| Commit message (Expand) | Author | Age | Files | Lines |
* | daemon: Make 'profiles/per-user' non-world-writable.•••Fixes <https://bugs.gnu.org/37744>.
Reported at <https://www.openwall.com/lists/oss-security/2019/10/09/4>.
Based on Nix commit 5a303093dcae1e5ce9212616ef18f2ca51020b0d
by Eelco Dolstra <edolstra@gmail.com>.
* nix/libstore/local-store.cc (LocalStore::LocalStore): Set 'perUserDir'
to #o755 instead of #o1777.
(LocalStore::createUser): New function.
* nix/libstore/local-store.hh (LocalStore): Add it.
* nix/libstore/store-api.hh (StoreAPI): Add it.
* nix/nix-daemon/nix-daemon.cc (performOp): In 'wopSetOptions', add
condition to handle "user-name" property and honor it.
(processConnection): Add 'userId' parameter. Call 'store->createUser'
when userId is not -1.
* guix/profiles.scm (ensure-profile-directory): Note that this is now
handled by the daemon.
* guix/store.scm (current-user-name): New procedure.
(set-build-options): Add #:user-name parameter and pass it to the daemon.
* tests/guix-daemon.sh: Test the creation of 'profiles/per-user' when
listening on a TCP socket.
* tests/store.scm ("profiles/per-user exists and is not writable")
("profiles/per-user/$USER exists"): New tests.
| Ludovic Courtès | 2019-10-16 | 1 | -0/+21 |
* | Merge branch 'master' into core-updates | Ludovic Courtès | 2019-06-27 | 1 | -1/+1 |
|\ |
|
| * | tests: Avoid TCP port collision between lint.scm and guix-daemon.sh.•••This could lead to random deadlocks in one of these two tests when
running "make check -j5".
* tests/guix-daemon.sh (tcp_socket): Change port to 9998 to avoid
collision with tests/lint.scm.
| Ludovic Courtès | 2019-06-27 | 1 | -1/+1 |
* | | packages: Remove 'search-bootstrap-binary'.•••* gnu/packages.scm (%bootstrap-binaries-path, search-bootstrap-binary):
Remove.
* gnu/packages/bootstrap.scm (bootstrap-executable): Export.
* guix/tests.scm (bootstrap-binary-file, search-bootstrap-binary):
Export.
* tests/derivations.scm: Remove (gnu packages) import.
* tests/grafts.scm: Likewise.
* tests/guix-daemon.sh: Likewise.
| Ludovic Courtès | 2019-06-14 | 1 | -2/+2 |
|/ |
|
* | daemon: Rename 'NIX_STATE_DIR' and 'NIX_DB_DIR' environment variables.•••Fixes <https://bugs.gnu.org/22459>.
Reported by Jeff Mickey <j@codemac.net>.
* guix/config.scm.in (%state-directory): Change NIX_STATE_DIR to
GUIX_STATE_DIRECTORY.
(%store-database-directory): Change NIX_DB_DIR to
GUIX_DATABASE_DIRECTORY.
* nix/libstore/globals.cc (Settings::processEnvironment): Likewise.
* guix/self.scm (make-config.scm): Likewise.
* build-aux/build-self.scm (make-config.scm): Likewise.
* build-aux/test-env.in: Likewise.
* tests/derivations.scm ("derivation #:leaked-env-vars"): Likewise.
* tests/guix-build.sh (GUIX_DAEMON_SOCKET): Likewise.
* tests/guix-daemon.sh (socket): Likewise.
| Ludovic Courtès | 2019-02-04 | 1 | -1/+1 |
* | store: Rename '&nix-error' to '&store-error'.•••* guix/store.scm (&nix-error): Rename to...
(&store-error): ... this, and adjust users.
(&nix-connection-error): Rename to...
(&store-connection-error): ... this, and adjust users.
(&nix-protocol-error): Rename to...
(&store-protocol-error): ... this, adjust users.
(&nix-error, &nix-connection-error, &nix-protocol-error): Define these
condition types and their getters as deprecrated aliases.
* build-aux/run-system-tests.scm, guix/derivations.scm,
guix/grafts.scm, guix/scripts/challenge.scm,
guix/scripts/graph.scm, guix/scripts/lint.scm,
guix/scripts/offload.scm, guix/serialization.scm,
guix/ssh.scm, guix/tests.scm, guix/ui.scm,
tests/derivations.scm, tests/gexp.scm, tests/guix-daemon.sh,
tests/packages.scm, tests/store.scm, doc/guix.texi: Adjust to use the
new names.
| Ludovic Courtès | 2019-01-21 | 1 | -4/+4 |
* | guix-daemon: Disable garbage collection for remote connections.•••* nix/nix-daemon/nix-daemon.cc (isRemoteConnection): New variable.
(performOp): For wopCollectGarbage, throw an error when isRemoteConnection
is set.
(acceptConnection): Set isRemoteConnection when connection is not AF_UNIX.
* tests/guix-daemon.sh: Add a test for the new behavior.
| Roel Janssen | 2018-04-19 | 1 | -0/+14 |
* | daemon: Add gzip log compression.•••* nix/nix-daemon/guix-daemon.cc (GUIX_OPT_LOG_COMPRESSION): New macro.
(options): Mark "disable-log-compression" as hidden and add
"log-compression".
(parse_opt): Handle GUIX_OPT_LOG_COMPRESSION.
* nix/libstore/build.cc (DerivationGoal): Add 'gzLogFile'.
(openLogFile): Initialize it when 'logCompression' is COMPRESSION_GZIP.
(closeLogFile, handleChildOutput): Honor 'gzLogFile'.
* nix/libstore/globals.hh (Settings)[compressLog]: Remove.
[logCompression]: New field.
(CompressionType): New enum.
* nix/libstore/globals.cc (Settings::Settings): Initialize it.
(update): Remove '_get' call for 'compressLog'.
* nix/local.mk (guix_daemon_LDADD, guix_register_LDADD): Add -lz.
* guix/store.scm (log-file): Handle '.gz' log files.
* tests/guix-daemon.sh: Add test with '--log-compression=gzip'.
* doc/guix.texi (Invoking guix-daemon): Adjust accordingly.
* config-daemon.ac: Check for libz and zlib.h.
| Ludovic Courtès | 2018-01-07 | 1 | -1/+37 |
* | daemon: '--listen' can be passed several times, can specify TCP endpoints.•••* nix/nix-daemon/guix-daemon.cc (DEFAULT_GUIX_PORT): New macro.
(listen_options): New variable.
(parse_opt): Push back '--listen' options to LISTEN_OPTIONS.
(open_unix_domain_socket, open_inet_socket)
(listening_sockets): New functions.
(main): Use it. Pass SOCKETS to 'run'.
* nix/nix-daemon/nix-daemon.cc (matchUser): Remove.
(SD_LISTEN_FDS_START): Remove.
(acceptConnection): New function.
(daemonLoop): Rewrite to take a vector of file descriptors, to select(2)
on them, and to call 'acceptConnection'.
(run): Change to take a vector of file descriptors.
* tests/guix-daemon.sh: Add test.
| Ludovic Courtès | 2017-06-22 | 1 | -0/+12 |
* | daemon: Add '--timeout' and '--max-silent-time'.•••* nix/nix-daemon/guix-daemon.cc (GUIX_OPT_TIMEOUT)
(GUIX_OPT_MAX_SILENT_TIME): New macros.
* nix/nix-daemon/guix-daemon.cc (options): Add '--timeout' and
'--max-silent-time'.
(parse_opt): Honor them.
* tests/guix-daemon.sh: Add test.
* doc/guix.texi (Invoking guix-daemon): Document the options.
(Common Build Options): Properly describe default
timeout/max-silent-time value. Add cross-ref to "Invoking
guix-daemon".
| Ludovic Courtès | 2017-06-04 | 1 | -0/+36 |
* | daemon: Client settings no longer override daemon settings.•••Fixes <http://bugs.gnu.org/20217>.
* nix/libstore/worker-protocol.hh (PROTOCOL_VERSION): Bump to 0x161.
* nix/nix-daemon/nix-daemon.cc (performOp): "build-max-jobs",
"build-max-silent-time", and "build-cores" are no longer read upfront;
instead, read them from the key/value list at the end.
* nix/nix-daemon/guix-daemon.cc (main): Explicitly set
'settings.maxBuildJobs'.
* guix/store.scm (%protocol-version): Bump to #x161.
(set-build-options): #:max-build-jobs, #:max-silent-time, and
#:build-cores now default to #f. Adjust handshake to new protocol.
* tests/store.scm ("build-cores"): New test.
* tests/guix-daemon.sh: Add test for default "build-cores" value.
| Ludovic Courtès | 2017-01-15 | 1 | -1/+28 |
* | tests: Disable grafts by default.•••Fixes <http://bugs.gnu.org/22872>.
Reported by myglc2 <myglc2@gmail.com>.
* test-env.in: Define and export 'GUIX_BUILD_OPTIONS'.
* tests/guix-build.sh: When setting 'GUIX_BUILD_OPTIONS', make sure it
contains '--no-grafts'.
* tests/guix-package.sh: Likewise.
* tests/guix-daemon.sh: Add (%graft? #f) in Scheme snippets.
| Ludovic Courtès | 2016-03-02 | 1 | -3/+7 |
* | store: Add 'query-failed-paths' and 'clear-failed-paths' RPCs.•••Suggested by Mark H Weaver <mhw@netris.org>.
* guix/store.scm (query-failed-paths, clear-failed-paths): New
procedures.
* tests/guix-daemon.sh: Add test with daemon started with
--cache-failures.
| Ludovic Courtès | 2015-09-28 | 1 | -1/+38 |
* | substitute: Honor "substitute-urls" option passed by "untrusted" clients.•••* guix/scripts/substitute.scm (or*): New macro.
(%cache-url): Honor "untrusted-substitute-urls".
* guix/tests.scm (%test-substitute-urls): New variable.
(open-connection-for-tests): Use it.
* tests/derivations.scm ("derivation-prerequisites-to-build and substitutes",
"derivation-prerequisites-to-build and substitutes, non-substitutable
build", "derivation-prerequisites-to-build and substitutes, local build"):
Pass it to 'set-build-options'.
* tests/guix-daemon.sh: Likewise.
* tests/store.scm ("substitute query, alternating URLs"): New test.
("substitute query", "substitute", "substitute + build-things with output
path", "substitute, corrupt output hash", "substitute --fallback"): Pass
#:substitute-urls to 'set-build-options'.
| Ludovic Courtès | 2015-07-13 | 1 | -5/+7 |
* | Fix remaining references to "substitute-binary".•••* nix/nix-daemon/guix-daemon.cc (main): Change substitute-binary to
substitute.
* po/guix/POTFILES.in: Likewise.
* tests/guix-daemon.sh: Likewise.
* tests/guix-system.sh: Likewise.
| Taylan Ulrich Bayırlı/Kammer | 2015-03-26 | 1 | -2/+2 |
* | daemon: Add tests for substitutes and --no-substitutes.•••* tests/guix-daemon.sh: Add substituter tests.
| Ludovic Courtès | 2014-03-27 | 1 | -4/+52 |
* | Replace individual scripts with master 'guix' script.•••* scripts/guix.in: New script.
* Makefile.am (bin_SCRIPTS): Add 'scripts/guix'. Remove 'guix-build',
'guix-download', 'guix-import', 'guix-package', and 'guix-gc'.
(MODULES): Add 'guix/scripts/build.scm', 'guix/scripts/download.scm',
'guix/scripts/import.scm', 'guix/scripts/package.scm', and
'guix/scripts/gc.scm'.
* configure.ac (AC_CONFIG_FILES): Add 'scripts/guix'. Remove 'guix-build',
'guix-download', 'guix-import', 'guix-package', and 'guix-gc'.
* guix-build.in, guix-download.in, guix-gc.in, guix-import.in,
guix-package.in: Remove shell script boilerplate. Move to guix-COMMAND.in
to guix/scripts/COMMAND.scm. Rename module from (guix-COMMAND) to
(guix scripts COMMAND). Change "guix-COMMAND" to "guix COMMAND" in
usage help string.
* pre-inst-env.in: Add "@abs_top_builddir@/scripts" to the front of $PATH.
Export $GUIX_UNINSTALLED.
* tests/guix-build.sh, tests/guix-daemon.sh, tests/guix-download.sh,
tests/guix-gc.sh, tests/guix-package.sh: Use "guix COMMAND" instead of
"guix-COMMAND".
* doc/guix.texi: Replace all occurrences of "guix-COMMAND" with
"guix COMMAND".
* po/POTFILES.in: Update.
| Mark H Weaver | 2013-02-16 | 1 | -3/+3 |
* | distro: Change the module name space to (gnu ...).•••* distro: Rename to...
* gnu: ... this. Update module names accordingly.
* Makefile.am: Adjust accordingly.
* po/POTFILES.in: Likewise.
* distro.scm: Search for files under /gnu/packages instead of
/distro/packages.
* gnu/packages/base.scm (ld-wrapper-boot3): Likewise.
| Ludovic Courtès | 2013-01-18 | 1 | -1/+1 |
* | Update license headers.•••Change all license headers, except guix/build/* and ld-wrapper.scm, with
this code:
(use-modules (guix build utils)
(srfi srfi-1))
(fluid-set! %default-port-encoding "UTF-8")
(substitute* (remove (lambda (f)
(or (string-contains f ".tar.")
(string-contains f ".git/")
(string-contains f ".so")
(string-suffix? ".o" f)
(string-suffix? ".a" f)
(string-suffix? ".go" f)
(string-suffix? ".pdf" f)
(string-suffix? ".png" f)
(string-suffix? ".info" f)
(equal? (basename f) "guix-daemon")
(equal? (basename f) "nix-setuid-helper")
(string-contains f "nix-upstream/")
(string-contains f "distro/packages/bootstrap/")))
(find-files "." "\\.[a-z]+$"))
(("^([[:graph:]]+) This file is part of Guix." _ comment-start)
(string-append comment-start " This file is part of GNU Guix."))
(("^([[:graph:]]+) Guix --- Nix package management.*" _ comment-start)
(string-append comment-start
" GNU Guix --- Functional package management for GNU\n"))
(("^([[:graph:]]+) Guix is " _ comment-start)
(string-append comment-start " GNU Guix is "))
(("^([[:graph:]]+) along with Guix." _ comment-start)
(string-append comment-start " along with GNU Guix."))
(("^([[:graph:]]+) Copyright \\(C\\)" _ comment-start)
(string-append comment-start " Copyright ©")))
Change headers using C-style comments manually.
| Ludovic Courtès | 2013-01-06 | 1 | -6/+6 |
* | build: Run all the tests against the just-built daemon.•••* test-env.in: New file.
* configure.ac: Add it to `AC_CONFIG_FILES' and `commands-exec'.
* config-daemon.ac: Set and substitute `GUIX_TEST_ROOT'.
* Makefile.am (SCM_LOG_COMPILER, SH_LOG_COMPILER): Use it in lieu of
`pre-inst-env'.
* daemon.am (test_root): Remove
(AM_TESTS_ENVIRONMENT): Remove `TEST_ROOT'.
(clean-local): Use $(GUIX_TEST_ROOT); make files writable before
removing them.guix_test_root
* tests/guix-daemon.sh: Remove `NIX_' variable settings; don't launch
`guix-daemon'.
| Ludovic Courtès | 2012-12-06 | 1 | -19/+0 |
* | daemon: Add `list-runtime-roots' script.•••* nix/scripts/list-runtime-roots.in: New file.
* config-daemon.ac: Add `AC_CONFIG_FILES' invocation for it.
* daemon.am (nodist_pkglibexec_SCRIPTS): New variable.
(AM_TESTS_ENVIRONMENT): Define `top_builddir'.
* tests/guix-daemon.sh: Export `NIX_ROOT_FINDER'.
* nix/sync-with-upstream: Substitute the path to the root finder in
libstore/gc.cc.
| Ludovic Courtès | 2012-12-05 | 1 | -1/+3 |
* | daemon: Add test.•••* daemon.am (test_root, AM_TESTS_ENVIRONMENT): New variables.
(clean-local): New target.
* tests/guix-daemon.sh: New file.
| Ludovic Courtès | 2012-12-04 | 1 | -0/+46 |