guix/nix, branch master

daemon: Dereference symlinks for /etc/services & co.

2026-03-29T20:20:58Z

Fixes a regression on Guix System introduced in c4298638ca27717be4a83cb033dcbfecdea88093 (from guix/guix#4178) where files in /etc, such as /etc/services, would be symlinks. Consequently, the chroot of fixed-output derivations would contain a dangling symlink for /etc/services, leading to name resolution failures in the chroot. This also relates to 82f84f5e7fb34cc719ed6ea538a3d1ca7516f23d. * nix/libstore/build.cc (DerivationGoal::startBuilder): Add call to ‘canonPath’. Change-Id: If34c8e74447ffc03d9fa81a1ea6bc0aef7c4d0b3 Signed-off-by: Ludovic Courtès

daemon: Resolve symlinks in /etc/resolv.conf for slirp4netns chroot.

2026-03-19T14:32:46Z

* nix/libstore/build.cc (prepareSlirpChrootAction): Use canonPath(i, true) to resolve symlinks when adding /etc/resolv.conf and /etc/hosts to the slirp4netns chroot, so that bindMount receives a regular file path instead of a symlink. On systems using systemd-resolved, /etc/resolv.conf is typically a symlink: /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf The slirp4netns chroot creates an empty /run/ directory, so when bindMount copies the symlink verbatim (spawn.cc line 537-542), the target does not exist and slirp4netns cannot determine the upstream DNS server. This causes all DNS resolution to fail for fixed-output derivations that use the Guile-based git-fetch builder (e.g. git-fetch/lfs), since they rely on slirp4netns for network access in the build chroot. Derivations using builtin:git-download are unaffected because they run in the daemon process itself, which has full network access. Change-Id: Ib73e69a8760e74eb8141dd0408c27aa8b3001e37 Signed-off-by: Ludovic Courtès Merges: #6959

daemon: Actually remove unreadable directories.

2026-02-27T22:54:00Z

Fixes a regression introduced in 7173c2c0ca. Additional discussion at https://codeberg.org/guix/guix/pulls/5977. * nix/libutil/util.cc (_deletePathAt): chmod directory and retry open when it fails with EACCES. Do this using an O_PATH file descriptor referenced via /proc/self/fd whenever possible to avoid it being replaced by a non-directory immediately before being chmod'ed. * nix/libutil/util.hh (deletePath): document TOCTTOU race on non-linux systems where hardlinks aren't protected. * tests/derivations.scm ("unreadable directories in build tree can be removed"): new test. Fixes: guix/guix#5891 Reported-by: Liliana Marie Prikler Change-Id: I749127fe5254ebabc8387a2f0ef47e3c116bfcc5 Signed-off-by: Ludovic Courtès Merges: #6460

daemon: Remove unused entities in globals.{hh, cc}.

2026-02-06T19:49:01Z

All these entities are not been used anywhere. * nix/libstore/globals.hh (Settings): Remove 'overrides' member and 'getOverrides' method declaration. (nixVersion): Removed. * nix/libstore/globals.cc (Settings::set): Do not update the 'overrides' map. (Settings::getOverrides): Remove function definition. Change-Id: If7dbb6df79178d2569cda21e1fe5e0ea3d8e59ba Signed-off-by: Ludovic Courtès Merges: #6009

Merge branch 'version-1.5.0'

2026-01-22T12:27:13Z

Change-Id: Id73c0c74600a3da3373b3a37236b505af65bfe31

nix: Spelling corrections.

2026-01-14T08:16:45Z

* nix/libstore/globals.hh, nix/libstore/store-api.hh, nix/libutil/util.hh: Fix misspellings in comments. Change-Id: Id77ea2bde1c2582d1a7bec4ed256ea900998c4b8

daemon: Fix several format strings.

2026-01-12T09:56:37Z

This is a followup to 3af52f845fe2ceb448416ac7b9f48925673c594e and 6f1448ef89c8ad29e2a479099531fd3a87701e46. * nix/libstore/local-store.cc (LocalStore::queryValidPathId): Change %1% to {}. * nix/libstore/optimise-store.cc (LocalStore::optimisePath_): Likewise. * nix/nix-daemon/guix-daemon.cc (open_unix_domain_socket): Likewise. (main): Likewise. * nix/libutil/affinity.cc (restoreAffinity): Remove useless %1%. Change-Id: I3a7cd79cd69ab58f14118662f1dcf2fef067a6b7

daemon: Fix typo in format string.

2025-12-25T23:01:43Z

* nix/libstore/build.cc (Worker::waitForInput): Fix typo in format string. Change-Id: I0a39ada8a347c8c8daddd9f34292cbbb03ba0076

daemon: Ensure store is writable even as non-root.

2025-12-22T10:00:17Z

If the store is read only, return an error early. This is bit of a compromise. Not all operations of the daemon need the store as writable. For example, if hello package is built already `guix build hello` could previously succeed even if store is RO. * nix/libstore/local-store.cc (makeStoreWritable): Rename to ensureStoreWritable. (ensureStoreWritable): As non-root, check that the store is writable and if not, throw an error. (LocalStore::LocalStore): Use it. * nix/libstore/local-store.hh: Rename makeStoreWritable to ensureStoreWritable. Change-Id: I94783ba7e32d57bfa77e37e84b6ac316f95e31e2 Signed-off-by: Rutherther

daemon: Use inline functions and variables instead of extern

2025-11-12T17:34:06Z

Avoid separate declarations and definitions for so-called 'global' objects. * nix/libstore/derivations.{cc, hh} (drvHashes): Use inline instead of separate declaration and definition. * nix/libstore/globals.{cc, hh} (settings, nixVersion): Same. * nix/libstore/local-store.hh (drvsLogDir, deduplicationMinSize): Same. * nix/libstore/optimise-store.cc (deduplicationMinSize): Same. * nix/libstore/store-api.{cc, hh} (store): Same. * nix/libutil/archive.{cc, hh} (defaultPathFilter): Same. * nix/libutil/hash.{cc, hh} (base32Chars): Same and modify header files. * nix/libutil/util.{cc, hh} (logType, verbosity, _writeToStderr, _isInterrupted): Same. * nix/local.mk: Modified according to the rename of shared.hh. * nix/nix-daemon/guix-daemon.cc (blockInt, argvSaved, run): Same and modify header files. * nix/nix-daemon/nix-daemon.cc: Modify header files. * nix/nix-daemon/shared.hh: Renamed to nix-daemon.hh Signed-off-by: Ludovic Courtès