_in6 *) &remoteAddr; + struct in6_addr inaddr = { addr->sin6_addr }; + result = inet_ntop(AF_INET6, &inaddr, + address_str, sizeof address_str); + } else { + result = NULL; + } + + if (result != NULL) { + printMsg(lvlInfo, + format("accepted connection from %1%") + % address_str); + } + } + + /* Fork a child to handle the connection. */ + startProcess([&]() { + close(fdSocket); /* Background the daemon. */ if (setsid() == -1) @@ -968,17 +905,11 @@ static void daemonLoop() strncpy(argvSaved[1], processName.c_str(), strlen(argvSaved[1])); } -#if defined(SO_PEERCRED) /* Store the client's user and group for this connection. This has to be done in the forked process since it is per - connection. */ - settings.clientUid = cred.uid; - settings.clientGid = cred.gid; -#else - /* Setting these to -1 means: do not change */ - settings.clientUid = (uid_t) -1; - settings.clientGid = (gid_t) -1; -#endif + connection. Setting these to -1 means: do not change. */ + settings.clientUid = clientUid; + settings.clientGid = clientGid; /* Handle the connection. */ from.fd = remote; @@ -988,23 +919,63 @@ static void daemonLoop() exit(0); }, false, "unexpected Nix daemon error: ", true); - } catch (Interrupted & e) { - throw; - } catch (Error & e) { - printMsg(lvlError, format("error processing connection: %1%") % e.msg()); - } + } catch (Interrupted & e) { + throw; + } catch (Error & e) { + printMsg(lvlError, format("error processing connection: %1%") % e.msg()); } } - -void run(Strings args) +static void daemonLoop(const std::vector& sockets) { - for (Strings::iterator i = args.begin(); i != args.end(); ) { - string arg = *i++; - if (arg == "--daemon") /* ignored for backwards compatibility */; + if (chdir("/") == -1) + throw SysError("cannot change current directory"); + + /* Get rid of children automatically; don't let them become + zombies. */ + setSigChldAction(true); + + /* Mark sockets as close-on-exec. */ + for(int fd: sockets) { + closeOnExec(fd); } - daemonLoop(); + /* Prepare the FD set corresponding to SOCKETS. */ + auto initializeFDSet = [&](fd_set *set) { + FD_ZERO(set); + for (int fd: sockets) { + FD_SET(fd, set); + } + }; + + /* Loop accepting connections. */ + while (1) { + fd_set readfds; + + initializeFDSet(&readfds); + int count = + select(*std::max_element(sockets.begin(), sockets.end()) + 1, + &readfds, NULL, NULL, + NULL); + if (count < 0) { + int err = errno; + if (err == EINTR) + continue; + throw SysError(format("select error: %1%") % strerror(err)); + } + + for (unsigned int i = 0; i < sockets.size(); i++) { + if (FD_ISSET(sockets[i], &readfds)) { + acceptConnection(sockets[i]); + } + } + } +} + + +void run(const std::vector& sockets) +{ + daemonLoop(sockets); } diff --git a/tests/guix-daemon.sh b/tests/guix-daemon.sh index 9186ffd585..7212e3eb68 100644 --- a/tests/guix-daemon.sh +++ b/tests/guix-daemon.sh @@ -81,6 +81,18 @@ guile -c " kill "$daemon_pid" +# Pass several '--listen' options, and make sure they are all honored. +guix-daemon --disable-chroot --listen="$socket" --listen="$socket-second" \ + --listen="localhost" --listen="localhost:9876" & +daemon_pid=$! + +for uri in "$socket" "$socket-second" \ + "guix://localhost" "guix://localhost:9876" +do + GUIX_DAEMON_SOCKET="$uri" guix build guile-bootstrap +done + +kill "$daemon_pid" # Check the failed build cache. -- cgit 1.4.1