M daemon.am => daemon.am +3 -11
@@ 1,5 1,5 @@
# GNU Guix --- Functional package management for GNU
-# Copyright © 2012, 2013 Ludovic Courtès <ludo@gnu.org>
+# Copyright © 2012, 2013, 2014 Ludovic Courtès <ludo@gnu.org>
#
# This file is part of GNU Guix.
#
@@ 56,6 56,7 @@ libformat_a_CPPFLAGS = \
libutil_a_SOURCES = \
nix/libutil/archive.cc \
+ nix/libutil/affinity.cc \
nix/libutil/serialise.cc \
nix/libutil/util.cc \
nix/libutil/xml-writer.cc \
@@ 63,6 64,7 @@ libutil_a_SOURCES = \
nix/libutil/gcrypt-hash.cc
libutil_headers = \
+ nix/libutil/affinity.hh \
nix/libutil/hash.hh \
nix/libutil/serialise.hh \
nix/libutil/xml-writer.hh \
@@ 153,16 155,6 @@ guix_register_LDADD = \
$(SQLITE3_LIBS) $(LIBGCRYPT_LIBS)
-libexec_PROGRAMS = nix-setuid-helper
-nix_setuid_helper_SOURCES = \
- nix/nix-setuid-helper/nix-setuid-helper.cc
-
-nix_setuid_helper_CPPFLAGS = \
- $(libutil_a_CPPFLAGS)
-
-nix_setuid_helper_LDADD = \
- libutil.a libformat.a
-
noinst_HEADERS = \
$(libformat_headers) $(libutil_headers) $(libstore_headers) \
$(guix_daemon_headers)
M doc/guix.texi => doc/guix.texi +1 -15
@@ 245,21 245,7 @@ archive}):
# guix archive --generate-key
@end example
-Guix may also be used in a single-user setup, with @command{guix-daemon}
-running as an unprivileged user. However, to maximize non-interference
-of build processes, the daemon still needs to perform certain operations
-that are restricted to @code{root} on GNU/Linux: it should be able to
-run build processes in a chroot, and to run them under different UIDs.
-To that end, the @command{nix-setuid-helper} program is provided; it is
-a small C program (less than 300 lines) that, if it is made setuid
-@code{root}, can be executed by the daemon to perform these operations
-on its behalf. The @code{root}-owned @file{/etc/nix-setuid.conf} file
-is read by @command{nix-setuid-helper}; it should contain exactly two
-words: the user name under which the authorized @command{guix-daemon}
-runs, and the name of the build users group.
-
-If you are installing Guix as an unprivileged user and do not have the
-ability to make @file{nix-setuid-helper} setuid-@code{root}, it is still
+If you are installing Guix as an unprivileged user, it is still
possible to run @command{guix-daemon}. However, build processes will
not be isolated from one another, and not from the rest of the system.
Thus, build processes may interfere with each other, and may access
M guix/scripts/substitute-binary.scm => guix/scripts/substitute-binary.scm +24 -1
@@ 1,5 1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ 486,6 486,29 @@ Internal tool to substitute a pre-built binary to a local build.\n"))
"Implement the build daemon's substituter protocol."
(mkdir-p %narinfo-cache-directory)
(maybe-remove-expired-cached-narinfo)
+
+ ;; Starting from commit 22144afa in Nix, we are allowed to bail out directly
+ ;; when we know we cannot substitute, but we must emit a newline on stdout
+ ;; when everything is alright.
+ (let ((uri (string->uri %cache-url)))
+ (case (uri-scheme uri)
+ ((http)
+ ;; Exit gracefully if there's no network access.
+ (let ((host (uri-host uri)))
+ (catch 'getaddrinfo-error
+ (lambda ()
+ (getaddrinfo host))
+ (lambda (key error)
+ (warning (_ "failed to look up host '~a' (~a), \
+substituter disabled~%")
+ host (gai-strerror error))
+ (exit 0)))))
+ (else #t)))
+
+ ;; Say hello (see above.)
+ (newline)
+ (force-output (current-output-port))
+
(with-networking
(match args
(("--query")
M nix-upstream => nix-upstream +1 -1
@@ 1,1 1,1 @@
-Subproject commit 1b6ee8f4c7e74f75e1f49b43cf22be7730b30649
+Subproject commit bf0ad8aabca67b4faabe3a1ac3c57884ae9924f4