| Age | Commit message (Collapse) | Author |
|---|
|
Avoid separate declarations and definitions for so-called 'global' objects.
* nix/libstore/derivations.{cc, hh} (drvHashes): Use inline instead of separate
declaration and definition.
* nix/libstore/globals.{cc, hh} (settings, nixVersion): Same.
* nix/libstore/local-store.hh (drvsLogDir, deduplicationMinSize): Same.
* nix/libstore/optimise-store.cc (deduplicationMinSize): Same.
* nix/libstore/store-api.{cc, hh} (store): Same.
* nix/libutil/archive.{cc, hh} (defaultPathFilter): Same.
* nix/libutil/hash.{cc, hh} (base32Chars): Same and modify header files.
* nix/libutil/util.{cc, hh} (logType, verbosity, _writeToStderr,
_isInterrupted): Same.
* nix/local.mk: Modified according to the rename of shared.hh.
* nix/nix-daemon/guix-daemon.cc (blockInt, argvSaved, run): Same and
modify header files.
* nix/nix-daemon/nix-daemon.cc: Modify header files.
* nix/nix-daemon/shared.hh: Renamed to nix-daemon.hh
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* nix/boost: This directory and all files inside it are removed.
* nix/libstore/build.cc (Goal::trace): Use ‘std::string’ instead of ‘const format &’.
(DerivationGoal::startBuilder, ...): Use ‘std::format’ or ‘std::vformat’ instead of ‘boost::format’.
* nix/libstore/builtins.cc (builtinDownload): Same.
* nix/libstore/derivations.cc (DerivationOutput::parseHashInfo, ...): Same.
* nix/libstore/gc.cc (LocalStore::openGCLock, ...): Same.
* nix/libstore/globals.cc (Settings::_get): Same.
* nix/libstore/local-store.cc: (checkStoreNotSymlink, ...): Same.
* nix/libstore/misc.cc (dfsVisit, showBytes): Same
* nix/libstore/optimise-store.cc (makeWritable, ...): Same.
* nix/libstore/pathlocks.cc (openLockFile, ...): Same.
* nix/libstore/references.cc (search, scanForReferences): Same.
* nix/libstore/sqlite.hh (throwSQLiteError): Use ‘std::string’ instead of ‘const format &’.
* nix/libstore/sqlite.cc (throwSQLiteError): Use ‘std::string’ instead of ‘const format &’.
* nix/libstore/store-api.cc (assertStorePath, ...): Use ‘std::format’ instead of ‘boost::format’.
* nix/libutil/affinity.cc (setAffinityTo): Same.
* nix/libutil/archive.cc (dumpContents, ...): Same.
* nix/libutil/hash.cc (parseHash, parseHash32, parseHash16or32, hashFile): Same.
* nix/libutil/hash.hh (parseHash, parseHash32, parseHash16or32, isHash): Same.
* nix/libutil/serialise.cc : Add ‘<cassert>’ header file.
* nix/libutil/spawn.cc (addPhaseAfter, ...): Use ‘std::format’ instead of ‘boost::format’.
* nix/libutil/types.hh (FormatOrString): Removed.
(BaseError, BaseError::addPrefix, SysError, MakeError):
Use ‘std::string or std::string_view’ instead of ‘FormatOrString’.
* nix/libutil/util.hh (Nest::open, printMsg_, warnOnce, expect): Same.
* nix/libutil/util.cc (BaseError::BaseError, ...): Same.
(writeToStderr, _interrupted): Use std::uncaught_exceptions() instead of std::uncaught_exception()
* nix/nix-daemon/nix-daemon.cc (performOp, ...): Same.
* nix/nix-daemon/guix-daemon.cc (string_to_bool, ...): Same.
* nix/local.mk: Remove ‘libformat.a’ from ‘noinst_LIBRARIES’,
remove ‘libformat_a_SOURCES’ and ‘libformat_headers’,
remove ‘libformat_a_CPPFLAGS’ from ‘libutil_a_CPPFLAGS’ and ‘guix_daemon_LDADD’,
update ‘AM_CXXFLAGS’ to ‘-std=c++20’.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
The container that slirp4netns runs in should already be quite difficult to do
anything malicious in beyond basic denial of service or sending of network
traffic. There is, however, one hole remaining in the case in which there is
an adversary able to run code locally: abstract unix sockets. Because these
are governed by network namespaces, not IPC namespaces, and slirp4netns is in
the root network namespace, any process in the root network namespace can
cooperate with the slirp4netns process to take over its user.
To close this, we use seccomp to block the creation of unix-domain sockets by
slirp4netns. This requires some finesse, since slirp4netns absolutely needs
to be able to create other types of sockets - at minimum AF_INET and AF_INET6
Seccomp has many, many pitfalls. To name a few:
1. Seccomp provides you with an "arch" field, but this does not uniquely
determine the ABI being used; the actual meaning of a system call number
depends on both the number (which is often the result of ORing a related
system call with a flag for an alternate ABI) and the architecture.
2. Seccomp provides no direct way of knowing what the native value for the
arch field should be; the user must do configure/compile-time testing for
every architecture+ABI combination they want to support. Amusingly enough,
the linux-internal header files have this exact information
(SECCOMP_ARCH_NATIVE), but they aren't sharing it.
3. The only system call numbers we naturally have are the native ones in
asm/unistd.h. __NR_socket will always refer to the system call number for
the target system's ABI.
4. Seccomp can only manipulate 32-bit words, but represents every system call
argument as a uint64.
5. New system call numbers with as-yet-unknown semantics can be added to the
kernel at any time.
6. Based on this comment in arch/x86/entry/syscalls/syscall_32.tbl:
# 251 is available for reuse (was briefly sys_set_zone_reclaim)
previously-invalid system call numbers may later be reused for new system
calls.
7. Most architecture+ABI combinations have system call tables with many gaps
in them. arm-eabi, for example, has 35 such gaps (note: this is just the
number of distinct gaps, not the number of system call numbers contained in
those gaps).
8. Seccomp's BPF filters require a fully-acyclic control flow graph.
Any operation on a data structure must therefore first be fully
unrolled before it can be run.
9. Seccomp cannot dereference pointers. Only the raw bits provided to the
system calls can be inspected.
10. Some architecture+ABI combos have multiplexer system calls. For example,
socketcall can perform any socket-related system call. The arguments to
the multiplexed system call are passed indirectly, via a pointer to user
memory. They therefore cannot be inspected by seccomp.
11. Some valid system calls are not listed in any table in the kernel source.
For example, __ARM_NR_cacheflush is an "ARM private" system call. It does
not appear in any *.tbl file.
12. Conditional branches are limited to relative jumps of at most 256
instructions forward.
13. Prior to Linux 4.8, any process able to spawn another process and call
ptrace could bypass seccomp restrictions.
To address (1), (2), and (3), we include preprocessor checks to identify the
native architecture value, and reject all system calls that don't use the
native architecture.
To address (4), we use the AC_C_BIGENDIAN autoconf check to conditionally
define WORDS_BIGENDIAN, and match up the proper portions of any uint64 we test
for with the value in the accumulator being tested against.
To address (5) and (6), we use system call pinning. That is, we hardcode a
snapshot of all the valid system call numbers at the time of writing, and
reject any system call numbers not in the recorded set. A set is recorded for
every architecture+ABI combo, and the native one is chosen at compile-time.
This ensures that not only are non-native architectures rejected, but so are
non-native ABIs. For the sake of conciseness, we represent these sets as sets
of disjoint ranges. Due to (7), checking each range in turn could add a lot
of overhead to each system call, so we instead binary search through the
ranges. Due to (8), this binary search has to be fully unrolled, so we do
that too.
It can be tedious and error-prone to manually produce the syscall ranges by
looking at linux's *.tbl files, since the gaps are often small and
uncommented. To address this, a script, build-aux/extract-syscall-ranges.sh,
is added that will produce them given a *.tbl filename and an ABI regex (some
tables seem to abuse the ABI field with strange values like "memfd_secret").
Note that producing the final values still requires looking at the proper
asm/unistd.h file to find any private numbers and to identify any offsets and
ABI variants used.
(10) used to have no good solution, but in the past decade most architectures
have gained dedicated system call alternatives to at least socketcall, so we
can (hopefully) just block it entirely.
To address (13), we block ptrace also.
* build-aux/extract-syscall-ranges.sh: new script.
* Makefile.am (EXTRA_DIST): register it.
* config-daemon.ac: use AC_C_BIGENDIAN.
* nix/libutil/spawn.cc (setNoNewPrivsAction, addSeccompFilterAction): new
functions.
* nix/libutil/spawn.hh (setNoNewPrivsAction, addSeccompFilterAction): new
declarations.
(SpawnContext)[setNoNewPrivs, addSeccompFilter]: new fields.
* nix/libutil/seccomp.hh: new header file.
* nix/libutil/seccomp.cc: new file.
* nix/local.mk (libutil_a_SOURCES, libutil_headers): register them.
* nix/libstore/build.cc (slirpSeccompFilter, writeSeccompFilterDot):
new functions.
(spawnSlirp4netns): use them, set seccomp filter for slirp4netns.
Change-Id: Ic92c7f564ab12596b87ed0801b22f88fbb543b95
Signed-off-by: John Kehayias <john.kehayias@protonmail.com>
|
|
This adds a mechanism for manipulating and running "spawn phases" similarly to
how builder-side code manipulates "build phases". The main difference is that
spawn phases take a (reference to a) single structure that they can both read
from and write to, with their writes being visible to subsequent phases. The
base structure type for this is SpawnContext.
It also adds some predefined phase sequences, namely basicSpawnPhases and
cloneSpawnPhases, and exposes each of the actions performed by these phases.
Finally, it modifies build.cc to replace runChild() with use of this new code.
* nix/libutil/util.cc (keepOnExec, waitForMessage): new functions.
* nix/libutil.util.hh (keepOnExec, waitForMessage): add prototypes.
* nix/libutil/spawn.cc, nix/libutil/spawn.hh: new files.
(addPhaseAfter, addPhaseBefore, prependPhase, appendPhase, deletePhase,
replacePhase, reset_writeToStderrAction, restoreAffinityAction,
setsidAction, earlyIOSetupAction, dropAmbientCapabilitiesAction,
chrootAction, chdirAction, closeMostFDsAction, setPersonalityAction,
oomSacrificeAction, setIDsAction, restoreSIGPIPEAction, setupSuccessAction,
execAction, getBasicSpawnPhases, usernsInitSyncAction, usernsSetIDsAction,
initLoopbackAction, setHostAndDomainAction, makeFilesystemsPrivateAction,
makeChrootSeparateFilesystemAction, statfsToMountFlags, bindMount,
mountIntoChroot, mountIntoChrootAction, mountProcAction, mountDevshmAction,
mountDevptsAction, pivotRootAction, lockMountsAction, getCloneSpawnPhases,
runChildSetup, runChildSetupEntry, cloneChild, idMapToIdentityMap,
unshareAndInitUserns): new procedures.
* nix/local.mk (libutil_a_SOURCES): add spawn.cc.
(libutil_headers): add spawn.hh.
* nix/libstore/build.cc (restoreSIGPIPE, DerivationGoal::runChild,
childEntry): removed procedures.
(DerivationGoal::{dirsInChroot,env,readiness}): removed.
(execBuilderOrBuiltin, execBuilderOrBuiltinAction,
clearRootWritePermsAction): new procedures.
(DerivationGoal::startBuilder): modified to use a CloneSpawnContext if
chroot builds are available, otherwise a SpawnContext.
Change-Id: Ifd50110de077378ee151502eda62b99973d083bf
Change-Id: I76e10d3f928cc30566e1e6ca79077196972349f8
spawn.cc, util.cc, util.hh changes
Change-Id: I287320e63197cb4f65665ee5b3fdb3a0e125ebac
Signed-off-by: John Kehayias <john.kehayias@protonmail.com>
|
|
Fixes <https://issues.guix.gnu.org/78318>.
This is a followup to 107eb8ee8f5f9192c795abeb47885b49a57bacd4.
* nix/local.mk (etc/guix-%.service): Add ‘g’ for ‘@localstatedir@’
substitution. Substitute ‘@storedir@’.
Reported-by: Ido Yariv <yarivido@gmail.com>
Change-Id: I9b53d3a6d713a000bc0a7a57f667badc00d2dff8
|
|
* nix/local.mk (nodist_systemdservice_DATA): Add etc/guix-gc.timer.
(etc/guix-gc.timer): Add rule to generate file.
(EXTRA_DIST): Add guix-gc.timer.in, remove guix-gc.timer.
* gitignore: Add etc/guix-gc.timer.
Change-Id: I361aef660fe7d9803f58f4e31e16d8db595d1853
|
|
This reverts commit 3355de608cb2267435c2592fc7dc76a1dcc5c02d.
This commit does the opposite of what it was supposed to do.
|
|
* nix/local.mk (nodist_systemdservice_DATA): Add etc/guix-gc.timer.
Change-Id: I6f71d68f77ff07976f9ec16c37dba99ebedd9b9d
|
|
This is a followup to 8a7bd211d21f06c1234fbb82bb905d202d58f598.
As it is mentioned in autoconf manual that library names should be
specified in LIBS, not LDFLAGS. See:
https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.72/html_node/Preset-Output-Variables.html#index-LDFLAGS-2
This change also brings back the save_* vars trick that was there
before. I missed in my earlier change that nix/local.mk was referring
LIBGCRYPT_* vars directly.
And, instead of CXXFLAGS, CPPFLAGS is used since the latter is probably
more correct as this is used for include dirs, therefore using
preprocessor flags.
Tested with ./configure LDFLAGS="-Wl,--as-needed" --with-libgcrypt-prefix=... combinations.
* config-daemon.ac: Set ‘LIBGCRYPT_CPPFLAGS’ instead of
‘LIBGCRYPT_CXXFLAGS’. Set ‘LIBGCRYPT_LIBS’ in addition to
‘LIBGCRYPT_LDFLAGS’. Save and restore ‘CPPFLAGS’, ‘LDFLAGS’, and ‘LIBS’
around test.
* nix/local.mk (libutil_a_CPPFLAGS): Add $(LIBGCRYPT_CPPFLAGS).
(libstore_a_CXXFLAGS): Remove $(LIBGCRYPT_CFLAGS).
(guix_daemon_LDFLAGS): New variable.
Change-Id: Iadb10e1994c9a78e2927847af2cfe5e096fbb2a8
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
Having substitute URLs explicitly listed in the service startup file
makes it clearer what should be modified to permanently change the list
of substitute URLs.
* config-daemon.ac: Rename ‘guix_substitute_urls’ to
‘GUIX_SUBSTITUTE_URLS’ and substitute it.
* nix/local.mk (etc/guix-%.service, etc/init.d/guix-daemon)
(etc/guix-%.conf): Substitute it.
* etc/guix-daemon.conf.in, etc/guix-daemon.service.in,
etc/init.d/guix-daemon.in: Add an explicit ‘--substitute-urls’ option.
Change-Id: Ie491b7fab5c42e54dca582801c03805a85de2bf9
|
|
This reverts commit 69f6edc1a8596d2cb4c67e0435d35633af6f3cbc.
The intention is good, but nodist_systemdservice_DATA are meant to be
disposable artefacts generated from corresponding ‘.in’ files.
etc/guix-gc.timer doesn't fit that description, breaking builds:
$ make clean && make
…
make[2]: *** No rule to make target 'etc/guix-gc.timer', needed by 'all-am'. Stop.
|
|
Partially fixes <https://issues.guix.gnu.org/65117>.
* nix/local.mk (nodist_systemdservice_DATA): Add etc/guix-gc.timer.
|
|
Without this invoking ‘make clean’ would remove ‘guix-gc.timer’, and ‘make’
would fail with.
make[2]: *** No rule to make target 'etc/guix-gc.timer', needed by 'all-am'. Stop.
* nix/local.mk (nodist_systemdservice_DATA): Remove ‘guix-gc.timer’.
|
|
* etc/guix-gc.service.in: New file.
* etc/guix-gc.timer: Likewise.
* .gitignore: Ignore generated ‘guix-gc.service’.
* nix/local.mk (nodist_systemdservice_DATA): Add ‘guix-gc.service’ and
‘guix-gc.timer’.
(EXTRA_DIST): Add ‘guix-gc.service.in’ and ‘guix-gc.timer’.
* doc/guix.texi (Binary Installation): Mention the new systemd files.
Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
|
|
Fixes <https://bugs.gnu.org/46871>.
* gnu/packages/package-management.scm (guix)[arguments]: Fix openrc init.
* nix/local.mk (openrcservicedir): Likewise.
Signed-off-by: Efraim Flashner <efraim@flashner.co.il>
|
|
Reported by Vagrant Cascadian.
* nix/local.mk (EXTRA_DIST): Add 'etc/gnu-store.mount.in'.
|
|
* etc/guix-install.sh (chk_init_sys): Detect OpenRC.
(sys_enable_guix_daemon): Install & enable the Guix daemon on such
systems.
* etc/openrc/guix-daemon.in: New file.
* nix/local.mk: Add a rule for it.
(openrcservicedir, nodist_openrcservice_DATA): New variables.
(CLEANFILES, EXTRA_DIST): Add them.
* .gitignore: Ignore etc/openrc/guix-daemon.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
|
|
* nix/libutil/hash.cc (struct Ctx): Copy from gcrypt-hash.hh.
(start, update, finish): Use gcrypt functions directly instead of
OpenSSL-like wrappers.
* nix/libutil/gcrypt-hash.cc, nix/libutil/gcrypt-hash.hh,
nix/libutil/md5.h, nix/libutil/sha1.h, nix/libutil/sha256.h,
nix/libutil/sha512.h: Remove.
* nix/local.mk (libutil_a_SOURCES, libutil_headers): Adjust
accordingly.
|
|
* nix/local.mk (sysvinitservicedir): Add a comment.
Signed-off-by: Tobias Geerinckx-Rice <me@tobias.gr>
|
|
This follows up on 1a1faa78b0498fbb71f1533beb4b65817c1d3f2a, and avoids
the (non-fatal) error seen in <https://issues.guix.gnu.org/41356>.
/gnu/store will remain writable on new foreign distribution
installations until the next release.
* etc/guix-install.sh (sys_enable_guix_daemon): Check for
‘gnu-store.mount’ presence before trying to cp it.
Update forgotten copyright header.
|
|
* etc/gnu-store.mount.in: New file.
* nix/local.mk (nodist_systemdservice_DATA): Add it.
(etc/%.mount): New rule for it.
* etc/guix-install.sh (sys_enable_guix_daemon): Install it.
* doc/guix.texi (Binary Installation): Document it.
* .gitignore: Ignore changes to it.
|
|
* etc/init.d/guix-daemon.in: New file.
* nix/local.mk (etc/init.d/guix-daemon): New rule.
(nodist_sysvinitservice_DATA): Add etc/init.d/guix-daemon.in .
(CLEANFILES): Add etc/init.d/guix-daemon .
* .gitignore: Add etc/init.d/guix-daemon .
|
|
* nix/libstore/globals.hh (Settings)[nixLibexecDir]: Remove.
* nix/libstore/globals.cc (Settings::processEnvironment): Remove
reference to 'nixLibexecDir'.
* nix/local.mk (libstore_a_CPPFLAGS): Remove -DNIX_LIBEXEC_DIR flag.
* build-aux/pre-inst-env.in: Remove references to 'NIX_LIBEXEC_DIR'.
|
|
The daemon had a mechanism that allows it to handle a list of
substituters and try them sequentially; this removes it.
* nix/scripts/substitute.in: Remove.
* nix/local.mk (nodist_pkglibexec_SCRIPTS): Remove.
* config-daemon.ac: Don't output 'nix/scripts/substitute'.
* nix/libstore/build.cc (SubstitutionGoal)[subs, sub, hasSubstitute]:
Remove.
[tryNext]: Make private.
(SubstitutionGoal::SubstitutionGoal, SubstitutionGoal::init): Remove now
unneeded initializers.
(SubstitutionGoal::tryNext): Adjust to assume a single substituter: call
'amDone' upfront when we couldn't find substitutes.
(SubstitutionGoal::tryToRun): Adjust to run 'guix substitute' via
'settings.guixProgram'.
(SubstitutionGoal::finished): Call 'amDone(ecFailed)' upon failure
instead of setting 'state' to 'tryNext'.
* nix/libstore/globals.hh (Settings)[substituters]: Remove.
* nix/libstore/local-store.cc (LocalStore::~LocalStore): Adjust to
handle a single substituter.
(LocalStore::startSubstituter): Remove 'path' parameter. Adjust to
invoke 'settings.guixProgram'. Don't refer to 'run.program', which no
longer exists.
(LocalStore::querySubstitutablePaths): Adjust for 'runningSubstituters'
being a singleton instead of a list.
(LocalStore::querySubstitutablePathInfos): Likewise, and remove
'substituter' parameter.
* nix/libstore/local-store.hh (RunningSubstituter)[program]: Remove.
(LocalStore)[runningSubstituters]: Remove.
[runningSubstituter]: New field.
[querySubstitutablePathInfos]: Remove 'substituter' parameter.
[startSubstituter]: Remove 'substituter' parameter.
* nix/nix-daemon/guix-daemon.cc (main): Remove references to
'settings.substituters'.
* nix/nix-daemon/nix-daemon.cc (performOp): Ignore the user's
"build-use-substitutes" value when 'settings.useSubstitutes' is false.
|
|
* nix/scripts/offload.in: Remove.
* nix/local.mk (nodist_pkglibexec_SCRIPTS) [BUILD_DAEMON_OFFLOAD]:
Remove 'scripts/offload'.
* config-daemon.ac: Don't output 'nix/scripts/offload'.
* build-aux/pre-inst-env.in: Don't set 'NIX_BUILD_HOOK'.
* nix/libstore/build.cc (HookInstance::HookInstance): Run 'guix
offload'.
(DerivationGoal::tryBuildHook): Remove reference to 'NIX_BUILD_HOOK'.
* nix/nix-daemon/guix-daemon.cc (main) [HAVE_DAEMON_OFFLOAD_HOOK]: Don't
set 'NIX_BUILD_HOOK'.
* nix/nix-daemon/nix-daemon.cc (performOp) [!HAVE_DAEMON_OFFLOAD_HOOK]:
Leave 'settings.useBuildHook' unchanged.
|
|
* nix/scripts/download.in: Remove.
* nix/local.mk (nodist_pkglibexec_SCRIPTS): Remove 'scripts/download'.
* config-daemon.ac: Don't output 'nix/scripts/download'.
* nix/libstore/builtins.cc (builtinDownload): Invoke 'guix
perform-download' directly.
|
|
* nix/scripts/authenticate.in: Remove.
* nix/local.mk (nodist_pkglibexec_SCRIPTS): Remove
scripts/authenticate.
* config-daemon.ac: Don't output 'nix/scripts/authenticate'.
* nix/libstore/local-store.cc (runAuthenticationProgram): Run 'guix
authenticate'.
|
|
* nix/scripts/list-runtime-roots.in: Remove.
* guix/store/roots.scm (%proc-directory): New variable.
(proc-file-roots, proc-exe-roots, proc-cwd-roots)
(proc-fd-roots, proc-maps-roots, proc-environ-roots)
(referenced-files, canonicalize-store-item, busy-store-items): New
procedures, taken from 'list-runtime-roots.in'.
* nix/libstore/globals.hh (Settings)[guixProgram]: New field.
* nix/libstore/globals.cc (Settings::processEnvironment): Initialize
'guixProgram'.
* nix/libstore/gc.cc (addAdditionalRoots): Drop code related to
'NIX_ROOT_FINDER'. Run "guix gc --list-busy".
* nix/local.mk (nodist_pkglibexec_SCRIPTS): Remove
'scripts/list-runtime-roots'.
* config-daemon.ac: Don't output nix/scripts/list-runtime-roots.
* build-aux/pre-inst-env.in: Don't set 'NIX_ROOT_FINDER'.
Set 'GUIX'.
* doc/guix.texi (Invoking guix gc): Document '--list-busy'.
* guix/scripts/gc.scm (show-help, %options): Add "--list-busy".
(guix-gc)[list-busy]: New procedure.
Handle the 'list-busy' action.
|
|
This makes it easier to run the uninstalled daemon.
* nix/local.mk (libstore_a_CPPFLAGS): Append "/guix" to
NIX_LIBEXEC_DIR.
* build-aux/pre-inst-env.in (NIX_LIBEXEC_DIR): Adjust comment.
* nix/libstore/builtins.cc (builtinDownload): Remove SUBDIR and its
use.
* nix/libstore/local-store.cc (runAuthenticationProgram): Ditto.
* nix/libstore/gc.cc (addAdditionalRoots): Remove "/guix" prefix.
* nix/nix-daemon/guix-daemon.cc (main): Ditto.
|
|
* nix/libstore/globals.hh (Settings)[nixDataDir]: Remove.
* nix/libstore/globals.cc (Settings:processEnvironment): Remove setting
of 'nixDataDir'.
* nix/local.mk (libstore_a_CPPFLAGS): Remove '-DNIX_DATA_DIR'.
|
|
That way it is handled in the same way as other helper scripts.
* nix/scripts/guix-authenticate.in: Rename to...
* nix/scripts/authenticate.in: ... this.
* config-daemon.ac: Adjust accordingly.
* nix/local.mk (libstore_a_CPPFLAGS): Remove -DOPENSSL_PATH.
(nodist_libexec_SCRIPTS): Remove.
(nodist_pkglibexec_SCRIPTS): New variable.
* nix/nix-daemon/guix-daemon.cc (main): Remove 'setenv' call for
"PATH".
* nix/libstore/local-store.cc (runAuthenticationProgram): New function.
(LocalStore::exportPath, LocalStore::importPath): Use it instead of
'runProgram' and OPENSSL_PATH.
|
|
This is a followup to 3931c76154d4f418d5ea9acc5e47bf911d371c24.
Reported by Julien Lepiller.
* nix/local.mk (EXTRA_DIST): Remove schema.sql.
|
|
* Makefile.am (SH_TESTS): Remove tests/guix-register.sh.
* build-aux/pre-inst-env.in (GUIX_REGISTER): Remove.
* gnu/build/install.scm (directives): Remove outdated comment.
* gnu/build/vm.scm (root-partition-initializer): Update comment.
* gnu/packages/package-management.scm (guix-register): Remove.
* guix/config.scm.in (%sbindir, %guix-register-program): Remove.
* guix/scripts/system.scm (install): Adjust docstring.
* guix/self.scm (make-config.scm): Remove #:guix. Do not generate
%sbindir and %guix-register-program.
(specification->package): Remove "guix".
* nix/guix-register/guix-register.cc: Remove.
* nix/libstore/store-api.cc (decodeValidPathInfo): Remove.
* nix/libstore/store-api.hh (decodeValidPathInfo): Remove declaration.
* nix/local.mk (sbin_PROGRAMS, guix_register_SOURCES)
(guix_register_CPPFLAGS, guix_register_LDFLAGS): Remove.
* tests/guix-register.sh: Remove.
|
|
* nix/libstore/schema.sql: Rename to...
* guix/store/schema.sql: ... this.
* Makefile.am (nobase_dist_guilemodule_DATA): Add it.
* nix/local.mk (%D%/libstore/schema.sql.hh): Adjust accordingly.
* guix/store/database.scm (sql-schema): New variable.
(sqlite-exec, initialize-database, call-with-database): New procedures.
(with-database): Rewrite in terms of 'call-with-database'.
* tests/store-database.scm ("new database"): New test.
* guix/self.scm (compiled-guix)[*core-modules*]: Add 'schema.sql' to
#:extra-files.
|
|
Reported by Gábor Boskovits <boskovits@gmail.com>.
Fixes <https://bugs.gnu.org/31700>.
* nix/local.mk (CLEANFILES): Add nothing but schema.sql.hh.
|
|
* config-daemon.ac: Don't bail out when libbz2 is missing. Define
'HAVE_LIBBZ2' Automake conditional.
* nix/libstore/build.cc: Wrap relevant bits in '#if HAVE_BZLIB_H'.
* nix/libstore/globals.cc (Settings::Settings): 'logCompression'
defaults to COMPRESSION_GZIP when HAVE_BZLIB_H is false.
* nix/libstore/globals.hh (CompressionType): Make 'COMPRESSION_BZIP2'
conditional on HAVE_BZLIB_H.
* nix/local.mk (guix_register_LDADD, guix_daemon_LDADD): Add -lbz2 only
when HAVE_LIBBZ2.
* nix/nix-daemon/guix-daemon.cc (parse_opt): Ignore "bzip2" when not
HAVE_BZLIB_H.
|
|
* nix/nix-daemon/guix-daemon.cc (GUIX_OPT_LOG_COMPRESSION): New macro.
(options): Mark "disable-log-compression" as hidden and add
"log-compression".
(parse_opt): Handle GUIX_OPT_LOG_COMPRESSION.
* nix/libstore/build.cc (DerivationGoal): Add 'gzLogFile'.
(openLogFile): Initialize it when 'logCompression' is COMPRESSION_GZIP.
(closeLogFile, handleChildOutput): Honor 'gzLogFile'.
* nix/libstore/globals.hh (Settings)[compressLog]: Remove.
[logCompression]: New field.
(CompressionType): New enum.
* nix/libstore/globals.cc (Settings::Settings): Initialize it.
(update): Remove '_get' call for 'compressLog'.
* nix/local.mk (guix_daemon_LDADD, guix_register_LDADD): Add -lz.
* guix/store.scm (log-file): Handle '.gz' log files.
* tests/guix-daemon.sh: Add test with '--log-compression=gzip'.
* doc/guix.texi (Invoking guix-daemon): Adjust accordingly.
* config-daemon.ac: Check for libz and zlib.h.
|
|
Otherwise, users will be stuck running an old copy of guix and the guix-daemon
if they copy the service files instead of symlinking them.
* etc/guix-daemon.conf.in, etc/guix-daemon.service.in, etc/guix-publish.conf.in,
etc/guix-publish.service.in: Expand @localstatedir@ instead of @bindir@.
* nix/local.mk (etc/guix-%.service, etc/guix-%.conf): Use @localstatedir@
instead of @bindir@.
|
|
* nix/local.mk (CLEANFILES): Define to add $(nodist_systemdservice_DATA)
and $(nodist_upstartjob_DATA).
|
|
* nix/local.mk (etc/guix-%.service, etc/guix-%.conf): Use "$<", not
"$(srcdir)/$<".
|
|
This is a followup to 332d7903f52c2bf3741b04ac2d01cd9018b70800.
* nix/local.mk (EXTRA_DIST): Add 'guix-service.publish.in' and
'guix-publish.conf.in'.
|
|
* .gitignore: add etc/guix-publish.conf and /etc/guix-publish.service.
* etc/guix-publish.conf.in: New file.
* etc/guix-publish.service.in: New file.
* nix/local.mk (etc/guix-%.service, etc/guix-%.conf): Generalized former
build-rules for by using patterns.
(nodist_systemdservice_DATA): Add etc/guix-publish.service, update
comment.
(nodist_upstartjob_DATA): Add etc/guix-publish.conf, update comment.
* doc/guix.texi (Invoking guix publish): Add description for enabling
"guix publish" on host distros using the new files.
|
|
This ensures that 1) the derivation doesn't change when Guix changes;
2) the derivation closure doesn't contain Guix and its dependencies; 3)
we don't have to rely on ugly chroot hacks.
Adapted from Nix commit 0a2bee307b20411f5b0dda0c662b1f9bb9e0e131.
* nix/libstore/build.cc (DerivationGoal::runChild): Add special case for
'isBuiltin(drv)'. Disable chroot when 'isBuiltin(drv)'.
* nix/libstore/builtins.cc, nix/libstore/builtins.hh,
nix/scripts/download.in, guix/scripts/perform-download.scm: New files.
* guix/ui.scm (show-guix-help)[internal?]: Add 'perform-download'.
* nix/local.mk (libstore_a_SOURCES): Add builtins.cc.
(libstore_headers): Add builtins.hh.
(nodist_pkglibexec_SCRIPTS): Add 'scripts/download'.
* config-daemon.ac: Emit 'scripts/download'.
* Makefile.am (MODULES): Add 'guix/scripts/perform-download.scm'.
* tests/derivations.scm ("unknown built-in builder")
("'download' built-in builder")
("'download' built-in builder, invalid hash")
("'download' built-in builder, not found")
("'download' built-in builder, not fixed-output"): New tests.
Co-authored-by: Eelco Dolstra <eelco.dolstra@logicblox.com>
|
|
* nix/libstore/local-store.cc: Move SQLite code to...
* nix/libstore/sqlite.cc, nix/libstore/sqlite.hh: ... here. New files.
* nix/local.mk (libstore_a_SOURCES): Add sqlite.cc.
(libstore_headers): Add sqlite.hh.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
|
|
Partly fixes <http://bugs.gnu.org/22459>.
Reported by Jeff Mickey <j@codemac.net> and David Craven <david@craven.ch>.
* nix/libstore/globals.cc (Settings::processEnvironment()): Change
'NIX_CONF_DIR' to 'GUIX_CONFIGURATION_DIRECTORY'.
* nix/local.mk (libstore_a_CPPFLAGS): Likewise.
* guix/config.scm.in (%config-directory): Likewise.
* build-aux/test-env.in: Likewise.
* gnu/packages/patches/hydra-automake-1.15.patch: Likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* nix/local.mk (libutil_a_SOURCES): Remove libutil/xml-writer.cc.
(libutil_headers): Remove libutil/xml-writer.hh.
* nix/libutil/xml-writer.hh, nix/libutil/xml-writer.cc: Remove.
|
|
* doc/local.mk: Use "%D%" for the directory of the fragment relative to
the base 'Makefile.am'.
* emacs/local.mk: Likewise.
* gnu/local.mk: Likewise.
* nix/local.mk: Likewise.
|
|
This follows a convention used by some other GNU packages like Autoconf,
Bison, Coreutils, and Gnulib.
* doc.am: Rename to ...
* doc/local.mk: ... this.
* emacs.am: Rename to ...
* emacs/local.mk: ... this.
* gnu-system.am: Rename to ...
* gnu/local.mk: ... this.
* daemon.am: Rename to ...
* nix/local.mk: ... this.
* Makefile.am: Adapt to them.
* doc/guix.texi (Porting to a New Platform): Adapt documentation.
* guix/config.scm.in (%state-directory, %config-directory): Adapt comments.
* emacs/guix-config.el.in (guix-config-state-directory): Likewise.
|
